Skip to content

fix: Added instruction to install NIM 2.19.0 #747

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 32 commits into from
Jul 2, 2025
Merged

fix: Added instruction to install NIM 2.19.0 #747

Changes from 6 commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
acb1a57
fix: Added instruction to install NIM 2.19.0
Chetan-99 Jun 26, 2025
bf85f17
fix: minor fixes
Chetan-99 Jun 26, 2025
6536bdc
fix: call out about the new helm chart versioning
Chetan-99 Jun 27, 2025
8d91945
fix: added openshift details in nim k8s docs
Chetan-99 Jun 30, 2025
7ac9ab7
Merge branch 'main' into nim-k8s-docs2
Chetan-99 Jun 30, 2025
0da59e1
fix: minor changes
Chetan-99 Jun 30, 2025
156ce84
Update content/nim/deploy/kubernetes/deploy-using-helm.md
Chetan-99 Jun 30, 2025
b3e8bd4
Update content/nim/deploy/kubernetes/deploy-using-helm.md
Chetan-99 Jun 30, 2025
5a7f3b4
Update content/nim/deploy/kubernetes/deploy-using-helm.md
Chetan-99 Jun 30, 2025
98fa2a6
Update content/nim/deploy/kubernetes/deploy-using-helm.md
Chetan-99 Jun 30, 2025
c5a182d
Update content/nim/deploy/kubernetes/deploy-using-helm.md
Chetan-99 Jun 30, 2025
d5de95c
Update content/nim/deploy/kubernetes/deploy-using-helm.md
Chetan-99 Jun 30, 2025
f9bcbf5
Update content/nim/deploy/kubernetes/deploy-using-helm.md
Chetan-99 Jun 30, 2025
beb0ba2
Update content/nim/deploy/kubernetes/deploy-using-helm.md
Chetan-99 Jun 30, 2025
ff6f7bf
fix: Update deploy-using-helm.md
Chetan-99 Jun 30, 2025
ebd3ee0
fix: Update deploy-using-helm.md
Chetan-99 Jun 30, 2025
9c4b603
Merge branch 'main' into nim-k8s-docs2
Chetan-99 Jun 30, 2025
9c95c07
fix: combined call-out of renaming and versioning
Chetan-99 Jul 1, 2025
17a9364
Update content/nim/deploy/kubernetes/deploy-using-helm.md
Chetan-99 Jul 1, 2025
8e09029
Update content/nim/deploy/kubernetes/deploy-using-helm.md
Chetan-99 Jul 1, 2025
81d6eb5
Update content/nim/deploy/kubernetes/deploy-using-helm.md
Chetan-99 Jul 1, 2025
eeb1ab5
Update content/nim/deploy/kubernetes/deploy-using-helm.md
Chetan-99 Jul 1, 2025
509d988
Update content/nim/deploy/kubernetes/deploy-using-helm.md
Chetan-99 Jul 1, 2025
fd9a626
Update content/nim/deploy/kubernetes/deploy-using-helm.md
Chetan-99 Jul 1, 2025
698167c
Update content/nim/deploy/kubernetes/deploy-using-helm.md
Chetan-99 Jul 1, 2025
84c647b
Update content/nim/deploy/kubernetes/deploy-using-helm.md
Chetan-99 Jul 1, 2025
97c6ac5
Update content/nim/deploy/kubernetes/deploy-using-helm.md
Chetan-99 Jul 1, 2025
0ef5e92
Merge branch 'main' into nim-k8s-docs2
Chetan-99 Jul 1, 2025
65fbb12
fix: minor yaml fixes
Chetan-99 Jul 1, 2025
adabbfa
fix: minor changes
Chetan-99 Jul 1, 2025
8f52ae9
Merge branch 'main' into nim-k8s-docs2
Chetan-99 Jul 1, 2025
edda1ac
Merge branch 'main' into nim-k8s-docs2
Chetan-99 Jul 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
137 changes: 122 additions & 15 deletions content/nim/deploy/kubernetes/deploy-using-helm.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,10 @@ The Helm chart has been renamed from `nginx-stable/nms-hybrid` to `nginx-stable/
Make sure to update your chart references if you’re using version 2.20.0 or later.
{{< /call-out >}}

{{< call-out "note" "Versioning update from NIM 2.20.0" >}}
With the chart rename in NIM 2.20.0, Helm chart versioning was also reset—`v2.0.0` is the first release under the new nginx-stable/nim chart name.
{{< /call-out >}}


---

Expand Down Expand Up @@ -149,40 +153,40 @@ imagePullSecrets:
apigw:
image:
repository: private-registry.nginx.com/nms/apigw
tag: 2.20.0
tag: <version>

core:
image:
repository: private-registry.nginx.com/nms/core
tag: 2.20.0
tag: <version>

dpm:
image:
repository: private-registry.nginx.com/nms/dpm
tag: 2.20.0
tag: <version>

ingestion:
image:
repository: private-registry.nginx.com/nms/ingestion
tag: 2.20.0
tag: <version>

integrations:
image:
repository: private-registry.nginx.com/nms/integrations
tag: 2.20.0
tag: <version>

secmon:
image:
repository: private-registry.nginx.com/nms/secmon
tag: 2.20.0
tag: <version>

utility:
image:
repository: private-registry.nginx.com/nms/utility
tag: 2.20.0
tag: <version>
```

These values are required when pulling images from the NGINX private registry. The chart does not auto-resolve image tags. Update the tag: fields to match the NGINX Instance Manager version you want to install.
These values are required when pulling images from the NGINX private registry. The chart does not auto-resolve image tags. Update the tag: fields to match the NGINX Instance Manager version you want to install referring the helm chart table.

Use the file with the `-f values.yaml` flag when installing the chart.

Expand Down Expand Up @@ -236,6 +240,11 @@ helm status nim -n nim

You should see `STATUS: deployed` in the output.


To help you choose the right NGINX Instance Manager chart version, see the table in:

{{< include "nim/kubernetes/nms-chart-supported-module-versions.md" >}}

---

## Access the web interface
Expand Down Expand Up @@ -346,6 +355,104 @@ networkPolicies:

---

## Helm Deployment for NGINX Instance Manager 2.19

### Create a Helm deployment values.yaml file

The `values.yaml` file customizes the Helm chart installation without modifying the chart itself. You can use it to specify image repositories, environment variables, resource requests, and other settings.

1. Create a `values.yaml` file similar to this example:

- In the `imagePullSecrets` section, add the credentials for your private Docker registry.
- Change the version tag to the version of NGINX Instance Manager you would like to install. Refer helm chart table for versions.

{{< see-also >}} For details on creating a secret, see Kubernetes [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). {{</ see-also >}}

```yaml
imagePullSecrets:
- name: regcred
apigw:
image:
repository: private-registry.nginx.com/nms/apigw
tag: <version>
core:
image:
repository: private-registry.nginx.com/nms/core
tag: <version>
dpm:
image:
repository: private-registry.nginx.com/nms/dpm
tag: <version>
ingestion:
image:
repository: private-registry.nginx.com/nms/ingestion
tag: <version>
integrations:
image:
repository: private-registry.nginx.com/nms/integrations
tag: <version>
utility:
image:
repository: private-registry.nginx.com/nms/utility
tag: <version>
```

2. Save and close the `values.yaml` file.

---

### Install the chart

Run the `helm install` command to deploy NGINX Instance Manager:

1. Replace `<path-to-your-values.yaml>` with the path to your `values.yaml` file.
2. Replace `YourPassword123#` with a secure password (containing a mix of uppercase, lowercase letters, numbers, and special characters).

{{< important >}} Remember to save the password for future use. Only the encrypted password is stored, and there's no way to recover or reset it if lost. {{< /important >}}


```shell
helm install -n nms-hybrid \
--set adminPasswordHash=$(openssl passwd -6 'YourPassword123#') \
nms nginx-stable/nms-hybrid \
--create-namespace \
-f <path-to-your-values.yaml> \
--version <chart-version> \
--wait
```

---

### Upgrade NGINX Instance Manager

To upgrade:

1. [Update the Helm repository list](#add-repository).
2. [Adjust your `values.yaml` file](#create-a-helm-deployment-values.yaml-file) if needed.
3. To upgrade the NGINX Instance Manager deployment, run the following command. This command updates the `nms` deployment with a new version from the `nginx-stable/nms-hybrid` repository. It also hashes the provided password and uses the `values.yaml` file at the path you specify.
4. Replace `<chart-version>` with the desired chart version of NGINX Instance Manager 2.19.x referring the helm chart table.

```shell
helm upgrade -n nms \
--set nms-hybrid.adminPasswordHash=$(openssl passwd -6 'YourPassword123#') \
nms nginx-stable/nms-hybrid \
-f <path-to-your-values.yaml> \
--version <chart-version> \
--wait
```

- Replace `<path-to-your-values.yaml>` with the path to the `values.yaml` file you created]({{< ref "/nim/deploy/kubernetes/deploy-using-helm.md#configure-chart" >}}).
- Replace `YourPassword123#` with a secure password that includes uppercase and lowercase letters, numbers, and special characters.

{{<call-out "important" "Save the password!" "" >}} Save this password for future use. Only the encrypted password is stored in Kubernetes, and you can’t recover or reset it later. {{</call-out>}}

{{< call-out "note" "Upgrading from 2.18.0 or lower to 2.19.x" >}}
If you’re upgrading from a deployment that used the legacy `nms` chart or release name, you’ll need to update the chart reference and adjust the release name as needed.
The structure of values.yaml is different from previous releases.
{{< /call-out >}}

---

## Helm Deployment for NGINX Instance Manager 2.18 or lower

### Create a Helm deployment values.yaml file
Expand Down Expand Up @@ -414,10 +521,6 @@ nms nginx-stable/nms \
--wait
```

To help you choose the right NGINX Instance Manager chart version, see the table in:

{{< include "nim/kubernetes/nms-chart-supported-module-versions.md" >}}

---

### Upgrade NGINX Instance Manager
Expand Down Expand Up @@ -462,9 +565,13 @@ openshift:

This ensures pods can run with the user IDs required by NGINX Instance Manager services.

{{< call-out "note" "Note" >}}
If you see permission errors during deployment, your user account might not have access to manage SCCs. Contact a cluster administrator to request access.
{{< /call-out >}}

When `openshift.enabled: true` is set in the `values.yaml` file, the NGINX Instance Manager deployment automatically creates a **custom [Security Context Constraints](https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/authentication_and_authorization/managing-pod-security-policies) (SCCs)** and links it to the Service Account used by all pods.

By default, OpenShift enforces strict security policies that require containers to run as **non-root** users. The NGINX Instance Manager deployment needs specific user IDs (UIDs) for certain services, such as **1000** for `nms` and **101** for `nginx` and `clickhouse`. Since the default SCCs do not allow these UIDs, a **custom SCC** is created. This ensures that the deployment can run with the necessary permissions while maintaining OpenShift’s security standards. The custom SCC allows these UIDs by setting the `runAsUser` field, which controls which users can run containers.

{{< note >}} The NIM deployment on OpenShift has been tested with OpenShift v4.13.0 Server. {{< /note >}}
{{< note >}} If you see permission errors during deployment, your user account might not have access to manage SCCs. Contact a cluster administrator to request access. {{< /note >}}

To verify that the SCC was created after installing the Helm chart, run:

Expand Down
Loading