diff --git a/content/nim/deploy/kubernetes/deploy-using-helm.md b/content/nim/deploy/kubernetes/deploy-using-helm.md index e72c317b4..4cdf531c5 100644 --- a/content/nim/deploy/kubernetes/deploy-using-helm.md +++ b/content/nim/deploy/kubernetes/deploy-using-helm.md @@ -49,85 +49,9 @@ To deploy NGINX Instance Manager using a Helm chart, you need: ### Using Docker -#### Configure Docker to access the NGINX Instance Manager public registry - -{{< include "nim/docker/docker-registry-login.md" >}} - -#### Pull the NGINX Instance Manager images -You can now pull the necessary images for NGINX Instance Manager from the private registry at `private-registry.nginx.com`. - -Replace `` with the specific version you want to use. - -{{< note >}} The `latest` tag is not supported. {{< /note >}} - -```shell -docker pull private-registry.nginx.com/nms/apigw: -docker pull private-registry.nginx.com/nms/core: -docker pull private-registry.nginx.com/nms/dpm: -docker pull private-registry.nginx.com/nms/ingestion: -docker pull private-registry.nginx.com/nms/integrations: -docker pull private-registry.nginx.com/nms/utility: -``` - -If needed, you can push these images to your own private registry. - -#### Push images to your private registry - -After pulling the images, tag them and upload them to your private registry. - -1. Log in to your private registry: - - ```shell - docker login - ``` - -2. Tag and push each image. Replace `` with your registry’s path and `` with the version you’re using (for example, `2.17.0`): - - - For the `apigw` image: - - ```shell - docker tag private-registry.nginx.com/nms/apigw: /nms/apigw: - docker push /nms/apigw: - ``` - - - For the `core` image: - - ```shell - docker tag private-registry.nginx.com/nms/core: /nms/core: - docker push /nms/core: - ``` - - - For the `dpm` image: - - ```shell - docker tag private-registry.nginx.com/nms/dpm: /nms/dpm: - docker push /nms/dpm: - ``` - - - For the `ingestion` image: - - ```shell - docker tag private-registry.nginx.com/nms/ingestion: /nms/ingestion: - docker push /nms/ingestion: - ``` - - - For the `integrations` image: - - ```shell - docker tag private-registry.nginx.com/nms/integrations: /nms/integrations: - docker push /nms/integrations: - ``` - - - For the `utility` image: - - ```shell - docker tag private-registry.nginx.com/nms/utility: /nms/utility: - docker push /nms/utility: - ``` - ### Using Helm with a JWT token -If you don't need a private registry, you can use a JWT token as a Docker configuration secret with Helm charts. +You can use your NGINX JWT as a Docker configuration secret with Helm charts. Create a Docker registry secret on the cluster, using the JWT token as the username and `none` as the password. The Docker server is `private-registry.nginx.com`. @@ -179,8 +103,8 @@ The `values.yaml` file customizes the Helm chart installation without editing th 1. Create a `values.yaml` file similar to this example: - - Replace `` with your private Docker registry and port (if needed). - In the `imagePullSecrets` section, add the credentials for your private Docker registry. + - Change the version tag to the version of NGINX Instance Manager you would like to install. See "Install the chart" below for versions. {{< see-also >}} For more on creating a secret, see Kubernetes [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). {{}} @@ -190,27 +114,27 @@ The `values.yaml` file customizes the Helm chart installation without editing th - name: regcred apigw: image: - repository: /nms-apigw + repository: private-registry.nginx.com/nms-apigw tag: core: image: - repository: /nms-core + repository: private-registry.nginx.com/nms-core tag: dpm: image: - repository: /nms-dpm + repository: private-registry.nginx.com/nms-dpm tag: ingestion: image: - repository: /nms-ingestion + repository: private-registry.nginx.com/nms-ingestion tag: integrations: image: - repository: /nms-integrations + repository: private-registry.nginx.com/nms-integrations tag: utility: image: - repository: /nms-utility + repository: private-registry.nginx.com/nms-utility tag: ``` @@ -220,36 +144,7 @@ The `values.yaml` file customizes the Helm chart installation without editing th --- -## Manage network policies -To apply network policies for NGINX Instance Manager, ensure Kubernetes has a [network plugin](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) installed before the Helm chart installation. - -By default, the following network policies will be created in the release namespace: - -```shell -kubectl get netpol -n nms -``` - -```text -NAME POD-SELECTOR AGE -apigw app.kubernetes.io/name=apigw 4m47s -clickhouse app.kubernetes.io/name=clickhouse 4m47s -core app.kubernetes.io/name=core 4m47s -dpm app.kubernetes.io/name=dpm 4m47s -ingestion app.kubernetes.io/name=ingestion 4m47s -integrations app.kubernetes.io/name=integrations 4m47s -utility app.kubernetes.io/name=integrations 4m47s -``` - -To disable network policies, update the `values.yaml` file: - -```yaml -networkPolicies: - # Set this to true to enable network policies for NGINX Instance Manager. - enabled: false -``` - ---- ## Install the chart @@ -342,6 +237,37 @@ This deletes the `nms` application and all associated Kubernetes resources. --- +## Manage network policies + +To apply network policies for NGINX Instance Manager, ensure Kubernetes has a [network plugin](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) installed before the Helm chart installation. + +By default, the following network policies will be created in the release namespace: + +```shell +kubectl get netpol -n nms +``` + +```text +NAME POD-SELECTOR AGE +apigw app.kubernetes.io/name=apigw 4m47s +clickhouse app.kubernetes.io/name=clickhouse 4m47s +core app.kubernetes.io/name=core 4m47s +dpm app.kubernetes.io/name=dpm 4m47s +ingestion app.kubernetes.io/name=ingestion 4m47s +integrations app.kubernetes.io/name=integrations 4m47s +utility app.kubernetes.io/name=integrations 4m47s +``` + +To disable network policies, update the `values.yaml` file: + +```yaml +networkPolicies: + # Set this to true to enable network policies for NGINX Instance Manager. + enabled: false +``` + +--- + ## Troubleshooting For instructions on creating a support package to share with NGINX Customer Support, see [Create a Support Package from a Helm Installation]({{< relref "/nms/support/k8s-support-package.md" >}}).