Helm charts

Nullplatform provides curated Helm charts to simplify deployment and management of infrastructure components.

Our charts are hosted at nullplatform/helm-charts.

Repository setup

Add Helm repository

helm repo add nullplatform https://nullplatform.github.io/helm-charts
helm repo update

Search available charts
```
helm search repo nullplatform
```

Available charts

Chart name	Description
`nullplatform/base`	Core infrastructure components
`nullplatform/cert-manager-config`	Configuration for cert-manager and Let's Encrypt

Base chart

This chart contains the prerequisites required to configure your cluster for management by nullplatform.

Basic installation

helm install my-release nullplatform/base \
    --version 1.0.0 \
    --set global.provider=eks \
    --set tls.secretName=prod-tls \
    --set logging.datadog.enabled=true \
    --set logging.datadog.apiKey=$DATADOG_KEY

Basic configuration

Mandatory settings:

  --set global.provider=<your-cloud> \
  --set tls.secretName=<your-tls-secret> \

Note: Replace the placeholder values with your actual cloud provider and TLS secret

Recommended additional settings:

  --set nullplatform.apiKey=<your-api-key> \
  --set controlPlane.enabled=true

Logging integration:

# Datadog example:
--set logging.datadog.enabled=true \
--set logging.datadog.apiKey=$DATADOG_API_KEY

Note: These examples assume you’ve exported the required credentials as environment variables.

Advanced configuration

Namespace customization

namespaces:
  nullplatformApplications: "nullplatform-apps"  # Custom namespace
  nullplatformTools: "nullplatform-tools"
  gateway: "edge-gateways"

Gateway scaling

gateway:
  internal:
    autoscaling:
      minReplicas: 3  # Production recommendation
      maxReplicas: 20
  public:
    autoscaling: 
      minReplicas: 5
      maxReplicas: 25

Logging configuration

logging:
  gelf:
    enabled: true
    host: "graylog.example.com"
    port: 12201
  loki:
    enabled: true
    host: "loki.monitoring.svc.cluster.local"

CloudWatch configuration

cloudwatch:        
  enabled: false    # Set to true when the logging backend is CloudWatch
  region: us-east-1
  accessLogs:
    enabled: false

Key configuration options

Parameter	Description	Default	Required
`global.provider`	Cloud provider (oks, gke, eks, aks)	`"eks"`	Yes
`global.awsRegion`	AWS region for EKS clusters	`us-east-1`	EKS only
`tls.secretName`	Name of the TLS secret used by ingress. Required when using Istio gateways	`""`	Yes
`nullplatform.apiKey`	nullplatform API key for agents to communicate against the nullplatform API	`""`	Yes
`nullplatform.secretName`	Name of an existing Kubernetes secret to mount, used as an alternative to setting `nullplatform.apiKey` directly	`""`	No
`controlPlane.enabled`	Enables log management by nullplatform	`false`	Yes
`logging.gelf.enabled`	Enable GELF integration	`false`	No
`logging.datadog.enabled`	Enable Datadog integration	`false`	No
`logging.loki.enabled`	Enable Loki logging	`false`	No
`metricsServer.enabled`	Cluster metrics server Required only if your cluster does not already include a metrics server	`true`	Conditional
`imagePullSecrets.registry`	Private registry Mandatory when images are stored in a private registry	`""`	Conditional
`imagePullSecrets.username`	Username for container registry Required when images are stored in a private registry	`""`	Conditional
`imagePullSecrets.password`	Password for container registry Required when images are stored in a private registry	`""`	Conditional
`envoy.preserveExternalRequestId.enabled`	Preserves the original `x-request-id` and `x-forwarded-for` headers in Envoy-based ingress setups	`false`	No

Note: For a full list of configurable options, see the values.yaml file.

Cert-manager config chart

Provides configuration for cert-manager to enable automated certificate provisioning with Let's Encrypt.

Provider-specific installation

Azure (AKS):

helm install certs nullplatform/cert-manager-config \
  --set azure.enabled=true \
  --set azure.subscriptionId=SUBSCRIPTION_ID \
  --set azure.resourceGroupName=RESOURCE_GROUP \
  --set azure.clientId=CLIENT_ID \
  --set hostedZoneName=your-domain.io \
  --namespace cert-manager

GCP (GKE):

helm install certs nullplatform/cert-manager-config \
  --set gcp.enabled=true \
  --set gcp.projectId=PROJECT_ID \
  --set gcp.serviceAccountKey=$(base64 -w0 service-account.json) \
  --set hostedZoneName=your-domain.io \
  --namespace cert-manager

Key parameters

Parameter	Description	Default	Required for
`hostedZoneName`	Domain for certificate validation	`""`	All providers
`azure.subscriptionId`	Azure subscription ID	`""`	Azure
`gcp.serviceAccountKey`	base64-encoded service account key	`""`	GCP

Note: For a full list of configurable options, see the values.yaml file.

Repository setup​

Available charts​

Base chart​

Basic configuration​

Advanced configuration​

Key configuration options​

Cert-manager config chart​

Provider-specific installation​

Key parameters​