Helm charts

Nullplatform provides curated Helm charts to simplify deployment and management of infrastructure components.

Our charts are hosted at nullplatform/helm-charts.

Repository setup

1. Add Helm repository

   helm repo add nullplatform https://nullplatform.github.io/helm-charts
   helm repo update

2. Search available charts

   helm search repo nullplatform

Available charts

Chart name	Description
nullplatform/base	Core infrastructure components
nullplatform/nullplatform-agent	Installs the nullplatform agent
nullplatform/cert-manager-config	Configuration for cert-manager and Let's Encrypt

Base chart

This chart contains the prerequisites required to configure your cluster for management by nullplatform.

Basic installation

helm install my-release nullplatform/base \
    --version 1.0.0 \
    --set global.provider=eks \
    --set tls.secretName=prod-tls \
    --set logging.datadog.enabled=true \
    --set logging.datadog.apiKey=$DATADOG_KEY

Basic configuration

Mandatory settings:

  --set global.provider=<your-cloud> \
  --set tls.secretName=<your-tls-secret> \

Note: Replace the placeholder values with your actual cloud provider and TLS secret

Recommended additional settings:

  --set nullplatform.apiKey=<your-api-key> \
  --set controlPlane.enabled=true

Logging integration:

# Datadog example:
--set logging.datadog.enabled=true \
--set logging.datadog.apiKey=$DATADOG_API_KEY

Note: These examples assume you’ve exported the required credentials as environment variables.

Advanced configuration

Namespace customization

namespaces:
  nullplatformApplications: "nullplatform-apps"  # Custom namespace
  nullplatformTools: "nullplatform-tools"
  gateway: "edge-gateways"

Gateway scaling

gateway:
  internal:
    autoscaling:
      minReplicas: 3  # Production recommendation
      maxReplicas: 20
  public:
    autoscaling: 
      minReplicas: 5
      maxReplicas: 25

Logging configuration

logging:
  gelf:
    enabled: true
    host: "graylog.example.com"
    port: 12201
  loki:
    enabled: true
    host: "loki.monitoring.svc.cluster.local"

CloudWatch configuration

cloudwatch:        
  enabled: false    # Set to true when the logging backend is CloudWatch
  region: us-east-1
  accessLogs:
    enabled: false

Key configuration options

Parameter	Description	Default	Required
global.provider	Cloud provider (oks, gke, eks, aks)	"eks"	Yes
global.awsRegion	AWS region for EKS clusters	us-east-1	EKS only
tls.secretName	Name of the TLS secret used by ingress. Required when using Istio gateways	""	Yes
nullplatform.apiKey	nullplatform API key for agents to communicate against the nullplatform API	""	Yes
nullplatform.secretName	Name of an existing Kubernetes secret to mount, used as an alternative to setting nullplatform.apiKey directly	""	No
controlPlane.enabled	Enables log management by nullplatform	false	Yes
logging.gelf.enabled	Enable GELF integration	false	No
logging.datadog.enabled	Enable Datadog integration	false	No
logging.loki.enabled	Enable Loki logging	false	No
metricsServer.enabled	Cluster metrics server Required only if your cluster does not already include a metrics server	true	Conditional
imagePullSecrets.registry	Private registry Mandatory when images are stored in a private registry	""	Conditional
imagePullSecrets.username	Username for container registry Required when images are stored in a private registry	""	Conditional
imagePullSecrets.password	Password for container registry Required when images are stored in a private registry	""	Conditional
envoy.preserveExternalRequestId.enabled	Preserves the original x-request-id and x-forwarded-for headers in Envoy-based ingress setups	false	No

Note: For a full list of configurable options, see the values.yaml file.

Agent chart

The nullplatform-agent chart installs the nullplatform agent, which enables automated lifecycle management of:

• custom scopes
• services
• custom actions

Basic installation

helm install nullplatform-agent nullplatform/nullplatform-agent \
  --set configuration.values.NP_API_KEY=$NP_API_KEY \
  --set configuration.values.TAGS="$AGENT_TAGS" \
  --set configuration.values.GITHUB_TOKEN=$GITHUB_TOKEN \
  --set configuration.values.GITHUB_REPO=$GITHUB_REPO

Note: These examples assume you’ve exported the required credentials as environment variables.

Basic configuration

Minimal required values:

--set configuration.values.NP_API_KEY=<your-np-api-key> \
--set configuration.values.GITHUB_TOKEN=<your-github-token> \
--set configuration.values.GITHUB_REPO=<your-repo-url>
--set configuration.values.TAGS=<"key1:value1,key2:value2">

Advanced configuration

You can customize the agent’s startup arguments and environment using the args array and the configuration.values section:

args:
  - "--tags=$(TAGS)"
  - "--apikey=$(NP_API_KEY)"
  - "--runtime=host"
  - "--command-executor-env=NP_API_KEY=$(NP_API_KEY)"
  - "--command-executor-debug"
  - "--webserver-enabled"
  - "--command-executor-git-command-repos https://$(GITHUB_TOKEN)@$(GITHUB_REPO)#$(GITHUB_BRANCH)"

Key configuration options

Parameter	Description	Default	Required
replicaCount	Number of agent pods to run	1	No
namespace	Kubernetes namespace for deployment	nullplatform-tools	Yes
configuration.values.NP_API_KEY	API key for authenticating with nullplatform. Needs to be assigned at the account level.	""	Yes
configuration.values.GITHUB_TOKEN	GitHub token used to pull private repositories	""	Yes
configuration.values.GITHUB_REPO	GitHub repository URL used for command execution	""	Yes
configuration.values.GITHUB_BRANCH	Branch name to pull commands from	"main"	No
configuration.values.GITHUB_USER	GitHub username for authentication (optional use)	""	No
configuration.values.TAGS	Tags to associate with the agent, separated by commas. Example: environment:development,environment:staging	""	No
configuration.values.NP_LOG_LEVEL	Logging level for the agent	"DEBUG"	No
configuration.secretName	Name of the Kubernetes secret to be created	nullplatform-agent-secret	No
configuration.create	Whether to create the Kubernetes secret	true	No
image.repository	Docker image repository for the agent	public.ecr.aws/nullplatform/controlplane-agent	No
image.tag	Image tag	beta	No
image.pullPolicy	Image pull policy	Never	No
autoscaling.enabled	Enable horizontal pod autoscaling	false	No
autoscaling.minReplicas	Minimum number of pods when autoscaling is enabled	1	No
autoscaling.maxReplicas	Maximum number of pods when autoscaling is enabled	2	No
autoscaling.targetCPUUtilizationPercentage	CPU usage percentage target for autoscaling	80	No
resources.requests.cpu	Minimum CPU requested	100m	No
resources.requests.memory	Minimum memory requested	64Mi	No
resources.limits.cpu	Maximum CPU allowed	200m	No
resources.limits.memory	Maximum memory allowed	128Mi	No
livenessProbe.httpGet.path	HTTP path for liveness probe	/health	No
livenessProbe.httpGet.port	HTTP port for liveness probe	8080	No
readinessProbe.httpGet.path	HTTP path for readiness probe	/health	No
readinessProbe.httpGet.port	HTTP port for readiness probe	8080	No
serviceAccount.create	Whether to create a service account	true	No
serviceAccount.name	Name of the service account	nullplatform-agent	No
serviceAccount.automount	Auto-mount the service account token	true	No
serviceAccount.role.rules	Permissions granted to the service account (cluster-wide *)	* (wildcard permissions)	No
podAnnotations.name	Pod annotation	nullplatform-agent	No
podLabels.name	Pod label	nullplatform-agent	No
volumes[0].name	Name of volume used for git repo cloning	repos	No
volumes[0].type	Type of volume used	emptyDir	No
volumeMounts[0].name	Name of the volume mount	repos	No
volumeMounts[0].mountPath	Mount path inside the container	/root/.np	No
initContainers	Init containers configuration for pre-execution setup tasks	[]	No
args	Command-line arguments passed to the agent container	SeeAdvanced configuration	No

Note: For a full list of configurable options, see the values.yaml file.

Argument and configuration correlations

This section explains how configuration values are propagated into the container's runtime environment and used by the agent's command-line arguments.

Environment variable flow

configuration.values → pod environment variables → args (command-line arguments)

Key relationships

• NP_API_KEY

  • Defined in: configuration.values.NP_API_KEY
  • Used in:
    • args[1]: --apikey=$(NP_API_KEY)
    • args[3]: --command-executor-env=NP_API_KEY=$(NP_API_KEY)

• TAGS

  • Defined in: configuration.values.TAGS
  • Used in:
    • args[0]: --tags=$(TAGS)

• GitHub Integration

  • Defined in: configuration.values.GITHUB_TOKEN, GITHUB_REPO, GITHUB_BRANCH
  • Used in:
    • args[6]: --command-executor-git-command-repos https://$(GITHUB_TOKEN)@$(GITHUB_REPO)#$(GITHUB_BRANCH)

• Web Server

  • Enabled via: args[5]: --webserver-enabled
  • Correlated with: liveness and readiness probes on port 8080

• Storage

  • Volume defined in: volumes[0] (name: repos, type: emptyDir)
  • Mounted via: volumeMounts[0] (mountPath: /root/.np)
  • Used by: Git operations from args[6]

Cert-manager config chart

Provides configuration for cert-manager to enable automated certificate provisioning with Let's Encrypt.

Provider-specific installation

Azure (AKS):

helm install certs nullplatform/cert-manager-config \
  --set azure.enabled=true \
  --set azure.subscriptionId=SUBSCRIPTION_ID \
  --set azure.resourceGroupName=RESOURCE_GROUP \
  --set azure.clientId=CLIENT_ID \
  --set hostedZoneName=your-domain.io \
  --namespace cert-manager

GCP (GKE):

helm install certs nullplatform/cert-manager-config \
  --set gcp.enabled=true \
  --set gcp.projectId=PROJECT_ID \
  --set gcp.serviceAccountKey=$(base64 -w0 service-account.json) \
  --set hostedZoneName=your-domain.io \
  --namespace cert-manager

Key parameters

Parameter	Description	Default	Required for
hostedZoneName	Domain for certificate validation	""	All providers
azure.subscriptionId	Azure subscription ID	""	Azure
gcp.serviceAccountKey	base64-encoded service account key	""	GCP

Note: For a full list of configurable options, see the values.yaml file.