Helm Charts

NES for Ingress NGINX Helm charts are published to the Never Ending Support Helm chart repository and are intended to be a drop-in replacement for existing upstream ingress-nginx Helm releases.

Current versions

Registry authentication

The NES Helm chart is publicly accessible — no credentials required to add the repository or download the chart. However, the NES controller image is hosted on registry.nes.herodevs.com, which requires a HeroDevs access token.

If you do not have an access token, contact support@herodevs.com. For more information on access tokens see Access Tokens.

Create an image pull secret

Create a Kubernetes secret in the namespace where ingress-nginx will run:

kubectl create secret docker-registry herodevs-registry \
  --docker-server=registry.nes.herodevs.com \
  --docker-username=<your-contact-email> \
  --docker-password=<your-nes-access-token> \
  -n ingress-nginx

controller:
  image:
    registry: registry.nes.herodevs.com
    image: neverendingsupport/ingress-nginx-controller
    tag: v1.15.1-nes-1.15.2

Configure the Helm chart to use the secret

Pass the secret name when installing or upgrading:

imagePullSecrets:
  - name: herodevs-registry

Or inline with --set:

helm upgrade --install ingress-nginx HeroDevs/ingress-nginx \
  --set imagePullSecrets[0].name=herodevs-registry \
  ...

Migrate an existing ingress-nginx Helm release to NES

1. Export the current release values so you can reuse your existing overrides:

   helm get values ingress-nginx -n ingress-nginx -o yaml > ingress-nginx-values.yaml
   
2. Add the Never Ending Support Helm repository:

   helm repo add HeroDevs https://neverendingsupport.github.io/helm-charts
   helm repo update
   
3. Upgrade the existing release in place to the NES chart:

   helm upgrade --install ingress-nginx HeroDevs/ingress-nginx \
     --version 0.0.2 \
     --namespace ingress-nginx \
     --create-namespace \
     -f ingress-nginx-values.yaml
   
4. The NES chart already defaults the controller image to registry.nes.herodevs.com/neverendingsupport/ingress-nginx-controller:v1.15.1-nes-1.15.2, so no override is required for a clean install. However, if your reused ingress-nginx-values.yaml pins the upstream controller image (controller.image.registry, controller.image.image, controller.image.repository, or controller.image.tag), those values will override the chart default and the pod will fail to pull. Either remove those keys from your values file, or replace them with the NES image:

   controller:
     image:
       registry: registry.nes.herodevs.com
       image: neverendingsupport/ingress-nginx-controller
       tag: v1.15.1-nes-1.15.2
   
5. If controller.hostPort.enabled is true (common for single-node clusters such as kind, k3s, or MicroK8s), the default rolling update cannot complete because the new pod cannot bind the host ports while the old pod still holds them. Either set the deployment update strategy to Recreate in your values:

   controller:
     updateStrategy:
       type: Recreate
   
   
   Or delete the old controller pod manually after the upgrade so the new NES pod can schedule:

   kubectl delete pod -n ingress-nginx -l app.kubernetes.io/component=controller
   
6. Verify the rollout:

   kubectl get pods -n ingress-nginx
   kubectl describe deployment ingress-nginx-controller -n ingress-nginx
   

Versioning

HeroDevs keeps the upstream version number on the left and increments the NES-maintained version on the right, e.g. v1.15.1-nes-1.15.2.

For this product, the upstream ingress-nginx version remains 1.15.1 and future patches advance only the NES-maintained version.