nx-cloud-helm

Nx Cloud Helm Chart

A lot of organizations deploy Nx Cloud to Kubernetes.

This repo contains:

Deployments on AWS/EKS

If you’re deploying on EKS, check out our AWS Guide. Otherwise, continue reading below.

Installing Using Helm

Step 1: OPTIONAL - Create Mongo replicas

Skip if you already have a hosted Mongo instance, such as Atlas or CosmosDB): Install the Mongo Community operator

Step 2: Create a secret

Create a secret by running kubectl apply -f examples/secret.yml

Step 3: Install Nx Cloud using helm

> helm repo add nx-cloud https://nrwl.github.io/nx-cloud-helm
> helm install nx-cloud nx-cloud/nx-cloud --values=overrides.yml

examples/overrides contains the min overrides files. You need to provision:

  1. The image tag you want to install
  2. nxCloudAppURL which is the url used to access ingress from CI and dev machines ( e.g., https://nx-cloud.myorg.com).
  3. secret/name the name of the secret you created in Step 3.
  4. secret/nxCloudMongoServerEndpoint, the name of the key from the secret. 5secret/adminPassword, the name of the key from the secret.

If you only applied the secret from Step 3, the only thing you will need to change is nxCloudAppURL.

Cloud Containers

The installation will create the following:

  1. nx-cloud-frontend (deployment)
  2. nx-cloud-api (deployment)
  3. nx-cloud-nx-api (deployment)
  4. nx-cloud-file-server (deployment)
  5. nx-cloud-aggregator (cron job)

Ingress, IP, Certificates

You can configure Ingress. For instance, the following will see the ingress class to ‘gce’, the global static ip name to ‘nx-cloud-ip’, and will set a global Google managed certificate.

global:
  imageTag: 'latest'

nxCloudAppURL: 'https://nx-cloud.myorg.com'

ingress:
  class: 'gce'
  globalStaticIpName: 'nx-cloud-ip'
  managedCertificates: 'cloud-cert'

secret:
  name: 'cloud'
  nxCloudMongoServerEndpoint: 'NX_CLOUD_MONGO_SERVER_ENDPOINT'
  adminPassword: 'ADMIN_PASSWORD'

This configuration will look different for you. You will have a different global static ip and your cert name will also be different. If you are interested in creating the two using GKE, check out the following links:

If you aren’t using GKE, ingress.class will also be different. For example, see our example config for AWS or check out the AWS Load Balancer set-up section here for AWS set-up instructions.

If you need to have a detailed Ingress configuration, you can tell the package to skip defining ingress:

image:
   tag: 'latest'

nxCloudAppURL: 'https://nx-cloud.myorg.com'

ingress:
    skip: true
⤵️ and then define it yourself (expand me) ```yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: nx-cloud-ingress annotations: labels: app: nx-cloud spec: rules: - http: paths: # define the next /file section only if you use the built-in file server - path: /file pathType: Prefix backend: service: name: nx-cloud-file-server-service port: number: 5000 - path: /nx-cloud pathType: Prefix backend: service: name: nx-cloud-nx-api-service port: number: 4203 - path: /api pathType: Prefix backend: service: name: nx-cloud-nrwl-api-service port: number: 4000 - path: /graphql pathType: Prefix backend: service: name: nx-cloud-nrwl-api-service port: number: 4000 - path: /auth pathType: Prefix backend: service: name: nx-cloud-nrwl-api-service port: number: 4000 - path: /download pathType: Prefix backend: service: name: nx-cloud-nrwl-api-service port: number: 4000 - path: /download - pathType: Prefix backend: service: name: nx-cloud-frontend-service port: number: 8080 ```

Variations

External File Storage

If you use AWS or Azure, you can configure Nx Cloud to store cached artifacts on S3 or Azure Blob. In this case, you won’t need the PVC or the file-server container. S3 and Azure Blob also tend to be faster.

For S3 buckets, see the AWS Guide

For Azure:

global:
  imageTag: 'latest'

nxCloudAppURL: 'https://nx-cloud.myorg.com'

azure:
  enabled: true
  container: 'nx-cloud'

secret:
  name: 'cloudsecret'
  nxCloudMongoServerEndpoint: 'NX_CLOUD_MONGO_SERVER_ENDPOINT'
  adminPassword: 'ADMIN_PASSWORD'
  azureConnectionString: 'AZURE_CONNECTION_STRING'

Note that the secret for setting up Azure must contain AZURE_CONNECTION_STRING.

GitHub Auth

To use GitHub for user authentication, you can use the following configuration:

global:
  imageTag: 'latest'

nxCloudAppURL: 'https://nx-cloud.myorg.com'

github:
  auth:
    enabled: true

secret:
  name: 'cloudsecret'
  nxCloudMongoServerEndpoint: 'NX_CLOUD_MONGO_SERVER_ENDPOINT'
  githubAuthClientId: 'GITHUB_AUTH_CLIENT_ID'
  githubAuthClientSecret: 'GITHUB_AUTH_CLIENT_SECRET'

Note that the secret must contain GITHUB_AUTH_CLIENT_ID and GITHUB_AUTH_CLIENT_SECRET. Read here on how to get those values.

GitHub Integration

To enable the GitHub PR integration, you can use the following configuration:

global:
  imageTag: 'latest'

nxCloudAppURL: 'https://nx-cloud.myorg.com'

github:
  pr:
    enabled: true
    # apiUrl: '' uncomment when using github enterprise 

secret:
  name: 'cloudsecret'
  nxCloudMongoServerEndpoint: 'NX_CLOUD_MONGO_SERVER_ENDPOINT'
  githubWebhookSecret: 'GITHUB_WEBHOOK_SECRET'
  githubAuthToken: 'GITHUB_AUTH_TOKEN'

Note that the secret must contain GITHUB_WEBHOOK_SECRET and GITHUB_AUTH_TOKEN. Read here on how to get those values.

Proxies and self-signed certificates

Please refer to this guide.

Suggested resources

We recommend setting up EKS Autoscaling or GKE Autopilot for your cluster, so that you don’t pay for unecesarry resources, and your Nodes can scale up automatically, as needed. However, this is indication of the resources you might need (you can always start with less and scale up to this as needed):

Disk size:

More Information

You can find more information about Nx Cloud and running it on prem here.