Introduction:

NGINX is not maintained by CircleCI, meaning the image in the helm chart may occasionally lag behind in security patches or feature updates between CircleCI Server releases.

To address this, it's possible to specify a custom NGINX image in your values.yaml. This gives you full control—allowing you to fix known vulnerabilities, gain new features, or add required modules—ensuring better security, performance, and compliance with your org's policies.

Prerequisites (If Applicable):

Access to the Kubernetes cluster will be required in order to run the helm upgrade with updated values.yaml

Instructions:

1.  Step 1 - Add an image tag to values.yaml
   • As such

     nginx:
       image:
         tag: 1.27.0

2. Step 2 - Run Helm upgrade
   • Run the helm upgrade command, replacing the namespace, current version and values.yaml path in the command line:
     

     helm upgrade circleci-server oci://cciserver.azurecr.io/circleci-server -n <namespace> --version <current-version> -f <path-to-values.yaml>

Outcome:

NGINX and related deployments will be redeployed using the specified NGINX tag, pods will be restarted with the new NGINX version.

Additional Resources:

• Latest NGINX release information is available at https://nginx.org/news.html