fix: Added instruction to install NIM 2.19.0

content/nim/deploy/kubernetes/deploy-using-helm.md

@@ -22,6 +22,10 @@ The Helm chart has been renamed from `nginx-stable/nms-hybrid` to `nginx-stable/
 Make sure to update your chart references if you’re using version 2.20.0 or later.
 {{< /call-out >}}
 
+{{< call-out "note" "Versioning update from NGINX Instance Manager 2.20.0" >}}
+Helm chart versioning was reset with the chart rename in NGINX Instance Manager 2.20.0; `v2.0.0` is the first release under the new nginx-stable/nim chart name.
+{{< /call-out >}}
+
 
 ---
 
@@ -149,40 +153,40 @@ imagePullSecrets:
 apigw:
   image:
     repository: private-registry.nginx.com/nms/apigw
-    tag: 2.20.0
+    tag: <version>
 
 core:
   image:
     repository: private-registry.nginx.com/nms/core
-    tag: 2.20.0
+    tag: <version>
 
 dpm:
   image:
     repository: private-registry.nginx.com/nms/dpm
-    tag: 2.20.0
+    tag: <version>
 
 ingestion:
   image:
     repository: private-registry.nginx.com/nms/ingestion
-    tag: 2.20.0
+    tag: <version>
 
 integrations:
   image:
     repository: private-registry.nginx.com/nms/integrations
-    tag: 2.20.0
+    tag: <version>
 
 secmon:
   image:
     repository: private-registry.nginx.com/nms/secmon
-    tag: 2.20.0
+    tag: <version>
 
 utility:
   image:
     repository: private-registry.nginx.com/nms/utility
-    tag: 2.20.0
+    tag: <version>
 ```
 
-These values are required when pulling images from the NGINX private registry. The chart does not auto-resolve image tags. Update the tag: fields to match the NGINX Instance Manager version you want to install.
+These values are required when pulling images from the NGINX private registry. The chart does not auto-resolve image tags. Update the tag: fields to match the NGINX Instance Manager version you want to install referring the Helm chart table.
 
 Use the file with the `-f values.yaml` flag when installing the chart.
 
@@ -236,6 +240,11 @@ helm status nim -n nim
 
 You should see `STATUS: deployed` in the output.
 
+
+To help you choose the right NGINX Instance Manager chart version, see the following table:
+
+{{< include "nim/kubernetes/nms-chart-supported-module-versions.md" >}}
+
 ---
 
 ## Access the web interface
@@ -346,6 +355,108 @@ networkPolicies:
 
 ---
 
+## Helm deployment for NGINX Instance Manager 2.19
+
+### Create a Helm deployment values.yaml file
+
+The `values.yaml` file customizes the Helm chart installation without modifying the chart itself. You can use it to specify image repositories, environment variables, resource requests, and other settings.
+
+1. Create a `values.yaml` file similar to this example:
+
+    - In the `imagePullSecrets` section, add the credentials for your private Docker registry.
+    - Change the version tag to the version of NGINX Instance Manager you would like to install. Refer Helm chart table for versions.
+
+    {{< see-also >}} For details on creating a secret, see the Kubernetes [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) documentation. {{</ see-also >}}
+
+    ```yaml
+    imagePullSecrets:
+        - name: regcred
+    apigw:
+        image:
+            repository: private-registry.nginx.com/nms/apigw
+            tag: <version>
+    core:
+        image:
+            repository: private-registry.nginx.com/nms/core
+            tag: <version>
+    dpm:
+        image:
+            repository: private-registry.nginx.com/nms/dpm
+            tag: <version>
+    ingestion:
+        image:
+            repository: private-registry.nginx.com/nms/ingestion
+            tag: <version>
+    integrations:
+        image:
+            repository: private-registry.nginx.com/nms/integrations
+            tag: <version>
+    secmon:
+        image:
+            repository: private-registry.nginx.com/nms/secmon
+            tag: <version>
+    utility:
+        image:
+            repository: private-registry.nginx.com/nms/utility
+            tag: <version>
+    ```
+
+2. Save and close the `values.yaml` file.
+
+---
+
+### Install the chart
+
+Run the `helm install` command to deploy NGINX Instance Manager:
+
+1. Replace `<path-to-your-values.yaml>` with the path to your `values.yaml` file.
+2. Replace `YourPassword123#` with a secure password (containing a mix of uppercase, lowercase letters, numbers, and special characters).
+
+   {{< important >}} Remember to save the password for future use. Only the encrypted password is stored, and there's no way to recover or reset it if lost. {{< /important >}}
+
+
+```shell
+helm install -n nms-hybrid \
+--set adminPasswordHash=$(openssl passwd -6 'YourPassword123#') \
+nms nginx-stable/nms-hybrid \
+--create-namespace \
+-f <path-to-your-values.yaml> \
+--version <chart-version> \
+--wait
+```
+
+---
+
+### Upgrade NGINX Instance Manager
+
+To upgrade:
+
+1. [Update the Helm repository list](#add-repository).
+2. [Adjust your `values.yaml` file](#create-a-helm-deployment-values.yaml-file) if needed.
+3. To upgrade the NGINX Instance Manager deployment, run the following command. This command updates the `nms` deployment with a new version from the `nginx-stable/nms-hybrid` repository. It also hashes the provided password and uses the `values.yaml` file at the path you specify.
+4. Replace `<chart-version>` with the desired chart version of NGINX Instance Manager 2.19.x referring the Helm chart table. 
+
+   ```shell
+    helm upgrade -n nms \
+    --set nms-hybrid.adminPasswordHash=$(openssl passwd -6 'YourPassword123#') \
+    nms nginx-stable/nms-hybrid \
+    -f <path-to-your-values.yaml> \
+    --version <chart-version> \
+    --wait
+   ```
+
+   - Replace `<path-to-your-values.yaml>` with the path to the `values.yaml` file you created]({{< ref "/nim/deploy/kubernetes/deploy-using-helm.md#configure-chart" >}}).
+   - Replace `YourPassword123#` with a secure password that includes uppercase and lowercase letters, numbers, and special characters.
+
+      {{<call-out "important" "Save the password!" "" >}} Save this password for future use. Only the encrypted password is stored in Kubernetes, and you can’t recover or reset it later. {{</call-out>}}
+
+{{< call-out "note" "Upgrading from 2.18.0 or lower to 2.19.x" >}}
+If you’re upgrading from a deployment that used the legacy `nms` chart or release name, you’ll need to update the chart reference and adjust the release name as needed.
+The structure of values.yaml is different from previous releases.
+{{< /call-out >}}
+
+---
+
 ## Helm Deployment for NGINX Instance Manager 2.18 or lower
 
 ### Create a Helm deployment values.yaml file
@@ -414,10 +525,6 @@ nms nginx-stable/nms \
 --wait
 ```
 
-To help you choose the right NGINX Instance Manager chart version, see the table in:
-
-{{< include "nim/kubernetes/nms-chart-supported-module-versions.md" >}}
-
 ---
 
 ### Upgrade NGINX Instance Manager
@@ -462,9 +569,13 @@ openshift:
 
 This ensures pods can run with the user IDs required by NGINX Instance Manager services.
 
-{{< call-out "note" "Note" >}}
-If you see permission errors during deployment, your user account might not have access to manage SCCs. Contact a cluster administrator to request access.
-{{< /call-out >}}
+
+When `openshift.enabled: true` is set in the `values.yaml` file, the NGINX Instance Manager deployment automatically creates a **custom [Security Context Constraints](https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/authentication_and_authorization/managing-pod-security-policies) (SCCs)** and links it to the Service Account used by all pods.
+
+By default, OpenShift enforces strict security policies that require containers to run as **non-root** users. The NGINX Instance Manager deployment needs specific user IDs (UIDs) for certain services, such as **1000** for `nms` and **101** for `nginx` and `clickhouse`. Since the default SCCs do not allow these UIDs, a **custom SCC** is created. This ensures that the deployment can run with the necessary permissions while maintaining OpenShift’s security standards. The custom SCC allows these UIDs by setting the `runAsUser` field, which controls which users can run containers.
+
+{{< note >}} The NGINX Instance Manager deployment on OpenShift has been tested with OpenShift v4.13.0 Server. {{< /note >}}
+{{< note >}} If you see permission errors during deployment, your user account might not have access to manage SCCs. Contact a cluster administrator to request access. {{< /note >}}
 
 To verify that the SCC was created after installing the Helm chart, run: