website logo
⌘K
JumpWire Overview
Database Proxy
API Gateway
Concepts
Policies
Classifications
Databases
Clusters
Deployment
Self-hosting with AWS ECS
Self-hosting with Docker
Self-hosting with Helm
Components
Vault Integration
Configuration
Observability
Encryption key stores
Encryption format
Architecture
Docs powered by archbee 
19min

Self-hosting with Helm

Installing

The JumpWire engine is available as a Helm chart, which provides a first-class method of installation on Kubernetes.

Requirements

  • Helm 3 or later

Steps

1) Add the Helm repository

Shell
|


2) Update your local Helm chart repository cache

Shell
|


3) Install JumpWire engine

This is a minimal setup required to run the engine:

Shell
|

  • token — cluster token, available on the Configuration page.
  • domain — domain to serve proxy at; might be an arbitrary value for minimal setup.

For more advanced configuration, please refer to the next sections.

After the chart is installed, additional instructions will be displayed. Please read them to learn how the engine service can be accessed.

TLS configuration

If you want to enable secure connections to the JumpWire proxy, TLS must be configured. You can both provide your own certificates or get them autogenerated.

Automatic provisioning

Certificates can be provisioned automatically with the help of a cert-manager. The first step is to install it, e.g.:

Shell
|


The next step is to configure the certificate issuer, according to https://cert-manager.io/docs/configuration/. Here is an example of a self-signed issuer:

Shell
|


In a production scenario, you should use issuers like Cloudflare or Google CloudDNS.

After that, the JumpWire chart can be installed with the following values:

Shell
|


Manual provisioning

If you already have generated certificates, you can pass them directly to the chart:

Shell
|


Access configuration

Depending if you want to access the JumpWire proxy within the cluster, or access it from outside, the service needs to be configured appropriately.

ClusterIP

This is the default mode, which makes the engine accessible from within the cluster only. If you want to reach it temporarily from the outside, you can use Kubernetes proxy, e.g.:

Shell
|


LoadBalancer

Using LoadBalancer is a simple way to expose the engine to external traffic. It can be also combined with external DNS:

Shell
|


Ingress

This is the most flexible way of exposing service, but the most complicated to set up. To enable Ingress and allow accessing proxy via your-domain.com URL, use the following values:

Shell
|


You can also configure additional TLS, e.g.:

Shell
|


Remember to update domain DNS records to point them to the IP of Ingress.

Uninstalling

You can uninstall the engine with the following command:

Shell
|


If you installed cert-manager, then you might uninstall it as well.

Updated 03 Mar 2023
Did this page help you?
Yes
No
UP NEXT
Components
Docs powered by archbee 
TABLE OF CONTENTS
Installing
Requirements
Steps
TLS configuration
Automatic provisioning
Manual provisioning
Access configuration
ClusterIP
LoadBalancer
Ingress
Uninstalling