Self-hosting with Helm
The JumpWire engine is available as a Helm chart, which provides a first-class method of installation on Kubernetes.
- Helm 3 or later
1) Add the Helm repository
2) Update your local Helm chart repository cache
3) Install JumpWire engine
This is a minimal setup required to run the engine:
- token — root API token, should be 64-bytes long
- domain — domain to serve proxy at; might be an arbitrary value for minimal setup.
For more advanced configuration, please refer to the next sections.
After the chart is installed, additional instructions will be displayed. Please read them to learn how the engine service can be accessed.
If you want to enable secure connections to the JumpWire proxy, TLS must be configured. You can both provide your own certificates or get them autogenerated.
Certificates can be provisioned automatically with the help of a cert-manager. The first step is to install it, e.g.:
The next step is to configure the certificate issuer, according to https://cert-manager.io/docs/configuration/. Here is an example of a self-signed issuer:
In a production scenario, you should use issuers like Cloudflare or Google CloudDNS.
After that, the JumpWire chart can be installed with the following values:
If you already have generated certificates, you can pass them directly to the chart:
Depending if you want to access the JumpWire proxy within the cluster, or access it from outside, the service needs to be configured appropriately.
This is the default mode, which makes the engine accessible from within the cluster only. If you want to reach it temporarily from the outside, you can use the Kubernetes proxy, e.g.:
Using LoadBalancer is a simple way to expose the engine to external traffic. It can be also combined with external DNS:
This is the most flexible way of exposing service, but the most complicated to set up. To enable Ingress and allow accessing proxy via your-domain.com URL, use the following values:
You can also configure additional TLS, e.g.:
Remember to update domain DNS records to point them to the IP of Ingress.
You can uninstall the engine with the following command:
If you installed cert-manager, then you might uninstall it as well.