Deployment

Self-hosting with Helm

14min

Installing

The JumpWire engine is available as a Helm chart, which provides a first-class method of installation on Kubernetes.

Requirements

  • Helm 3 or later

Steps

1) Add the Helm repository

Shell


2) Update your local Helm chart repository cache

Shell


3) Install JumpWire engine

This is a minimal setup required to run the engine:

Shell

  • token — root API token, should be 64-bytes long
  • domain — domain to serve proxy at; might be an arbitrary value for minimal setup.

For more advanced configuration, please refer to the next sections.

After the chart is installed, additional instructions will be displayed. Please read them to learn how the engine service can be accessed.

TLS configuration

If you want to enable secure connections to the JumpWire proxy, TLS must be configured. You can both provide your own certificates or get them autogenerated.

Automatic provisioning

Certificates can be provisioned automatically with the help of a cert-manager. The first step is to install it, e.g.:

Shell


The next step is to configure the certificate issuer, according to https://cert-manager.io/docs/configuration/. Here is an example of a self-signed issuer:

Shell


In a production scenario, you should use issuers like Cloudflare or Google CloudDNS.

After that, the JumpWire chart can be installed with the following values:

Shell


Manual provisioning

If you already have generated certificates, you can pass them directly to the chart:

Shell


Access configuration

Depending if you want to access the JumpWire proxy within the cluster, or access it from outside, the service needs to be configured appropriately.

ClusterIP

This is the default mode, which makes the engine accessible from within the cluster only. If you want to reach it temporarily from the outside, you can use the Kubernetes proxy, e.g.:

Shell


LoadBalancer

Using LoadBalancer is a simple way to expose the engine to external traffic. It can be also combined with external DNS:

Shell


Ingress

This is the most flexible way of exposing service, but the most complicated to set up. To enable Ingress and allow accessing proxy via your-domain.com URL, use the following values:

Shell


You can also configure additional TLS, e.g.:

Shell


Remember to update domain DNS records to point them to the IP of Ingress.

Uninstalling

You can uninstall the engine with the following command:

Shell


If you installed cert-manager, then you might uninstall it as well.