Deployment
Self-hosting with Helm

19min
Installing
The JumpWire engine is available as a Helm chart, which provides a first-class method of installation on Kubernetes.
Requirements
Helm 3 or later
Steps
1) Add the Helm repository
Shell
|
$ helm repo add jumpwire https://charts.jumpwire.io
$ helm repo add jumpwire https://charts.jumpwire.io
﻿
2) Update your local Helm chart repository cache
Shell
|
$ helm repo update
$ helm repo update
﻿
3) Install JumpWire engine
This is a minimal setup required to run the engine:
Shell
|
$ helm install \
  --set token=eyJ[...]Eg \
  --set domain=NO_PROXY_DOMAIN_SET \
  my-jw-release jumpwire/jumpwire
$ helm install \
  --set token=eyJ[...]Eg \
  --set domain=NO_PROXY_DOMAIN_SET \
  my-jw-release jumpwire/jumpwire
﻿
token — root API token, should be 64-bytes long
domain — domain to serve proxy at; might be an arbitrary value for minimal setup.
For more advanced configuration, please refer to the next sections. 
After the chart is installed, additional instructions will be displayed. Please read them to learn how the engine service can be accessed.
TLS configuration
If you want to enable secure connections to the JumpWire proxy, TLS must be configured. You can both provide your own certificates or get them autogenerated.
Automatic provisioning
Certificates can be provisioned automatically with the help of a cert-manager. The first step is to install it, e.g.:
Shell
|
$ helm repo add jetstack https://charts.jetstack.io && helm repo update
$ helm install \
  --namespace cert-manager \
  --create-namespace \
  --version v1.9.1 \
  --set installCRDs=true \
  cert-manager jetstack/cert-manager
$ helm repo add jetstack https://charts.jetstack.io && helm repo update
$ helm install \
  --namespace cert-manager \
  --create-namespace \
  --version v1.9.1 \
  --set installCRDs=true \
  cert-manager jetstack/cert-manager
﻿
The next step is to configure the certificate issuer, according to https://cert-manager.io/docs/configuration/. Here is an example of a self-signed issuer:
Shell
|
$ cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
 name: my-cluster-issuer
spec:
 selfSigned: {}
EOF
$ cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
 name: my-cluster-issuer
spec:
 selfSigned: {}
EOF
﻿
In a production scenario, you should use issuers like Cloudflare or Google CloudDNS.
After that, the JumpWire chart can be installed with the following values:
Shell
|
  --set certificate.create=true \
  --set certificate.issuerRef.name=my-cluster-issuer \
  --set certificate.create=true \
  --set certificate.issuerRef.name=my-cluster-issuer \
﻿
Manual provisioning
If you already have generated certificates, you can pass them directly to the chart:
Shell
|
  --set tls.cert=${CERT_CONTENT} \
  --set tls.key=${KEY_CONTENT} \
  --set tls.cert=${CERT_CONTENT} \
  --set tls.key=${KEY_CONTENT} \
﻿
Access configuration
Depending if you want to access the JumpWire proxy within the cluster, or access it from outside, the service needs to be configured appropriately.
ClusterIP
This is the default mode, which makes the engine accessible from within the cluster only. If you want to reach it temporarily from the outside, you can use the Kubernetes proxy, e.g.:
Shell
|
$ kubectl port-forward service/my-jumpwire-release 3306:3306
$ kubectl port-forward service/my-jumpwire-release 3306:3306
﻿
LoadBalancer
Using LoadBalancer is a simple way to expose the engine to external traffic. It can be also combined with external DNS:
Shell
|
  --set service.type=LoadBalancer \
  --set service.externalDns=true \
  --set service.type=LoadBalancer \
  --set service.externalDns=true \
﻿
Ingress
This is the most flexible way of exposing service, but the most complicated to set up. To enable Ingress and allow accessing proxy via your-domain.com URL, use the following values:
Shell
|
  --set domain=your-domain.com \
  --set ingress.enabled=true \
  --set ingress.hosts[0].host=your-domain.com \
  --set ingress.hosts[0].paths[0].path="/" \
  --set ingress.hosts[0].paths[0].pathType=Prefix \
  --set domain=your-domain.com \
  --set ingress.enabled=true \
  --set ingress.hosts[0].host=your-domain.com \
  --set ingress.hosts[0].paths[0].path="/" \
  --set ingress.hosts[0].paths[0].pathType=Prefix \
﻿
You can also configure additional TLS, e.g.:
Shell
|
  --set ingress.tls[0].secretName=your-tls-secret
  --set ingress.tls[0].hosts[0]=your-domain.com
  --set ingress.tls[0].secretName=your-tls-secret
  --set ingress.tls[0].hosts[0]=your-domain.com
﻿
Remember to update domain DNS records to point them to the IP of Ingress.
Uninstalling
You can uninstall the engine with the following command:
Shell
|
$ helm uninstall my-jw-release
$ helm uninstall my-jw-release
﻿
If you installed cert-manager, then you might uninstall it as well.