Install Bridge Client Using Helm Charts
Install the JFrog Bridge Client on Kubernetes with Platform or standalone Helm charts to connect your self-managed JPD to JFrog Bridges.
This page explains how to install the Bridge Client service on a self-managed JPD using Helm charts.
| Installation method | When to use |
|---|---|
| Platform Helm chart | Enable the Bridge Client add-on in custom-values.yaml when you deploy the JFrog Platform with Helm. |
| Bridge Helm chart | Install Bridge Client as a standalone Helm release on Kubernetes. |
| HA cluster | Configure multiple Bridge Client instances. |
Before You Begin
Review and verify Bridge Client installation prerequisites, including JFrog Artifactory 7.125.4 or higher and Join Key and Master Key values for your JPD.
After You Complete This Procedure
Log in to the JPD on which you installed the Bridge Client, and add a JFrog Bridge.
Don't Define Bridges in YAML
Bridges you define directly in .yaml files appear in the Bridges table, but can't be managed using the Platform interface or the Bridge APIs. For more information, see Manage JFrog Bridges.
Use the procedure that matches your deployment:
- Install the Bridge Client with the Platform Helm Chart
- Install the Bridge Client with the Bridge Helm Chart
- Install Bridge Client in an HA Cluster
Install the Bridge Client with the Platform Helm Chart
Use this procedure when you deploy JFrog Platform with Helm and want to enable the Bridge Client add-on in your existing Platform values file.
To install the Bridge Client with the Platform Helm chart:
-
In the
custom-values.yamlfile, set the following option totrue:bridge: enabled: true -
Run the Helm upgrade command with the
custom-values.yamlfile as described in Install the JFrog Platform Using Helm Chart.
Install the Bridge Client with the Bridge Helm Chart
Use this procedure when you install the Bridge Client as a standalone Helm release on a self-managed JPD.
To install the Bridge Client with the Bridge Helm chart:
-
Add the JFrog Helm Charts repository to your Helm client and update the repository:
helm repo add jfrog https://charts.jfrog.io helm repo update -
Create the
bridge-values.yamlfile as shown in the following example. Use the values of this JPD for thejfrogUrl,joinKey, andmasterKeyvariables.If the JPD uses a self-signed certificate for TLS communication, define a secret for the CA certificate and specify the secret in the
tunnelClientCertificateSecretNamefield of the YAML file.This file also defines local and remote endpoints to establish the tunnel.
## JPD URL is Mandatory jfrogUrl: https://your_self_managed_JPD:8082 ## Tunnel configuration is optional and can be done in Bridge Client UI. # tunnel: # client: # bridges: # default: # Client forwards requests to this local endpoint. # local: # url: https://sh-artifactory:8082 # Client opens a tunnel to this remote endpoint. # remote: # url: https://remote-saas.jfrog.io ## Token used to authenticate the client at the server endpoint to establish bridge connection. ## Token should have scope 'system:bridge:x' and be long-lived ## Token will be used for the initial default bridge # tunnelClientToken: "token_string" ## Alternatively, use a pre-existing secret with a key called tunnel-client-token by specifying tunnelClientTokenSecretName # tunnelClientTokenSecretName: "client-token" ## Name of the secret containing the certificate sent by the client to the remote endpoint during opening of the tunnel ## Bridge Server uses this certificate to validate requests before forwarding them ## Secret should contain 'tls_cert.crt' key with the certificate tunnelClientCertificateSecretName: "" ## certificates added to this secret will be copied to $JFROG_HOME/var/etc/security/keys/trusted directory customCertificates: enabled: false # certificateSecretName: router: serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled insecure: true masterKey: joinKey:jfrogUrl — Mandatory JPD URL the Bridge Client registers against.
joinKey — Join Key for the self-managed JPD (see Manage Keys).
masterKey — Master Key for the self-managed JPD (see Manage Keys).
-
Install the Bridge chart:
helm upgrade --install --values <VALUES_FILE> <RELEASE_NAME> jfrog/bridge --namespace <NAMESPACE>Where:
<VALUES_FILE>: Path to your values file<RELEASE_NAME>: Helm release name<NAMESPACE>: Kubernetes namespace for the deployment
For example:
helm upgrade --install --values bridge-values.yaml bridge-client jfrog/bridge --namespace sh
Install Bridge Client in an HA Cluster
For high availability across several JPDs, run multiple Bridge Client replicas.
To install Bridge Client in an HA cluster:
- In the Helm chart
values.yamlfile, setreplicaCountto3or higher.
After You Install the Bridge Client Service
The bridge-client pod becomes ready after the initial bridge connection is established.
Log in to the self-managed JPD on which you installed the Bridge Client service and Add a JFrog Bridge.
Frequently Asked Questions
This section provides answers to frequently asked questions about installing the Bridge Client with Helm charts.
FAQs
Q: When should I use the Platform Helm chart instead of the Bridge Helm chart?
A: Use the Platform Helm chart procedure when you deploy the JFrog Platform with Helm and only need to set bridge.enabled: true in custom-values.yaml. Use the standalone Bridge chart procedure when Bridge Client runs as its own Kubernetes release.
Q: Which values must I set in bridge-values.yaml before helm install?
A: Set jfrogUrl, joinKey, and masterKey for your JPD. You can store the tunnel token in tunnelClientTokenSecretName instead of plain text. See Manage Keys for Join Key and Master Key values.
Q: How many replicas do I need for an HA Bridge Client deployment?
A: In the Helm chart values.yaml file, set replicaCount to 3 or higher. See Install Bridge Client in an HA Cluster.
Q: Why shouldn't I define bridges only in YAML files?
A: Bridges created only in .yaml appear in the Bridges table but can't be managed in the Platform UI or Bridge APIs. Define production bridges in the UI after install. See Add a JFrog Bridge.