Bridge Client Helm Chart Installation
Install JFrog Bridge Client on Kubernetes using Helm charts.
This page describes how to install the Bridge Client service using a Helm chart.
Review and verify prerequisites before beginning installation.
To install the Bridge Client with a Helm Chart:
-
Add the JFrog Helm Charts repository to your Helm client and update the repository
helm repo add jfrog https://charts.jfrog.io helm repo update -
Create the
bridge-values.yamlfile as shown in the following example. Use the values of this jPD for thejfrogUrl,joinKey, andmasterKeyvariables.If the JPD uses a self-signed certificate for TLS communication, define a secret for the CA certificate and specify the secret in the tunnelClientCertificateSecretName field of the yaml file.
This file also defines local and remote endpoints to establish the tunnel.
## JPD URL is Mandatory jfrogUrl: https://your_self_managed_JPD:8082 ## Tunnel configuration is optional and can be done in Bridge Client UI. # tunnel: # client: # bridges: # default: # Client forwards requests to this local endpoint. # local: # url: https://sh-artifactory:8082 # Client opens a tunnel to this remote endpoint. # remote: # url: https://remote-saas.jfrog.io ## Token used to authenticate the client at the server endpoint to establish bridge connection. ## Token should have scope 'system:bridge:x' and be long-lived ## Token will be used for the the initial default bridge # tunnelClientToken: "token_string" ## Alternatively, use a pre-existing secret with a key called tunnel-client-token by specifying tunnelClientTokenSecretName tunnelClientTokenSecretName: "client-token" ## Name of the secret containing the certificate sent by the client to the remote endpoint during opening of the tunnel ## Bridge Server uses this certificate to validate requests before forwarding them ## Secret should contain 'tls_cert.crt' key with the certificate tunnelClientCertificateSecretName: "" ## certificates added to this secret will be copied to $JFROG_HOME/var/etc/security/keys/trusted directory customCertificates: enabled: false # certificateSecretName: router: serviceRegistry: ## Service registry (Access) TLS verification skipped if enabled insecure: true masterKey: joinKey: -
Install the Bridge chart
helm upgrade --install --values bridge-values.yaml bridge-client jfrog/bridge --namespace sh
The bridge-client pod becomes ready after the initial bridge connection is established.
Bridge Client Installation in an HA Cluster
To install the Bridge Client in an HA cluster of several JPDs, edit the values.yaml file in your Helm chart and change the value of replicaCount to 3 or more.
Install Bridge Client Service on the same Virtual Machine as Artifactory
In some Self-managed installations, each JFrog component is installed on its own virtual machine. This is not necessary for the Bridge service, which has a small footprint and low bandwidth.
To install and run the Bridge Client service on a self-hosted Artifactory instance:
-
Install the Bridge Client Service on the Artifactory machine.
-
Access the configuration file at
bridge/var/etc/system.yamland modify it as shown in the example below.- Update the router entry points to avoid port conflicts with Artifactory.
- The values of
node:idandnode:namemust be different from the values used in the Artifactorysystem.yamlfile.
shared: node: id: "bridge_NY_1" # Must be unique and unlike Artifactory or other nodes name: "bridge_NewYork_1" # Must be unique and unlike Artifactory or other nodes router: entrypoints: externalPort: "9082" internalPort: "9046" traefikApiPort: "9049" grpcPort: "9047" observability: httpPort: "9036" grpcPort: "9037"
Updated 13 days ago