GitHub

Docs

Getting started on Helm§

The Helm chart is community-maintained

TL;DR§

Prerequisites§

  • Kubernetes cluster (1.19+)
  • Helm 3.x installed
  • kubectl configured to access your cluster

Quick Start§

Install from Official Chart§

The official Helm chart is available in the Warpgate repository. Clone the repository and install from the local chart:

git clone https://github.com/warp-tech/warpgate.git
cd warpgate/helm/warpgate
helm install warpgate . \
  --namespace warpgate \
  --create-namespace

Automatic Setup§

The Helm chart includes automatic setup via a Kubernetes Job (recommended) or initContainer. Create a secret with the admin password:

kubectl create secret generic warpgate-secret \
  --from-literal=adminPassword='your-secure-password' \
  --namespace warpgate

Then install with setup enabled:

cd warpgate/helm/warpgate
helm install warpgate . \
  --namespace warpgate \
  --create-namespace \
  --set setup.enabled=true \
  --set data.pvc.enabled=true \
  --set setup.envFromSecret.WARPGATE_ADMIN_PASSWORD=warpgate-secret/adminPassword

Configuration§

For the complete list of available configuration options, see the full Helm values file.

Basic Values§

Create a values.yaml file to customize your deployment:

image:
  repository: ghcr.io/warp-tech/warpgate
  tag: "0.16.0"
  pullPolicy: IfNotPresent

# Automatic setup configuration
setup:
  enabled: true
  type: "job"  # or "podinit"
  envFromSecret:
    WARPGATE_ADMIN_PASSWORD: "warpgate-secret/adminPassword"

  # Ports to expose
  ssh: 2222
  http: 8888
  mysql: 33306
  pgsql: 55432

  # Optional: External database
  # databaseUrl: "postgres://user:password@postgres-service:5432/warpgate"

# Persistent storage
data:
  pvc:
    enabled: true
    template:
      accessModes: ["ReadWriteOnce"]
      resources:
        requests:
          storage: 10Gi

# Service configuration
service:
  type: ClusterIP
  ports:
    ssh: 2222
    http: 8888
    mysql: 33306
    pgsql: 55432

# Resource limits
resources:
  requests:
    memory: "256Mi"
    cpu: "250m"
  limits:
    memory: "512Mi"
    cpu: "500m"

Install with custom values:

cd warpgate/helm/warpgate
helm install warpgate . \
  --namespace warpgate \
  --create-namespace \
  --values values.yaml

Persistent Storage§

Warpgate requires persistent storage when using the built-in SQLite database. The chart supports both PersistentVolumeClaim and emptyDir:

data:
  pvc:
    enabled: true  # Use PVC for persistence
    claimName: ""  # Use existing PVC (optional)
    template:
      accessModes: ["ReadWriteOnce"]
      storageClassName: "fast-ssd"
      resources:
        requests:
          storage: 10Gi

SQLite and Replicas

Do NOT increase replicaCount above 1 when using SQLite as the database. For high availability, use an external PostgreSQL database.

External Database§

To use an external PostgreSQL or MySQL database:

setup:
  enabled: true
  databaseUrl: "postgres://user:password@postgres-service:5432/warpgate"

data:
  pvc:
    enabled: false  # Can use emptyDir with external DB

Service Configuration§

For production deployments, configure the service type and ports:

service:
  type: LoadBalancer  # or NodePort, ClusterIP
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
  ports:
    ssh: 2222
    http: 8888
    mysql: 33306
    pgsql: 55432

Ingress Configuration§

Enable Ingress for HTTP access:

ingress:
  enabled: true
  className: "nginx"
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
  hosts:
    - host: warpgate.example.com
      paths:
        - path: /
          pathType: Prefix
  tls:
    - secretName: warpgate-tls
      hosts:
        - warpgate.example.com

SSH Keys and TLS Certificates§

Provide SSH keys and TLS certificates via Kubernetes secrets:

# Create secret with SSH keys
kubectl create secret generic warpgate-ssh-keys \
  --from-file=host-ed25519=./host-ed25519 \
  --from-file=host-rsa=./host-rsa \
  --from-file=client-ed25519=./client-ed25519 \
  --from-file=client-rsa=./client-rsa \
  --namespace warpgate

# Create secret with TLS certificate
kubectl create secret tls warpgate-tls \
  --cert=./tls.crt \
  --key=./tls.key \
  --namespace warpgate

Reference in values.yaml:

ssh_keys_secret: "warpgate-ssh-keys"
tls_cert_secret: "warpgate-tls"

Custom Configuration§

To provide a full custom Warpgate configuration:

overrides_config: |
  # Your complete warpgate.yaml configuration here
  # Ensure ports match the service configuration

Upgrading§

To upgrade Warpgate to a new version, pull the latest chart and upgrade:

cd warpgate/helm/warpgate
git pull origin main
helm upgrade warpgate . \
  --namespace warpgate \
  --set image.tag=0.17.0

Uninstalling§

To remove Warpgate:

helm uninstall warpgate --namespace warpgate

Data Persistence

Uninstalling with Helm will remove the deployment, but persistent volume claims (PVCs) are retained by default. To remove all data:

kubectl delete pvc -l app.kubernetes.io/name=warpgate -n warpgate

Troubleshooting§

Check Pod Status§

kubectl get pods -n warpgate
kubectl describe pod <pod-name> -n warpgate
kubectl logs <pod-name> -n warpgate

Check Setup Job§

If using automatic setup with Job mode:

kubectl get jobs -n warpgate
kubectl logs job/warpgate-setup -n warpgate

Access Warpgate Admin UI§

Get the service endpoint:

kubectl get svc -n warpgate

If using LoadBalancer or NodePort, access the HTTP port (default 8888) in your browser.

For ClusterIP, use port-forwarding:

kubectl port-forward svc/warpgate 8888:8888 -n warpgate

Then access http://localhost:8888 in your browser.

Verify Persistent Volume§

kubectl get pvc -n warpgate
kubectl describe pvc <pvc-name> -n warpgate

View Configuration§

Check the generated configuration:

kubectl exec -it deployment/warpgate -n warpgate -- cat /data/warpgate.yaml

Up next§

← Docker
Previous SSH →
Next