Gateway
The bifrost gateway is a component deployed in a Kubernetes cluster that acts as a bridge between the bifrost agents and the bifrost portal. It enables less data to leave the cluster and avoids the need for each agent to have direct internet access.
Prerequisites
Section titled “Prerequisites”- An account in bifrost portal
- A Kubernetes cluster with remote access configured (for deploying Helm chart with CLI)
- Access credentials (registered client id and secret) created in the bifrost portal (under Organization → Settings -> Registered Clients)
- Helm 3.8 (or newer) installed (see Helm installation guide) that supports OCI-based registries
Installation
Section titled “Installation”The bifrost gateway can be installed via the official Helm chart hosted in a public OCI registry.
helm install bifrost-gateway \ --namespace bifrost --create-namespace \ --set auth.creds="<client_id>:<client_token_secret>" \ oci://public.ecr.aws/bifrostsec/charts/bifrost-gatewaybifrost-agent configuration
Section titled “bifrost-agent configuration”The bifrost-agent needs to be configured to connect to the gateway. The following extra parameter needs to be set:
server.url: URL of the bifrost gateway service, e.g.http://bifrost-gateway:8080
Example bifrost-agent deployment via helm chart:
helm install bifrost-agent \ --namespace bifrost --create-namespace \ --set agent.key=<AGENT_KEY> \ --set server.url=http://bifrost-gateway:8080 \ oci://public.ecr.aws/bifrostsec/charts/bifrost-agent