firezone: improve docs (#27)

* firezone-relay: enforce one replica * firezone-relay: specify UDP protocol * firezone: improve docs * firezone: bump chart version * firezone-relay: bump chart version
Intuinewin · Jul 13, 2024 · 02f5c69 · 02f5c69
1 parent 17d5902
commit 02f5c69
Show file tree

Hide file tree

Showing 7 changed files with 25 additions and 8 deletions.
diff --git a/firezone-relay/Chart.yaml b/firezone-relay/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: firezone-relay
-version: 0.9.0
+version: 0.9.1
 appVersion: 7c2796c71676fcd506d8ccc87b8fd89198ccff24
 type: application
 description: A Helm chart for deploying a firezone relay

diff --git a/firezone-relay/README.md b/firezone-relay/README.md
@@ -16,8 +16,8 @@ helm install \
 If you selfhost Firezone, you'll also need to set `config.apiUrl`
 
 You must provide the IPV4 and/or IPV6 on which clients or gateways can contact the relay. It must be accessible on multiple ports:
-- `config.listenPort`
-- `config.TURNLowestPort` - `config.TURNHighestPort`
+- `config.listenPort` (UDP)
+- `config.TURNLowestPort` - `config.TURNHighestPort` (UDP)
 
 This helm chart only creates a service with these ports, you need to make it accessible on the provided IPV4/IPV6.
 

diff --git a/firezone-relay/templates/deployment.yaml b/firezone-relay/templates/deployment.yaml
@@ -5,7 +5,7 @@ metadata:
   labels:
     {{- include "firezone-relay.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicas }}
+  replicas: 1
   revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
   selector:
     matchLabels:

diff --git a/firezone-relay/values.yaml b/firezone-relay/values.yaml
@@ -36,7 +36,6 @@ config:
     # Example value: localhost:4317
     endpoint:
 
-replicas: 1
 revisionHistoryLimit: 10
 
 envFrom: []

diff --git a/firezone/Chart.yaml b/firezone/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: firezone
-version: 0.8.3
+version: 0.8.4
 appVersion: 7c2796c71676fcd506d8ccc87b8fd89198ccff24
 type: application
 description: A Helm chart for deploying firezone

diff --git a/firezone/README.md b/firezone/README.md
@@ -5,4 +5,22 @@
 Before trying to deploy Firezone, please be aware of the architecture of the
 project: https://www.firezone.dev/kb/architecture/core-components
 
-You'll need many secrets and a postgres database in order to deploy Firezone.
+Self hosting Firezone is not easy and the architecture is more complex than
+Firezone 0.7. In order to deploy Firezone, many secrets and a postgres database
+are needed. You must also not be afraid to read the Firezone source code !
+
+By default no account is provisioned, you can either sign up using the website
+(if your email adapter is configured) or create an account from Elixir's
+interactive shell.
+
+### Notes:
+
+For some features of Firezone, you'll need to both:
+  - Enable them globally in the chart `config.features.{}.enabled = true`
+  - Enable them per account in the database
+
+If you want to enable Location-restricted policies, you'll need a load
+balancer which injects several headers depending of the client's IP:
+  - `X-Geo-Location-Region`
+  - `X-Geo-Location-City`
+  - `X-Geo-Location-Coordinates`
diff --git a/firezone/values.yaml b/firezone/values.yaml
@@ -124,7 +124,7 @@ global:
   # deployment tutorials
   dockerRegistry: ghcr.io/firezone
 
-  # Common extra env for all pods, useful for feature flags
+  # Common extra env for all pods
   extraEnv: []
 
 web: