From 02f5c69b863380c10b8b8b1211df925b59c4e4a3 Mon Sep 17 00:00:00 2001 From: Antoine Date: Sat, 13 Jul 2024 17:22:57 +0200 Subject: [PATCH] firezone: improve docs (#27) * firezone-relay: enforce one replica * firezone-relay: specify UDP protocol * firezone: improve docs * firezone: bump chart version * firezone-relay: bump chart version --- firezone-relay/Chart.yaml | 2 +- firezone-relay/README.md | 4 ++-- firezone-relay/templates/deployment.yaml | 2 +- firezone-relay/values.yaml | 1 - firezone/Chart.yaml | 2 +- firezone/README.md | 20 +++++++++++++++++++- firezone/values.yaml | 2 +- 7 files changed, 25 insertions(+), 8 deletions(-) diff --git a/firezone-relay/Chart.yaml b/firezone-relay/Chart.yaml index bb35674..e257a37 100644 --- a/firezone-relay/Chart.yaml +++ b/firezone-relay/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: firezone-relay -version: 0.9.0 +version: 0.9.1 appVersion: 7c2796c71676fcd506d8ccc87b8fd89198ccff24 type: application description: A Helm chart for deploying a firezone relay diff --git a/firezone-relay/README.md b/firezone-relay/README.md index b2520ae..fb90877 100644 --- a/firezone-relay/README.md +++ b/firezone-relay/README.md @@ -16,8 +16,8 @@ helm install \ If you selfhost Firezone, you'll also need to set `config.apiUrl` You must provide the IPV4 and/or IPV6 on which clients or gateways can contact the relay. It must be accessible on multiple ports: -- `config.listenPort` -- `config.TURNLowestPort` - `config.TURNHighestPort` +- `config.listenPort` (UDP) +- `config.TURNLowestPort` - `config.TURNHighestPort` (UDP) This helm chart only creates a service with these ports, you need to make it accessible on the provided IPV4/IPV6. diff --git a/firezone-relay/templates/deployment.yaml b/firezone-relay/templates/deployment.yaml index 6757bdd..fa65208 100644 --- a/firezone-relay/templates/deployment.yaml +++ b/firezone-relay/templates/deployment.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "firezone-relay.labels" . | nindent 4 }} spec: - replicas: {{ .Values.replicas }} + replicas: 1 revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} selector: matchLabels: diff --git a/firezone-relay/values.yaml b/firezone-relay/values.yaml index b573144..ac17518 100644 --- a/firezone-relay/values.yaml +++ b/firezone-relay/values.yaml @@ -36,7 +36,6 @@ config: # Example value: localhost:4317 endpoint: -replicas: 1 revisionHistoryLimit: 10 envFrom: [] diff --git a/firezone/Chart.yaml b/firezone/Chart.yaml index e82aa6c..46dd135 100644 --- a/firezone/Chart.yaml +++ b/firezone/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: firezone -version: 0.8.3 +version: 0.8.4 appVersion: 7c2796c71676fcd506d8ccc87b8fd89198ccff24 type: application description: A Helm chart for deploying firezone diff --git a/firezone/README.md b/firezone/README.md index 1e67686..223b7fa 100644 --- a/firezone/README.md +++ b/firezone/README.md @@ -5,4 +5,22 @@ Before trying to deploy Firezone, please be aware of the architecture of the project: https://www.firezone.dev/kb/architecture/core-components -You'll need many secrets and a postgres database in order to deploy Firezone. +Self hosting Firezone is not easy and the architecture is more complex than +Firezone 0.7. In order to deploy Firezone, many secrets and a postgres database +are needed. You must also not be afraid to read the Firezone source code ! + +By default no account is provisioned, you can either sign up using the website +(if your email adapter is configured) or create an account from Elixir's +interactive shell. + +### Notes: + +For some features of Firezone, you'll need to both: + - Enable them globally in the chart `config.features.{}.enabled = true` + - Enable them per account in the database + +If you want to enable Location-restricted policies, you'll need a load +balancer which injects several headers depending of the client's IP: + - `X-Geo-Location-Region` + - `X-Geo-Location-City` + - `X-Geo-Location-Coordinates` diff --git a/firezone/values.yaml b/firezone/values.yaml index f642f89..498b578 100644 --- a/firezone/values.yaml +++ b/firezone/values.yaml @@ -124,7 +124,7 @@ global: # deployment tutorials dockerRegistry: ghcr.io/firezone - # Common extra env for all pods, useful for feature flags + # Common extra env for all pods extraEnv: [] web: