firezone icon indicating copy to clipboard operation
firezone copied to clipboard

Published 20 hours ago verified publisher icon firezone

Helm chart for Gateway

Open jamilbk opened this issue 2 years ago • 13 comments

Public issue for tracking work to support running Firezone in Kubernetes.

  • [ ] Helm chart for deploying the Firezone gateway
  • [ ] Test on popular cloud providers (AWS, GCP, Azure)
  • [ ] Test locally (minikube, Docker, k3s)
  • [ ] Add docs

Refs #260

jamilbk avatar Aug 08 '22 20:08 jamilbk

Hello @jamilbk I would like to help with the deployment of Firezone on K8s. I have an almost working configuration consisting of Terraform code that I am currently testing for compatibility with my cluster.

bartei avatar Nov 27 '22 02:11 bartei

Hi @jamilbk,

I wanted to let you know that I have created a Helm chart and I would love to contribute it. How can I go about contributing the code?

We've been using this chart for the past 2 months and it has been working well for us.

JSchlarb avatar Feb 08 '23 08:02 JSchlarb

@JSchlarb This is great, thank you so much for the contribution!

Thoughts @AndrewDryga? We may want to keep it in a separate repo and mark it as community-contributed for now until we can support it. Like https://github.com/firezone/azure-terraform-firezone and https://github.com/firezone/terraform-aws-firezone-vpn

jamilbk avatar Feb 08 '23 16:02 jamilbk

@JSchlarb Could you share the code you're currently using for the kubernetes deployment?

bartei avatar Feb 14 '23 17:02 bartei

@jamilbk we can host it in the main repo but explicitly mention that it's community-maintained in README. That should be enough

AndrewDryga avatar Feb 14 '23 17:02 AndrewDryga

What's the status of this Helm chart?

sonnysideup avatar Mar 17 '23 21:03 sonnysideup

@JSchlarb, joining @bartei request, could you please share your work? My team and I would be very grateful!

ayusavin avatar May 18 '23 07:05 ayusavin

Looks like someone has a wireguard chart here - https://github.com/bryopsida/wireguard-chart which should be over half the battle. If nothing surfaces soon, I'll start working on this and get it shared.

bkrugery avatar May 23 '23 17:05 bkrugery

Our architecture is changing pretty substantially for the 1.0 release. The portal and data plane will be decoupled, and all state management will be kept in the portal only.

Keeping this issue open to track work on a Helm chart for the data plane components (Relay, Gateway)

jamilbk avatar Sep 12 '23 18:09 jamilbk

Hej, If someone could give me a brief overlook over the services and architecture, i could take care of this.

Currently im using firezone 0.7 inside my Kubernetes cluster with a self written helmchart, but i doubt that this is feasible with the new architecture.

J-Ha avatar Nov 11 '23 23:11 J-Ha

@J-Ha Thanks for offering to contribute. Could I ask how you've set up your Firezone Helm chart currently? Is it a LoadBalancer Service?

The new architecture performs NAT traversal so you likely wouldn't need a Service at all and could just deploy the Gateway as a sidecar to each Pod you wanted to access, or as a static Pod itself to route access further into your cluster.

jamilbk avatar Nov 16 '23 15:11 jamilbk

Hej, yes at the moment my chart is just forming a deployment withe firezone container. There are 2 init containers in place to check the DB migration and to create the admin user. there is a load balancer, to reach the service.

i have looked a bit over the new services, therefor my doubts about the option to maintain the chart for the new architecture.

J-Ha avatar Nov 19 '23 10:11 J-Ha