Hi all, is it possible to deploy firezone inside kubernetes.
i’ve tried using this deployment but got some errors
apiVersion: apps/v1
kind: Deployment
metadata:
name: firezone
spec:
selector:
matchLabels:
app: firezone
app.kubernetes.io/name: firezone
app.kubernetes.io/component: firezone
template:
metadata:
labels:
app: firezone
app.kubernetes.io/name: firezone
app.kubernetes.io/component: firezone
annotations:
config.linkerd.io/skip-inbound-ports: "51820"
spec:
initContainers:
- image: busybox
name: sysctl
securityContext:
privileged: true
command:
- sh
- -c
- |
set -euo pipefail
sysctl -w net.ipv6.conf.all.disable_ipv6=0
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1
containers:
- name: firezone
image: firezone/firezone:0.7.30
securityContext:
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
resources:
requests:
memory: "128Mi"
cpu: "500m"
envFrom:
- secretRef:
name: firezone-env
env:
- name: EXTERNAL_URL
value: https://firezone.example.test
- name: DATABASE_HOST
value: postgresql
- name: DATABASE_USER
value: firezone
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: firezone-database
key: password-firezone
ports:
- containerPort: 13000
name: phoenix
- containerPort: 51820
name: wireguard
volumeMounts:
- mountPath: /var/firezone
name: firezone
volumes:
- name: firezone
persistentVolumeClaim:
claimName: firezone
Stream closed EOF for firezone/firezone-545c9d566b-mzlkn (linkerd-init)
Stream closed EOF for firezone/firezone-545c9d566b-mzlkn (sysctl)
firezone 08:09:55.131 erl_level=info application=ecto_sql domain=elixir file=lib/ecto/migrator.ex function=log/2 line=707 mfa=Ecto.Migrator.log/2 module=Ecto.Migrator pid=<0.95.0> [info] Migrations already up
firezone 08:09:56.412 erl_level=info application=phoenix domain=elixir file=lib/phoenix/endpoint/cowboy2_adapter.ex function=start_link/3 line=103 mfa=Phoenix.Endpoint.Cowboy2Adapter.start_link/3 module=Phoenix.Endpoint.Cowboy2Adapter pid=<0.375.0> [info] Running FzHttpWeb.Endpoint with cowboy 2.9.0 at 0.0.0.0:13000 (http)
firezone 08:09:56.415 erl_level=info application=phoenix domain=elixir file=lib/phoenix/endpoint/supervisor.ex function=log_access_url/2 line=425 mfa=Phoenix.Endpoint.Supervisor.log_access_url/2 module=Phoenix.Endpoint.Supervisor pid=<0.331.0> [info] Access FzHttpWeb.Endpoint at https://firezone.example.test
firezone 08:09:56.440 erl_level=notice domain=otp file=application_controller.erl function=info_exited/3 line=2119 mfa=:application_controller.info_exited/3 module=application_controller pid=<0.44.0> [notice] Application fz_wall exited: FzWall.Application.start(:normal, []) returned an error: shutdown: failed to start child: FzWall.Server
firezone ** (EXIT) an exception was raised:
firezone ** (RuntimeError) Unknown Error from command nft list table inet firezone. Error:
firezone
firezone
firezone (fz_wall 0.7.29) lib/fz_wall/cli/helpers/nft.ex:188: FzWall.CLI.Helpers.Nft.table_exists?/0
firezone (fz_wall 0.7.29) lib/fz_wall/cli/helpers/nft.ex:168: FzWall.CLI.Helpers.Nft.teardown_table/0
firezone (fz_wall 0.7.29) lib/fz_wall/cli/live.ex:15: FzWall.CLI.Live.setup_firewall/0
firezone (fz_wall 0.7.29) lib/fz_wall/server.ex:16: FzWall.Server.init/1
firezone (stdlib 4.2) gen_server.erl:851: :gen_server.init_it/2
firezone (stdlib 4.2) gen_server.erl:814: :gen_server.init_it/6
firezone (stdlib 4.2) proc_lib.erl:240: :proc_lib.init_p_do_apply/3
firezone {"Kernel pid terminated",application_controller,"{application_start_failure,fz_wall,{{shutdown,{failed_to_start_child,'Elixir.FzWall.Server',{#{'__exception__' => true,'__struct__' => 'Elixir.RuntimeError',message => <<\" Unknown Error from command nft list table inet firezone. Error:\n \n\">>},[{'Elixir.FzWall.CLI.Helpers.Nft','table_exists?',0,[{file,\"lib/fz_wall/cli/helpers/nft.ex\"},{line,188},{error_info,#{module => 'Elixir.Exception'}}]},{'Elixir.FzWall.CLI.Helpers.Nft',teardown_table,0,[{file,\"lib/fz_wall/cli/helpers/nft.ex\"},{line,168}]},{'Elixir.FzWall.CLI.Live',setup_firewall,0,[{file,\"lib/fz_wall/cli/live.ex\"},{line,15}]},{'Elixir.FzWall.Server',init,1,[{file,\"lib/fz_wall/server.ex\"},{line,16}]},{gen_server,init_it,2,[{file,\"gen_server.erl\"},{line,851}]},{gen_server,init_it,6,[{file,\"gen_server.erl\"},{line,814}]},{proc_lib,init_p_do_apply,3,[{file,\"proc_lib.erl\"},{line,240}]}]}}},{'Elixir.FzWall.Application',start,[normal,[]]}}}"}
firezone Kernel pid terminated (application_controller) ({application_start_failure,fz_wall,{{shutdown,{failed_to_start_child,'Elixir.FzWall.Server',{#{'__exception__' => true,'__struct__' => 'Elixir.RuntimeError',message => <<" Unknown Error from command nft list table inet firezone. Error:\n \n">>},[{'Elixir.FzWall.CLI.Helpers.Nft','table_exists?',0,[{file,"lib/fz_wall/cli/helpers/nft.ex"},{line,188},{error_info,#{module => 'Elixir.Exception'}}]},{'Elixir.FzWall.CLI.Helpers.Nft',teardown_table,0,[{file,"lib/fz_wall/cli/helpers/nft.ex"},{line,168}]},{'Elixir.FzWall.CLI.Live',setup_firewall,0,[{file,"lib/fz_wall/cli/live.ex"},{line,15}]},{'Elixir.FzWall.Server',init,1,[{file,"lib/fz_wall/server.ex"},{line,16}]},{gen_server,init_it,2,[{file,"gen_server.erl"},{line,851}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,814}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,240}]}]}}},{'Elixir.FzWall.Application',start,[normal,[]]}}})
firezone
firezone Crash dump is being written to: erl_crash.dump...done
Stream closed EOF for firezone/firezone-545c9d566b-mzlkn (firezone)