Add disclaimer for Tornjak usage to example

spiffe · May 12, 2023 · 10a5e45 · 10a5e45
1 parent 33f79b9
commit 10a5e45
Showing 1 changed file with 20 additions and 2 deletions.
diff --git a/examples/tornjak/README.md b/examples/tornjak/README.md
@@ -1,5 +1,7 @@
 # Recommended setup to deploy Tornjak
 
+> **Warning**: The current version of Tornjak in this chart is deployed without authentication. Therefore it is not suitable to run this version in production.
+
 To install Spire with the least privileges possible we deploy spire across 2 namespaces.
 
 ```shell
@@ -9,11 +11,27 @@ kubectl create namespace "spire-server"
 kubectl label namespace "spire-server" pod-security.kubernetes.io/enforce=restricted
 
 # deploy SPIRE with Tornjak enabled
-helm upgrade --install --namespace spire-server --values ../production/values.yaml \
- --values ./values.yaml spire charts/spire
+helm upgrade --install --namespace spire-server \
+  --values ../production/values.yaml \
+  --values ./values.yaml \
+  --render-subchart-notes \
+  spire charts/spire
 
 # test the Tornjak deployment
 helm test spire -n spire-server
 ```
 
+## Access tornjak
+
+To access Tornjak you will have to use port-forwarding for the time being *(until we add authentication and ingress)*.
+
+Run following commands from your shell, if you ran with different values your namespace might differ. Consult the install notes printed when running above `helm upgrade` command in that case.
+
+```shell
+kubectl -n spire-server port-forward service/spire-tornjak-backend 10000:10000
+kubectl -n spire-server port-forward service/spire-tornjak-frontend 3000:3000
+```
+
+You can now access Tornjak at [localhost:3000](http://localhost:3000).
+
 See [values.yaml](./values.yaml) for more details on the chart configurations to achieve this setup.