From 91d252ae0af31a23f058569e1122b4d30e82720c Mon Sep 17 00:00:00 2001
From: Nate J <natej@calegix.net>
Date: Wed, 5 Feb 2025 15:14:20 -0800
Subject: [PATCH] first commit

---
 gen-cnpg-and-firezone-new-new.sh | 144 +++++++++++++++
 gen-cnpg-and-firezone-new.sh     | 149 ++++++++++++++++
 gen-cnpg-and-firezone.sh         | 134 ++++++++++++++
 secret-generator.sh              |  61 +++++++
 values.yaml                      | 295 +++++++++++++++++++++++++++++++
 5 files changed, 783 insertions(+)
 create mode 100755 gen-cnpg-and-firezone-new-new.sh
 create mode 100755 gen-cnpg-and-firezone-new.sh
 create mode 100755 gen-cnpg-and-firezone.sh
 create mode 100755 secret-generator.sh
 create mode 100644 values.yaml

diff --git a/gen-cnpg-and-firezone-new-new.sh b/gen-cnpg-and-firezone-new-new.sh
new file mode 100755
index 0000000..881aebb
--- /dev/null
+++ b/gen-cnpg-and-firezone-new-new.sh
@@ -0,0 +1,144 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+#######################################################################
+### 1) CONFIGURATION
+#######################################################################
+
+# Namespace and resource names
+NAMESPACE="firezone"                 # Namespace where everything lives
+CLUSTER_NAME="cluster-firezone"      # CloudNativePG Cluster CR name
+SECRET_USER_NAME="firezone"          # Secret name for the normal DB user (used in bootstrap)
+SECRET_SUPERUSER_NAME="izadmin"      # Secret name for the Postgres superuser
+SECRET_FIREZONE="firezone-database"  # Secret name that Firezone will use
+
+# CloudNativePG cluster settings
+POSTGRES_IMAGE="ghcr.io/cloudnative-pg/postgresql:16.2"
+STORAGE_CLASS="ceph-block"
+STORAGE_SIZE="20Gi"
+
+# Database credentials and names
+# IMPORTANT: Firezone is trying to connect to a database named "firebase"
+# so we set DB_NAME to "firebase" here.  If you prefer a different name,
+# you must update Firezone’s configuration accordingly.
+DB_NAME="firebase"        # The database to be created by initdb
+DB_APP_USER="firezone"    # The owner (normal DB user) for the database
+DB_SUPERUSER="postgres"   # Typical Postgres superuser name
+
+# Additional PostgreSQL parameters
+MAX_CONNECTIONS="200"
+SHARED_BUFFERS="256MB"
+
+# Generate random passwords (or set fixed ones if desired)
+DB_APP_PASSWORD="$(openssl rand -hex 16)"
+DB_SUPERUSER_PASSWORD="$(openssl rand -hex 16)"
+
+#######################################################################
+### 2) CREATE/UPDATE SECRETS FOR CLOUDNATIVE-PG
+#######################################################################
+
+echo "Creating/updating secrets for CloudNativePG..."
+
+# Secret for the normal DB user (used during initdb bootstrap)
+oc -n "$NAMESPACE" create secret generic "$SECRET_USER_NAME" \
+  --type=kubernetes.io/basic-auth \
+  --from-literal=username="$DB_APP_USER" \
+  --from-literal=password="$DB_APP_PASSWORD" \
+  --dry-run=client -o yaml | oc apply -f -
+
+# Secret for the Postgres superuser
+oc -n "$NAMESPACE" create secret generic "$SECRET_SUPERUSER_NAME" \
+  --type=kubernetes.io/basic-auth \
+  --from-literal=username="$DB_SUPERUSER" \
+  --from-literal=password="$DB_SUPERUSER_PASSWORD" \
+  --dry-run=client -o yaml | oc apply -f -
+
+echo "Secrets for CloudNativePG created/updated."
+
+#######################################################################
+### 3) HANDLE THE CLOUDNATIVE-PG CLUSTER CR (FOR INITDB)
+#######################################################################
+
+# The bootstrap (initdb) phase only runs when the cluster is first created.
+# To force a re‑initialization with the new settings, delete any existing cluster.
+
+if oc get cluster "$CLUSTER_NAME" -n "$NAMESPACE" >/dev/null 2>&1; then
+  echo "CloudNativePG Cluster '$CLUSTER_NAME' already exists."
+  echo "Deleting the existing cluster to force re‑initialization (initdb)..."
+  oc delete cluster "$CLUSTER_NAME" -n "$NAMESPACE"
+
+  # Wait until the cluster CR is fully deleted.
+  echo "Waiting for cluster '$CLUSTER_NAME' to be deleted..."
+  while oc get cluster "$CLUSTER_NAME" -n "$NAMESPACE" >/dev/null 2>&1; do
+    sleep 5
+  done
+  echo "Existing cluster deleted."
+fi
+
+echo "Creating CloudNativePG Cluster '$CLUSTER_NAME' with initdb bootstrap..."
+cat <<EOF | oc apply -n "$NAMESPACE" -f -
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: $CLUSTER_NAME
+spec:
+  description: "PostgreSQL cluster with replication"
+  imageName: "$POSTGRES_IMAGE"
+  instances: 3
+  primaryUpdateStrategy: unsupervised
+  postgresql:
+    parameters:
+      max_connections: "$MAX_CONNECTIONS"
+      shared_buffers: "$SHARED_BUFFERS"
+      pg_stat_statements.max: "10000"
+      pg_stat_statements.track: "all"
+      auto_explain.log_min_duration: "10s"
+    pg_hba:
+      - host all all 10.128.0.0/16 md5
+  bootstrap:
+    initdb:
+      database: "$DB_NAME"
+      owner: "$DB_APP_USER"
+      secret:
+        name: "$SECRET_USER_NAME"
+  enableSuperuserAccess: true
+  superuserSecret:
+    name: "$SECRET_SUPERUSER_NAME"
+  storage:
+    storageClass: "$STORAGE_CLASS"
+    size: "$STORAGE_SIZE"
+  resources:
+    requests:
+      memory: "512Mi"
+      cpu: "1"
+  affinity:
+    enablePodAntiAffinity: true
+    topologyKey: failure-domain.beta.kubernetes.io/zone
+EOF
+
+echo "CloudNativePG Cluster '$CLUSTER_NAME' created (or re‑created)."
+echo "Waiting for CloudNativePG cluster to initialize (this may take a while)..."
+sleep 30
+
+#######################################################################
+### 4) UPDATE FIREZONE SECRETS WITH THE SAME DB CREDENTIALS
+#######################################################################
+
+echo "Updating Firezone secrets with matching DB credentials..."
+
+# Firezone uses these credentials to connect to the database.
+oc -n "$NAMESPACE" create secret generic "$SECRET_FIREZONE" \
+  --from-literal=username="$DB_APP_USER" \
+  --from-literal=password="$DB_APP_PASSWORD" \
+  --dry-run=client -o yaml | oc apply -f -
+
+echo "Firezone secrets updated with DB credentials."
+
+#######################################################################
+### 5) FINAL MESSAGE
+#######################################################################
+
+echo "Done!
+ - Secrets '$SECRET_USER_NAME' and '$SECRET_SUPERUSER_NAME' created/updated for CloudNativePG.
+ - CloudNativePG Cluster '$CLUSTER_NAME' was (re‑)created, triggering initdb (database: '$DB_NAME').
+ - Firezone secret '$SECRET_FIREZONE' updated with DB credentials."
diff --git a/gen-cnpg-and-firezone-new.sh b/gen-cnpg-and-firezone-new.sh
new file mode 100755
index 0000000..0088d71
--- /dev/null
+++ b/gen-cnpg-and-firezone-new.sh
@@ -0,0 +1,149 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+#######################################################################
+### 1) CONFIGURATION
+#######################################################################
+
+# Change these values as needed.
+NAMESPACE="firezone"                 # The namespace where everything will live.
+CLUSTER_NAME="cluster-firezone"      # The name for the CloudNativePG Cluster CR.
+SECRET_USER_NAME="firezone"          # The name of the Secret for the normal DB user.
+SECRET_SUPERUSER_NAME="izadmin"      # The name of the Secret for the Postgres superuser.
+SECRET_FIREZONE="firezone-database"  # The name of the Secret that Firezone will use.
+
+# CloudNativePG cluster settings.
+POSTGRES_IMAGE="ghcr.io/cloudnative-pg/postgresql:16.2"
+STORAGE_CLASS="ceph-block"
+STORAGE_SIZE="20Gi"
+
+# Database and Firezone credentials.
+# Firezone (or your application) is expecting a database with this name.
+DB_NAME="firezone"         # This is the database created during bootstrap (initdb).
+DB_APP_USER="firezone"     # The database owner (normal DB user).
+DB_SUPERUSER="postgres"    # The typical Postgres superuser name.
+
+# Additional PostgreSQL parameters.
+MAX_CONNECTIONS="200"
+SHARED_BUFFERS="256MB"
+
+# Generate random passwords for demo purposes.
+# If you want fixed passwords, you can set these manually.
+DB_APP_PASSWORD="$(openssl rand -hex 16)"
+DB_SUPERUSER_PASSWORD="$(openssl rand -hex 16)"
+
+#######################################################################
+### 2) CREATE/UPDATE SECRETS FOR CLOUDNATIVE-PG
+#######################################################################
+
+echo "Creating/updating secrets for CloudNativePG..."
+
+# Secret for the normal DB user (used during initdb bootstrap).
+oc -n "$NAMESPACE" create secret generic "$SECRET_USER_NAME" \
+  --type=kubernetes.io/basic-auth \
+  --from-literal=username="$DB_APP_USER" \
+  --from-literal=password="$DB_APP_PASSWORD" \
+  --dry-run=client -o yaml | oc apply -f -
+
+# Secret for the Postgres superuser.
+oc -n "$NAMESPACE" create secret generic "$SECRET_SUPERUSER_NAME" \
+  --type=kubernetes.io/basic-auth \
+  --from-literal=username="$DB_SUPERUSER" \
+  --from-literal=password="$DB_SUPERUSER_PASSWORD" \
+  --dry-run=client -o yaml | oc apply -f -
+
+echo "Secrets for CloudNativePG created/updated."
+
+#######################################################################
+### 3) HANDLE THE CLOUDNATIVE-PG CLUSTER CR (INITDB)
+#######################################################################
+
+# IMPORTANT: The bootstrap (initdb) phase runs only when the cluster is first created.
+# If the cluster already exists, then changes to bootstrap.initdb will not re-run.
+# To force a re‑initialization (to create the DB as specified), we delete the
+# existing cluster CR before re‑creating it.
+
+if oc get cluster "$CLUSTER_NAME" -n "$NAMESPACE" >/dev/null 2>&1; then
+  echo "CloudNativePG Cluster '$CLUSTER_NAME' already exists."
+  echo "Deleting the existing cluster to force re‑initialization (initdb)..."
+  oc delete cluster "$CLUSTER_NAME" -n "$NAMESPACE"
+
+  # Wait until the cluster CR is fully deleted.
+  echo "Waiting for cluster '$CLUSTER_NAME' to be deleted..."
+  while oc get cluster "$CLUSTER_NAME" -n "$NAMESPACE" >/dev/null 2>&1; do
+    sleep 5
+  done
+  echo "Existing cluster deleted."
+fi
+
+echo "Creating CloudNativePG Cluster '$CLUSTER_NAME' with initdb bootstrap..."
+cat <<EOF | oc apply -n "$NAMESPACE" -f -
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: $CLUSTER_NAME
+spec:
+  description: "PostgreSQL cluster with replication"
+  imageName: "$POSTGRES_IMAGE"
+  instances: 3
+  primaryUpdateStrategy: unsupervised
+  postgresql:
+    parameters:
+      max_connections: "$MAX_CONNECTIONS"
+      shared_buffers: "$SHARED_BUFFERS"
+      pg_stat_statements.max: "10000"
+      pg_stat_statements.track: "all"
+      auto_explain.log_min_duration: "10s"
+    pg_hba:
+      - host all all 10.128.0.0/16 md5
+  bootstrap:
+    initdb:
+      database: "$DB_NAME"
+      owner: "$DB_APP_USER"
+      secret:
+        name: "$SECRET_USER_NAME"
+  enableSuperuserAccess: true
+  superuserSecret:
+    name: "$SECRET_SUPERUSER_NAME"
+  storage:
+    storageClass: "$STORAGE_CLASS"
+    size: "$STORAGE_SIZE"
+  resources:
+    requests:
+      memory: "512Mi"
+      cpu: "1"
+  affinity:
+    enablePodAntiAffinity: true
+    topologyKey: failure-domain.beta.kubernetes.io/zone
+EOF
+
+echo "CloudNativePG Cluster '$CLUSTER_NAME' created (or re‑created)."
+
+# (Optional) Wait for the new cluster to be up and the bootstrap to complete.
+# Depending on your environment and operator, you might want to check a status field.
+# For demo purposes, we simply sleep for a short while.
+echo "Waiting for CloudNativePG cluster to initialize..."
+sleep 30
+
+#######################################################################
+### 4) UPDATE FIREZONE SECRETS WITH THE SAME DB CREDENTIALS
+#######################################################################
+
+echo "Updating Firezone secrets with matching DB credentials..."
+
+# Firezone (or your application) uses this secret to connect to the database.
+oc -n "$NAMESPACE" create secret generic "$SECRET_FIREZONE" \
+  --from-literal=username="$DB_APP_USER" \
+  --from-literal=password="$DB_APP_PASSWORD" \
+  --dry-run=client -o yaml | oc apply -f -
+
+echo "Firezone secrets updated with DB credentials."
+
+#######################################################################
+### 5) FINAL MESSAGE
+#######################################################################
+
+echo "Done!
+ - Secrets '$SECRET_USER_NAME' and '$SECRET_SUPERUSER_NAME' created/updated for CloudNativePG.
+ - CloudNativePG Cluster '$CLUSTER_NAME' was (re‑)created, triggering initdb (database: '$DB_NAME').
+ - Firezone secret '$SECRET_FIREZONE' updated with DB credentials."
diff --git a/gen-cnpg-and-firezone.sh b/gen-cnpg-and-firezone.sh
new file mode 100755
index 0000000..7e8b45f
--- /dev/null
+++ b/gen-cnpg-and-firezone.sh
@@ -0,0 +1,134 @@
+#!/usr/bin/env bash
+
+# Script: gen-cnpg-and-firezone.sh
+# Purpose: 
+#  1) Generate random credentials for a CloudNativePG cluster (app user + superuser)
+#  2) Create the Postgres Cluster CR in the same namespace
+#  3) Update the Firezone secrets with the same DB credentials
+#  4) Keep everything consistent for Firezone + CloudNativePG on OpenShift
+
+set -euo pipefail
+
+#######################################################################
+### 1) CONFIGURATION
+#######################################################################
+
+# Change these to your desired values
+NAMESPACE="firezone"      # The namespace where everything will live
+CLUSTER_NAME="cluster-firezone"            # The name for the CloudNativePG Cluster CR
+SECRET_USER_NAME="firezone"    # The name of the Secret for the normal DB user
+SECRET_SUPERUSER_NAME="izadmin"  # The name of the Secret for the Postgres superuser
+SECRET_FIREZONE="firezone-database"     # The name of the Secret that Firezone will use
+
+# CloudNativePG cluster settings
+POSTGRES_IMAGE="ghcr.io/cloudnative-pg/postgresql:16.2"
+STORAGE_CLASS="ceph-block"
+STORAGE_SIZE="20Gi"
+
+# Firezone expects certain DB credentials
+# We'll store them in global.database.username/password in the 'firezone-secrets' secret
+DB_NAME="firezone"
+DB_APP_USER="firezone"   # The owner of the DB
+DB_SUPERUSER="postgres"             # Typical Postgres superuser name
+
+# Additional Postgres parameters
+MAX_CONNECTIONS="200"
+SHARED_BUFFERS="256MB"
+
+# For demo, we generate random passwords. 
+# If you want fixed passwords, set them manually below.
+DB_APP_PASSWORD="$(openssl rand -hex 16)"
+DB_SUPERUSER_PASSWORD="$(openssl rand -hex 16)"
+
+#######################################################################
+### 2) CREATE/UPDATE SECRETS FOR CLOUDNATIVE-PG
+#######################################################################
+
+echo "Creating/updating secrets for CloudNativePG..."
+
+# 2.1 cluster-app-user (normal DB user)
+oc -n "$NAMESPACE" create secret generic "$SECRET_USER_NAME" \
+  --type=kubernetes.io/basic-auth \
+  --from-literal=username="$DB_APP_USER" \
+  --from-literal=password="$DB_APP_PASSWORD" \
+  --dry-run=client -o yaml | oc apply -f -
+
+# 2.2 cluster-superuser
+oc -n "$NAMESPACE" create secret generic "$SECRET_SUPERUSER_NAME" \
+  --type=kubernetes.io/basic-auth \
+  --from-literal=username="$DB_SUPERUSER" \
+  --from-literal=password="$DB_SUPERUSER_PASSWORD" \
+  --dry-run=client -o yaml | oc apply -f -
+
+echo "Secrets for CloudNativePG created/updated."
+
+#######################################################################
+### 3) CREATE/UPDATE THE CLOUDNATIVE-PG CLUSTER CR
+#######################################################################
+
+echo "Creating/updating CloudNativePG Cluster '${CLUSTER_NAME}'..."
+
+cat <<EOF | oc apply -n "$NAMESPACE" -f -
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: $CLUSTER_NAME
+spec:
+  description: "PostgreSQL cluster with replication"
+  imageName: "$POSTGRES_IMAGE"
+  instances: 3
+  primaryUpdateStrategy: unsupervised
+  postgresql:
+    parameters:
+      max_connections: "$MAX_CONNECTIONS"
+      shared_buffers: "$SHARED_BUFFERS"
+      pg_stat_statements.max: "10000"
+      pg_stat_statements.track: "all"
+      auto_explain.log_min_duration: "10s"
+    pg_hba:
+      - host all all 10.128.0.0/16 md5
+  bootstrap:
+    initdb:
+      database: "$DB_NAME"
+      owner: "$DB_APP_USER"
+      secret:
+        name: "$SECRET_USER_NAME"
+  enableSuperuserAccess: true
+  superuserSecret:
+    name: "$SECRET_SUPERUSER_NAME"
+  storage:
+    storageClass: "$STORAGE_CLASS"
+    size: "$STORAGE_SIZE"
+  resources:
+    requests:
+      memory: "512Mi"
+      cpu: "1"
+  affinity:
+    enablePodAntiAffinity: true
+    topologyKey: failure-domain.beta.kubernetes.io/zone
+EOF
+
+echo "CloudNativePG Cluster '${CLUSTER_NAME}' is created/updated."
+
+#######################################################################
+### 4) CREATE/UPDATE THE FIREZONE SECRETS WITH THE SAME DB CREDENTIALS
+#######################################################################
+
+echo "Updating Firezone secrets with matching DB credentials..."
+
+# We'll store them in the 'firezone-secrets' Secret under keys "username" and "password".
+# If you also want random keys/secrets for SECRET_KEY_BASE, etc., 
+# you can combine this with your existing Firezone secret generation approach.
+
+oc -n "$NAMESPACE" create secret generic "$SECRET_FIREZONE" \
+  --from-literal=username="$DB_APP_USER" \
+  --from-literal=password="$DB_APP_PASSWORD" \
+  --dry-run=client -o yaml | oc apply -f -
+
+echo "Firezone secrets updated with DB credentials."
+
+echo "Done! 
+ - Secrets '$SECRET_USER_NAME' and '$SECRET_SUPERUSER_NAME' created for CloudNativePG. 
+ - Cluster '$CLUSTER_NAME' created/updated. 
+ - Firezone secrets '$SECRET_FIREZONE' updated with DB credentials (username/password).
+"
diff --git a/secret-generator.sh b/secret-generator.sh
new file mode 100755
index 0000000..1b7219b
--- /dev/null
+++ b/secret-generator.sh
@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+
+# Script: gen-firezone-secrets.sh
+# Purpose: Generate all Firezone-required secrets as random hex values,
+#          and store them in an OpenShift secret.
+#          Configures Gmail as SMTP relay in OUTBOUND_EMAIL_ADAPTER_OPTS.
+
+set -euo pipefail
+
+# Change to your desired namespace (project name):
+NAMESPACE="firezone"
+SECRET_NAME="firezone-secrets"
+
+# Random hex strings for Firezone secrets (adjust byte sizes as needed).
+SECRET_KEY_BASE="$(openssl rand -hex 32)"
+LIVE_VIEW_SIGNING_SALT="$(openssl rand -hex 8)"
+COOKIE_SIGNING_SALT="$(openssl rand -hex 8)"
+COOKIE_ENCRYPTION_SALT="$(openssl rand -hex 8)"
+TOKENS_KEY_BASE="$(openssl rand -hex 32)"
+TOKENS_SALT="$(openssl rand -hex 8)"
+RELEASE_COOKIE="$(openssl rand -hex 16)"
+
+# Database credentials (example)
+DB_USERNAME="firezone_db_user"
+DB_PASSWORD="firezone_db_pass"
+
+# Gmail SMTP configuration
+# Replace these with your actual Gmail username & app password
+GMAIL_USERNAME="mcnugit@gmail.com"
+GMAIL_APP_PASSWORD="ugmu unau dtwn fppg"
+
+# We'll embed these in a JSON object that Swoosh can parse:
+OUTBOUND_EMAIL_ADAPTER_OPTS="$(cat <<EOF
+{
+  "relay": "smtp.gmail.com",
+  "username": "${GMAIL_USERNAME}",
+  "password": "${GMAIL_APP_PASSWORD}",
+  "port": 587,
+  "ssl": false,
+  "tls": "always",
+  "auth": "always"
+}
+EOF
+)"
+
+echo "Creating/updating Secret '$SECRET_NAME' in namespace '$NAMESPACE'..."
+
+oc -n "$NAMESPACE" create secret generic "$SECRET_NAME" \
+    --from-literal=SECRET_KEY_BASE="$SECRET_KEY_BASE" \
+    --from-literal=LIVE_VIEW_SIGNING_SALT="$LIVE_VIEW_SIGNING_SALT" \
+    --from-literal=COOKIE_SIGNING_SALT="$COOKIE_SIGNING_SALT" \
+    --from-literal=COOKIE_ENCRYPTION_SALT="$COOKIE_ENCRYPTION_SALT" \
+    --from-literal=TOKENS_KEY_BASE="$TOKENS_KEY_BASE" \
+    --from-literal=TOKENS_SALT="$TOKENS_SALT" \
+    --from-literal=RELEASE_COOKIE="$RELEASE_COOKIE" \
+    --from-literal=username="$DB_USERNAME" \
+    --from-literal=password="$DB_PASSWORD" \
+    --from-literal=OUTBOUND_EMAIL_ADAPTER_OPTS="$OUTBOUND_EMAIL_ADAPTER_OPTS" \
+    --dry-run=client -o yaml | oc apply -f -
+
+echo "Done! Your Firezone secrets have been created/updated."
diff --git a/values.yaml b/values.yaml
new file mode 100644
index 0000000..0664b0e
--- /dev/null
+++ b/values.yaml
@@ -0,0 +1,295 @@
+api:
+  affinity: {}
+  autoscaling:
+    enabled: false
+    maxReplicas: 100
+    minReplicas: 1
+    targetCPUUtilizationPercentage: 80
+  backgroundJobsEnabled: false
+  dnsConfig: {}
+  dnsPolicy: null
+  extraEnv: []
+  image:
+    pullPolicy: IfNotPresent
+    repository: ghcr.io/firezone/api
+    tag: ''
+  imagePullSecrets: []
+  ingress:
+    annotations: {}
+    className: ''
+    enabled: false
+    hosts:
+      - host: gate.calegix.net
+        paths:
+          - path: /
+            pathType: Prefix
+    tls: []
+  livenessProbe:
+    failureThreshold: 3
+    initialDelaySeconds: 0
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 1
+  nodeSelector: {}
+  pdb:
+    annotations: {}
+    enabled: false
+    labels: {}
+    maxUnavailable: ''
+    minAvailable: ''
+  podAnnotations: {}
+  podLabels: {}
+  podSecurityContext: {}
+  readinessProbe:
+    failureThreshold: 3
+    initialDelaySeconds: 0
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 1
+  releaseHostname: null
+  releaseName: firezone
+  replicaCount: 1
+  resources: {}
+  revisionHistoryLimit: 10
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+    readOnlyRootFilesystem: false
+    runAsGroup: null
+    runAsUser: null
+  service:
+    port: 8000
+    portName: http
+    targetPort: 8000
+    type: ClusterIP
+  serviceAccount:
+    annotations: {}
+    automount: true
+    create: true
+    name: ''
+  tolerations: []
+  volumeMounts: []
+  volumes: []
+clusterDomain: cluster.local
+domain:
+  affinity: {}
+  autoscaling:
+    enabled: false
+    maxReplicas: 100
+    minReplicas: 1
+    targetCPUUtilizationPercentage: 80
+  backgroundJobsEnabled: true
+  dnsConfig: {}
+  dnsPolicy: null
+  extraEnv: []
+  image:
+    pullPolicy: IfNotPresent
+    repository: ghcr.io/firezone/domain
+    tag: ''
+  imagePullSecrets: []
+  livenessProbe:
+    failureThreshold: 3
+    initialDelaySeconds: 0
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 1
+  nodeSelector: {}
+  pdb:
+    annotations: {}
+    enabled: false
+    labels: {}
+    maxUnavailable: ''
+    minAvailable: ''
+  podAnnotations: {}
+  podLabels: {}
+  podSecurityContext: {}
+  readinessProbe:
+    failureThreshold: 3
+    initialDelaySeconds: 0
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 1
+  releaseHostname: null
+  releaseName: firezone
+  replicaCount: 1
+  resources: {}
+  revisionHistoryLimit: 10
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+    readOnlyRootFilesystem: false
+    runAsGroup: null
+    runAsUser: null
+  serviceAccount:
+    annotations: {}
+    automount: true
+    create: true
+    name: ''
+  tolerations: []
+  volumeMounts: []
+  volumes: []
+fullnameOverride: ''
+global:
+  authProviders:
+    - token
+    - email
+  database:
+    database: firebase
+    host: firezone.firezone.svc.cluster.local
+    parameters: null
+    password:
+      key: password
+      secret: firezone-database
+    pool_size: null
+    port: 5432
+    ssl:
+      enabled: false
+      opts: null
+    username:
+      key: username
+      secret: firezone-database
+  dockerRegistry: ghcr.io/firezone
+  email:
+    adapter: Elixir.Swoosh.Adapters.SMTP
+    from: mcnugit@gmail.com
+    opts:
+      key: OUTBOUND_EMAIL_ADAPTER_OPTS
+      secret: firezone-secrets
+  erlangCluster:
+    cookie:
+      key: RELEASE_COOKIE
+      secret: firezone-secrets
+    custom:
+      adapter: null
+      opts: null
+    distributionPort: 9000
+    enableKubernetesClusterModule: true
+    epmdPort: 4369
+    kubernetes:
+      selector:
+        key: erlangcluster
+        value: firezone
+  externalApiURL: https://api.gate.calegix.net
+  externalApiWSURL: wss://api.gate.calegix.net
+  externalWebURL: https://gate.calegix.net
+  extraEnv: []
+  features:
+    flowActivities:
+      enabled: true
+    idpSync:
+      enabled: true
+    internetResource:
+      enabled: true
+    multiSiteResources:
+      enabled: true
+    policyConditions:
+      enabled: true
+    restApi:
+      enabled: true
+    selfHostedRelays:
+      enabled: true
+  logLevel: debug
+  otlp:
+    endpoint: null
+  phoenix:
+    cookieEncryptionSalt:
+      key: COOKIE_ENCRYPTION_SALT
+      secret: firezone-secrets
+    cookieSigningSalt:
+      key: COOKIE_SIGNING_SALT
+      secret: firezone-secrets
+    keyBase:
+      key: SECRET_KEY_BASE
+      secret: firezone-secrets
+    liveViewSalt:
+      key: LIVE_VIEW_SIGNING_SALT
+      secret: firezone-secrets
+  signup:
+    enabled: true
+    whitelistedDomains: []
+  tokens:
+    keyBase:
+      key: TOKENS_KEY_BASE
+      secret: firezone-secrets
+    salt:
+      key: TOKENS_SALT
+      secret: firezone-secrets
+nameOverride: ''
+web:
+  affinity: {}
+  autoscaling:
+    enabled: false
+    maxReplicas: 100
+    minReplicas: 1
+    targetCPUUtilizationPercentage: 80
+  backgroundJobsEnabled: false
+  dnsConfig: {}
+  dnsPolicy: null
+  extraEnv: []
+  image:
+    pullPolicy: IfNotPresent
+    repository: ghcr.io/firezone/web
+    tag: ''
+  imagePullSecrets: []
+  ingress:
+    annotations: {}
+    className: ''
+    enabled: false
+    hosts:
+      - host: chart-example.local
+        paths:
+          - path: /
+            pathType: Prefix
+    tls: []
+  livenessProbe:
+    failureThreshold: 3
+    initialDelaySeconds: 0
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 1
+  nodeSelector: {}
+  pdb:
+    annotations: {}
+    enabled: false
+    labels: {}
+    maxUnavailable: ''
+    minAvailable: ''
+  podAnnotations: {}
+  podLabels: {}
+  podSecurityContext: {}
+  readinessProbe:
+    failureThreshold: 3
+    initialDelaySeconds: 0
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 1
+  releaseHostname: null
+  releaseName: firezone
+  replicaCount: 1
+  resources: {}
+  revisionHistoryLimit: 10
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+    readOnlyRootFilesystem: false
+    runAsGroup: null
+    runAsUser: mull
+  service:
+    port: 8000
+    portName: http
+    targetPort: 8000
+    type: ClusterIP
+  serviceAccount:
+    annotations: {}
+    automount: true
+    create: true
+    name: ''
+  tolerations: []
+  volumeMounts: []
+  volumes: []