njackson/okd_firezone
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

first commit

Browse source
This commit is contained in:
Nate J 2025-02-05 15:14:20 -08:00
commit 91d252ae0a
5 changed files with 783 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

144
gen-cnpg-and-firezone-new-new.sh Executable file
View file

@ -0,0 +1,144 @@
#!/usr/bin/env bash
set -euo pipefail
#######################################################################
### 1) CONFIGURATION
#######################################################################
# Namespace and resource names
NAMESPACE="firezone" # Namespace where everything lives
CLUSTER_NAME="cluster-firezone" # CloudNativePG Cluster CR name
SECRET_USER_NAME="firezone" # Secret name for the normal DB user (used in bootstrap)
SECRET_SUPERUSER_NAME="izadmin" # Secret name for the Postgres superuser
SECRET_FIREZONE="firezone-database" # Secret name that Firezone will use
# CloudNativePG cluster settings
POSTGRES_IMAGE="ghcr.io/cloudnative-pg/postgresql:16.2"
STORAGE_CLASS="ceph-block"
STORAGE_SIZE="20Gi"
# Database credentials and names
# IMPORTANT: Firezone is trying to connect to a database named "firebase"
# so we set DB_NAME to "firebase" here. If you prefer a different name,
# you must update Firezones configuration accordingly.
DB_NAME="firebase" # The database to be created by initdb
DB_APP_USER="firezone" # The owner (normal DB user) for the database
DB_SUPERUSER="postgres" # Typical Postgres superuser name
# Additional PostgreSQL parameters
MAX_CONNECTIONS="200"
SHARED_BUFFERS="256MB"
# Generate random passwords (or set fixed ones if desired)
DB_APP_PASSWORD="$(openssl rand -hex 16)"
DB_SUPERUSER_PASSWORD="$(openssl rand -hex 16)"
#######################################################################
### 2) CREATE/UPDATE SECRETS FOR CLOUDNATIVE-PG
#######################################################################
echo "Creating/updating secrets for CloudNativePG..."
# Secret for the normal DB user (used during initdb bootstrap)
oc -n "$NAMESPACE" create secret generic "$SECRET_USER_NAME" \
--type=kubernetes.io/basic-auth \
--from-literal=username="$DB_APP_USER" \
--from-literal=password="$DB_APP_PASSWORD" \
--dry-run=client -o yaml | oc apply -f -
# Secret for the Postgres superuser
oc -n "$NAMESPACE" create secret generic "$SECRET_SUPERUSER_NAME" \
--type=kubernetes.io/basic-auth \
--from-literal=username="$DB_SUPERUSER" \
--from-literal=password="$DB_SUPERUSER_PASSWORD" \
--dry-run=client -o yaml | oc apply -f -
echo "Secrets for CloudNativePG created/updated."
#######################################################################
### 3) HANDLE THE CLOUDNATIVE-PG CLUSTER CR (FOR INITDB)
#######################################################################
# The bootstrap (initdb) phase only runs when the cluster is first created.
# To force a reinitialization with the new settings, delete any existing cluster.
if oc get cluster "$CLUSTER_NAME" -n "$NAMESPACE" >/dev/null 2>&1; then
echo "CloudNativePG Cluster '$CLUSTER_NAME' already exists."
echo "Deleting the existing cluster to force reinitialization (initdb)..."
oc delete cluster "$CLUSTER_NAME" -n "$NAMESPACE"
# Wait until the cluster CR is fully deleted.
echo "Waiting for cluster '$CLUSTER_NAME' to be deleted..."
while oc get cluster "$CLUSTER_NAME" -n "$NAMESPACE" >/dev/null 2>&1; do
sleep 5
done
echo "Existing cluster deleted."
fi
echo "Creating CloudNativePG Cluster '$CLUSTER_NAME' with initdb bootstrap..."
cat <<EOF | oc apply -n "$NAMESPACE" -f -
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: $CLUSTER_NAME
spec:
description: "PostgreSQL cluster with replication"
imageName: "$POSTGRES_IMAGE"
instances: 3
primaryUpdateStrategy: unsupervised
postgresql:
parameters:
max_connections: "$MAX_CONNECTIONS"
shared_buffers: "$SHARED_BUFFERS"
pg_stat_statements.max: "10000"
pg_stat_statements.track: "all"
auto_explain.log_min_duration: "10s"
pg_hba:
- host all all 10.128.0.0/16 md5
bootstrap:
initdb:
database: "$DB_NAME"
owner: "$DB_APP_USER"
secret:
name: "$SECRET_USER_NAME"
enableSuperuserAccess: true
superuserSecret:
name: "$SECRET_SUPERUSER_NAME"
storage:
storageClass: "$STORAGE_CLASS"
size: "$STORAGE_SIZE"
resources:
requests:
memory: "512Mi"
cpu: "1"
affinity:
enablePodAntiAffinity: true
topologyKey: failure-domain.beta.kubernetes.io/zone
EOF
echo "CloudNativePG Cluster '$CLUSTER_NAME' created (or recreated)."
echo "Waiting for CloudNativePG cluster to initialize (this may take a while)..."
sleep 30
#######################################################################
### 4) UPDATE FIREZONE SECRETS WITH THE SAME DB CREDENTIALS
#######################################################################
echo "Updating Firezone secrets with matching DB credentials..."
# Firezone uses these credentials to connect to the database.
oc -n "$NAMESPACE" create secret generic "$SECRET_FIREZONE" \
--from-literal=username="$DB_APP_USER" \
--from-literal=password="$DB_APP_PASSWORD" \
--dry-run=client -o yaml | oc apply -f -
echo "Firezone secrets updated with DB credentials."
#######################################################################
### 5) FINAL MESSAGE
#######################################################################
echo "Done!
- Secrets '$SECRET_USER_NAME' and '$SECRET_SUPERUSER_NAME' created/updated for CloudNativePG.
- CloudNativePG Cluster '$CLUSTER_NAME' was (re)created, triggering initdb (database: '$DB_NAME').
- Firezone secret '$SECRET_FIREZONE' updated with DB credentials."

149
gen-cnpg-and-firezone-new.sh Executable file
View file

@ -0,0 +1,149 @@
#!/usr/bin/env bash
set -euo pipefail
#######################################################################
### 1) CONFIGURATION
#######################################################################
# Change these values as needed.
NAMESPACE="firezone" # The namespace where everything will live.
CLUSTER_NAME="cluster-firezone" # The name for the CloudNativePG Cluster CR.
SECRET_USER_NAME="firezone" # The name of the Secret for the normal DB user.
SECRET_SUPERUSER_NAME="izadmin" # The name of the Secret for the Postgres superuser.
SECRET_FIREZONE="firezone-database" # The name of the Secret that Firezone will use.
# CloudNativePG cluster settings.
POSTGRES_IMAGE="ghcr.io/cloudnative-pg/postgresql:16.2"
STORAGE_CLASS="ceph-block"
STORAGE_SIZE="20Gi"
# Database and Firezone credentials.
# Firezone (or your application) is expecting a database with this name.
DB_NAME="firezone" # This is the database created during bootstrap (initdb).
DB_APP_USER="firezone" # The database owner (normal DB user).
DB_SUPERUSER="postgres" # The typical Postgres superuser name.
# Additional PostgreSQL parameters.
MAX_CONNECTIONS="200"
SHARED_BUFFERS="256MB"
# Generate random passwords for demo purposes.
# If you want fixed passwords, you can set these manually.
DB_APP_PASSWORD="$(openssl rand -hex 16)"
DB_SUPERUSER_PASSWORD="$(openssl rand -hex 16)"
#######################################################################
### 2) CREATE/UPDATE SECRETS FOR CLOUDNATIVE-PG
#######################################################################
echo "Creating/updating secrets for CloudNativePG..."
# Secret for the normal DB user (used during initdb bootstrap).
oc -n "$NAMESPACE" create secret generic "$SECRET_USER_NAME" \
--type=kubernetes.io/basic-auth \
--from-literal=username="$DB_APP_USER" \
--from-literal=password="$DB_APP_PASSWORD" \
--dry-run=client -o yaml | oc apply -f -
# Secret for the Postgres superuser.
oc -n "$NAMESPACE" create secret generic "$SECRET_SUPERUSER_NAME" \
--type=kubernetes.io/basic-auth \
--from-literal=username="$DB_SUPERUSER" \
--from-literal=password="$DB_SUPERUSER_PASSWORD" \
--dry-run=client -o yaml | oc apply -f -
echo "Secrets for CloudNativePG created/updated."
#######################################################################
### 3) HANDLE THE CLOUDNATIVE-PG CLUSTER CR (INITDB)
#######################################################################
# IMPORTANT: The bootstrap (initdb) phase runs only when the cluster is first created.
# If the cluster already exists, then changes to bootstrap.initdb will not re-run.
# To force a reinitialization (to create the DB as specified), we delete the
# existing cluster CR before recreating it.
if oc get cluster "$CLUSTER_NAME" -n "$NAMESPACE" >/dev/null 2>&1; then
echo "CloudNativePG Cluster '$CLUSTER_NAME' already exists."
echo "Deleting the existing cluster to force reinitialization (initdb)..."
oc delete cluster "$CLUSTER_NAME" -n "$NAMESPACE"
# Wait until the cluster CR is fully deleted.
echo "Waiting for cluster '$CLUSTER_NAME' to be deleted..."
while oc get cluster "$CLUSTER_NAME" -n "$NAMESPACE" >/dev/null 2>&1; do
sleep 5
done
echo "Existing cluster deleted."
fi
echo "Creating CloudNativePG Cluster '$CLUSTER_NAME' with initdb bootstrap..."
cat <<EOF | oc apply -n "$NAMESPACE" -f -
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: $CLUSTER_NAME
spec:
description: "PostgreSQL cluster with replication"
imageName: "$POSTGRES_IMAGE"
instances: 3
primaryUpdateStrategy: unsupervised
postgresql:
parameters:
max_connections: "$MAX_CONNECTIONS"
shared_buffers: "$SHARED_BUFFERS"
pg_stat_statements.max: "10000"
pg_stat_statements.track: "all"
auto_explain.log_min_duration: "10s"
pg_hba:
- host all all 10.128.0.0/16 md5
bootstrap:
initdb:
database: "$DB_NAME"
owner: "$DB_APP_USER"
secret:
name: "$SECRET_USER_NAME"
enableSuperuserAccess: true
superuserSecret:
name: "$SECRET_SUPERUSER_NAME"
storage:
storageClass: "$STORAGE_CLASS"
size: "$STORAGE_SIZE"
resources:
requests:
memory: "512Mi"
cpu: "1"
affinity:
enablePodAntiAffinity: true
topologyKey: failure-domain.beta.kubernetes.io/zone
EOF
echo "CloudNativePG Cluster '$CLUSTER_NAME' created (or recreated)."
# (Optional) Wait for the new cluster to be up and the bootstrap to complete.
# Depending on your environment and operator, you might want to check a status field.
# For demo purposes, we simply sleep for a short while.
echo "Waiting for CloudNativePG cluster to initialize..."
sleep 30
#######################################################################
### 4) UPDATE FIREZONE SECRETS WITH THE SAME DB CREDENTIALS
#######################################################################
echo "Updating Firezone secrets with matching DB credentials..."
# Firezone (or your application) uses this secret to connect to the database.
oc -n "$NAMESPACE" create secret generic "$SECRET_FIREZONE" \
--from-literal=username="$DB_APP_USER" \
--from-literal=password="$DB_APP_PASSWORD" \
--dry-run=client -o yaml | oc apply -f -
echo "Firezone secrets updated with DB credentials."
#######################################################################
### 5) FINAL MESSAGE
#######################################################################
echo "Done!
- Secrets '$SECRET_USER_NAME' and '$SECRET_SUPERUSER_NAME' created/updated for CloudNativePG.
- CloudNativePG Cluster '$CLUSTER_NAME' was (re)created, triggering initdb (database: '$DB_NAME').
- Firezone secret '$SECRET_FIREZONE' updated with DB credentials."

134
gen-cnpg-and-firezone.sh Executable file
View file

@ -0,0 +1,134 @@
#!/usr/bin/env bash
# Script: gen-cnpg-and-firezone.sh
# Purpose:
# 1) Generate random credentials for a CloudNativePG cluster (app user + superuser)
# 2) Create the Postgres Cluster CR in the same namespace
# 3) Update the Firezone secrets with the same DB credentials
# 4) Keep everything consistent for Firezone + CloudNativePG on OpenShift
set -euo pipefail
#######################################################################
### 1) CONFIGURATION
#######################################################################
# Change these to your desired values
NAMESPACE="firezone" # The namespace where everything will live
CLUSTER_NAME="cluster-firezone" # The name for the CloudNativePG Cluster CR
SECRET_USER_NAME="firezone" # The name of the Secret for the normal DB user
SECRET_SUPERUSER_NAME="izadmin" # The name of the Secret for the Postgres superuser
SECRET_FIREZONE="firezone-database" # The name of the Secret that Firezone will use
# CloudNativePG cluster settings
POSTGRES_IMAGE="ghcr.io/cloudnative-pg/postgresql:16.2"
STORAGE_CLASS="ceph-block"
STORAGE_SIZE="20Gi"
# Firezone expects certain DB credentials
# We'll store them in global.database.username/password in the 'firezone-secrets' secret
DB_NAME="firezone"
DB_APP_USER="firezone" # The owner of the DB
DB_SUPERUSER="postgres" # Typical Postgres superuser name
# Additional Postgres parameters
MAX_CONNECTIONS="200"
SHARED_BUFFERS="256MB"
# For demo, we generate random passwords.
# If you want fixed passwords, set them manually below.
DB_APP_PASSWORD="$(openssl rand -hex 16)"
DB_SUPERUSER_PASSWORD="$(openssl rand -hex 16)"
#######################################################################
### 2) CREATE/UPDATE SECRETS FOR CLOUDNATIVE-PG
#######################################################################
echo "Creating/updating secrets for CloudNativePG..."
# 2.1 cluster-app-user (normal DB user)
oc -n "$NAMESPACE" create secret generic "$SECRET_USER_NAME" \
--type=kubernetes.io/basic-auth \
--from-literal=username="$DB_APP_USER" \
--from-literal=password="$DB_APP_PASSWORD" \
--dry-run=client -o yaml | oc apply -f -
# 2.2 cluster-superuser
oc -n "$NAMESPACE" create secret generic "$SECRET_SUPERUSER_NAME" \
--type=kubernetes.io/basic-auth \
--from-literal=username="$DB_SUPERUSER" \
--from-literal=password="$DB_SUPERUSER_PASSWORD" \
--dry-run=client -o yaml | oc apply -f -
echo "Secrets for CloudNativePG created/updated."
#######################################################################
### 3) CREATE/UPDATE THE CLOUDNATIVE-PG CLUSTER CR
#######################################################################
echo "Creating/updating CloudNativePG Cluster '${CLUSTER_NAME}'..."
cat <<EOF | oc apply -n "$NAMESPACE" -f -
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: $CLUSTER_NAME
spec:
description: "PostgreSQL cluster with replication"
imageName: "$POSTGRES_IMAGE"
instances: 3
primaryUpdateStrategy: unsupervised
postgresql:
parameters:
max_connections: "$MAX_CONNECTIONS"
shared_buffers: "$SHARED_BUFFERS"
pg_stat_statements.max: "10000"
pg_stat_statements.track: "all"
auto_explain.log_min_duration: "10s"
pg_hba:
- host all all 10.128.0.0/16 md5
bootstrap:
initdb:
database: "$DB_NAME"
owner: "$DB_APP_USER"
secret:
name: "$SECRET_USER_NAME"
enableSuperuserAccess: true
superuserSecret:
name: "$SECRET_SUPERUSER_NAME"
storage:
storageClass: "$STORAGE_CLASS"
size: "$STORAGE_SIZE"
resources:
requests:
memory: "512Mi"
cpu: "1"
affinity:
enablePodAntiAffinity: true
topologyKey: failure-domain.beta.kubernetes.io/zone
EOF
echo "CloudNativePG Cluster '${CLUSTER_NAME}' is created/updated."
#######################################################################
### 4) CREATE/UPDATE THE FIREZONE SECRETS WITH THE SAME DB CREDENTIALS
#######################################################################
echo "Updating Firezone secrets with matching DB credentials..."
# We'll store them in the 'firezone-secrets' Secret under keys "username" and "password".
# If you also want random keys/secrets for SECRET_KEY_BASE, etc.,
# you can combine this with your existing Firezone secret generation approach.
oc -n "$NAMESPACE" create secret generic "$SECRET_FIREZONE" \
--from-literal=username="$DB_APP_USER" \
--from-literal=password="$DB_APP_PASSWORD" \
--dry-run=client -o yaml | oc apply -f -
echo "Firezone secrets updated with DB credentials."
echo "Done!
- Secrets '$SECRET_USER_NAME' and '$SECRET_SUPERUSER_NAME' created for CloudNativePG.
- Cluster '$CLUSTER_NAME' created/updated.
- Firezone secrets '$SECRET_FIREZONE' updated with DB credentials (username/password).
"

61
secret-generator.sh Executable file
View file

@ -0,0 +1,61 @@
#!/usr/bin/env bash
# Script: gen-firezone-secrets.sh
# Purpose: Generate all Firezone-required secrets as random hex values,
# and store them in an OpenShift secret.
# Configures Gmail as SMTP relay in OUTBOUND_EMAIL_ADAPTER_OPTS.
set -euo pipefail
# Change to your desired namespace (project name):
NAMESPACE="firezone"
SECRET_NAME="firezone-secrets"
# Random hex strings for Firezone secrets (adjust byte sizes as needed).
SECRET_KEY_BASE="$(openssl rand -hex 32)"
LIVE_VIEW_SIGNING_SALT="$(openssl rand -hex 8)"
COOKIE_SIGNING_SALT="$(openssl rand -hex 8)"
COOKIE_ENCRYPTION_SALT="$(openssl rand -hex 8)"
TOKENS_KEY_BASE="$(openssl rand -hex 32)"
TOKENS_SALT="$(openssl rand -hex 8)"
RELEASE_COOKIE="$(openssl rand -hex 16)"
# Database credentials (example)
DB_USERNAME="firezone_db_user"
DB_PASSWORD="firezone_db_pass"
# Gmail SMTP configuration
# Replace these with your actual Gmail username & app password
GMAIL_USERNAME="mcnugit@gmail.com"
GMAIL_APP_PASSWORD="ugmu unau dtwn fppg"
# We'll embed these in a JSON object that Swoosh can parse:
OUTBOUND_EMAIL_ADAPTER_OPTS="$(cat <<EOF
{
"relay": "smtp.gmail.com",
"username": "${GMAIL_USERNAME}",
"password": "${GMAIL_APP_PASSWORD}",
"port": 587,
"ssl": false,
"tls": "always",
"auth": "always"
}
EOF
)"
echo "Creating/updating Secret '$SECRET_NAME' in namespace '$NAMESPACE'..."
oc -n "$NAMESPACE" create secret generic "$SECRET_NAME" \
--from-literal=SECRET_KEY_BASE="$SECRET_KEY_BASE" \
--from-literal=LIVE_VIEW_SIGNING_SALT="$LIVE_VIEW_SIGNING_SALT" \
--from-literal=COOKIE_SIGNING_SALT="$COOKIE_SIGNING_SALT" \
--from-literal=COOKIE_ENCRYPTION_SALT="$COOKIE_ENCRYPTION_SALT" \
--from-literal=TOKENS_KEY_BASE="$TOKENS_KEY_BASE" \
--from-literal=TOKENS_SALT="$TOKENS_SALT" \
--from-literal=RELEASE_COOKIE="$RELEASE_COOKIE" \
--from-literal=username="$DB_USERNAME" \
--from-literal=password="$DB_PASSWORD" \
--from-literal=OUTBOUND_EMAIL_ADAPTER_OPTS="$OUTBOUND_EMAIL_ADAPTER_OPTS" \
--dry-run=client -o yaml | oc apply -f -
echo "Done! Your Firezone secrets have been created/updated."

295
values.yaml Normal file
View file

@ -0,0 +1,295 @@
api:
affinity: {}
autoscaling:
enabled: false
maxReplicas: 100
minReplicas: 1
targetCPUUtilizationPercentage: 80
backgroundJobsEnabled: false
dnsConfig: {}
dnsPolicy: null
extraEnv: []
image:
pullPolicy: IfNotPresent
repository: ghcr.io/firezone/api
tag: ''
imagePullSecrets: []
ingress:
annotations: {}
className: ''
enabled: false
hosts:
- host: gate.calegix.net
paths:
- path: /
pathType: Prefix
tls: []
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
nodeSelector: {}
pdb:
annotations: {}
enabled: false
labels: {}
maxUnavailable: ''
minAvailable: ''
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
releaseHostname: null
releaseName: firezone
replicaCount: 1
resources: {}
revisionHistoryLimit: 10
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: null
runAsUser: null
service:
port: 8000
portName: http
targetPort: 8000
type: ClusterIP
serviceAccount:
annotations: {}
automount: true
create: true
name: ''
tolerations: []
volumeMounts: []
volumes: []
clusterDomain: cluster.local
domain:
affinity: {}
autoscaling:
enabled: false
maxReplicas: 100
minReplicas: 1
targetCPUUtilizationPercentage: 80
backgroundJobsEnabled: true
dnsConfig: {}
dnsPolicy: null
extraEnv: []
image:
pullPolicy: IfNotPresent
repository: ghcr.io/firezone/domain
tag: ''
imagePullSecrets: []
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
nodeSelector: {}
pdb:
annotations: {}
enabled: false
labels: {}
maxUnavailable: ''
minAvailable: ''
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
releaseHostname: null
releaseName: firezone
replicaCount: 1
resources: {}
revisionHistoryLimit: 10
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: null
runAsUser: null
serviceAccount:
annotations: {}
automount: true
create: true
name: ''
tolerations: []
volumeMounts: []
volumes: []
fullnameOverride: ''
global:
authProviders:
- token
- email
database:
database: firebase
host: firezone.firezone.svc.cluster.local
parameters: null
password:
key: password
secret: firezone-database
pool_size: null
port: 5432
ssl:
enabled: false
opts: null
username:
key: username
secret: firezone-database
dockerRegistry: ghcr.io/firezone
email:
adapter: Elixir.Swoosh.Adapters.SMTP
from: mcnugit@gmail.com
opts:
key: OUTBOUND_EMAIL_ADAPTER_OPTS
secret: firezone-secrets
erlangCluster:
cookie:
key: RELEASE_COOKIE
secret: firezone-secrets
custom:
adapter: null
opts: null
distributionPort: 9000
enableKubernetesClusterModule: true
epmdPort: 4369
kubernetes:
selector:
key: erlangcluster
value: firezone
externalApiURL: https://api.gate.calegix.net
externalApiWSURL: wss://api.gate.calegix.net
externalWebURL: https://gate.calegix.net
extraEnv: []
features:
flowActivities:
enabled: true
idpSync:
enabled: true
internetResource:
enabled: true
multiSiteResources:
enabled: true
policyConditions:
enabled: true
restApi:
enabled: true
selfHostedRelays:
enabled: true
logLevel: debug
otlp:
endpoint: null
phoenix:
cookieEncryptionSalt:
key: COOKIE_ENCRYPTION_SALT
secret: firezone-secrets
cookieSigningSalt:
key: COOKIE_SIGNING_SALT
secret: firezone-secrets
keyBase:
key: SECRET_KEY_BASE
secret: firezone-secrets
liveViewSalt:
key: LIVE_VIEW_SIGNING_SALT
secret: firezone-secrets
signup:
enabled: true
whitelistedDomains: []
tokens:
keyBase:
key: TOKENS_KEY_BASE
secret: firezone-secrets
salt:
key: TOKENS_SALT
secret: firezone-secrets
nameOverride: ''
web:
affinity: {}
autoscaling:
enabled: false
maxReplicas: 100
minReplicas: 1
targetCPUUtilizationPercentage: 80
backgroundJobsEnabled: false
dnsConfig: {}
dnsPolicy: null
extraEnv: []
image:
pullPolicy: IfNotPresent
repository: ghcr.io/firezone/web
tag: ''
imagePullSecrets: []
ingress:
annotations: {}
className: ''
enabled: false
hosts:
- host: chart-example.local
paths:
- path: /
pathType: Prefix
tls: []
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
nodeSelector: {}
pdb:
annotations: {}
enabled: false
labels: {}
maxUnavailable: ''
minAvailable: ''
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
releaseHostname: null
releaseName: firezone
replicaCount: 1
resources: {}
revisionHistoryLimit: 10
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
runAsGroup: null
runAsUser: mull
service:
port: 8000
portName: http
targetPort: 8000
type: ClusterIP
serviceAccount:
annotations: {}
automount: true
create: true
name: ''
tolerations: []
volumeMounts: []
volumes: []