diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index 68b6688..72d995a 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -1,8 +1,10 @@
-name: Deploy pages
+name: Docs
 on:
   push:
     branches:
       - main
+    tags:
+      - "v*"
 
 jobs:
   deploy:
diff --git a/Tiltfile b/Tiltfile
index 53db91e..192b7ed 100644
--- a/Tiltfile
+++ b/Tiltfile
@@ -59,7 +59,7 @@ k8s_resource(
 )
 
 k8s_resource(
-    objects=["core-sample:APIGateway:supabase-demo"],
+    objects=["gateway-sample:APIGateway:supabase-demo"],
     extra_pod_selectors={"app.kubernetes.io/component": "api-gateway"},
     port_forwards=[8000, 19000],
     new_name='API Gateway',
@@ -69,7 +69,7 @@ k8s_resource(
 )
 
 k8s_resource(
-    objects=["core-sample:Dashboard:supabase-demo"],
+    objects=["dashboard-sample:Dashboard:supabase-demo"],
     extra_pod_selectors={"app.kubernetes.io/component": "dashboard", "app.kubernetes.io/name": "studio"},
     discovery_strategy="selectors-only",
     port_forwards=[3000],
@@ -80,7 +80,7 @@ k8s_resource(
 )
 
 k8s_resource(
-    objects=["core-sample:Storage:supabase-demo"],
+    objects=["storage-sample:Storage:supabase-demo"],
     new_name='Storage',
     resource_deps=[
         'supabase-controller-manager'
diff --git a/api/v1alpha1/core_types.go b/api/v1alpha1/core_types.go
index 15b2dca..e4d4e18 100644
--- a/api/v1alpha1/core_types.go
+++ b/api/v1alpha1/core_types.go
@@ -59,7 +59,7 @@ type DatabaseRoles struct {
 
 type Database struct {
 	DSN          *string                   `json:"dsn,omitempty"`
-	DSNSecretRef *corev1.SecretKeySelector `json:"dsnFrom,omitempty"`
+	DSNSecretRef *corev1.SecretKeySelector `json:"dsnSecretRef,omitempty"`
 	Roles        DatabaseRoles             `json:"roles,omitempty"`
 }
 
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
index 00dbad2..a9108e8 100644
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -21,7 +21,7 @@ limitations under the License.
 package v1alpha1
 
 import (
-	v1 "k8s.io/api/core/v1"
+	"k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 )
diff --git a/config/crd/bases/supabase.k8s.icb4dc0.de_cores.yaml b/config/crd/bases/supabase.k8s.icb4dc0.de_cores.yaml
index 4a407a6..8de76ff 100644
--- a/config/crd/bases/supabase.k8s.icb4dc0.de_cores.yaml
+++ b/config/crd/bases/supabase.k8s.icb4dc0.de_cores.yaml
@@ -905,7 +905,7 @@ spec:
                 properties:
                   dsn:
                     type: string
-                  dsnFrom:
+                  dsnSecretRef:
                     description: SecretKeySelector selects a key of a Secret.
                     properties:
                       key:
diff --git a/config/samples/supabase_v1alpha1_apigateway.yaml b/config/samples/supabase_v1alpha1_apigateway.yaml
index de489e5..711ca54 100644
--- a/config/samples/supabase_v1alpha1_apigateway.yaml
+++ b/config/samples/supabase_v1alpha1_apigateway.yaml
@@ -4,9 +4,10 @@ metadata:
   labels:
     app.kubernetes.io/name: supabase-operator
     app.kubernetes.io/managed-by: kustomize
-  name: core-sample
+  name: gateway-sample
 spec:
-  envoy:
-    controlPlane:
-      host: supabase-control-plane.supabase-system.svc
-      port: 18000
+  jwks:
+    # will be created by Core resource operator if not present
+    # just make sure the secret name is either based on the name of the core resource or explicitly set
+    name: core-sample-jwt
+    key: jwks.json
diff --git a/config/samples/supabase_v1alpha1_core.yaml b/config/samples/supabase_v1alpha1_core.yaml
index c1e3e98..f1484a4 100644
--- a/config/samples/supabase_v1alpha1_core.yaml
+++ b/config/samples/supabase_v1alpha1_core.yaml
@@ -13,19 +13,27 @@ metadata:
     app.kubernetes.io/managed-by: kustomize
   name: core-sample
 spec:
+  # public URL of the Supabase instance (API)
+  # normally the Ingress/HTTPRoute endpoint
   externalUrl: http://localhost:8000/
+
+  # public URL of the frontend
+  # could be the same as the externalUrl if you're using one Ingress/HTTPRoute for both
+  # or a different one if you prefer to separate API and frontend URLs
+  # will be used by Supabase Auth to redirect users after login
   siteUrl: http://localhost:3000/
   database:
-    dsnFrom:
+    dsnSecretRef:
       name: supabase-demo-credentials
       key: url
   auth:
-    disableSignup: true
+    disableSignup: false
     enableEmailAutoconfirm: true
     providers: {}
   postgrest:
     maxRows: 1000
   jwt:
     expiry: 3600
-    secretRef:
-      name: core-sample-jwt
+    # name of the secret containing the JWT secret
+    # will be created if not found, make sure to refernce this secret in the APIGateway, Dashboard and Storage
+    secretName: core-sample-jwt
diff --git a/config/samples/supabase_v1alpha1_dashboard.yaml b/config/samples/supabase_v1alpha1_dashboard.yaml
index 6da3406..172a92b 100644
--- a/config/samples/supabase_v1alpha1_dashboard.yaml
+++ b/config/samples/supabase_v1alpha1_dashboard.yaml
@@ -4,17 +4,20 @@ metadata:
   labels:
     app.kubernetes.io/name: supabase-operator
     app.kubernetes.io/managed-by: kustomize
-  name: core-sample
+  name: dashboard-sample
 spec:
   db:
     host: cluster-example-rw.supabase-demo.svc
     dbName: app
     dbCredentialsRef:
+      # will be created by Core resource operator if not present
+      # just make sure the secret name is either based on the name of the core resource or explicitly set
+      # format <core-resource-name>-db-creds-supabase-admin
       secretName: core-sample-db-creds-supabase-admin
   studio:
+    # external URL of the Supabase Studio (URL of Ingress or HTTPRoute)
     externalUrl: http://localhost:8000
     jwt:
-      anonKey: anon_key
-      secretKey: secret
+      # will be created by Core resource operator if not present
+      # just make sure the secret name is either based on the name of the core resource or explicitly set
       secretName: core-sample-jwt
-      serviceKey: service_key
diff --git a/config/samples/supabase_v1alpha1_storage.yaml b/config/samples/supabase_v1alpha1_storage.yaml
index 75591f0..a60b99d 100644
--- a/config/samples/supabase_v1alpha1_storage.yaml
+++ b/config/samples/supabase_v1alpha1_storage.yaml
@@ -4,14 +4,19 @@ metadata:
   labels:
     app.kubernetes.io/name: supabase-operator
     app.kubernetes.io/managed-by: kustomize
-  name: core-sample
+  name: storage-sample
 spec:
   backendType: file
   db:
     host: cluster-example-rw.supabase-demo.svc
     dbName: app
     dbCredentialsRef:
+      # will be created by Core resource operator if not present
+      # just make sure the secret name is either based on the name of the core resource or explicitly set
+      # format <core-resource-name>-db-creds-supabase-storage-admin
       secretName: core-sample-db-creds-supabase-storage-admin
   enableImageTransformation: true
   jwtAuth:
+    # will be created by Core resource operator if not present
+    # just make sure the secret name is either based on the name of the core resource or explicitly set
     secretName: core-sample-jwt