From b38285beb9591edf25966f5234beb8e9076e9ac0 Mon Sep 17 00:00:00 2001
From: fchinembiri <fchinembiri24@gmail.com>
Date: Tue, 19 May 2026 17:03:33 +0200
Subject: [PATCH] feat(k8s): add supabase for basket flutter app

---
 k8s/base/kustomization.yaml             |    2 +
 k8s/base/supabase-basket-namespace.yaml |    4 +
 k8s/base/supabase-basket.yaml           | 3266 +++++++++++++++++++++++
 3 files changed, 3272 insertions(+)
 create mode 100644 k8s/base/supabase-basket-namespace.yaml
 create mode 100644 k8s/base/supabase-basket.yaml

diff --git a/k8s/base/kustomization.yaml b/k8s/base/kustomization.yaml
index 033a5ba..b0ad424 100644
--- a/k8s/base/kustomization.yaml
+++ b/k8s/base/kustomization.yaml
@@ -20,6 +20,8 @@ resources:
 - geocrop-tiler-rewrite.yaml
 - 60-ingress-minio.yaml
 - ntfy.yaml
+- supabase-basket-namespace.yaml
+- supabase-basket.yaml
 images:
 - name: frankchine/geocrop-api
   newName: frankchine/geocrop-api
diff --git a/k8s/base/supabase-basket-namespace.yaml b/k8s/base/supabase-basket-namespace.yaml
new file mode 100644
index 0000000..73bb86c
--- /dev/null
+++ b/k8s/base/supabase-basket-namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: supabase-basket
diff --git a/k8s/base/supabase-basket.yaml b/k8s/base/supabase-basket.yaml
new file mode 100644
index 0000000..c107548
--- /dev/null
+++ b/k8s/base/supabase-basket.yaml
@@ -0,0 +1,3266 @@
+---
+# Source: supabase/templates/analytics/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: supabase-basket-supabase-analytics
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: supabase/templates/auth/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: supabase-basket-supabase-auth
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: supabase/templates/db/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: supabase-basket-supabase-db
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: supabase/templates/functions/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: supabase-basket-supabase-functions
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: supabase/templates/imgproxy/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: supabase-basket-supabase-imgproxy
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: supabase/templates/kong/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: supabase-basket-supabase-kong
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: supabase/templates/meta/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: supabase-basket-supabase-meta
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: supabase/templates/realtime/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: supabase-basket-supabase-realtime
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: supabase/templates/rest/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: supabase-basket-supabase-rest
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: supabase/templates/storage/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: supabase-basket-supabase-storage
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: supabase/templates/studio/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: supabase-basket-supabase-studio
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: supabase/templates/vector/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: supabase-basket-supabase-vector
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+---
+# Source: supabase/templates/secret/analytics.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: supabase-basket-analytics
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+type: Opaque
+data:
+  publicAccessToken: "eW91ci1zdXBlci1zZWNyZXQtYW5kLWxvbmctbG9nZmxhcmUta2V5LXB1YmxpYw=="
+  privateAccessToken: "eW91ci1zdXBlci1zZWNyZXQtYW5kLWxvbmctbG9nZmxhcmUta2V5LXByaXZhdGU="
+---
+# Source: supabase/templates/secret/apikey.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: supabase-basket-apikey
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+type: Opaque
+data:
+  publishableKey: ""
+  secretKey: ""
+  anonKeyAsymmetric: ""
+  serviceRoleKeyAsymmetric: ""
+  jwtKeys: ""
+  jwtJwks: ""
+---
+# Source: supabase/templates/secret/dashboard.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: supabase-basket-dashboard
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+type: Opaque
+data:
+  username: "c3VwYWJhc2U="
+  password: "dGhpc19wYXNzd29yZF9pc19pbnNlY3VyZV9hbmRfc2hvdWxkX2JlX3VwZGF0ZWQ="
+  openAiApiKey: "a2V5X3N1cGVyX3NlY3JldA=="
+---
+# Source: supabase/templates/secret/db.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: supabase-basket-db
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+type: Opaque
+data:
+  password: "eW91ci1zdXBlci1zZWNyZXQtYW5kLWxvbmctcG9zdGdyZXMtcGFzc3dvcmQ="
+  database: "cG9zdGdyZXM="
+  password_encoded: "eW91ci1zdXBlci1zZWNyZXQtYW5kLWxvbmctcG9zdGdyZXMtcGFzc3dvcmQ="
+---
+# Source: supabase/templates/secret/jwt.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: supabase-basket-jwt
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+type: Opaque
+data:
+  anonKey: "ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5QWdDaUFnSUNBaWNtOXNaU0k2SUNKaGJtOXVJaXdLSUNBZ0lDSnBjM01pT2lBaWMzVndZV0poYzJVdFpHVnRieUlzQ2lBZ0lDQWlhV0YwSWpvZ01UWTBNVGMyT1RJd01Dd0tJQ0FnSUNKbGVIQWlPaUF4TnprNU5UTTFOakF3Q24wLmRjX1g1aVJfVlBfcVQwenNpeWpfSV9PWjJUOUZ0UlUyQkJOV044QnU0R0U="
+  serviceKey: "ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5QWdDaUFnSUNBaWNtOXNaU0k2SUNKelpYSjJhV05sWDNKdmJHVWlMQW9nSUNBZ0ltbHpjeUk2SUNKemRYQmhZbUZ6WlMxa1pXMXZJaXdLSUNBZ0lDSnBZWFFpT2lBeE5qUXhOelk1TWpBd0xBb2dJQ0FnSW1WNGNDSTZJREUzT1RrMU16VTJNREFLZlEuRGFZbE5Fb1VyckVuMklnN3RxaWJTLVBISzV2Z3VzYmNibzdYMzZYVnQ0UQ=="
+  secret: "eW91ci1zdXBlci1zZWNyZXQtand0LXRva2VuLXdpdGgtYXQtbGVhc3QtMzItY2hhcmFjdGVycy1sb25n"
+---
+# Source: supabase/templates/secret/meta.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: supabase-basket-meta
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+type: Opaque
+data:
+  cryptoKey: "eW91ci1lbmNyeXB0aW9uLWtleS0zMi1jaGFycy1taW4="
+---
+# Source: supabase/templates/secret/minio.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: supabase-basket-minio
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+type: Opaque
+data:
+  user: "c3VwYS1zdG9yYWdl"
+  password: "c2VjcmV0MTIzNA=="
+---
+# Source: supabase/templates/secret/realtime.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: supabase-basket-realtime
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+type: Opaque
+data:
+  secretKeyBase: "VXBOVm50bjNjRHhISnBxOTlZTWMxVDFBUWdRcGM4a2ZZVHVSZ0JpWWExNUJMcng4ZXRRb1h6M2dadjEvdTJvcQ=="
+---
+# Source: supabase/templates/secret/s3.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: supabase-basket-s3
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+type: Opaque
+data:
+  keyId: "NjI1NzI5YTA4Yjk1YmYxYjdmZjM1MWE2NjNmM2EyM2M="
+  accessKey: "ODUwMTgxZTQ2NTJkZDAyM2I3YTk4YzU4YWUwZDJkMzRiZDQ4N2VlMGNjMzI1NGFlZDZlZGEzNzMwNzQyNTkwNw=="
+---
+# Source: supabase/templates/secret/smtp.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: supabase-basket-smtp
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+type: Opaque
+data:
+  username: "ZmFrZV9tYWlsX3VzZXI="
+  password: "ZmFrZV9tYWlsX3Bhc3N3b3Jk"
+---
+# Source: supabase/templates/db/initdb.config.yaml
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: supabase-basket-supabase-db-initdb
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+data:
+  99-jwt.sql: |
+    \set jwt_secret `echo "$JWT_SECRET"`
+    \set jwt_exp `echo "$JWT_EXP"`
+    
+    ALTER DATABASE postgres SET "app.settings.jwt_secret" TO :'jwt_secret';
+    ALTER DATABASE postgres SET "app.settings.jwt_exp" TO :'jwt_exp';
+    
+  99-pooler.sql: |
+    \set pguser `echo "$POSTGRES_USER"`
+    
+    \c _supabase
+    create schema if not exists _supavisor;
+    alter schema _supavisor owner to :pguser;
+    \c postgres
+    
+  99-logs.sql: |
+    \set pguser `echo "$POSTGRES_USER"`
+    \c _supabase
+    create schema if not exists _analytics;
+    alter schema _analytics owner to :pguser;
+    \c postgres
+    
+  99-realtime.sql: |
+    \set pguser `echo "$POSTGRES_USER"`
+    
+    create schema if not exists _realtime;
+    alter schema _realtime owner to :pguser;
+    
+  99-roles.sql: |
+    -- NOTE: change to your own passwords for production environments
+    \set pgpass `echo "$POSTGRES_PASSWORD"`
+    
+    ALTER USER authenticator WITH PASSWORD :'pgpass';
+    ALTER USER pgbouncer WITH PASSWORD :'pgpass';
+    ALTER USER supabase_auth_admin WITH PASSWORD :'pgpass';
+    ALTER USER supabase_functions_admin WITH PASSWORD :'pgpass';
+    ALTER USER supabase_storage_admin WITH PASSWORD :'pgpass';
+    
+  97-_supabase.sql: |
+    \set pguser `echo "$POSTGRES_USER"`
+    
+    CREATE DATABASE _supabase WITH OWNER :pguser;
+    
+  98-webhooks.sql: |
+    BEGIN;
+      -- Create pg_net extension
+      CREATE EXTENSION IF NOT EXISTS pg_net SCHEMA extensions;
+      -- Create supabase_functions schema
+      CREATE SCHEMA supabase_functions AUTHORIZATION supabase_admin;
+      GRANT USAGE ON SCHEMA supabase_functions TO postgres, anon, authenticated, service_role;
+      ALTER DEFAULT PRIVILEGES IN SCHEMA supabase_functions GRANT ALL ON TABLES TO postgres, anon, authenticated, service_role;
+      ALTER DEFAULT PRIVILEGES IN SCHEMA supabase_functions GRANT ALL ON FUNCTIONS TO postgres, anon, authenticated, service_role;
+      ALTER DEFAULT PRIVILEGES IN SCHEMA supabase_functions GRANT ALL ON SEQUENCES TO postgres, anon, authenticated, service_role;
+      -- supabase_functions.migrations definition
+      CREATE TABLE supabase_functions.migrations (
+        version text PRIMARY KEY,
+        inserted_at timestamptz NOT NULL DEFAULT NOW()
+      );
+      -- Initial supabase_functions migration
+      INSERT INTO supabase_functions.migrations (version) VALUES ('initial');
+      -- supabase_functions.hooks definition
+      CREATE TABLE supabase_functions.hooks (
+        id bigserial PRIMARY KEY,
+        hook_table_id integer NOT NULL,
+        hook_name text NOT NULL,
+        created_at timestamptz NOT NULL DEFAULT NOW(),
+        request_id bigint
+      );
+      CREATE INDEX supabase_functions_hooks_request_id_idx ON supabase_functions.hooks USING btree (request_id);
+      CREATE INDEX supabase_functions_hooks_h_table_id_h_name_idx ON supabase_functions.hooks USING btree (hook_table_id, hook_name);
+      COMMENT ON TABLE supabase_functions.hooks IS 'Supabase Functions Hooks: Audit trail for triggered hooks.';
+      CREATE FUNCTION supabase_functions.http_request()
+        RETURNS trigger
+        LANGUAGE plpgsql
+        AS $function$
+        DECLARE
+          request_id bigint;
+          payload jsonb;
+          url text := TG_ARGV[0]::text;
+          method text := TG_ARGV[1]::text;
+          headers jsonb DEFAULT '{}'::jsonb;
+          params jsonb DEFAULT '{}'::jsonb;
+          timeout_ms integer DEFAULT 1000;
+        BEGIN
+          IF url IS NULL OR url = 'null' THEN
+            RAISE EXCEPTION 'url argument is missing';
+          END IF;
+    
+          IF method IS NULL OR method = 'null' THEN
+            RAISE EXCEPTION 'method argument is missing';
+          END IF;
+    
+          IF TG_ARGV[2] IS NULL OR TG_ARGV[2] = 'null' THEN
+            headers = '{"Content-Type": "application/json"}'::jsonb;
+          ELSE
+            headers = TG_ARGV[2]::jsonb;
+          END IF;
+    
+          IF TG_ARGV[3] IS NULL OR TG_ARGV[3] = 'null' THEN
+            params = '{}'::jsonb;
+          ELSE
+            params = TG_ARGV[3]::jsonb;
+          END IF;
+    
+          IF TG_ARGV[4] IS NULL OR TG_ARGV[4] = 'null' THEN
+            timeout_ms = 1000;
+          ELSE
+            timeout_ms = TG_ARGV[4]::integer;
+          END IF;
+    
+          CASE
+            WHEN method = 'GET' THEN
+              SELECT http_get INTO request_id FROM net.http_get(
+                url,
+                params,
+                headers,
+                timeout_ms
+              );
+            WHEN method = 'POST' THEN
+              payload = jsonb_build_object(
+                'old_record', OLD,
+                'record', NEW,
+                'type', TG_OP,
+                'table', TG_TABLE_NAME,
+                'schema', TG_TABLE_SCHEMA
+              );
+    
+              SELECT http_post INTO request_id FROM net.http_post(
+                url,
+                payload,
+                params,
+                headers,
+                timeout_ms
+              );
+            ELSE
+              RAISE EXCEPTION 'method argument % is invalid', method;
+          END CASE;
+    
+          INSERT INTO supabase_functions.hooks
+            (hook_table_id, hook_name, request_id)
+          VALUES
+            (TG_RELID, TG_NAME, request_id);
+    
+          RETURN NEW;
+        END
+      $function$;
+      -- Supabase super admin
+      DO
+      $$
+      BEGIN
+        IF NOT EXISTS (
+          SELECT 1
+          FROM pg_roles
+          WHERE rolname = 'supabase_functions_admin'
+        )
+        THEN
+          CREATE USER supabase_functions_admin NOINHERIT CREATEROLE LOGIN NOREPLICATION;
+        END IF;
+      END
+      $$;
+      GRANT ALL PRIVILEGES ON SCHEMA supabase_functions TO supabase_functions_admin;
+      GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA supabase_functions TO supabase_functions_admin;
+      GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA supabase_functions TO supabase_functions_admin;
+      ALTER USER supabase_functions_admin SET search_path = "supabase_functions";
+      ALTER table "supabase_functions".migrations OWNER TO supabase_functions_admin;
+      ALTER table "supabase_functions".hooks OWNER TO supabase_functions_admin;
+      ALTER function "supabase_functions".http_request() OWNER TO supabase_functions_admin;
+      GRANT supabase_functions_admin TO postgres;
+      -- Remove unused supabase_pg_net_admin role
+      DO
+      $$
+      BEGIN
+        IF EXISTS (
+          SELECT 1
+          FROM pg_roles
+          WHERE rolname = 'supabase_pg_net_admin'
+        )
+        THEN
+          REASSIGN OWNED BY supabase_pg_net_admin TO supabase_admin;
+          DROP OWNED BY supabase_pg_net_admin;
+          DROP ROLE supabase_pg_net_admin;
+        END IF;
+      END
+      $$;
+      -- pg_net grants when extension is already enabled
+      DO
+      $$
+      BEGIN
+        IF EXISTS (
+          SELECT 1
+          FROM pg_extension
+          WHERE extname = 'pg_net'
+        )
+        THEN
+          GRANT USAGE ON SCHEMA net TO supabase_functions_admin, postgres, anon, authenticated, service_role;
+          ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
+          ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
+          ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
+          ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
+          REVOKE ALL ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
+          REVOKE ALL ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
+          GRANT EXECUTE ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
+          GRANT EXECUTE ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
+        END IF;
+      END
+      $$;
+      -- Event trigger for pg_net
+      CREATE OR REPLACE FUNCTION extensions.grant_pg_net_access()
+      RETURNS event_trigger
+      LANGUAGE plpgsql
+      AS $$
+      BEGIN
+        IF EXISTS (
+          SELECT 1
+          FROM pg_event_trigger_ddl_commands() AS ev
+          JOIN pg_extension AS ext
+          ON ev.objid = ext.oid
+          WHERE ext.extname = 'pg_net'
+        )
+        THEN
+          GRANT USAGE ON SCHEMA net TO supabase_functions_admin, postgres, anon, authenticated, service_role;
+          ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
+          ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
+          ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
+          ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
+          REVOKE ALL ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
+          REVOKE ALL ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
+          GRANT EXECUTE ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
+          GRANT EXECUTE ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
+        END IF;
+      END;
+      $$;
+      COMMENT ON FUNCTION extensions.grant_pg_net_access IS 'Grants access to pg_net';
+      DO
+      $$
+      BEGIN
+        IF NOT EXISTS (
+          SELECT 1
+          FROM pg_event_trigger
+          WHERE evtname = 'issue_pg_net_access'
+        ) THEN
+          CREATE EVENT TRIGGER issue_pg_net_access ON ddl_command_end WHEN TAG IN ('CREATE EXTENSION')
+          EXECUTE PROCEDURE extensions.grant_pg_net_access();
+        END IF;
+      END
+      $$;
+      INSERT INTO supabase_functions.migrations (version) VALUES ('20210809183423_update_grants');
+      ALTER function supabase_functions.http_request() SECURITY DEFINER;
+      ALTER function supabase_functions.http_request() SET search_path = supabase_functions;
+      REVOKE ALL ON FUNCTION supabase_functions.http_request() FROM PUBLIC;
+      GRANT EXECUTE ON FUNCTION supabase_functions.http_request() TO postgres, anon, authenticated, service_role;
+    COMMIT;
+---
+# Source: supabase/templates/db/migration.config.yaml
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: supabase-basket-supabase-db-migrations
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+data:
+  null
+---
+# Source: supabase/templates/functions/functions.config.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: supabase-basket-supabase-functions-main
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+data:
+  index.ts: |
+    import * as jose from 'https://deno.land/x/jose@v4.14.4/index.ts'
+    
+    console.log('main function started')
+    
+    const JWT_SECRET = Deno.env.get('JWT_SECRET')
+    const VERIFY_JWT = Deno.env.get('VERIFY_JWT') === 'true'
+    
+    function getAuthToken(req: Request) {
+    const authHeader = req.headers.get('authorization')
+    if (!authHeader) {
+        throw new Error('Missing authorization header')
+    }
+    const [bearer, token] = authHeader.split(' ')
+    if (bearer !== 'Bearer') {
+        throw new Error(`Auth header is not 'Bearer {token}'`)
+    }
+    return token
+    }
+    
+    async function verifyJWT(jwt: string): Promise<boolean> {
+    const encoder = new TextEncoder()
+    const secretKey = encoder.encode(JWT_SECRET)
+    try {
+        await jose.jwtVerify(jwt, secretKey)
+    } catch (err) {
+        console.error(err)
+        return false
+    }
+    return true
+    }
+    
+    Deno.serve(async (req: Request) => {
+    if (req.method !== 'OPTIONS' && VERIFY_JWT) {
+        try {
+        const token = getAuthToken(req)
+        const isValidJWT = await verifyJWT(token)
+    
+        if (!isValidJWT) {
+            return new Response(JSON.stringify({ msg: 'Invalid JWT' }), {
+            status: 401,
+            headers: { 'Content-Type': 'application/json' },
+            })
+        }
+        } catch (e) {
+        console.error(e)
+        return new Response(JSON.stringify({ msg: e.toString() }), {
+            status: 401,
+            headers: { 'Content-Type': 'application/json' },
+        })
+        }
+    }
+    
+    const url = new URL(req.url)
+    const { pathname } = url
+    const path_parts = pathname.split('/')
+    const service_name = path_parts[1]
+    
+    if (!service_name || service_name === '') {
+        const error = { msg: 'missing function name in request' }
+        return new Response(JSON.stringify(error), {
+        status: 400,
+        headers: { 'Content-Type': 'application/json' },
+        })
+    }
+    
+    const servicePath = `/home/deno/functions/${service_name}`
+    console.error(`serving the request with ${servicePath}`)
+    
+    const memoryLimitMb = 150
+    const workerTimeoutMs = 1 * 60 * 1000
+    const noModuleCache = false
+    const importMapPath = null
+    const envVarsObj = Deno.env.toObject()
+    const envVars = Object.keys(envVarsObj).map((k) => [k, envVarsObj[k]])
+    
+    try {
+        const worker = await EdgeRuntime.userWorkers.create({
+        servicePath,
+        memoryLimitMb,
+        workerTimeoutMs,
+        noModuleCache,
+        importMapPath,
+        envVars,
+        })
+        return await worker.fetch(req)
+    } catch (e) {
+        const error = { msg: e.toString() }
+        return new Response(JSON.stringify(error), {
+        status: 500,
+        headers: { 'Content-Type': 'application/json' },
+        })
+    }
+    })
+---
+# Source: supabase/templates/kong/config.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: supabase-basket-supabase-kong
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+data:
+  kong-entrypoint.sh: |
+    #!/bin/bash
+    
+    set -euo pipefail
+    
+    if [ -n "${SUPABASE_SECRET_KEY:-}" ] && [ -n "${SUPABASE_PUBLISHABLE_KEY:-}" ]; then
+      export LUA_AUTH_EXPR="\$((headers.authorization ~= nil and headers.authorization:sub(1, 10) ~= 'Bearer sb_' and headers.authorization) or (headers.apikey == '${SUPABASE_SECRET_KEY}' and 'Bearer ${SERVICE_ROLE_KEY_ASYMMETRIC}') or (headers.apikey == '${SUPABASE_PUBLISHABLE_KEY}' and 'Bearer ${ANON_KEY_ASYMMETRIC}') or headers.apikey)"
+      export LUA_RT_WS_EXPR="\$((query_params.apikey == '${SUPABASE_SECRET_KEY}' and '${SERVICE_ROLE_KEY_ASYMMETRIC}') or (query_params.apikey == '${SUPABASE_PUBLISHABLE_KEY}' and '${ANON_KEY_ASYMMETRIC}') or query_params.apikey)"
+    else
+      export LUA_AUTH_EXPR="\$((headers.authorization ~= nil and headers.authorization:sub(1, 10) ~= 'Bearer sb_' and headers.authorization) or headers.apikey)"
+      export LUA_RT_WS_EXPR="\$(query_params.apikey)"
+    fi
+    
+    echo "Replacing env placeholders of /usr/local/kong/kong.yml"
+    
+    sed \
+    -e "s|\${SUPABASE_ANON_KEY}|${SUPABASE_ANON_KEY}|" \
+    -e "s|\${SUPABASE_SERVICE_KEY}|${SUPABASE_SERVICE_KEY}|" \
+    -e "s|\${SUPABASE_PUBLISHABLE_KEY}|${SUPABASE_PUBLISHABLE_KEY:-}|" \
+    -e "s|\${SUPABASE_SECRET_KEY}|${SUPABASE_SECRET_KEY:-}|" \
+    -e "s|\${ANON_KEY_ASYMMETRIC}|${ANON_KEY_ASYMMETRIC:-}|" \
+    -e "s|\${SERVICE_ROLE_KEY_ASYMMETRIC}|${SERVICE_ROLE_KEY_ASYMMETRIC:-}|" \
+    -e "s|\${LUA_AUTH_EXPR}|${LUA_AUTH_EXPR}|" \
+    -e "s|\${LUA_RT_WS_EXPR}|${LUA_RT_WS_EXPR}|" \
+    -e "s|\${DASHBOARD_USERNAME}|${DASHBOARD_USERNAME}|" \
+    -e "s|\${DASHBOARD_PASSWORD}|${DASHBOARD_PASSWORD}|" \
+    /usr/local/kong/template.yml \
+    > /usr/local/kong/kong.yml
+    
+    sed -i '/^[[:space:]]*- key:[[:space:]]*$/d' /usr/local/kong/kong.yml
+    
+    exec /entrypoint.sh kong docker-start
+    
+  kong.yml: |
+    _format_version: '2.1'
+    _transform: true
+    
+    consumers:
+      - username: DASHBOARD
+      - username: anon
+        keyauth_credentials:
+            - key: ${SUPABASE_ANON_KEY}
+            - key: ${SUPABASE_PUBLISHABLE_KEY}
+      - username: service_role
+        keyauth_credentials:
+            - key: ${SUPABASE_SERVICE_KEY}
+            - key: ${SUPABASE_SECRET_KEY}
+    acls:
+      - consumer: anon
+        group: anon
+      - consumer: service_role
+        group: admin
+    basicauth_credentials:
+      - consumer: DASHBOARD
+        username: '${DASHBOARD_USERNAME}'
+        password: '${DASHBOARD_PASSWORD}'
+    services:
+      - name: auth-v1-open
+        url: http://supabase-basket-supabase-auth:9999/verify
+        routes:
+          - name: auth-v1-open
+            strip_path: true
+            paths:
+              - /auth/v1/verify
+        plugins:
+          - name: cors
+      - name: auth-v1-open-callback
+        url: http://supabase-basket-supabase-auth:9999/callback
+        routes:
+          - name: auth-v1-open-callback
+            strip_path: true
+            paths:
+              - /auth/v1/callback
+        plugins:
+          - name: cors
+      - name: auth-v1-open-authorize
+        url: http://supabase-basket-supabase-auth:9999/authorize
+        routes:
+          - name: auth-v1-open-authorize
+            strip_path: true
+            paths:
+              - /auth/v1/authorize
+        plugins:
+          - name: cors
+      - name: auth-v1-open-jwks
+        url: http://supabase-basket-supabase-auth:9999/.well-known/jwks.json
+        routes:
+          - name: auth-v1-open-jwks
+            strip_path: true
+            paths:
+              - /auth/v1/.well-known/jwks.json
+        plugins:
+          - name: cors
+      - name: well-known-oauth
+        _comment: 'Auth: /.well-known/oauth-authorization-server -> http://supabase-basket-supabase-auth:9999/.well-known/oauth-authorization-server'
+        url: http://supabase-basket-supabase-auth:9999/.well-known/oauth-authorization-server
+        routes:
+          - name: well-known-oauth
+            strip_path: true
+            paths:
+              - /.well-known/oauth-authorization-server
+        plugins:
+          - name: cors
+          
+      - name: auth-v1-open-sso-acs
+        url: "http://auth:9999/sso/saml/acs"
+        routes:
+          - name: auth-v1-open-sso-acs
+            strip_path: true
+            paths:
+            - /sso/saml/acs
+        plugins:
+          - name: cors
+      - name: auth-v1-open-sso-metadata
+        url: "http://auth:9999/sso/saml/metadata"
+        routes:
+          - name: auth-v1-open-sso-metadata
+            strip_path: true
+            paths:
+            - /sso/saml/metadata
+        plugins:
+          - name: cors
+      - name: auth-v1
+        _comment: "GoTrue: /auth/v1/* -> http://supabase-basket-supabase-auth:9999/*"
+        url: http://supabase-basket-supabase-auth:9999
+        routes:
+          - name: auth-v1-all
+            strip_path: true
+            paths:
+              - /auth/v1/
+        plugins:
+          - name: cors
+          - name: key-auth
+            config:
+              hide_credentials: false
+          - name: request-transformer
+            config:
+              add:
+                headers:
+                  - "Authorization: ${LUA_AUTH_EXPR}"
+              replace:
+                headers:
+                  - "Authorization: ${LUA_AUTH_EXPR}"
+          - name: acl
+            config:
+              hide_groups_header: true
+              allow:
+                - admin
+                - anon
+      - name: rest-v1
+        _comment: "PostgREST: /rest/v1/* -> http://supabase-basket-supabase-rest:3000/*"
+        url: http://supabase-basket-supabase-rest:3000/
+        routes:
+          - name: rest-v1-all
+            strip_path: true
+            paths:
+              - /rest/v1/
+        plugins:
+          - name: cors
+          - name: key-auth
+            config:
+              hide_credentials: false
+          - name: request-transformer
+            config:
+              add:
+                headers:
+                  - "Authorization: ${LUA_AUTH_EXPR}"
+              replace:
+                headers:
+                  - "Authorization: ${LUA_AUTH_EXPR}"
+          - name: acl
+            config:
+              hide_groups_header: true
+              allow:
+                - admin
+                - anon
+      - name: graphql-v1
+        _comment: 'PostgREST: /graphql/v1/* -> http://supabase-basket-supabase-rest:3000/rpc/graphql'
+        url: http://supabase-basket-supabase-rest:3000/rpc/graphql
+        routes:
+          - name: graphql-v1-all
+            strip_path: true
+            paths:
+              - /graphql/v1
+        plugins:
+          - name: cors
+          - name: key-auth
+            config:
+              hide_credentials: false
+          - name: request-transformer
+            config:
+              add:
+                headers:
+                  - "Content-Profile: graphql_public"
+                  - "Authorization: ${LUA_AUTH_EXPR}"
+              replace:
+                headers:
+                  - "Authorization: ${LUA_AUTH_EXPR}"
+          - name: acl
+            config:
+              hide_groups_header: true
+              allow:
+                - admin
+                - anon
+      - name: realtime-v1-ws
+        _comment: "Realtime: /realtime/v1/* -> ws://supabase-basket-supabase-realtime:4000/socket/*"
+        url: http://supabase-basket-supabase-realtime:4000/socket
+        protocol: ws
+        routes:
+          - name: realtime-v1-ws
+            strip_path: true
+            paths:
+              - /realtime/v1/
+        plugins:
+          - name: cors
+          - name: key-auth
+            config:
+              hide_credentials: false
+          - name: request-transformer
+            config:
+              add:
+                headers:
+                  - "x-api-key:${LUA_RT_WS_EXPR}"
+              replace:
+                querystring:
+                  - "apikey:${LUA_RT_WS_EXPR}"
+          - name: acl
+            config:
+              hide_groups_header: true
+              allow:
+                - admin
+                - anon
+      - name: realtime-v1-rest
+        _comment: 'Realtime: /realtime/v1/* -> http://supabase-basket-supabase-realtime:4000/api/*'
+        url: http://supabase-basket-supabase-realtime:4000/api
+        protocol: http
+        routes:
+          - name: realtime-v1-rest
+            strip_path: true
+            paths:
+              - /realtime/v1/api
+        plugins:
+          - name: cors
+          - name: key-auth
+            config:
+              hide_credentials: false
+          - name: request-transformer
+            config:
+              add:
+                headers:
+                  - "Authorization: ${LUA_AUTH_EXPR}"
+              replace:
+                headers:
+                  - "Authorization: ${LUA_AUTH_EXPR}"
+          - name: acl
+            config:
+              hide_groups_header: true
+              allow:
+                - admin
+                - anon
+      - name: storage-v1
+        _comment: "Storage: /storage/v1/* -> http://supabase-basket-supabase-storage:5000/*"
+        url: http://supabase-basket-supabase-storage:5000/
+        routes:
+          - name: storage-v1-all
+            strip_path: true
+            paths:
+              - /storage/v1/
+        plugins:
+          - name: cors
+          - name: request-transformer
+            config:
+              add:
+                headers:
+                  - "Authorization: ${LUA_AUTH_EXPR}"
+              replace:
+                headers:
+                  - "Authorization: ${LUA_AUTH_EXPR}"
+          - name: post-function
+            config:
+              access:
+                - |
+                  local auth = kong.request.get_header("authorization")
+                  if auth == nil or auth == "" or auth:find("^%s*$") then
+                    kong.service.request.clear_header("authorization")
+                  end
+      - name: functions-v1
+        _comment: 'Edge Functions: /functions/v1/* -> http://supabase-basket-supabase-functions:9000/*'
+        url: http://supabase-basket-supabase-functions:9000/
+        read_timeout: 150000
+        routes:
+          - name: functions-v1-all
+            strip_path: true
+            paths:
+              - /functions/v1/
+        plugins:
+          - name: cors
+    
+    
+    
+    
+      - name: meta
+        _comment: "pg-meta: /pg/* -> http://supabase-basket-supabase-meta:8080/*"
+        url: http://supabase-basket-supabase-meta:8080/
+        routes:
+          - name: meta-all
+            strip_path: true
+            paths:
+              - /pg/
+        plugins:
+          - name: key-auth
+            config:
+              hide_credentials: false
+          - name: acl
+            config:
+              hide_groups_header: true
+              allow:
+                - admin
+      - name: dashboard
+        _comment: 'Studio: /* -> http://supabase-basket-supabase-studio:3000/*'
+        url: http://supabase-basket-supabase-studio:3000/
+        routes:
+          - name: dashboard-all
+            strip_path: true
+            paths:
+              - /
+        plugins:
+          - name: cors
+          - name: basic-auth
+            config:
+              hide_credentials: true
+---
+# Source: supabase/templates/vector/config.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: supabase-basket-supabase-vector-config
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+data:
+  vector.yml: |
+    api:
+      enabled: true
+      address: 0.0.0.0:9001
+    
+    sources:
+      kubernetes_host:
+        type: kubernetes_logs
+        extra_label_selector: app.kubernetes.io/instance=supabase-basket,app.kubernetes.io/name!=supabase-vector
+    
+    transforms:
+      project_logs:
+        type: remap
+        inputs:
+          - kubernetes_host
+        source: |-
+          .project = "default"
+          .event_message = del(.message)
+          .appname = del(.kubernetes.container_name)
+          del(.file)
+          del(.kubernetes)
+          del(.source_type)
+          del(.stream)
+      router:
+        type: route
+        inputs:
+          - project_logs
+        route:
+          kong: '.appname == "supabase-kong"'
+          auth: '.appname == "supabase-auth"'
+          rest: '.appname == "supabase-rest"'
+          realtime: '.appname == "supabase-realtime"'
+          storage: '.appname == "supabase-storage"'
+          functions: '.appname == "supabase-functions"'
+          db: '.appname == "supabase-db"'
+      # Ignores non nginx errors since they are related with kong booting up
+      kong_logs:
+        type: remap
+        inputs:
+          - router.kong
+        source: |-
+          req, err = parse_nginx_log(.event_message, "combined")
+          if err == null {
+              .timestamp = req.timestamp
+              .metadata.request.headers.referer = req.referer
+              .metadata.request.headers.user_agent = req.agent
+              .metadata.request.headers.cf_connecting_ip = req.client
+              .metadata.response.status_code = req.status
+              url, split_err = split(req.request, " ")
+              if split_err == null {
+                  .metadata.request.method = url[0]
+                  .metadata.request.path = url[1]
+                  .metadata.request.protocol = url[2]
+              }
+          }
+          if err != null {
+            abort
+          }
+      # Ignores non nginx errors since they are related with kong booting up
+      kong_err:
+        type: remap
+        inputs:
+          - router.kong
+        source: |-
+          .metadata.request.method = "GET"
+          .metadata.response.status_code = 200
+          parsed, err = parse_nginx_log(.event_message, "error")
+          if err == null {
+              .timestamp = parsed.timestamp
+              .severity = parsed.severity
+              .metadata.request.host = parsed.host
+              .metadata.request.headers.cf_connecting_ip = parsed.client
+              url, err = split(parsed.request, " ")
+              if err == null {
+                  .metadata.request.method = url[0]
+                  .metadata.request.path = url[1]
+                  .metadata.request.protocol = url[2]
+              }
+          }
+          if err != null {
+            abort
+          }
+      # Gotrue logs are structured json strings which frontend parses directly. But we keep metadata for consistency.
+      auth_logs:
+        type: remap
+        inputs:
+          - router.auth
+        source: |-
+          parsed, err = parse_json(.event_message)
+          if err == null {
+              .metadata.timestamp = parsed.time
+              .metadata = merge!(.metadata, parsed)
+          }
+      # PostgREST logs are structured so we separate timestamp from message using regex
+      rest_logs:
+        type: remap
+        inputs:
+          - router.rest
+        source: |-
+          parsed, err = parse_regex(.event_message, r'^(?P<time>.*): (?P<msg>.*)$')
+          if err == null {
+              .event_message = parsed.msg
+              .timestamp = parse_timestamp!(value: parsed.time,format: "%d/%b/%Y:%H:%M:%S %z")
+              .metadata.host = .project
+          }
+      # Filter out healthcheck logs from Realtime
+      realtime_logs_filtered:
+        type: filter
+        inputs:
+          - router.realtime
+        condition: '!contains(string!(.event_message), "/health")' 
+      # Realtime logs are structured so we parse the severity level using regex (ignore time because it has no date)
+      realtime_logs:
+        type: remap
+        inputs:
+          - realtime_logs_filtered
+        source: |-
+          .metadata.project = del(.project)
+          .metadata.external_id = .metadata.project
+          parsed, err = parse_regex(.event_message, r'^(?P<time>\d+:\d+:\d+\.\d+) \[(?P<level>\w+)\] (?P<msg>.*)$')
+          if err == null {
+              .event_message = parsed.msg
+              .metadata.level = parsed.level
+          }
+      # Function logs are unstructured messages on stderr
+      functions_logs:
+        type: remap
+        inputs:
+          - router.functions
+        source: |-
+          .metadata.project_ref = del(.project)
+      # Storage logs may contain json objects so we parse them for completeness
+      storage_logs:
+        type: remap
+        inputs:
+          - router.storage
+        source: |-
+          .metadata.project = del(.project)
+          .metadata.tenantId = .metadata.project
+          parsed, err = parse_json(.event_message)
+          if err == null {
+              .event_message = parsed.msg
+              .metadata.level = parsed.level
+              .metadata.timestamp = parsed.time
+              .metadata.context[0].host = parsed.hostname
+              .metadata.context[0].pid = parsed.pid
+          }
+      # Postgres logs some messages to stderr which we map to warning severity level
+      db_logs:
+        type: remap
+        inputs:
+          - router.db
+        source: |-
+          .metadata.host = "db-default"
+          .metadata.parsed.timestamp = .timestamp
+          
+          parsed, err = parse_regex(.event_message, r'.*(?P<level>INFO|NOTICE|WARNING|ERROR|LOG|FATAL|PANIC?):.*', numeric_groups: true)
+    
+          if err != null || parsed == null {
+            .metadata.parsed.error_severity = "info"
+          }
+          if parsed.level != null {
+          .metadata.parsed.error_severity = parsed.level
+          }
+          if .metadata.parsed.error_severity == "info" {
+              .metadata.parsed.error_severity = "log"
+          }
+          .metadata.parsed.error_severity = upcase!(.metadata.parsed.error_severity)
+    sinks:
+      logflare_auth:
+        type: 'http'
+        inputs:
+          - auth_logs
+        encoding:
+          codec: 'json'
+        method: 'post'
+        request:
+          retry_max_duration_secs: 30
+          headers:
+            x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
+        uri: 'http://supabase-basket-supabase-analytics:4000/api/logs?source_name=gotrue.logs.prod'
+      logflare_realtime:
+        type: 'http'
+        inputs:
+          - realtime_logs
+        encoding:
+          codec: 'json'
+        method: 'post'
+        request:
+          retry_max_duration_secs: 30
+          headers:
+            x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
+        uri: 'http://supabase-basket-supabase-analytics:4000/api/logs?source_name=realtime.logs.prod'
+      logflare_rest:
+        type: 'http'
+        inputs:
+          - rest_logs
+        encoding:
+          codec: 'json'
+        method: 'post'
+        request:
+          retry_max_duration_secs: 30
+          headers:
+            x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
+        uri: 'http://supabase-basket-supabase-analytics:4000/api/logs?source_name=postgREST.logs.prod'
+      logflare_db:
+        type: 'http'
+        inputs:
+          - db_logs
+        encoding:
+          codec: 'json'
+        method: 'post'
+        request:
+          retry_max_duration_secs: 30
+          headers:
+            x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
+        # We must route the sink through kong because ingesting logs before logflare is fully initialised will
+        # lead to broken queries from studio. This works by the assumption that containers are started in the
+        # following order: vector > db > logflare > kong
+        uri: 'http://supabase-basket-supabase-analytics:4000/api/logs?source_name=postgres.logs'
+      logflare_functions:
+        type: 'http'
+        inputs:
+          - functions_logs
+        encoding:
+          codec: 'json'
+        method: 'post'
+        request:
+          retry_max_duration_secs: 30
+          headers:
+            x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
+        uri: 'http://supabase-basket-supabase-analytics:4000/api/logs?source_name=deno-relay-logs'
+      logflare_storage:
+        type: 'http'
+        inputs:
+          - storage_logs
+        encoding:
+          codec: 'json'
+        method: 'post'
+        request:
+          retry_max_duration_secs: 30
+          headers:
+            x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
+        uri: 'http://supabase-basket-supabase-analytics:4000/api/logs?source_name=storage.logs.prod.2'
+      logflare_kong:
+        type: 'http'
+        inputs:
+          - kong_logs
+          - kong_err
+        encoding:
+          codec: 'json'
+        method: 'post'
+        request:
+          retry_max_duration_secs: 30
+          headers:
+            x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
+        uri: 'http://supabase-basket-supabase-analytics:4000/api/logs?source_name=cloudflare.logs.prod'
+---
+# Source: supabase/templates/persistence.yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: supabase-basket-db
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  accessModes:
+    - "ReadWriteOnce"
+  resources:
+    requests:
+      storage: "5Gi"
+---
+# Source: supabase/templates/persistence.yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: supabase-basket-functions
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  accessModes:
+    - "ReadWriteOnce"
+  resources:
+    requests:
+      storage: "1Gi"
+---
+# Source: supabase/templates/persistence.yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: supabase-basket-imgproxy
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  accessModes:
+    - "ReadWriteOnce"
+  resources:
+    requests:
+      storage: "1Gi"
+---
+# Source: supabase/templates/persistence.yaml
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: supabase-basket-snippets
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  accessModes:
+    - "ReadWriteOnce"
+  resources:
+    requests:
+      storage: "1Gi"
+---
+# Source: supabase/templates/persistence.yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: supabase-basket-storage
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  accessModes:
+    - "ReadWriteOnce"
+  resources:
+    requests:
+      storage: "1Gi"
+---
+# Source: supabase/templates/persistence.yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: supabase-basket-deno
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  accessModes:
+    - "ReadWriteOnce"
+  resources:
+    requests:
+      storage: "1Gi"
+---
+# Source: supabase/templates/vector/serviceaccount.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: supabase-basket-reader
+rules:
+  - apiGroups: [""]
+    resources: ["nodes", "namespaces", "pods"]
+    verbs: ["list", "watch"]
+  - apiGroups: [""]
+    resources: ["pods/log"]
+    resourceNames:
+      - supabase-basket-*
+    verbs: ["get"]
+---
+# Source: supabase/templates/vector/serviceaccount.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: supabase-basket-view
+subjects:
+  - kind: ServiceAccount
+    name: supabase-basket-supabase-vector
+    namespace: supabase-basket
+roleRef:
+  kind: ClusterRole
+  name: supabase-basket-reader
+  apiGroup: rbac.authorization.k8s.io
+---
+# Source: supabase/templates/analytics/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: supabase-basket-supabase-analytics
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: ClusterIP
+  ports:
+    - port: 4000
+      targetPort: 4000
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: supabase-analytics
+    app.kubernetes.io/instance: supabase-basket
+---
+# Source: supabase/templates/auth/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: supabase-basket-supabase-auth
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: ClusterIP
+  ports:
+    - port: 9999
+      targetPort: 9999
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: supabase-auth
+    app.kubernetes.io/instance: supabase-basket
+---
+# Source: supabase/templates/db/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: supabase-basket-supabase-db
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: ClusterIP
+  ports:
+    - port: 5432
+      targetPort: 5432
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: supabase-db
+    app.kubernetes.io/instance: supabase-basket
+---
+# Source: supabase/templates/functions/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: supabase-basket-supabase-functions
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: ClusterIP
+  ports:
+    - port: 9000
+      targetPort: 9000
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: supabase-functions
+    app.kubernetes.io/instance: supabase-basket
+---
+# Source: supabase/templates/imgproxy/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: supabase-basket-supabase-imgproxy
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: ClusterIP
+  ports:
+    - port: 5001
+      targetPort: 5001
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: supabase-imgproxy
+    app.kubernetes.io/instance: supabase-basket
+---
+# Source: supabase/templates/kong/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: supabase-basket-supabase-kong
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: ClusterIP
+  ports:
+    - port: 8000
+      targetPort: 8000
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: supabase-kong
+    app.kubernetes.io/instance: supabase-basket
+---
+# Source: supabase/templates/meta/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: supabase-basket-supabase-meta
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: ClusterIP
+  ports:
+    - port: 8080
+      targetPort: 8080
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: supabase-meta
+    app.kubernetes.io/instance: supabase-basket
+---
+# Source: supabase/templates/realtime/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: supabase-basket-supabase-realtime
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: ClusterIP
+  ports:
+    - port: 4000
+      targetPort: 4000
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: supabase-realtime
+    app.kubernetes.io/instance: supabase-basket
+---
+# Source: supabase/templates/rest/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: supabase-basket-supabase-rest
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: ClusterIP
+  ports:
+    - port: 3000
+      targetPort: 3000
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: supabase-rest
+    app.kubernetes.io/instance: supabase-basket
+---
+# Source: supabase/templates/storage/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: supabase-basket-supabase-storage
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: ClusterIP
+  ports:
+    - port: 5000
+      targetPort: 5000
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: supabase-storage
+    app.kubernetes.io/instance: supabase-basket
+---
+# Source: supabase/templates/studio/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: supabase-basket-supabase-studio
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: ClusterIP
+  ports:
+    - port: 3000
+      targetPort: 3000
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: supabase-studio
+    app.kubernetes.io/instance: supabase-basket
+---
+# Source: supabase/templates/vector/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: supabase-basket-supabase-vector
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: ClusterIP
+  ports:
+    - port: 9001
+      targetPort: 9001
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: supabase-vector
+    app.kubernetes.io/instance: supabase-basket
+---
+# Source: supabase/templates/analytics/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: supabase-basket-supabase-analytics
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: supabase-analytics
+      app.kubernetes.io/instance: supabase-basket
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: supabase-analytics
+        app.kubernetes.io/instance: supabase-basket
+    spec:
+      serviceAccountName: supabase-basket-supabase-analytics
+      securityContext:
+        null
+      initContainers:
+        - name: init-db
+          image: "postgres:15-alpine"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: DB_HOST
+              value: "supabase-basket-supabase-db"
+            - name: DB_PORT
+              value: "5432"
+          command: ["/bin/sh", "-c"]
+          args:
+            - |
+              until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres; do
+              echo "Waiting for database to start..."
+              sleep 2
+              done
+            - echo "Database is ready"
+      containers:
+        - name: supabase-analytics
+          securityContext:
+            {}
+          image: "supabase/logflare:1.36.1"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: DB_DATABASE
+              value: "_supabase"
+            - name: DB_DRIVER
+              value: "postgresql"
+            - name: DB_SCHEMA
+              value: "_analytics"
+            - name: DB_USERNAME
+              value: "supabase_admin"
+            - name: LOGFLARE_FEATURE_FLAG_OVERRIDE
+              value: "multibackend=true"
+            - name: LOGFLARE_NODE_HOST
+              value: "127.0.0.1"
+            - name: LOGFLARE_SINGLE_TENANT
+              value: "true"
+            - name: LOGFLARE_SUPABASE_MODE
+              value: "true"
+            - name: POSTGRES_BACKEND_SCHEMA
+              value: "_analytics"
+            - name: DB_HOSTNAME
+              value: "supabase-basket-supabase-db"
+            - name: DB_PORT
+              value: "5432"
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: password
+            - name: DB_PASSWORD_ENC
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: password_encoded
+            - name:  LOGFLARE_PUBLIC_ACCESS_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-analytics
+                  key: publicAccessToken
+            - name: LOGFLARE_PRIVATE_ACCESS_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-analytics
+                  key: privateAccessToken
+            - name: POSTGRES_BACKEND_URL
+              value: $(DB_DRIVER)://$(DB_USERNAME):$(DB_PASSWORD_ENC)@$(DB_HOSTNAME):$(DB_PORT)/$(DB_DATABASE)
+          ports:
+            - containerPort: 4000
+              protocol: TCP
+---
+# Source: supabase/templates/auth/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: supabase-basket-supabase-auth
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: supabase-auth
+      app.kubernetes.io/instance: supabase-basket
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: supabase-auth
+        app.kubernetes.io/instance: supabase-basket
+    spec:
+      serviceAccountName: supabase-basket-supabase-auth
+      securityContext:
+        null
+      initContainers:
+        - name: init-db
+          image: "postgres:15-alpine"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: DB_HOST
+              value: "supabase-basket-supabase-db"
+            - name: DB_PORT
+              value: "5432"
+          command: ["/bin/sh", "-c"]
+          args:
+            - |
+              until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres; do
+              echo "Waiting for database to start..."
+              sleep 2
+              done
+            - echo "Database is ready"
+      containers:
+        - name: supabase-auth
+          securityContext:
+            {}
+          image: "supabase/gotrue:v2.186.0"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: API_EXTERNAL_URL
+              value: "http://supabase.local"
+            - name: DB_DRIVER
+              value: "postgres"
+            - name: DB_SSL
+              value: "disable"
+            - name: DB_USER
+              value: "supabase_auth_admin"
+            - name: GOTRUE_API_HOST
+              value: "0.0.0.0"
+            - name: GOTRUE_API_PORT
+              value: "9999"
+            - name: GOTRUE_DISABLE_SIGNUP
+              value: "false"
+            - name: GOTRUE_EXTERNAL_ANONYMOUS_USERS_ENABLED
+              value: "false"
+            - name: GOTRUE_EXTERNAL_EMAIL_ENABLED
+              value: "true"
+            - name: GOTRUE_EXTERNAL_PHONE_ENABLED
+              value: "false"
+            - name: GOTRUE_JWT_ADMIN_ROLES
+              value: "service_role"
+            - name: GOTRUE_JWT_AUD
+              value: "authenticated"
+            - name: GOTRUE_JWT_DEFAULT_GROUP_NAME
+              value: "authenticated"
+            - name: GOTRUE_JWT_EXP
+              value: "3600"
+            - name: GOTRUE_MAILER_AUTOCONFIRM
+              value: "true"
+            - name: GOTRUE_MAILER_URLPATHS_CONFIRMATION
+              value: "/auth/v1/verify"
+            - name: GOTRUE_MAILER_URLPATHS_EMAIL_CHANGE
+              value: "/auth/v1/verify"
+            - name: GOTRUE_MAILER_URLPATHS_INVITE
+              value: "/auth/v1/verify"
+            - name: GOTRUE_MAILER_URLPATHS_RECOVERY
+              value: "/auth/v1/verify"
+            - name: GOTRUE_SITE_URL
+              value: "http://supabase.local"
+            - name: GOTRUE_SMS_AUTOCONFIRM
+              value: "false"
+            - name: GOTRUE_SMTP_ADMIN_EMAIL
+              value: "SMTP_ADMIN_MAIL"
+            - name: GOTRUE_SMTP_HOST
+              value: "SMTP_HOST"
+            - name: GOTRUE_SMTP_PORT
+              value: "123"
+            - name: GOTRUE_SMTP_SENDER_NAME
+              value: "SMTP_SENDER_NAME"
+            - name: GOTRUE_URI_ALLOW_LIST
+              value: "*"
+            - name: DB_HOST
+              value: "supabase-basket-supabase-db"
+            - name: DB_PORT
+              value: "5432"
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: password
+            - name: DB_PASSWORD_ENC
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: password_encoded
+            - name: DB_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: database
+            - name: GOTRUE_DB_DATABASE_URL
+              value: $(DB_DRIVER)://$(DB_USER):$(DB_PASSWORD_ENC)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=$(DB_SSL)
+            - name: GOTRUE_DB_DRIVER
+              value: $(DB_DRIVER)
+            - name: GOTRUE_JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-jwt
+                  key: secret
+            - name: GOTRUE_SMTP_USER
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-smtp
+                  key: username
+            - name: GOTRUE_SMTP_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-smtp
+                  key: password
+          ports:
+            - name: http
+              containerPort: 9999
+              protocol: TCP
+---
+# Source: supabase/templates/functions/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: supabase-basket-supabase-functions
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: supabase-functions
+      app.kubernetes.io/instance: supabase-basket
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: supabase-functions
+        app.kubernetes.io/instance: supabase-basket
+    spec:
+      serviceAccountName: supabase-basket-supabase-functions
+      securityContext:
+        null
+      containers:
+        - args:
+            - start
+            - --main-service
+            - /home/deno/functions/main
+          name: supabase-functions
+          securityContext:
+            {}
+          image: "supabase/edge-runtime:v1.71.2"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: DB_DRIVER
+              value: "postgresql"
+            - name: DB_SSL
+              value: "disable"
+            - name: DB_USERNAME
+              value: "postgres"
+            - name: VERIFY_JWT
+              value: "false"
+            - name: SUPABASE_URL
+              value: http://supabase-basket-supabase-kong:8000
+            - name: DB_HOSTNAME
+              value: "supabase-basket-supabase-db"
+            - name: DB_PORT
+              value: "5432"
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: password
+            - name: DB_PASSWORD_ENC
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: password_encoded
+            - name: DB_DATABASE
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: database
+            - name: JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-jwt
+                  key: secret
+            - name: SUPABASE_ANON_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-jwt
+                  key: anonKey
+            - name: SUPABASE_SERVICE_ROLE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-jwt
+                  key: serviceKey
+            - name: SUPABASE_PUBLISHABLE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-apikey
+                  key: publishableKey
+            - name: SUPABASE_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-apikey
+                  key: secretKey
+            - name: SUPABASE_PUBLISHABLE_KEYS
+              value: '{"default":"$(SUPABASE_PUBLISHABLE_KEY)"}'
+            - name: SUPABASE_SECRET_KEYS
+              value: '{"default":"$(SUPABASE_SECRET_KEY)"}'
+            - name: SUPABASE_DB_URL
+              value: $(DB_DRIVER)://$(DB_USERNAME):$(DB_PASSWORD_ENC)@$(DB_HOSTNAME):$(DB_PORT)/$(DB_DATABASE)?search_path=auth&sslmode=$(DB_SSL)
+          volumeMounts:
+            - name: functions-storage
+              mountPath: /home/deno/functions
+            - name: deno-cache
+              mountPath: /root/.cache/deno
+            - mountPath: /home/deno/functions/main/index.ts
+              name: functions-main
+              subPath: index.ts
+      volumes:
+        - name: functions-storage
+          persistentVolumeClaim:
+            claimName: supabase-basket-functions
+        - name: deno-cache
+          persistentVolumeClaim:
+            claimName: supabase-basket-deno
+        - name: functions-main
+          configMap:
+            name: supabase-basket-supabase-functions-main
+---
+# Source: supabase/templates/imgproxy/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: supabase-basket-supabase-imgproxy
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: supabase-imgproxy
+      app.kubernetes.io/instance: supabase-basket
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: supabase-imgproxy
+        app.kubernetes.io/instance: supabase-basket
+    spec:
+      serviceAccountName: supabase-basket-supabase-imgproxy
+      securityContext:
+        null
+      containers:
+        - name: supabase-imgproxy
+          securityContext:
+            {}
+          image: "darthsim/imgproxy:v3.30.1"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: IMGPROXY_BIND
+              value: ":5001"
+            - name: IMGPROXY_ENABLE_WEBP_DETECTION
+              value: "true"
+            - name: IMGPROXY_LOCAL_FILESYSTEM_ROOT
+              value: "/"
+            - name: IMGPROXY_USE_ETAG
+              value: "true"
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          volumeMounts:
+            - mountPath: /var/lib/storage
+              name: imgproxy-volume
+      volumes:
+        - name: imgproxy-volume
+          persistentVolumeClaim:
+            claimName: supabase-basket-imgproxy
+---
+# Source: supabase/templates/kong/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: supabase-basket-supabase-kong
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: supabase-kong
+      app.kubernetes.io/instance: supabase-basket
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: supabase-kong
+        app.kubernetes.io/instance: supabase-basket
+    spec:
+      serviceAccountName: supabase-basket-supabase-kong
+      securityContext:
+        null
+      containers:
+        - name: supabase-kong
+          securityContext:
+            {}
+          image: "kong/kong:3.9.1"
+          imagePullPolicy: IfNotPresent
+          command: ["/bin/bash"]
+          args: ["/scripts/kong-entrypoint.sh"]
+          env:
+            - name: KONG_DATABASE
+              value: "off"
+            - name: KONG_DECLARATIVE_CONFIG
+              value: "/usr/local/kong/kong.yml"
+            - name: KONG_DNS_ORDER
+              value: "LAST,A,CNAME"
+            - name: KONG_LOG_LEVEL
+              value: "warn"
+            - name: KONG_NGINX_PROXY_PROXY_BUFFERS
+              value: "64 160k"
+            - name: KONG_NGINX_PROXY_PROXY_BUFFER_SIZE
+              value: "160k"
+            - name: KONG_PLUGINS
+              value: "request-transformer,cors,key-auth,acl,basic-auth,post-function"
+            - name: SUPABASE_ANON_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-jwt
+                  key: anonKey
+            - name: SUPABASE_SERVICE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-jwt
+                  key: serviceKey
+            - name: SUPABASE_PUBLISHABLE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-apikey
+                  key: publishableKey
+            - name: SUPABASE_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-apikey
+                  key: secretKey
+            - name: ANON_KEY_ASYMMETRIC
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-apikey
+                  key: anonKeyAsymmetric
+            - name: SERVICE_ROLE_KEY_ASYMMETRIC
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-apikey
+                  key: serviceRoleKeyAsymmetric
+            - name: DASHBOARD_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-dashboard
+                  key: username
+            - name: DASHBOARD_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-dashboard
+                  key: password
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          volumeMounts:
+            - mountPath: /usr/local/kong/template.yml
+              name: config
+              subPath: template.yml
+            - mountPath: /scripts
+              name: wrapper
+      volumes:
+        - name: config
+          configMap:
+            name: supabase-basket-supabase-kong
+            defaultMode: 0777
+            items:
+            - key: kong.yml
+              path: template.yml
+        - name: wrapper
+          configMap:
+            name: supabase-basket-supabase-kong
+            defaultMode: 0777
+            items:
+            - key: kong-entrypoint.sh
+              path: kong-entrypoint.sh
+---
+# Source: supabase/templates/meta/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: supabase-basket-supabase-meta
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: supabase-meta
+      app.kubernetes.io/instance: supabase-basket
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: supabase-meta
+        app.kubernetes.io/instance: supabase-basket
+    spec:
+      serviceAccountName: supabase-basket-supabase-meta
+      securityContext:
+        null
+      containers:
+        - name: supabase-meta
+          securityContext:
+            {}
+          image: "supabase/postgres-meta:v0.96.3"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: DB_DRIVER
+              value: "postgres"
+            - name: DB_SSL
+              value: "disable"
+            - name: DB_USER
+              value: "supabase_admin"
+            - name: PG_META_PORT
+              value: "8080"
+            - name: DB_HOST
+              value: "supabase-basket-supabase-db"
+            - name: DB_PORT
+              value: "5432"
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: password
+            - name: DB_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: database
+            - name: PG_META_DB_HOST
+              value: $(DB_HOST)
+            - name: PG_META_DB_PORT
+              value: $(DB_PORT)
+            - name: PG_META_DB_NAME
+              value: $(DB_NAME)
+            - name: PG_META_DB_USER
+              value: $(DB_USER)
+            - name: PG_META_DB_PASSWORD
+              value: $(DB_PASSWORD)
+            - name: PG_META_DB_SSL_MODE
+              value: $(DB_SSL)
+            - name: CRYPTO_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-meta
+                  key: cryptoKey
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+---
+# Source: supabase/templates/realtime/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: supabase-basket-supabase-realtime
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: supabase-realtime
+      app.kubernetes.io/instance: supabase-basket
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: supabase-realtime
+        app.kubernetes.io/instance: supabase-basket
+    spec:
+      serviceAccountName: supabase-basket-supabase-realtime
+      securityContext:
+        null
+      initContainers:
+        - name: init-db
+          image: "postgres:15-alpine"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: DB_HOST
+              value: "supabase-basket-supabase-db"
+            - name: DB_PORT
+              value: "5432"
+          command: ["/bin/sh", "-c"]
+          args:
+            - |
+              until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres; do
+              echo "Waiting for database to start..."
+              sleep 2
+              done
+            - echo "Database is ready"
+      containers:
+        - name: supabase-realtime
+          securityContext:
+            {}
+          image: "supabase/realtime:v2.76.5"
+          imagePullPolicy: IfNotPresent
+          command: ["/bin/sh"]
+          args: ["-c", "/app/bin/migrate && /app/bin/realtime eval 'Realtime.Release.seeds(Realtime.Repo)' && /app/bin/server"]
+          env:
+            - name: APP_NAME
+              value: "realtime"
+            - name: DB_AFTER_CONNECT_QUERY
+              value: "SET search_path TO _realtime"
+            - name: DB_ENC_KEY
+              value: "supabaserealtime"
+            - name: DB_SSL
+              value: "false"
+            - name: DB_USER
+              value: "supabase_admin"
+            - name: DNS_NODES
+              value: "''"
+            - name: ENABLE_TAILSCALE
+              value: "false"
+            - name: ERL_AFLAGS
+              value: "-proto_dist inet_tcp"
+            - name: FLY_ALLOC_ID
+              value: "fly123"
+            - name: FLY_APP_NAME
+              value: "realtime"
+            - name: PORT
+              value: "4000"
+            - name: RLIMIT_NOFILE
+              value: "10000"
+            - name: RUN_JANITOR
+              value: "true"
+            - name: SEED_SELF_HOST
+              value: "true"
+            - name: DB_HOST
+              value: "supabase-basket-supabase-db"
+            - name: DB_PORT
+              value: "5432"
+            - name: SELF_HOST_TENANT_NAME
+              value: supabase-basket-supabase-realtime
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: password
+            - name: DB_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: database
+            - name: JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-jwt
+                  key: secret
+            - name: API_JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-jwt
+                  key: secret
+
+            - name: SECRET_KEY_BASE
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-realtime
+                  key: secretKeyBase
+          ports:
+            - name: http
+              containerPort: 4000
+              protocol: TCP
+---
+# Source: supabase/templates/rest/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: supabase-basket-supabase-rest
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: supabase-rest
+      app.kubernetes.io/instance: supabase-basket
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: supabase-rest
+        app.kubernetes.io/instance: supabase-basket
+    spec:
+      serviceAccountName: supabase-basket-supabase-rest
+      securityContext:
+        null
+      initContainers:
+        - name: init-db
+          image: "postgres:15-alpine"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: DB_HOST
+              value: "supabase-basket-supabase-db"
+            - name: DB_PORT
+              value: "5432"
+          command: ["/bin/sh", "-c"]
+          args:
+            - |
+              until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres; do
+              echo "Waiting for database to start..."
+              sleep 2
+              done
+            - echo "Database is ready"
+      containers:
+        - name: supabase-rest
+          securityContext:
+            {}
+          image: "postgrest/postgrest:v14.8"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: DB_DRIVER
+              value: "postgres"
+            - name: DB_SSL
+              value: "disable"
+            - name: DB_USER
+              value: "authenticator"
+            - name: PGRST_APP_SETTINGS_JWT_EXP
+              value: "3600"
+            - name: PGRST_DB_ANON_ROLE
+              value: "anon"
+            - name: PGRST_DB_SCHEMAS
+              value: "public,storage,graphql_public"
+            - name: PGRST_DB_USE_LEGACY_GUCS
+              value: "false"
+            - name: DB_HOST
+              value: "supabase-basket-supabase-db"
+            - name: DB_PORT
+              value: "5432"
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: password
+            - name: DB_PASSWORD_ENC
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: password_encoded
+            - name: DB_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: database
+            - name: PGRST_DB_URI
+              value: $(DB_DRIVER)://$(DB_USER):$(DB_PASSWORD_ENC)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=$(DB_SSL)
+            - name: PGRST_JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-jwt
+                  key: secret
+            - name: PGRST_APP_SETTINGS_JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-jwt
+                  key: secret
+          ports:
+            - name: http
+              containerPort: 3000
+              protocol: TCP
+---
+# Source: supabase/templates/storage/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: supabase-basket-supabase-storage
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: supabase-storage
+      app.kubernetes.io/instance: supabase-basket
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: supabase-storage
+        app.kubernetes.io/instance: supabase-basket
+    spec:
+      restartPolicy: Always
+      serviceAccountName: supabase-basket-supabase-storage
+      securityContext:
+        null
+      initContainers:
+        - name: init-db
+          image: "postgres:15-alpine"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: DB_HOST
+              value: "supabase-basket-supabase-db"
+            - name: DB_PORT
+              value: "5432"
+          command: ["/bin/sh", "-c"]
+          args:
+            - |
+              until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres; do
+              echo "Waiting for database to start..."
+              sleep 2
+              done
+            - echo "Database is ready"
+      containers:
+        - name: supabase-storage
+          securityContext:
+            {}
+          image: "supabase/storage-api:v1.48.26"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: DB_DRIVER
+              value: "postgres"
+            - name: DB_SSL
+              value: "disable"
+            - name: DB_USER
+              value: "supabase_storage_admin"
+            - name: ENABLE_IMAGE_TRANSFORMATION
+              value: "true"
+            - name: FILE_SIZE_LIMIT
+              value: "52428800"
+            - name: FILE_STORAGE_BACKEND_PATH
+              value: "/var/lib/storage"
+            - name: GLOBAL_S3_BUCKET
+              value: "stub"
+            - name: REGION
+              value: "stub"
+            - name: REQUEST_ALLOW_X_FORWARDED_PATH
+              value: "true"
+            - name: TENANT_ID
+              value: "stub"
+            
+            # 2. Now handle STORAGE_BACKEND specifically
+            - name: STORAGE_BACKEND
+              value: "file"
+            - name: DB_HOST
+              value: "supabase-basket-supabase-db"
+            - name: DB_PORT
+              value: "5432"
+            - name: POSTGREST_URL
+              value: http://supabase-basket-supabase-rest:3000
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: password
+            - name: DB_PASSWORD_ENC
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: password_encoded
+            - name: DB_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: database
+            - name: DATABASE_URL
+              value: $(DB_DRIVER)://$(DB_USER):$(DB_PASSWORD_ENC)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=$(DB_SSL)
+            - name: PGRST_JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-jwt
+                  key: secret
+            - name: AUTH_JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-jwt
+                  key: secret
+            - name: ANON_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-jwt
+                  key: anonKey
+            - name: SERVICE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-jwt
+                  key: serviceKey
+            - name: S3_PROTOCOL_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-s3
+                  key: keyId
+            - name: S3_PROTOCOL_ACCESS_KEY_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-s3
+                  key: accessKey
+            - name: IMGPROXY_URL
+              value: http://supabase-basket-supabase-imgproxy:5001
+          ports:
+            - name: http
+              containerPort: 5000
+              protocol: TCP
+          volumeMounts:
+            - mountPath: /var/lib/storage
+              name: storage-data
+      volumes:
+        - name: storage-data
+          persistentVolumeClaim:
+            claimName: supabase-basket-storage
+---
+# Source: supabase/templates/studio/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: supabase-basket-supabase-studio
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: supabase-studio
+      app.kubernetes.io/instance: supabase-basket
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: supabase-studio
+        app.kubernetes.io/instance: supabase-basket
+    spec:
+      serviceAccountName: supabase-basket-supabase-studio
+      securityContext:
+        null
+      containers:
+        - name: supabase-studio
+          securityContext:
+            {}
+          image: "supabase/studio:2026.04.08-sha-205cbe7"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: DEFAULT_ORGANIZATION_NAME
+              value: "Default Organization"
+            - name: DEFAULT_PROJECT_NAME
+              value: "Default Project"
+            - name: HOSTNAME
+              value: "::"
+            - name: NEXT_ANALYTICS_BACKEND_PROVIDER
+              value: "postgres"
+            - name: NEXT_PUBLIC_ENABLE_LOGS
+              value: "true"
+            - name: POSTGRES_PORT
+              value: "5432"
+            - name: STUDIO_PORT
+              value: "3000"
+            - name: SUPABASE_PUBLIC_URL
+              value: "http://supabase.local"
+            - name: SUPABASE_URL
+              value: http://supabase-basket-supabase-kong:8000
+            - name: STUDIO_PG_META_URL
+              value: http://supabase-basket-supabase-meta:8080
+            - name: POSTGRES_HOST
+              value: supabase-basket-supabase-db
+
+            - name: POSTGRES_DB
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: database
+
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: password
+
+            - name: PG_META_CRYPTO_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-meta
+                  key: cryptoKey
+
+
+            - name: OPENAI_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-dashboard
+                  key: openAiApiKey
+
+            - name: SUPABASE_ANON_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-jwt
+                  key: anonKey
+
+            - name: SUPABASE_SERVICE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-jwt
+                  key: serviceKey
+
+            - name: AUTH_JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-jwt
+                  key: secret
+            - name: LOGFLARE_URL
+              value: http://supabase-basket-supabase-analytics:4000
+            - name:  LOGFLARE_PUBLIC_ACCESS_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-analytics
+                  key: publicAccessToken
+            - name: LOGFLARE_PRIVATE_ACCESS_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-analytics
+                  key: privateAccessToken
+            - name: EDGE_FUNCTIONS_MANAGEMENT_FOLDER
+              value: /home/deno/functions
+            - name: SNIPPETS_MANAGEMENT_FOLDER
+              value: /app/snippets
+          ports:
+            - name: http
+              containerPort: 3000
+              protocol: TCP
+          volumeMounts:
+            - name: functions-storage
+              mountPath: /home/deno/functions
+            - name: snippets-storage
+              mountPath: /app/snippets
+      volumes:
+        - name: functions-storage
+          persistentVolumeClaim:
+            claimName: supabase-basket-functions
+        - name: snippets-storage
+          persistentVolumeClaim:
+            claimName: supabase-basket-snippets
+---
+# Source: supabase/templates/vector/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: supabase-basket-supabase-vector
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+    vector.dev/exclude: "true"
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: supabase-vector
+      app.kubernetes.io/instance: supabase-basket
+  template:
+    metadata:
+      annotations:
+        checksum/config: bc90c241e29802f5d00dcc778b7af85a514750c581e5d6f00fb1c1cf1c9802d2
+      labels:
+        app.kubernetes.io/name: supabase-vector
+        app.kubernetes.io/instance: supabase-basket
+    spec:
+      serviceAccountName: supabase-basket-supabase-vector
+      securityContext:
+        null
+      containers:
+        - args:
+            - --config
+            - /etc/vector/vector.yml
+          name: supabase-vector
+          securityContext:
+            {}
+          image: "timberio/vector:0.53.0-alpine"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: VECTOR_SELF_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name:  LOGFLARE_PUBLIC_ACCESS_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-analytics
+                  key: publicAccessToken
+          ports:
+            - containerPort: 9001
+              protocol: TCP
+          volumeMounts:
+            - mountPath: /etc/vector/vector.yml
+              name: vector-config
+              subPath: vector.yml
+            - name: varlog
+              mountPath: /var/log
+              readOnly: true
+            - name: varlibdockercontainers
+              mountPath: /var/lib/docker/containers
+              readOnly: true
+      volumes:
+        - name: vector-config
+          configMap:
+            name:  supabase-basket-supabase-vector-config
+            defaultMode: 0777
+        - name: varlog
+          hostPath:
+            path: /var/log
+        - name: varlibdockercontainers
+          hostPath:
+            path: /var/lib/docker/containers
+---
+# Source: supabase/templates/db/statefulset.yaml
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: supabase-basket-supabase-db
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: supabase-db
+      app.kubernetes.io/instance: supabase-basket
+  serviceName: supabase-basket-supabase-db
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: supabase-db
+        app.kubernetes.io/instance: supabase-basket
+    spec:
+      serviceAccountName: supabase-basket-supabase-db
+      securityContext:
+        null
+      initContainers:
+        - name: init-db
+          image: "supabase/postgres:15.8.1.085"
+          imagePullPolicy: IfNotPresent
+          command: ["/bin/sh", "-c"]
+          args:
+            - |
+              echo "Copying init scripts into existing image script directory..."
+              cp -r /docker-entrypoint-initdb.d/* /initdb.d/
+              cp /custom-init-scripts/98-webhooks.sql /initdb.d/init-scripts/
+              cp /custom-init-scripts/99-roles.sql /initdb.d/init-scripts/
+              cp /custom-init-scripts/99-jwt.sql /initdb.d/init-scripts/
+
+              cp /custom-init-scripts/99-logs.sql /initdb.d/migrations/
+              cp /custom-init-scripts/99-realtime.sql /initdb.d/migrations/
+              cp /custom-init-scripts/97-_supabase.sql /initdb.d/migrations/
+              cp /custom-init-scripts/99-pooler.sql /initdb.d/migrations/
+
+              echo "Copying user-defined migration scripts..."
+              cp /custom-migrations/* /initdb.d/migrations/ || echo "Skip migrations"
+              echo "Initialization scripts are ready"
+          volumeMounts:
+            - mountPath: /custom-init-scripts
+              name: custom-init-scripts
+            - mountPath: /custom-migrations
+              name: custom-migrations
+            - mountPath: /initdb.d
+              name: initdb-scripts-data
+      containers:
+        - name: supabase-db
+          securityContext:
+            {}
+          image: "supabase/postgres:15.8.1.085"
+          imagePullPolicy: IfNotPresent
+          lifecycle:
+            preStop:
+              exec:
+                command: ["/bin/sh", "-c", "pg_ctl -D /var/lib/postgres/data -w -t 60 -m fast stop"]
+          env:
+            - name: JWT_EXP
+              value: "3600"
+            - name: PGPORT
+              value: "5432"
+            - name: POSTGRES_HOST
+              value: "/var/run/postgresql"
+            - name: POSTGRES_PORT
+              value: "5432"
+            - name: PGPASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: password
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: password
+            - name: PGDATABASE
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: database
+            - name: POSTGRES_DB
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-db
+                  key: database
+            - name: JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-jwt
+                  key: secret
+          ports:
+            - name: http
+              containerPort: 5432
+              protocol: TCP
+          volumeMounts:
+            - mountPath: /docker-entrypoint-initdb.d
+              name: initdb-scripts-data
+            - mountPath: /var/lib/postgresql/data
+              name: postgres-volume
+              subPath: postgres-data
+      volumes:
+        - name: initdb-scripts-data
+          emptyDir:
+            medium: ""
+        - name: custom-init-scripts
+          configMap:
+            name: supabase-basket-supabase-db-initdb
+        - name: custom-migrations
+          configMap:
+            name: supabase-basket-supabase-db-migrations
+        - name: postgres-volume
+          persistentVolumeClaim:
+            claimName: supabase-basket-db
+---
+# Source: supabase/templates/kong/ingress.yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: supabase-basket-supabase-kong
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: "supabase.local"
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: supabase-basket-supabase-kong
+                port:
+                  number: 8000
+---
+# Source: supabase/templates/test/analytics.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: supabase-basket-test-analytics
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": test
+spec:
+  ttlSecondsAfterFinished: 100
+  template:
+    spec:
+      containers:
+        - name: test-analytics
+          image: kdevup/curljq
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/bash
+            - -c
+            - |
+              curl -sfo /dev/null \
+                http://supabase-basket-supabase-analytics:4000/health
+              echo "Sevice supabase-basket-supabase-analytics is healthy."
+      restartPolicy: Never
+---
+# Source: supabase/templates/test/auth.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: supabase-basket-test-auth
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": test
+spec:
+  ttlSecondsAfterFinished: 100
+  template:
+    spec:
+      containers:
+        - name: test-auth
+          image: kdevup/curljq
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/bash
+            - -c
+            - |
+              curl -sfo /dev/null \
+                http://supabase-basket-supabase-auth:9999/health
+              echo "Sevice supabase-basket-supabase-auth is healthy."
+      restartPolicy: Never
+---
+# Source: supabase/templates/test/db.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: supabase-basket-test-db
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": test
+spec:
+  ttlSecondsAfterFinished: 100
+  template:
+    spec:
+      containers:
+        - command:
+            - /bin/sh
+            - -c
+            - |
+              pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres || $(echo "\e[0;31mFailed to connect to the database." && exit 1)
+              echo "Database is ready"
+          env:
+            - name: DB_HOST
+              value: "supabase-basket-supabase-db"
+            - name: DB_PORT
+              value: "5432"
+          image: postgres:15-alpine
+          imagePullPolicy: IfNotPresent
+          name: test-db
+      restartPolicy: Never
+---
+# Source: supabase/templates/test/imgproxy.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: supabase-basket-test-imgproxy
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": test
+spec:
+  ttlSecondsAfterFinished: 100
+  template:
+    spec:
+      containers:
+        - name: test-imgproxy
+          image: kdevup/curljq
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/bash
+            - -c
+            - |
+              curl -sfo /dev/null \
+                http://supabase-basket-supabase-imgproxy:5001/health
+              echo "Sevice supabase-basket-supabase-imgproxy is healthy."
+      restartPolicy: Never
+---
+# Source: supabase/templates/test/kong.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: supabase-basket-test-kong
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": test
+spec:
+  ttlSecondsAfterFinished: 100
+  template:
+    spec:
+      containers:
+        - env:
+            - name: DASHBOARD_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-dashboard
+                  key: username
+            - name: DASHBOARD_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: supabase-basket-dashboard
+                  key: password
+          name: test-kong
+          image: kdevup/curljq
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/bash
+            - -c
+            - |
+              echo "Attempting to access dashboard with provided credentials..."
+              curl -sL --fail \
+                -o /dev/null \
+                "http://${DASHBOARD_USERNAME}:${DASHBOARD_PASSWORD}@supabase-basket-supabase-kong:8000" \
+                || ( echo -e "\e[0;31mFailed to get a valid response." && exit 1 )
+              echo "Successfully connected."
+      restartPolicy: Never
+---
+# Source: supabase/templates/test/meta.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: supabase-basket-test-meta
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": test
+spec:
+  ttlSecondsAfterFinished: 100
+  template:
+    spec:
+      containers:
+        - name: test-meta
+          image: kdevup/curljq
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/bash
+            - -c
+            - |
+              curl -sfo /dev/null \
+                http://supabase-basket-supabase-meta:8080/health
+              echo "Sevice supabase-basket-supabase-meta is healthy."
+      restartPolicy: Never
+---
+# Source: supabase/templates/test/realtime.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: supabase-basket-test-realtime
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": test
+spec:
+  ttlSecondsAfterFinished: 100
+  template:
+    spec:
+      containers:
+        - name: test-realtime
+          image: kdevup/curljq
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/bash
+            - -c
+            - |
+              curl -sfo /dev/null \
+                http://supabase-basket-supabase-realtime:4000
+              echo "Sevice supabase-basket-supabase-realtime is healthy."
+      restartPolicy: Never
+---
+# Source: supabase/templates/test/rest.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: supabase-basket-test-rest
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": test
+spec:
+  ttlSecondsAfterFinished: 100
+  template:
+    spec:
+      containers:
+        - name: test-rest
+          image: kdevup/curljq
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/bash
+            - -c
+            - |
+              curl -sfo /dev/null \
+                http://supabase-basket-supabase-rest:3000
+              echo "Sevice supabase-basket-supabase-rest is healthy."
+      restartPolicy: Never
+---
+# Source: supabase/templates/test/storage.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: supabase-basket-test-storage
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": test
+spec:
+  ttlSecondsAfterFinished: 100
+  template:
+    spec:
+      containers:
+        - name: test-storage
+          image: kdevup/curljq
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/bash
+            - -c
+            - |
+              curl -sfo /dev/null \
+                http://supabase-basket-supabase-storage:5000/status
+              echo "Sevice supabase-basket-supabase-storage is healthy."
+      restartPolicy: Never
+---
+# Source: supabase/templates/test/studio.yaml
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: supabase-basket-test-studio
+  labels:
+    helm.sh/chart: supabase-0.5.6
+    app.kubernetes.io/name: supabase
+    app.kubernetes.io/instance: supabase-basket
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": test
+spec:
+  ttlSecondsAfterFinished: 100
+  template:
+    spec:
+      containers:
+        - name: test-studio
+          image: kdevup/curljq
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/bash
+            - -c
+            - |
+              curl -sfo /dev/null \
+                http://supabase-basket-supabase-studio:3000/api/profile
+              echo "Sevice supabase-basket-supabase-studio is healthy."
+      restartPolicy: Never