---
# Source: supabase/templates/analytics/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: supabase-basket-supabase-analytics
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/auth/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: supabase-basket-supabase-auth
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/db/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: supabase-basket-supabase-db
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/functions/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: supabase-basket-supabase-functions
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/imgproxy/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: supabase-basket-supabase-imgproxy
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/kong/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: supabase-basket-supabase-kong
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/meta/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: supabase-basket-supabase-meta
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/realtime/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: supabase-basket-supabase-realtime
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/rest/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: supabase-basket-supabase-rest
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/storage/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: supabase-basket-supabase-storage
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/studio/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: supabase-basket-supabase-studio
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/vector/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: supabase-basket-supabase-vector
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/secret/analytics.yaml
apiVersion: v1
kind: Secret
metadata:
  name: supabase-basket-analytics
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
type: Opaque
data:
  publicAccessToken: "eW91ci1zdXBlci1zZWNyZXQtYW5kLWxvbmctbG9nZmxhcmUta2V5LXB1YmxpYw=="
  privateAccessToken: "eW91ci1zdXBlci1zZWNyZXQtYW5kLWxvbmctbG9nZmxhcmUta2V5LXByaXZhdGU="
---
# Source: supabase/templates/secret/apikey.yaml
apiVersion: v1
kind: Secret
metadata:
  name: supabase-basket-apikey
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
type: Opaque
data:
  publishableKey: ""
  secretKey: ""
  anonKeyAsymmetric: ""
  serviceRoleKeyAsymmetric: ""
  jwtKeys: ""
  jwtJwks: ""
---
# Source: supabase/templates/secret/dashboard.yaml
apiVersion: v1
kind: Secret
metadata:
  name: supabase-basket-dashboard
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
type: Opaque
data:
  username: "c3VwYWJhc2U="
  password: "dGhpc19wYXNzd29yZF9pc19pbnNlY3VyZV9hbmRfc2hvdWxkX2JlX3VwZGF0ZWQ="
  openAiApiKey: "a2V5X3N1cGVyX3NlY3JldA=="
---
# Source: supabase/templates/secret/db.yaml
apiVersion: v1
kind: Secret
metadata:
  name: supabase-basket-db
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
type: Opaque
data:
  password: "eW91ci1zdXBlci1zZWNyZXQtYW5kLWxvbmctcG9zdGdyZXMtcGFzc3dvcmQ="
  database: "cG9zdGdyZXM="
  password_encoded: "eW91ci1zdXBlci1zZWNyZXQtYW5kLWxvbmctcG9zdGdyZXMtcGFzc3dvcmQ="
---
# Source: supabase/templates/secret/jwt.yaml
apiVersion: v1
kind: Secret
metadata:
  name: supabase-basket-jwt
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
type: Opaque
data:
  anonKey: "ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5QWdDaUFnSUNBaWNtOXNaU0k2SUNKaGJtOXVJaXdLSUNBZ0lDSnBjM01pT2lBaWMzVndZV0poYzJVdFpHVnRieUlzQ2lBZ0lDQWlhV0YwSWpvZ01UWTBNVGMyT1RJd01Dd0tJQ0FnSUNKbGVIQWlPaUF4TnprNU5UTTFOakF3Q24wLmRjX1g1aVJfVlBfcVQwenNpeWpfSV9PWjJUOUZ0UlUyQkJOV044QnU0R0U="
  serviceKey: "ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5QWdDaUFnSUNBaWNtOXNaU0k2SUNKelpYSjJhV05sWDNKdmJHVWlMQW9nSUNBZ0ltbHpjeUk2SUNKemRYQmhZbUZ6WlMxa1pXMXZJaXdLSUNBZ0lDSnBZWFFpT2lBeE5qUXhOelk1TWpBd0xBb2dJQ0FnSW1WNGNDSTZBeE56azVOVE0xTmpBd0NuMC5EYVlsTkVvVXJyRW4ySWc3dHFpYlMtUEhLNXZndXNiY2JvN1gzNlhWdDRR"
  secret: "eW91ci1zdXBlci1zZWNyZXQtand0LXRva2VuLXdpdGgtYXQtbGVhc3QtMzItY2hhcmFjdGVycy1sb25n"
---
# Source: supabase/templates/secret/meta.yaml
apiVersion: v1
kind: Secret
metadata:
  name: supabase-basket-meta
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
type: Opaque
data:
  cryptoKey: "eW91ci1lbmNyeXB0aW9uLWtleS0zMi1jaGFycy1taW4="
---
# Source: supabase/templates/secret/minio.yaml
apiVersion: v1
kind: Secret
metadata:
  name: supabase-basket-minio
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
type: Opaque
data:
  user: "c3VwYS1zdG9yYWdl"
  password: "c2VjcmV0MTIzNA=="
---
# Source: supabase/templates/secret/realtime.yaml
apiVersion: v1
kind: Secret
metadata:
  name: supabase-basket-realtime
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
type: Opaque
data:
  secretKeyBase: "VXBOVm50bjNjRHhISnBxOTlZTWMxVDFBUWdRcGM4a2ZZVHVSZ0JpWWExNUJMcng4ZXRRb1h6M2dadjEvdTJvcQ=="
---
# Source: supabase/templates/secret/s3.yaml
apiVersion: v1
kind: Secret
metadata:
  name: supabase-basket-s3
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
type: Opaque
data:
  keyId: "NjI1NzI5YTA4Yjk1YmYxYjdmZjM1MWE2NjNmM2EyM2M="
  accessKey: "ODUwMTgxZTQ2NTJkZDAyM2I3YTk4YzU4YWUwZDJkMzRiZDQ4N2VlMGNjMzI1NGFlZDZlZGEzNzMwNzQyNTkwNw=="
---
# Source: supabase/templates/secret/smtp.yaml
apiVersion: v1
kind: Secret
metadata:
  name: supabase-basket-smtp
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
type: Opaque
data:
  username: "ZmFrZV9tYWlsX3VzZXI="
  password: "ZmFrZV9tYWlsX3Bhc3N3b3Jk"
---
# Source: supabase/templates/db/initdb.config.yaml
kind: ConfigMap
apiVersion: v1
metadata:
  name: supabase-basket-supabase-db-initdb
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
data:
  99-jwt.sql: |
    \set jwt_secret `echo "$JWT_SECRET"`
    \set jwt_exp `echo "$JWT_EXP"`
    
    ALTER DATABASE postgres SET "app.settings.jwt_secret" TO :'jwt_secret';
    ALTER DATABASE postgres SET "app.settings.jwt_exp" TO :'jwt_exp';
    
  99-pooler.sql: |
    \set pguser `echo "$POSTGRES_USER"`
    
    \c _supabase
    create schema if not exists _supavisor;
    alter schema _supavisor owner to :pguser;
    \c postgres
    
  99-logs.sql: |
    \set pguser `echo "$POSTGRES_USER"`
    \c _supabase
    create schema if not exists _analytics;
    alter schema _analytics owner to :pguser;
    \c postgres
    
  99-realtime.sql: |
    \set pguser `echo "$POSTGRES_USER"`
    
    create schema if not exists _realtime;
    alter schema _realtime owner to :pguser;
    
  99-roles.sql: |
    -- NOTE: change to your own passwords for production environments
    \set pgpass `echo "$POSTGRES_PASSWORD"`
    
    ALTER USER authenticator WITH PASSWORD :'pgpass';
    ALTER USER pgbouncer WITH PASSWORD :'pgpass';
    ALTER USER supabase_auth_admin WITH PASSWORD :'pgpass';
    ALTER USER supabase_functions_admin WITH PASSWORD :'pgpass';
    ALTER USER supabase_storage_admin WITH PASSWORD :'pgpass';
    
  97-_supabase.sql: |
    \set pguser `echo "$POSTGRES_USER"`
    
    CREATE DATABASE _supabase WITH OWNER :pguser;
    
  98-webhooks.sql: |
    BEGIN;
      -- Create pg_net extension
      CREATE EXTENSION IF NOT EXISTS pg_net SCHEMA extensions;
      -- Create supabase_functions schema
      CREATE SCHEMA supabase_functions AUTHORIZATION supabase_admin;
      GRANT USAGE ON SCHEMA supabase_functions TO postgres, anon, authenticated, service_role;
      ALTER DEFAULT PRIVILEGES IN SCHEMA supabase_functions GRANT ALL ON TABLES TO postgres, anon, authenticated, service_role;
      ALTER DEFAULT PRIVILEGES IN SCHEMA supabase_functions GRANT ALL ON FUNCTIONS TO postgres, anon, authenticated, service_role;
      ALTER DEFAULT PRIVILEGES IN SCHEMA supabase_functions GRANT ALL ON SEQUENCES TO postgres, anon, authenticated, service_role;
      -- supabase_functions.migrations definition
      CREATE TABLE supabase_functions.migrations (
        version text PRIMARY KEY,
        inserted_at timestamptz NOT NULL DEFAULT NOW()
      );
      -- Initial supabase_functions migration
      INSERT INTO supabase_functions.migrations (version) VALUES ('initial');
      -- supabase_functions.hooks definition
      CREATE TABLE supabase_functions.hooks (
        id bigserial PRIMARY KEY,
        hook_table_id integer NOT NULL,
        hook_name text NOT NULL,
        created_at timestamptz NOT NULL DEFAULT NOW(),
        request_id bigint
      );
      CREATE INDEX supabase_functions_hooks_request_id_idx ON supabase_functions.hooks USING btree (request_id);
      CREATE INDEX supabase_functions_hooks_h_table_id_h_name_idx ON supabase_functions.hooks USING btree (hook_table_id, hook_name);
      COMMENT ON TABLE supabase_functions.hooks IS 'Supabase Functions Hooks: Audit trail for triggered hooks.';
      CREATE FUNCTION supabase_functions.http_request()
        RETURNS trigger
        LANGUAGE plpgsql
        AS $function$
        DECLARE
          request_id bigint;
          payload jsonb;
          url text := TG_ARGV[0]::text;
          method text := TG_ARGV[1]::text;
          headers jsonb DEFAULT '{}'::jsonb;
          params jsonb DEFAULT '{}'::jsonb;
          timeout_ms integer DEFAULT 1000;
        BEGIN
          IF url IS NULL OR url = 'null' THEN
            RAISE EXCEPTION 'url argument is missing';
          END IF;
    
          IF method IS NULL OR method = 'null' THEN
            RAISE EXCEPTION 'method argument is missing';
          END IF;
    
          IF TG_ARGV[2] IS NULL OR TG_ARGV[2] = 'null' THEN
            headers = '{"Content-Type": "application/json"}'::jsonb;
          ELSE
            headers = TG_ARGV[2]::jsonb;
          END IF;
    
          IF TG_ARGV[3] IS NULL OR TG_ARGV[3] = 'null' THEN
            params = '{}'::jsonb;
          ELSE
            params = TG_ARGV[3]::jsonb;
          END IF;
    
          IF TG_ARGV[4] IS NULL OR TG_ARGV[4] = 'null' THEN
            timeout_ms = 1000;
          ELSE
            timeout_ms = TG_ARGV[4]::integer;
          END IF;
    
          CASE
            WHEN method = 'GET' THEN
              SELECT http_get INTO request_id FROM net.http_get(
                url,
                params,
                headers,
                timeout_ms
              );
            WHEN method = 'POST' THEN
              payload = jsonb_build_object(
                'old_record', OLD,
                'record', NEW,
                'type', TG_OP,
                'table', TG_TABLE_NAME,
                'schema', TG_TABLE_SCHEMA
              );
    
              SELECT http_post INTO request_id FROM net.http_post(
                url,
                payload,
                params,
                headers,
                timeout_ms
              );
            ELSE
              RAISE EXCEPTION 'method argument % is invalid', method;
          END CASE;
    
          INSERT INTO supabase_functions.hooks
            (hook_table_id, hook_name, request_id)
          VALUES
            (TG_RELID, TG_NAME, request_id);
    
          RETURN NEW;
        END
      $function$;
      -- Supabase super admin
      DO
      $$
      BEGIN
        IF NOT EXISTS (
          SELECT 1
          FROM pg_roles
          WHERE rolname = 'supabase_functions_admin'
        )
        THEN
          CREATE USER supabase_functions_admin NOINHERIT CREATEROLE LOGIN NOREPLICATION;
        END IF;
      END
      $$;
      GRANT ALL PRIVILEGES ON SCHEMA supabase_functions TO supabase_functions_admin;
      GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA supabase_functions TO supabase_functions_admin;
      GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA supabase_functions TO supabase_functions_admin;
      ALTER USER supabase_functions_admin SET search_path = "supabase_functions";
      ALTER table "supabase_functions".migrations OWNER TO supabase_functions_admin;
      ALTER table "supabase_functions".hooks OWNER TO supabase_functions_admin;
      ALTER function "supabase_functions".http_request() OWNER TO supabase_functions_admin;
      GRANT supabase_functions_admin TO postgres;
      -- Remove unused supabase_pg_net_admin role
      DO
      $$
      BEGIN
        IF EXISTS (
          SELECT 1
          FROM pg_roles
          WHERE rolname = 'supabase_pg_net_admin'
        )
        THEN
          REASSIGN OWNED BY supabase_pg_net_admin TO supabase_admin;
          DROP OWNED BY supabase_pg_net_admin;
          DROP ROLE supabase_pg_net_admin;
        END IF;
      END
      $$;
      -- pg_net grants when extension is already enabled
      DO
      $$
      BEGIN
        IF EXISTS (
          SELECT 1
          FROM pg_extension
          WHERE extname = 'pg_net'
        )
        THEN
          GRANT USAGE ON SCHEMA net TO supabase_functions_admin, postgres, anon, authenticated, service_role;
          ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
          ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
          ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
          ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
          REVOKE ALL ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
          REVOKE ALL ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
          GRANT EXECUTE ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
          GRANT EXECUTE ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
        END IF;
      END
      $$;
      -- Event trigger for pg_net
      CREATE OR REPLACE FUNCTION extensions.grant_pg_net_access()
      RETURNS event_trigger
      LANGUAGE plpgsql
      AS $$
      BEGIN
        IF EXISTS (
          SELECT 1
          FROM pg_event_trigger_ddl_commands() AS ev
          JOIN pg_extension AS ext
          ON ev.objid = ext.oid
          WHERE ext.extname = 'pg_net'
        )
        THEN
          GRANT USAGE ON SCHEMA net TO supabase_functions_admin, postgres, anon, authenticated, service_role;
          ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
          ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
          ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
          ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
          REVOKE ALL ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
          REVOKE ALL ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
          GRANT EXECUTE ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
          GRANT EXECUTE ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
        END IF;
      END;
      $$;
      COMMENT ON FUNCTION extensions.grant_pg_net_access IS 'Grants access to pg_net';
      DO
      $$
      BEGIN
        IF NOT EXISTS (
          SELECT 1
          FROM pg_event_trigger
          WHERE evtname = 'issue_pg_net_access'
        ) THEN
          CREATE EVENT TRIGGER issue_pg_net_access ON ddl_command_end WHEN TAG IN ('CREATE EXTENSION')
          EXECUTE PROCEDURE extensions.grant_pg_net_access();
        END IF;
      END
      $$;
      INSERT INTO supabase_functions.migrations (version) VALUES ('20210809183423_update_grants');
      ALTER function supabase_functions.http_request() SECURITY DEFINER;
      ALTER function supabase_functions.http_request() SET search_path = supabase_functions;
      REVOKE ALL ON FUNCTION supabase_functions.http_request() FROM PUBLIC;
      GRANT EXECUTE ON FUNCTION supabase_functions.http_request() TO postgres, anon, authenticated, service_role;
    COMMIT;
---
# Source: supabase/templates/db/migration.config.yaml
kind: ConfigMap
apiVersion: v1
metadata:
  name: supabase-basket-supabase-db-migrations
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
data:
  null
---
# Source: supabase/templates/functions/functions.config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: supabase-basket-supabase-functions-main
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
data:
  index.ts: |
    import * as jose from 'https://deno.land/x/jose@v4.14.4/index.ts'
    
    console.log('main function started')
    
    const JWT_SECRET = Deno.env.get('JWT_SECRET')
    const VERIFY_JWT = Deno.env.get('VERIFY_JWT') === 'true'
    
    function getAuthToken(req: Request) {
    const authHeader = req.headers.get('authorization')
    if (!authHeader) {
        throw new Error('Missing authorization header')
    }
    const [bearer, token] = authHeader.split(' ')
    if (bearer !== 'Bearer') {
        throw new Error(`Auth header is not 'Bearer {token}'`)
    }
    return token
    }
    
    async function verifyJWT(jwt: string): Promise<boolean> {
    const encoder = new TextEncoder()
    const secretKey = encoder.encode(JWT_SECRET)
    try {
        await jose.jwtVerify(jwt, secretKey)
    } catch (err) {
        console.error(err)
        return false
    }
    return true
    }
    
    Deno.serve(async (req: Request) => {
    if (req.method !== 'OPTIONS' && VERIFY_JWT) {
        try {
        const token = getAuthToken(req)
        const isValidJWT = await verifyJWT(token)
    
        if (!isValidJWT) {
            return new Response(JSON.stringify({ msg: 'Invalid JWT' }), {
            status: 401,
            headers: { 'Content-Type': 'application/json' },
            })
        }
        } catch (e) {
        console.error(e)
        return new Response(JSON.stringify({ msg: e.toString() }), {
            status: 401,
            headers: { 'Content-Type': 'application/json' },
        })
        }
    }
    
    const url = new URL(req.url)
    const { pathname } = url
    const path_parts = pathname.split('/')
    const service_name = path_parts[1]
    
    if (!service_name || service_name === '') {
        const error = { msg: 'missing function name in request' }
        return new Response(JSON.stringify(error), {
        status: 400,
        headers: { 'Content-Type': 'application/json' },
        })
    }
    
    const servicePath = `/home/deno/functions/${service_name}`
    console.error(`serving the request with ${servicePath}`)
    
    const memoryLimitMb = 150
    const workerTimeoutMs = 1 * 60 * 1000
    const noModuleCache = false
    const importMapPath = null
    const envVarsObj = Deno.env.toObject()
    const envVars = Object.keys(envVarsObj).map((k) => [k, envVarsObj[k]])
    
    try {
        const worker = await EdgeRuntime.userWorkers.create({
        servicePath,
        memoryLimitMb,
        workerTimeoutMs,
        noModuleCache,
        importMapPath,
        envVars,
        })
        return await worker.fetch(req)
    } catch (e) {
        const error = { msg: e.toString() }
        return new Response(JSON.stringify(error), {
        status: 500,
        headers: { 'Content-Type': 'application/json' },
        })
    }
    })
---
# Source: supabase/templates/kong/config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: supabase-basket-supabase-kong
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
data:
  kong-entrypoint.sh: |
    #!/bin/bash
    
    set -euo pipefail
    
    if [ -n "${SUPABASE_SECRET_KEY:-}" ] && [ -n "${SUPABASE_PUBLISHABLE_KEY:-}" ]; then
      export LUA_AUTH_EXPR="\$((headers.authorization ~= nil and headers.authorization:sub(1, 10) ~= 'Bearer sb_' and headers.authorization) or (headers.apikey == '${SUPABASE_SECRET_KEY}' and 'Bearer ${SERVICE_ROLE_KEY_ASYMMETRIC}') or (headers.apikey == '${SUPABASE_PUBLISHABLE_KEY}' and 'Bearer ${ANON_KEY_ASYMMETRIC}') or headers.apikey)"
      export LUA_RT_WS_EXPR="\$((query_params.apikey == '${SUPABASE_SECRET_KEY}' and '${SERVICE_ROLE_KEY_ASYMMETRIC}') or (query_params.apikey == '${SUPABASE_PUBLISHABLE_KEY}' and '${ANON_KEY_ASYMMETRIC}') or query_params.apikey)"
    else
      export LUA_AUTH_EXPR="\$((headers.authorization ~= nil and headers.authorization:sub(1, 10) ~= 'Bearer sb_' and headers.authorization) or headers.apikey)"
      export LUA_RT_WS_EXPR="\$(query_params.apikey)"
    fi
    
    echo "Replacing env placeholders of /usr/local/kong/kong.yml"
    
    sed \
    -e "s|\${SUPABASE_ANON_KEY}|${SUPABASE_ANON_KEY}|" \
    -e "s|\${SUPABASE_SERVICE_KEY}|${SUPABASE_SERVICE_KEY}|" \
    -e "s|\${SUPABASE_PUBLISHABLE_KEY}|${SUPABASE_PUBLISHABLE_KEY:-}|" \
    -e "s|\${SUPABASE_SECRET_KEY}|${SUPABASE_SECRET_KEY:-}|" \
    -e "s|\${ANON_KEY_ASYMMETRIC}|${ANON_KEY_ASYMMETRIC:-}|" \
    -e "s|\${SERVICE_ROLE_KEY_ASYMMETRIC}|${SERVICE_ROLE_KEY_ASYMMETRIC:-}|" \
    -e "s|\${LUA_AUTH_EXPR}|${LUA_AUTH_EXPR}|" \
    -e "s|\${LUA_RT_WS_EXPR}|${LUA_RT_WS_EXPR}|" \
    -e "s|\${DASHBOARD_USERNAME}|${DASHBOARD_USERNAME}|" \
    -e "s|\${DASHBOARD_PASSWORD}|${DASHBOARD_PASSWORD}|" \
    /usr/local/kong/template.yml \
    > /usr/local/kong/kong.yml
    
    sed -i '/^[[:space:]]*- key:[[:space:]]*$/d' /usr/local/kong/kong.yml
    
    exec /entrypoint.sh kong docker-start
    
  kong.yml: |
    _format_version: '2.1'
    _transform: true
    
    consumers:
      - username: DASHBOARD
      - username: anon
        keyauth_credentials:
            - key: ${SUPABASE_ANON_KEY}
            - key: ${SUPABASE_PUBLISHABLE_KEY}
      - username: service_role
        keyauth_credentials:
            - key: ${SUPABASE_SERVICE_KEY}
            - key: ${SUPABASE_SECRET_KEY}
    acls:
      - consumer: anon
        group: anon
      - consumer: service_role
        group: admin
    basicauth_credentials:
      - consumer: DASHBOARD
        username: '${DASHBOARD_USERNAME}'
        password: '${DASHBOARD_PASSWORD}'
    services:
      - name: auth-v1-open
        url: http://supabase-basket-supabase-auth:9999/verify
        routes:
          - name: auth-v1-open
            strip_path: true
            paths:
              - /auth/v1/verify
        plugins:
          - name: cors
      - name: auth-v1-open-callback
        url: http://supabase-basket-supabase-auth:9999/callback
        routes:
          - name: auth-v1-open-callback
            strip_path: true
            paths:
              - /auth/v1/callback
        plugins:
          - name: cors
      - name: auth-v1-open-authorize
        url: http://supabase-basket-supabase-auth:9999/authorize
        routes:
          - name: auth-v1-open-authorize
            strip_path: true
            paths:
              - /auth/v1/authorize
        plugins:
          - name: cors
      - name: auth-v1-open-jwks
        url: http://supabase-basket-supabase-auth:9999/.well-known/jwks.json
        routes:
          - name: auth-v1-open-jwks
            strip_path: true
            paths:
              - /auth/v1/.well-known/jwks.json
        plugins:
          - name: cors
      - name: well-known-oauth
        _comment: 'Auth: /.well-known/oauth-authorization-server -> http://supabase-basket-supabase-auth:9999/.well-known/oauth-authorization-server'
        url: http://supabase-basket-supabase-auth:9999/.well-known/oauth-authorization-server
        routes:
          - name: well-known-oauth
            strip_path: true
            paths:
              - /.well-known/oauth-authorization-server
        plugins:
          - name: cors
          
      - name: auth-v1-open-sso-acs
        url: "http://auth:9999/sso/saml/acs"
        routes:
          - name: auth-v1-open-sso-acs
            strip_path: true
            paths:
            - /sso/saml/acs
        plugins:
          - name: cors
      - name: auth-v1-open-sso-metadata
        url: "http://auth:9999/sso/saml/metadata"
        routes:
          - name: auth-v1-open-sso-metadata
            strip_path: true
            paths:
            - /sso/saml/metadata
        plugins:
          - name: cors
      - name: auth-v1
        _comment: "GoTrue: /auth/v1/* -> http://supabase-basket-supabase-auth:9999/*"
        url: http://supabase-basket-supabase-auth:9999
        routes:
          - name: auth-v1-all
            strip_path: true
            paths:
              - /auth/v1/
        plugins:
          - name: cors
          - name: key-auth
            config:
              hide_credentials: false
          - name: request-transformer
            config:
              add:
                headers:
                  - "Authorization: ${LUA_AUTH_EXPR}"
              replace:
                headers:
                  - "Authorization: ${LUA_AUTH_EXPR}"
          - name: acl
            config:
              hide_groups_header: true
              allow:
                - admin
                - anon
      - name: rest-v1
        _comment: "PostgREST: /rest/v1/* -> http://supabase-basket-supabase-rest:3000/*"
        url: http://supabase-basket-supabase-rest:3000/
        routes:
          - name: rest-v1-all
            strip_path: true
            paths:
              - /rest/v1/
        plugins:
          - name: cors
          - name: key-auth
            config:
              hide_credentials: false
          - name: request-transformer
            config:
              add:
                headers:
                  - "Authorization: ${LUA_AUTH_EXPR}"
              replace:
                headers:
                  - "Authorization: ${LUA_AUTH_EXPR}"
          - name: acl
            config:
              hide_groups_header: true
              allow:
                - admin
                - anon
      - name: graphql-v1
        _comment: 'PostgREST: /graphql/v1/* -> http://supabase-basket-supabase-rest:3000/rpc/graphql'
        url: http://supabase-basket-supabase-rest:3000/rpc/graphql
        routes:
          - name: graphql-v1-all
            strip_path: true
            paths:
              - /graphql/v1
        plugins:
          - name: cors
          - name: key-auth
            config:
              hide_credentials: false
          - name: request-transformer
            config:
              add:
                headers:
                  - "Content-Profile: graphql_public"
                  - "Authorization: ${LUA_AUTH_EXPR}"
              replace:
                headers:
                  - "Authorization: ${LUA_AUTH_EXPR}"
          - name: acl
            config:
              hide_groups_header: true
              allow:
                - admin
                - anon
      - name: realtime-v1-ws
        _comment: "Realtime: /realtime/v1/* -> ws://supabase-basket-supabase-realtime:4000/socket/*"
        url: http://supabase-basket-supabase-realtime:4000/socket
        protocol: ws
        routes:
          - name: realtime-v1-ws
            strip_path: true
            paths:
              - /realtime/v1/
        plugins:
          - name: cors
          - name: key-auth
            config:
              hide_credentials: false
          - name: request-transformer
            config:
              add:
                headers:
                  - "x-api-key:${LUA_RT_WS_EXPR}"
              replace:
                querystring:
                  - "apikey:${LUA_RT_WS_EXPR}"
          - name: acl
            config:
              hide_groups_header: true
              allow:
                - admin
                - anon
      - name: realtime-v1-rest
        _comment: 'Realtime: /realtime/v1/* -> http://supabase-basket-supabase-realtime:4000/api/*'
        url: http://supabase-basket-supabase-realtime:4000/api
        protocol: http
        routes:
          - name: realtime-v1-rest
            strip_path: true
            paths:
              - /realtime/v1/api
        plugins:
          - name: cors
          - name: key-auth
            config:
              hide_credentials: false
          - name: request-transformer
            config:
              add:
                headers:
                  - "Authorization: ${LUA_AUTH_EXPR}"
              replace:
                headers:
                  - "Authorization: ${LUA_AUTH_EXPR}"
          - name: acl
            config:
              hide_groups_header: true
              allow:
                - admin
                - anon
      - name: storage-v1
        _comment: "Storage: /storage/v1/* -> http://supabase-basket-supabase-storage:5000/*"
        url: http://supabase-basket-supabase-storage:5000/
        routes:
          - name: storage-v1-all
            strip_path: true
            paths:
              - /storage/v1/
        plugins:
          - name: cors
          - name: request-transformer
            config:
              add:
                headers:
                  - "Authorization: ${LUA_AUTH_EXPR}"
              replace:
                headers:
                  - "Authorization: ${LUA_AUTH_EXPR}"
          - name: post-function
            config:
              access:
                - |
                  local auth = kong.request.get_header("authorization")
                  if auth == nil or auth == "" or auth:find("^%s*$") then
                    kong.service.request.clear_header("authorization")
                  end
      - name: functions-v1
        _comment: 'Edge Functions: /functions/v1/* -> http://supabase-basket-supabase-functions:9000/*'
        url: http://supabase-basket-supabase-functions:9000/
        read_timeout: 150000
        routes:
          - name: functions-v1-all
            strip_path: true
            paths:
              - /functions/v1/
        plugins:
          - name: cors
    
    
    
    
      - name: meta
        _comment: "pg-meta: /pg/* -> http://supabase-basket-supabase-meta:8080/*"
        url: http://supabase-basket-supabase-meta:8080/
        routes:
          - name: meta-all
            strip_path: true
            paths:
              - /pg/
        plugins:
          - name: key-auth
            config:
              hide_credentials: false
          - name: acl
            config:
              hide_groups_header: true
              allow:
                - admin
      - name: dashboard
        _comment: 'Studio: /* -> http://supabase-basket-supabase-studio:3000/*'
        url: http://supabase-basket-supabase-studio:3000/
        routes:
          - name: dashboard-all
            strip_path: true
            paths:
              - /
        plugins:
          - name: cors
          - name: basic-auth
            config:
              hide_credentials: true
---
# Source: supabase/templates/vector/config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: supabase-basket-supabase-vector-config
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
data:
  vector.yml: |
    api:
      enabled: true
      address: 0.0.0.0:9001
    
    sources:
      kubernetes_host:
        type: kubernetes_logs
        extra_label_selector: app.kubernetes.io/instance=supabase-basket,app.kubernetes.io/name!=supabase-vector
    
    transforms:
      project_logs:
        type: remap
        inputs:
          - kubernetes_host
        source: |-
          .project = "default"
          .event_message = del(.message)
          .appname = del(.kubernetes.container_name)
          del(.file)
          del(.kubernetes)
          del(.source_type)
          del(.stream)
      router:
        type: route
        inputs:
          - project_logs
        route:
          kong: '.appname == "supabase-kong"'
          auth: '.appname == "supabase-auth"'
          rest: '.appname == "supabase-rest"'
          realtime: '.appname == "supabase-realtime"'
          storage: '.appname == "supabase-storage"'
          functions: '.appname == "supabase-functions"'
          db: '.appname == "supabase-db"'
      # Ignores non nginx errors since they are related with kong booting up
      kong_logs:
        type: remap
        inputs:
          - router.kong
        source: |-
          req, err = parse_nginx_log(.event_message, "combined")
          if err == null {
              .timestamp = req.timestamp
              .metadata.request.headers.referer = req.referer
              .metadata.request.headers.user_agent = req.agent
              .metadata.request.headers.cf_connecting_ip = req.client
              .metadata.response.status_code = req.status
              url, split_err = split(req.request, " ")
              if split_err == null {
                  .metadata.request.method = url[0]
                  .metadata.request.path = url[1]
                  .metadata.request.protocol = url[2]
              }
          }
          if err != null {
            abort
          }
      # Ignores non nginx errors since they are related with kong booting up
      kong_err:
        type: remap
        inputs:
          - router.kong
        source: |-
          .metadata.request.method = "GET"
          .metadata.response.status_code = 200
          parsed, err = parse_nginx_log(.event_message, "error")
          if err == null {
              .timestamp = parsed.timestamp
              .severity = parsed.severity
              .metadata.request.host = parsed.host
              .metadata.request.headers.cf_connecting_ip = parsed.client
              url, err = split(parsed.request, " ")
              if err == null {
                  .metadata.request.method = url[0]
                  .metadata.request.path = url[1]
                  .metadata.request.protocol = url[2]
              }
          }
          if err != null {
            abort
          }
      # Gotrue logs are structured json strings which frontend parses directly. But we keep metadata for consistency.
      auth_logs:
        type: remap
        inputs:
          - router.auth
        source: |-
          parsed, err = parse_json(.event_message)
          if err == null {
              .metadata.timestamp = parsed.time
              .metadata = merge!(.metadata, parsed)
          }
      # PostgREST logs are structured so we separate timestamp from message using regex
      rest_logs:
        type: remap
        inputs:
          - router.rest
        source: |-
          parsed, err = parse_regex(.event_message, r'^(?P<time>.*): (?P<msg>.*)$')
          if err == null {
              .event_message = parsed.msg
              .timestamp = parse_timestamp!(value: parsed.time,format: "%d/%b/%Y:%H:%M:%S %z")
              .metadata.host = .project
          }
      # Filter out healthcheck logs from Realtime
      realtime_logs_filtered:
        type: filter
        inputs:
          - router.realtime
        condition: '!contains(string!(.event_message), "/health")' 
      # Realtime logs are structured so we parse the severity level using regex (ignore time because it has no date)
      realtime_logs:
        type: remap
        inputs:
          - realtime_logs_filtered
        source: |-
          .metadata.project = del(.project)
          .metadata.external_id = .metadata.project
          parsed, err = parse_regex(.event_message, r'^(?P<time>\d+:\d+:\d+\.\d+) \[(?P<level>\w+)\] (?P<msg>.*)$')
          if err == null {
              .event_message = parsed.msg
              .metadata.level = parsed.level
          }
      # Function logs are unstructured messages on stderr
      functions_logs:
        type: remap
        inputs:
          - router.functions
        source: |-
          .metadata.project_ref = del(.project)
      # Storage logs may contain json objects so we parse them for completeness
      storage_logs:
        type: remap
        inputs:
          - router.storage
        source: |-
          .metadata.project = del(.project)
          .metadata.tenantId = .metadata.project
          parsed, err = parse_json(.event_message)
          if err == null {
              .event_message = parsed.msg
              .metadata.level = parsed.level
              .metadata.timestamp = parsed.time
              .metadata.context[0].host = parsed.hostname
              .metadata.context[0].pid = parsed.pid
          }
      # Postgres logs some messages to stderr which we map to warning severity level
      db_logs:
        type: remap
        inputs:
          - router.db
        source: |-
          .metadata.host = "db-default"
          .metadata.parsed.timestamp = .timestamp
          
          parsed, err = parse_regex(.event_message, r'.*(?P<level>INFO|NOTICE|WARNING|ERROR|LOG|FATAL|PANIC?):.*', numeric_groups: true)
    
          if err != null || parsed == null {
            .metadata.parsed.error_severity = "info"
          }
          if parsed.level != null {
          .metadata.parsed.error_severity = parsed.level
          }
          if .metadata.parsed.error_severity == "info" {
              .metadata.parsed.error_severity = "log"
          }
          .metadata.parsed.error_severity = upcase!(.metadata.parsed.error_severity)
    sinks:
      logflare_auth:
        type: 'http'
        inputs:
          - auth_logs
        encoding:
          codec: 'json'
        method: 'post'
        request:
          retry_max_duration_secs: 30
          headers:
            x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
        uri: 'http://supabase-basket-supabase-analytics:4000/api/logs?source_name=gotrue.logs.prod'
      logflare_realtime:
        type: 'http'
        inputs:
          - realtime_logs
        encoding:
          codec: 'json'
        method: 'post'
        request:
          retry_max_duration_secs: 30
          headers:
            x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
        uri: 'http://supabase-basket-supabase-analytics:4000/api/logs?source_name=realtime.logs.prod'
      logflare_rest:
        type: 'http'
        inputs:
          - rest_logs
        encoding:
          codec: 'json'
        method: 'post'
        request:
          retry_max_duration_secs: 30
          headers:
            x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
        uri: 'http://supabase-basket-supabase-analytics:4000/api/logs?source_name=postgREST.logs.prod'
      logflare_db:
        type: 'http'
        inputs:
          - db_logs
        encoding:
          codec: 'json'
        method: 'post'
        request:
          retry_max_duration_secs: 30
          headers:
            x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
        # We must route the sink through kong because ingesting logs before logflare is fully initialised will
        # lead to broken queries from studio. This works by the assumption that containers are started in the
        # following order: vector > db > logflare > kong
        uri: 'http://supabase-basket-supabase-analytics:4000/api/logs?source_name=postgres.logs'
      logflare_functions:
        type: 'http'
        inputs:
          - functions_logs
        encoding:
          codec: 'json'
        method: 'post'
        request:
          retry_max_duration_secs: 30
          headers:
            x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
        uri: 'http://supabase-basket-supabase-analytics:4000/api/logs?source_name=deno-relay-logs'
      logflare_storage:
        type: 'http'
        inputs:
          - storage_logs
        encoding:
          codec: 'json'
        method: 'post'
        request:
          retry_max_duration_secs: 30
          headers:
            x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
        uri: 'http://supabase-basket-supabase-analytics:4000/api/logs?source_name=storage.logs.prod.2'
      logflare_kong:
        type: 'http'
        inputs:
          - kong_logs
          - kong_err
        encoding:
          codec: 'json'
        method: 'post'
        request:
          retry_max_duration_secs: 30
          headers:
            x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
        uri: 'http://supabase-basket-supabase-analytics:4000/api/logs?source_name=cloudflare.logs.prod'
---
# Source: supabase/templates/persistence.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: supabase-basket-db
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  accessModes:
    - "ReadWriteOnce"
  resources:
    requests:
      storage: "5Gi"
---
# Source: supabase/templates/persistence.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: supabase-basket-functions
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  accessModes:
    - "ReadWriteOnce"
  resources:
    requests:
      storage: "1Gi"
---
# Source: supabase/templates/persistence.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: supabase-basket-imgproxy
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  accessModes:
    - "ReadWriteOnce"
  resources:
    requests:
      storage: "1Gi"
---
# Source: supabase/templates/persistence.yaml
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: supabase-basket-snippets
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  accessModes:
    - "ReadWriteOnce"
  resources:
    requests:
      storage: "1Gi"
---
# Source: supabase/templates/persistence.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: supabase-basket-storage
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  accessModes:
    - "ReadWriteOnce"
  resources:
    requests:
      storage: "1Gi"
---
# Source: supabase/templates/persistence.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: supabase-basket-deno
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  accessModes:
    - "ReadWriteOnce"
  resources:
    requests:
      storage: "1Gi"
---
# Source: supabase/templates/vector/serviceaccount.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: supabase-basket-reader
rules:
  - apiGroups: [""]
    resources: ["nodes", "namespaces", "pods"]
    verbs: ["list", "watch"]
  - apiGroups: [""]
    resources: ["pods/log"]
    resourceNames:
      - supabase-basket-*
    verbs: ["get"]
---
# Source: supabase/templates/vector/serviceaccount.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: supabase-basket-view
subjects:
  - kind: ServiceAccount
    name: supabase-basket-supabase-vector
    namespace: geocrop
roleRef:
  kind: ClusterRole
  name: supabase-basket-reader
  apiGroup: rbac.authorization.k8s.io
---
# Source: supabase/templates/analytics/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: supabase-basket-supabase-analytics
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  type: ClusterIP
  ports:
    - port: 4000
      targetPort: 4000
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: supabase-analytics
    app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/auth/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: supabase-basket-supabase-auth
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  type: ClusterIP
  ports:
    - port: 9999
      targetPort: 9999
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: supabase-auth
    app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/db/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: supabase-basket-supabase-db
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  type: ClusterIP
  ports:
    - port: 5432
      targetPort: 5432
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: supabase-db
    app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/functions/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: supabase-basket-supabase-functions
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  type: ClusterIP
  ports:
    - port: 9000
      targetPort: 9000
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: supabase-functions
    app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/imgproxy/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: supabase-basket-supabase-imgproxy
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  type: ClusterIP
  ports:
    - port: 5001
      targetPort: 5001
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: supabase-imgproxy
    app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/kong/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: supabase-basket-supabase-kong
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  type: ClusterIP
  ports:
    - port: 8000
      targetPort: 8000
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: supabase-kong
    app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/meta/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: supabase-basket-supabase-meta
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  type: ClusterIP
  ports:
    - port: 8080
      targetPort: 8080
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: supabase-meta
    app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/realtime/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: supabase-basket-supabase-realtime
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  type: ClusterIP
  ports:
    - port: 4000
      targetPort: 4000
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: supabase-realtime
    app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/rest/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: supabase-basket-supabase-rest
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  type: ClusterIP
  ports:
    - port: 3000
      targetPort: 3000
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: supabase-rest
    app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/storage/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: supabase-basket-supabase-storage
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  type: ClusterIP
  ports:
    - port: 5000
      targetPort: 5000
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: supabase-storage
    app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/studio/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: supabase-basket-supabase-studio
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  type: ClusterIP
  ports:
    - port: 3000
      targetPort: 3000
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: supabase-studio
    app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/vector/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: supabase-basket-supabase-vector
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  type: ClusterIP
  ports:
    - port: 9001
      targetPort: 9001
      protocol: TCP
      name: http
  selector:
    app.kubernetes.io/name: supabase-vector
    app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/analytics/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: supabase-basket-supabase-analytics
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: supabase-analytics
      app.kubernetes.io/instance: supabase-basket
  template:
    metadata:
      labels:
        app.kubernetes.io/name: supabase-analytics
        app.kubernetes.io/instance: supabase-basket
    spec:
      serviceAccountName: supabase-basket-supabase-analytics
      securityContext:
        null
      initContainers:
        - name: init-db
          image: "postgres:15-alpine"
          imagePullPolicy: IfNotPresent
          env:
            - name: DB_HOST
              value: "supabase-basket-supabase-db"
            - name: DB_PORT
              value: "5432"
          command: ["/bin/sh", "-c"]
          args:
            - |
              until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres; do
              echo "Waiting for database to start..."
              sleep 2
              done
            - echo "Database is ready"
      containers:
        - name: supabase-analytics
          securityContext:
            {}
          image: "supabase/logflare:1.36.1"
          imagePullPolicy: IfNotPresent
          env:
            - name: DB_DATABASE
              value: "_supabase"
            - name: DB_DRIVER
              value: "postgresql"
            - name: DB_SCHEMA
              value: "_analytics"
            - name: DB_USERNAME
              value: "supabase_admin"
            - name: LOGFLARE_FEATURE_FLAG_OVERRIDE
              value: "multibackend=true"
            - name: LOGFLARE_NODE_HOST
              value: "127.0.0.1"
            - name: LOGFLARE_SINGLE_TENANT
              value: "true"
            - name: LOGFLARE_SUPABASE_MODE
              value: "true"
            - name: POSTGRES_BACKEND_SCHEMA
              value: "_analytics"
            - name: DB_HOSTNAME
              value: "supabase-basket-supabase-db"
            - name: DB_PORT
              value: "5432"
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: password
            - name: DB_PASSWORD_ENC
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: password_encoded
            - name:  LOGFLARE_PUBLIC_ACCESS_TOKEN
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-analytics
                  key: publicAccessToken
            - name: LOGFLARE_PRIVATE_ACCESS_TOKEN
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-analytics
                  key: privateAccessToken
            - name: POSTGRES_BACKEND_URL
              value: $(DB_DRIVER)://$(DB_USERNAME):$(DB_PASSWORD_ENC)@$(DB_HOSTNAME):$(DB_PORT)/$(DB_DATABASE)
          ports:
            - containerPort: 4000
              protocol: TCP
---
# Source: supabase/templates/auth/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: supabase-basket-supabase-auth
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: supabase-auth
      app.kubernetes.io/instance: supabase-basket
  template:
    metadata:
      labels:
        app.kubernetes.io/name: supabase-auth
        app.kubernetes.io/instance: supabase-basket
    spec:
      serviceAccountName: supabase-basket-supabase-auth
      securityContext:
        null
      initContainers:
        - name: init-db
          image: "postgres:15-alpine"
          imagePullPolicy: IfNotPresent
          env:
            - name: DB_HOST
              value: "supabase-basket-supabase-db"
            - name: DB_PORT
              value: "5432"
          command: ["/bin/sh", "-c"]
          args:
            - |
              until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres; do
              echo "Waiting for database to start..."
              sleep 2
              done
            - echo "Database is ready"
      containers:
        - name: supabase-auth
          securityContext:
            {}
          image: "supabase/gotrue:v2.186.0"
          imagePullPolicy: IfNotPresent
          env:
            - name: API_EXTERNAL_URL
              value: "http://supabase.local"
            - name: DB_DRIVER
              value: "postgres"
            - name: DB_SSL
              value: "disable"
            - name: DB_USER
              value: "supabase_auth_admin"
            - name: GOTRUE_API_HOST
              value: "0.0.0.0"
            - name: GOTRUE_API_PORT
              value: "9999"
            - name: GOTRUE_DISABLE_SIGNUP
              value: "false"
            - name: GOTRUE_EXTERNAL_ANONYMOUS_USERS_ENABLED
              value: "false"
            - name: GOTRUE_EXTERNAL_EMAIL_ENABLED
              value: "true"
            - name: GOTRUE_EXTERNAL_PHONE_ENABLED
              value: "false"
            - name: GOTRUE_JWT_ADMIN_ROLES
              value: "service_role"
            - name: GOTRUE_JWT_AUD
              value: "authenticated"
            - name: GOTRUE_JWT_DEFAULT_GROUP_NAME
              value: "authenticated"
            - name: GOTRUE_JWT_EXP
              value: "3600"
            - name: GOTRUE_MAILER_AUTOCONFIRM
              value: "true"
            - name: GOTRUE_MAILER_URLPATHS_CONFIRMATION
              value: "/auth/v1/verify"
            - name: GOTRUE_MAILER_URLPATHS_EMAIL_CHANGE
              value: "/auth/v1/verify"
            - name: GOTRUE_MAILER_URLPATHS_INVITE
              value: "/auth/v1/verify"
            - name: GOTRUE_MAILER_URLPATHS_RECOVERY
              value: "/auth/v1/verify"
            - name: GOTRUE_SITE_URL
              value: "http://supabase.local"
            - name: GOTRUE_SMS_AUTOCONFIRM
              value: "false"
            - name: GOTRUE_SMTP_ADMIN_EMAIL
              value: "SMTP_ADMIN_MAIL"
            - name: GOTRUE_SMTP_HOST
              value: "SMTP_HOST"
            - name: GOTRUE_SMTP_PORT
              value: "123"
            - name: GOTRUE_SMTP_SENDER_NAME
              value: "SMTP_SENDER_NAME"
            - name: GOTRUE_URI_ALLOW_LIST
              value: "*"
            - name: DB_HOST
              value: "supabase-basket-supabase-db"
            - name: DB_PORT
              value: "5432"
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: password
            - name: DB_PASSWORD_ENC
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: password_encoded
            - name: DB_NAME
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: database
            - name: GOTRUE_DB_DATABASE_URL
              value: $(DB_DRIVER)://$(DB_USER):$(DB_PASSWORD_ENC)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=$(DB_SSL)
            - name: GOTRUE_DB_DRIVER
              value: $(DB_DRIVER)
            - name: GOTRUE_JWT_SECRET
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-jwt
                  key: secret
            - name: GOTRUE_SMTP_USER
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-smtp
                  key: username
            - name: GOTRUE_SMTP_PASS
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-smtp
                  key: password
          ports:
            - name: http
              containerPort: 9999
              protocol: TCP
---
# Source: supabase/templates/functions/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: supabase-basket-supabase-functions
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: supabase-functions
      app.kubernetes.io/instance: supabase-basket
  template:
    metadata:
      labels:
        app.kubernetes.io/name: supabase-functions
        app.kubernetes.io/instance: supabase-basket
    spec:
      serviceAccountName: supabase-basket-supabase-functions
      securityContext:
        null
      containers:
        - args:
            - start
            - --main-service
            - /home/deno/functions/main
          name: supabase-functions
          securityContext:
            {}
          image: "supabase/edge-runtime:v1.71.2"
          imagePullPolicy: IfNotPresent
          env:
            - name: DB_DRIVER
              value: "postgresql"
            - name: DB_SSL
              value: "disable"
            - name: DB_USERNAME
              value: "postgres"
            - name: VERIFY_JWT
              value: "false"
            - name: SUPABASE_URL
              value: http://supabase-basket-supabase-kong:8000
            - name: DB_HOSTNAME
              value: "supabase-basket-supabase-db"
            - name: DB_PORT
              value: "5432"
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: password
            - name: DB_PASSWORD_ENC
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: password_encoded
            - name: DB_DATABASE
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: database
            - name: JWT_SECRET
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-jwt
                  key: secret
            - name: SUPABASE_ANON_KEY
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-jwt
                  key: anonKey
            - name: SUPABASE_SERVICE_ROLE_KEY
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-jwt
                  key: serviceKey
            - name: SUPABASE_PUBLISHABLE_KEY
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-apikey
                  key: publishableKey
            - name: SUPABASE_SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-apikey
                  key: secretKey
            - name: SUPABASE_PUBLISHABLE_KEYS
              value: '{"default":"$(SUPABASE_PUBLISHABLE_KEY)"}'
            - name: SUPABASE_SECRET_KEYS
              value: '{"default":"$(SUPABASE_SECRET_KEY)"}'
            - name: SUPABASE_DB_URL
              value: $(DB_DRIVER)://$(DB_USERNAME):$(DB_PASSWORD_ENC)@$(DB_HOSTNAME):$(DB_PORT)/$(DB_DATABASE)?search_path=auth&sslmode=$(DB_SSL)
          volumeMounts:
            - name: functions-storage
              mountPath: /home/deno/functions
            - name: deno-cache
              mountPath: /root/.cache/deno
            - mountPath: /home/deno/functions/main/index.ts
              name: functions-main
              subPath: index.ts
      volumes:
        - name: functions-storage
          persistentVolumeClaim:
            claimName: supabase-basket-functions
        - name: deno-cache
          persistentVolumeClaim:
            claimName: supabase-basket-deno
        - name: functions-main
          configMap:
            name: supabase-basket-supabase-functions-main
---
# Source: supabase/templates/imgproxy/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: supabase-basket-supabase-imgproxy
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: supabase-imgproxy
      app.kubernetes.io/instance: supabase-basket
  template:
    metadata:
      labels:
        app.kubernetes.io/name: supabase-imgproxy
        app.kubernetes.io/instance: supabase-basket
    spec:
      serviceAccountName: supabase-basket-supabase-imgproxy
      securityContext:
        null
      containers:
        - name: supabase-imgproxy
          securityContext:
            {}
          image: "darthsim/imgproxy:v3.30.1"
          imagePullPolicy: IfNotPresent
          env:
            - name: IMGPROXY_BIND
              value: ":5001"
            - name: IMGPROXY_ENABLE_WEBP_DETECTION
              value: "true"
            - name: IMGPROXY_LOCAL_FILESYSTEM_ROOT
              value: "/"
            - name: IMGPROXY_USE_ETAG
              value: "true"
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
          volumeMounts:
            - mountPath: /var/lib/storage
              name: imgproxy-volume
      volumes:
        - name: imgproxy-volume
          persistentVolumeClaim:
            claimName: supabase-basket-imgproxy
---
# Source: supabase/templates/kong/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: supabase-basket-supabase-kong
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: supabase-kong
      app.kubernetes.io/instance: supabase-basket
  template:
    metadata:
      labels:
        app.kubernetes.io/name: supabase-kong
        app.kubernetes.io/instance: supabase-basket
    spec:
      serviceAccountName: supabase-basket-supabase-kong
      securityContext:
        null
      containers:
        - name: supabase-kong
          securityContext:
            {}
          image: "kong/kong:3.9.1"
          imagePullPolicy: IfNotPresent
          command: ["/bin/bash"]
          args: ["/scripts/kong-entrypoint.sh"]
          env:
            - name: KONG_DATABASE
              value: "off"
            - name: KONG_DECLARATIVE_CONFIG
              value: "/usr/local/kong/kong.yml"
            - name: KONG_DNS_ORDER
              value: "LAST,A,CNAME"
            - name: KONG_LOG_LEVEL
              value: "warn"
            - name: KONG_NGINX_PROXY_PROXY_BUFFERS
              value: "64 160k"
            - name: KONG_NGINX_PROXY_PROXY_BUFFER_SIZE
              value: "160k"
            - name: KONG_PLUGINS
              value: "request-transformer,cors,key-auth,acl,basic-auth,post-function"
            - name: SUPABASE_ANON_KEY
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-jwt
                  key: anonKey
            - name: SUPABASE_SERVICE_KEY
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-jwt
                  key: serviceKey
            - name: SUPABASE_PUBLISHABLE_KEY
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-apikey
                  key: publishableKey
            - name: SUPABASE_SECRET_KEY
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-apikey
                  key: secretKey
            - name: ANON_KEY_ASYMMETRIC
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-apikey
                  key: anonKeyAsymmetric
            - name: SERVICE_ROLE_KEY_ASYMMETRIC
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-apikey
                  key: serviceRoleKeyAsymmetric
            - name: DASHBOARD_USERNAME
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-dashboard
                  key: username
            - name: DASHBOARD_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-dashboard
                  key: password
          ports:
            - name: http
              containerPort: 8000
              protocol: TCP
          volumeMounts:
            - mountPath: /usr/local/kong/template.yml
              name: config
              subPath: template.yml
            - mountPath: /scripts
              name: wrapper
      volumes:
        - name: config
          configMap:
            name: supabase-basket-supabase-kong
            defaultMode: 0777
            items:
            - key: kong.yml
              path: template.yml
        - name: wrapper
          configMap:
            name: supabase-basket-supabase-kong
            defaultMode: 0777
            items:
            - key: kong-entrypoint.sh
              path: kong-entrypoint.sh
---
# Source: supabase/templates/meta/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: supabase-basket-supabase-meta
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: supabase-meta
      app.kubernetes.io/instance: supabase-basket
  template:
    metadata:
      labels:
        app.kubernetes.io/name: supabase-meta
        app.kubernetes.io/instance: supabase-basket
    spec:
      serviceAccountName: supabase-basket-supabase-meta
      securityContext:
        null
      containers:
        - name: supabase-meta
          securityContext:
            {}
          image: "supabase/postgres-meta:v0.96.3"
          imagePullPolicy: IfNotPresent
          env:
            - name: DB_DRIVER
              value: "postgres"
            - name: DB_SSL
              value: "disable"
            - name: DB_USER
              value: "supabase_admin"
            - name: PG_META_PORT
              value: "8080"
            - name: DB_HOST
              value: "supabase-basket-supabase-db"
            - name: DB_PORT
              value: "5432"
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: password
            - name: DB_NAME
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: database
            - name: PG_META_DB_HOST
              value: $(DB_HOST)
            - name: PG_META_DB_PORT
              value: $(DB_PORT)
            - name: PG_META_DB_NAME
              value: $(DB_NAME)
            - name: PG_META_DB_USER
              value: $(DB_USER)
            - name: PG_META_DB_PASSWORD
              value: $(DB_PASSWORD)
            - name: PG_META_DB_SSL_MODE
              value: $(DB_SSL)
            - name: CRYPTO_KEY
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-meta
                  key: cryptoKey
          ports:
            - name: http
              containerPort: 8080
              protocol: TCP
---
# Source: supabase/templates/realtime/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: supabase-basket-supabase-realtime
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: supabase-realtime
      app.kubernetes.io/instance: supabase-basket
  template:
    metadata:
      labels:
        app.kubernetes.io/name: supabase-realtime
        app.kubernetes.io/instance: supabase-basket
    spec:
      serviceAccountName: supabase-basket-supabase-realtime
      securityContext:
        null
      initContainers:
        - name: init-db
          image: "postgres:15-alpine"
          imagePullPolicy: IfNotPresent
          env:
            - name: DB_HOST
              value: "supabase-basket-supabase-db"
            - name: DB_PORT
              value: "5432"
          command: ["/bin/sh", "-c"]
          args:
            - |
              until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres; do
              echo "Waiting for database to start..."
              sleep 2
              done
            - echo "Database is ready"
      containers:
        - name: supabase-realtime
          securityContext:
            {}
          image: "supabase/realtime:v2.76.5"
          imagePullPolicy: IfNotPresent
          command: ["/bin/sh"]
          args: ["-c", "/app/bin/migrate && /app/bin/realtime eval 'Realtime.Release.seeds(Realtime.Repo)' && /app/bin/server"]
          env:
            - name: APP_NAME
              value: "realtime"
            - name: DB_AFTER_CONNECT_QUERY
              value: "SET search_path TO _realtime"
            - name: DB_ENC_KEY
              value: "supabaserealtime"
            - name: DB_SSL
              value: "false"
            - name: DB_USER
              value: "supabase_admin"
            - name: DNS_NODES
              value: "''"
            - name: ENABLE_TAILSCALE
              value: "false"
            - name: ERL_AFLAGS
              value: "-proto_dist inet_tcp"
            - name: FLY_ALLOC_ID
              value: "fly123"
            - name: FLY_APP_NAME
              value: "realtime"
            - name: PORT
              value: "4000"
            - name: RLIMIT_NOFILE
              value: "10000"
            - name: RUN_JANITOR
              value: "true"
            - name: SEED_SELF_HOST
              value: "true"
            - name: DB_HOST
              value: "supabase-basket-supabase-db"
            - name: DB_PORT
              value: "5432"
            - name: SELF_HOST_TENANT_NAME
              value: supabase-basket-supabase-realtime
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: password
            - name: DB_NAME
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: database
            - name: JWT_SECRET
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-jwt
                  key: secret
            - name: API_JWT_SECRET
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-jwt
                  key: secret

            - name: SECRET_KEY_BASE
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-realtime
                  key: secretKeyBase
          ports:
            - name: http
              containerPort: 4000
              protocol: TCP
---
# Source: supabase/templates/rest/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: supabase-basket-supabase-rest
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: supabase-rest
      app.kubernetes.io/instance: supabase-basket
  template:
    metadata:
      labels:
        app.kubernetes.io/name: supabase-rest
        app.kubernetes.io/instance: supabase-basket
    spec:
      serviceAccountName: supabase-basket-supabase-rest
      securityContext:
        null
      initContainers:
        - name: init-db
          image: "postgres:15-alpine"
          imagePullPolicy: IfNotPresent
          env:
            - name: DB_HOST
              value: "supabase-basket-supabase-db"
            - name: DB_PORT
              value: "5432"
          command: ["/bin/sh", "-c"]
          args:
            - |
              until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres; do
              echo "Waiting for database to start..."
              sleep 2
              done
            - echo "Database is ready"
      containers:
        - name: supabase-rest
          securityContext:
            {}
          image: "postgrest/postgrest:v14.8"
          imagePullPolicy: IfNotPresent
          env:
            - name: DB_DRIVER
              value: "postgres"
            - name: DB_SSL
              value: "disable"
            - name: DB_USER
              value: "authenticator"
            - name: PGRST_APP_SETTINGS_JWT_EXP
              value: "3600"
            - name: PGRST_DB_ANON_ROLE
              value: "anon"
            - name: PGRST_DB_SCHEMAS
              value: "public,storage,graphql_public"
            - name: PGRST_DB_USE_LEGACY_GUCS
              value: "false"
            - name: DB_HOST
              value: "supabase-basket-supabase-db"
            - name: DB_PORT
              value: "5432"
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: password
            - name: DB_PASSWORD_ENC
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: password_encoded
            - name: DB_NAME
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: database
            - name: PGRST_DB_URI
              value: $(DB_DRIVER)://$(DB_USER):$(DB_PASSWORD_ENC)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=$(DB_SSL)
            - name: PGRST_JWT_SECRET
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-jwt
                  key: secret
            - name: PGRST_APP_SETTINGS_JWT_SECRET
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-jwt
                  key: secret
          ports:
            - name: http
              containerPort: 3000
              protocol: TCP
---
# Source: supabase/templates/storage/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: supabase-basket-supabase-storage
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: supabase-storage
      app.kubernetes.io/instance: supabase-basket
  template:
    metadata:
      labels:
        app.kubernetes.io/name: supabase-storage
        app.kubernetes.io/instance: supabase-basket
    spec:
      restartPolicy: Always
      serviceAccountName: supabase-basket-supabase-storage
      securityContext:
        null
      initContainers:
        - name: init-db
          image: "postgres:15-alpine"
          imagePullPolicy: IfNotPresent
          env:
            - name: DB_HOST
              value: "supabase-basket-supabase-db"
            - name: DB_PORT
              value: "5432"
          command: ["/bin/sh", "-c"]
          args:
            - |
              until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres; do
              echo "Waiting for database to start..."
              sleep 2
              done
            - echo "Database is ready"
      containers:
        - name: supabase-storage
          securityContext:
            {}
          image: "supabase/storage-api:v1.48.26"
          imagePullPolicy: IfNotPresent
          env:
            - name: DB_DRIVER
              value: "postgres"
            - name: DB_SSL
              value: "disable"
            - name: DB_USER
              value: "supabase_storage_admin"
            - name: ENABLE_IMAGE_TRANSFORMATION
              value: "true"
            - name: FILE_SIZE_LIMIT
              value: "52428800"
            - name: FILE_STORAGE_BACKEND_PATH
              value: "/var/lib/storage"
            - name: GLOBAL_S3_BUCKET
              value: "stub"
            - name: REGION
              value: "stub"
            - name: REQUEST_ALLOW_X_FORWARDED_PATH
              value: "true"
            - name: TENANT_ID
              value: "stub"
            
            # 2. Now handle STORAGE_BACKEND specifically
            - name: STORAGE_BACKEND
              value: "file"
            - name: DB_HOST
              value: "supabase-basket-supabase-db"
            - name: DB_PORT
              value: "5432"
            - name: POSTGREST_URL
              value: http://supabase-basket-supabase-rest:3000
            - name: DB_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: password
            - name: DB_PASSWORD_ENC
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: password_encoded
            - name: DB_NAME
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: database
            - name: DATABASE_URL
              value: $(DB_DRIVER)://$(DB_USER):$(DB_PASSWORD_ENC)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=$(DB_SSL)
            - name: PGRST_JWT_SECRET
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-jwt
                  key: secret
            - name: AUTH_JWT_SECRET
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-jwt
                  key: secret
            - name: ANON_KEY
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-jwt
                  key: anonKey
            - name: SERVICE_KEY
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-jwt
                  key: serviceKey
            - name: S3_PROTOCOL_ACCESS_KEY_ID
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-s3
                  key: keyId
            - name: S3_PROTOCOL_ACCESS_KEY_SECRET
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-s3
                  key: accessKey
            - name: IMGPROXY_URL
              value: http://supabase-basket-supabase-imgproxy:5001
          ports:
            - name: http
              containerPort: 5000
              protocol: TCP
          volumeMounts:
            - mountPath: /var/lib/storage
              name: storage-data
      volumes:
        - name: storage-data
          persistentVolumeClaim:
            claimName: supabase-basket-storage
---
# Source: supabase/templates/studio/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: supabase-basket-supabase-studio
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: supabase-studio
      app.kubernetes.io/instance: supabase-basket
  template:
    metadata:
      labels:
        app.kubernetes.io/name: supabase-studio
        app.kubernetes.io/instance: supabase-basket
    spec:
      serviceAccountName: supabase-basket-supabase-studio
      securityContext:
        null
      containers:
        - name: supabase-studio
          securityContext:
            {}
          image: "supabase/studio:2026.04.08-sha-205cbe7"
          imagePullPolicy: IfNotPresent
          env:
            - name: DEFAULT_ORGANIZATION_NAME
              value: "Default Organization"
            - name: DEFAULT_PROJECT_NAME
              value: "Default Project"
            - name: HOSTNAME
              value: "::"
            - name: NEXT_ANALYTICS_BACKEND_PROVIDER
              value: "postgres"
            - name: NEXT_PUBLIC_ENABLE_LOGS
              value: "true"
            - name: POSTGRES_PORT
              value: "5432"
            - name: STUDIO_PORT
              value: "3000"
            - name: SUPABASE_PUBLIC_URL
              value: "http://supabase.local"
            - name: SUPABASE_URL
              value: http://supabase-basket-supabase-kong:8000
            - name: STUDIO_PG_META_URL
              value: http://supabase-basket-supabase-meta:8080
            - name: POSTGRES_HOST
              value: supabase-basket-supabase-db

            - name: POSTGRES_DB
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: database

            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: password

            - name: PG_META_CRYPTO_KEY
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-meta
                  key: cryptoKey


            - name: OPENAI_API_KEY
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-dashboard
                  key: openAiApiKey

            - name: SUPABASE_ANON_KEY
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-jwt
                  key: anonKey

            - name: SUPABASE_SERVICE_KEY
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-jwt
                  key: serviceKey

            - name: AUTH_JWT_SECRET
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-jwt
                  key: secret
            - name: LOGFLARE_URL
              value: http://supabase-basket-supabase-analytics:4000
            - name:  LOGFLARE_PUBLIC_ACCESS_TOKEN
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-analytics
                  key: publicAccessToken
            - name: LOGFLARE_PRIVATE_ACCESS_TOKEN
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-analytics
                  key: privateAccessToken
            - name: EDGE_FUNCTIONS_MANAGEMENT_FOLDER
              value: /home/deno/functions
            - name: SNIPPETS_MANAGEMENT_FOLDER
              value: /app/snippets
          ports:
            - name: http
              containerPort: 3000
              protocol: TCP
          volumeMounts:
            - name: functions-storage
              mountPath: /home/deno/functions
            - name: snippets-storage
              mountPath: /app/snippets
      volumes:
        - name: functions-storage
          persistentVolumeClaim:
            claimName: supabase-basket-functions
        - name: snippets-storage
          persistentVolumeClaim:
            claimName: supabase-basket-snippets
---
# Source: supabase/templates/vector/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: supabase-basket-supabase-vector
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
    vector.dev/exclude: "true"
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: supabase-vector
      app.kubernetes.io/instance: supabase-basket
  template:
    metadata:
      annotations:
        checksum/config: bc90c241e29802f5d00dcc778b7af85a514750c581e5d6f00fb1c1cf1c9802d2
      labels:
        app.kubernetes.io/name: supabase-vector
        app.kubernetes.io/instance: supabase-basket
    spec:
      serviceAccountName: supabase-basket-supabase-vector
      securityContext:
        null
      containers:
        - args:
            - --config
            - /etc/vector/vector.yml
          name: supabase-vector
          securityContext:
            {}
          image: "timberio/vector:0.53.0-alpine"
          imagePullPolicy: IfNotPresent
          env:
            - name: VECTOR_SELF_NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
            - name:  LOGFLARE_PUBLIC_ACCESS_TOKEN
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-analytics
                  key: publicAccessToken
          ports:
            - containerPort: 9001
              protocol: TCP
          volumeMounts:
            - mountPath: /etc/vector/vector.yml
              name: vector-config
              subPath: vector.yml
            - name: varlog
              mountPath: /var/log
              readOnly: true
            - name: varlibdockercontainers
              mountPath: /var/lib/docker/containers
              readOnly: true
      volumes:
        - name: vector-config
          configMap:
            name:  supabase-basket-supabase-vector-config
            defaultMode: 0777
        - name: varlog
          hostPath:
            path: /var/log
        - name: varlibdockercontainers
          hostPath:
            path: /var/lib/docker/containers
---
# Source: supabase/templates/db/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: supabase-basket-supabase-db
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: supabase-db
      app.kubernetes.io/instance: supabase-basket
  serviceName: supabase-basket-supabase-db
  template:
    metadata:
      labels:
        app.kubernetes.io/name: supabase-db
        app.kubernetes.io/instance: supabase-basket
    spec:
      serviceAccountName: supabase-basket-supabase-db
      securityContext:
        null
      initContainers:
        - name: init-db
          image: "supabase/postgres:15.8.1.085"
          imagePullPolicy: IfNotPresent
          command: ["/bin/sh", "-c"]
          args:
            - |
              echo "Copying init scripts into existing image script directory..."
              cp -r /docker-entrypoint-initdb.d/* /initdb.d/
              cp /custom-init-scripts/98-webhooks.sql /initdb.d/init-scripts/
              cp /custom-init-scripts/99-roles.sql /initdb.d/init-scripts/
              cp /custom-init-scripts/99-jwt.sql /initdb.d/init-scripts/

              cp /custom-init-scripts/99-logs.sql /initdb.d/migrations/
              cp /custom-init-scripts/99-realtime.sql /initdb.d/migrations/
              cp /custom-init-scripts/97-_supabase.sql /initdb.d/migrations/
              cp /custom-init-scripts/99-pooler.sql /initdb.d/migrations/

              echo "Copying user-defined migration scripts..."
              cp /custom-migrations/* /initdb.d/migrations/ || echo "Skip migrations"
              echo "Initialization scripts are ready"
          volumeMounts:
            - mountPath: /custom-init-scripts
              name: custom-init-scripts
            - mountPath: /custom-migrations
              name: custom-migrations
            - mountPath: /initdb.d
              name: initdb-scripts-data
      containers:
        - name: supabase-db
          securityContext:
            {}
          image: "supabase/postgres:15.8.1.085"
          imagePullPolicy: IfNotPresent
          lifecycle:
            preStop:
              exec:
                command: ["/bin/sh", "-c", "pg_ctl -D /var/lib/postgres/data -w -t 60 -m fast stop"]
          env:
            - name: JWT_EXP
              value: "3600"
            - name: PGPORT
              value: "5432"
            - name: POSTGRES_HOST
              value: "/var/run/postgresql"
            - name: POSTGRES_PORT
              value: "5432"
            - name: PGPASSWORD
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: password
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: password
            - name: PGDATABASE
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: database
            - name: POSTGRES_DB
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-db
                  key: database
            - name: JWT_SECRET
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-jwt
                  key: secret
          ports:
            - name: http
              containerPort: 5432
              protocol: TCP
          volumeMounts:
            - mountPath: /docker-entrypoint-initdb.d
              name: initdb-scripts-data
            - mountPath: /var/lib/postgresql/data
              name: postgres-volume
              subPath: postgres-data
      volumes:
        - name: initdb-scripts-data
          emptyDir:
            medium: ""
        - name: custom-init-scripts
          configMap:
            name: supabase-basket-supabase-db-initdb
        - name: custom-migrations
          configMap:
            name: supabase-basket-supabase-db-migrations
        - name: postgres-volume
          persistentVolumeClaim:
            claimName: supabase-basket-db
---
# Source: supabase/templates/kong/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: supabase-basket-supabase-kong
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
    - host: "supabase.local"
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: supabase-basket-supabase-kong
                port:
                  number: 8000
---
# Source: supabase/templates/test/analytics.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: supabase-basket-test-analytics
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
  annotations:
    "helm.sh/hook": test
spec:
  ttlSecondsAfterFinished: 100
  template:
    spec:
      containers:
        - name: test-analytics
          image: kdevup/curljq
          imagePullPolicy: IfNotPresent
          command:
            - /bin/bash
            - -c
            - |
              curl -sfo /dev/null \
                http://supabase-basket-supabase-analytics:4000/health
              echo "Sevice supabase-basket-supabase-analytics is healthy."
      restartPolicy: Never
---
# Source: supabase/templates/test/auth.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: supabase-basket-test-auth
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
  annotations:
    "helm.sh/hook": test
spec:
  ttlSecondsAfterFinished: 100
  template:
    spec:
      containers:
        - name: test-auth
          image: kdevup/curljq
          imagePullPolicy: IfNotPresent
          command:
            - /bin/bash
            - -c
            - |
              curl -sfo /dev/null \
                http://supabase-basket-supabase-auth:9999/health
              echo "Sevice supabase-basket-supabase-auth is healthy."
      restartPolicy: Never
---
# Source: supabase/templates/test/db.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: supabase-basket-test-db
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
  annotations:
    "helm.sh/hook": test
spec:
  ttlSecondsAfterFinished: 100
  template:
    spec:
      containers:
        - command:
            - /bin/sh
            - -c
            - |
              pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres || $(echo "\e[0;31mFailed to connect to the database." && exit 1)
              echo "Database is ready"
          env:
            - name: DB_HOST
              value: "supabase-basket-supabase-db"
            - name: DB_PORT
              value: "5432"
          image: postgres:15-alpine
          imagePullPolicy: IfNotPresent
          name: test-db
      restartPolicy: Never
---
# Source: supabase/templates/test/imgproxy.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: supabase-basket-test-imgproxy
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
  annotations:
    "helm.sh/hook": test
spec:
  ttlSecondsAfterFinished: 100
  template:
    spec:
      containers:
        - name: test-imgproxy
          image: kdevup/curljq
          imagePullPolicy: IfNotPresent
          command:
            - /bin/bash
            - -c
            - |
              curl -sfo /dev/null \
                http://supabase-basket-supabase-imgproxy:5001/health
              echo "Sevice supabase-basket-supabase-imgproxy is healthy."
      restartPolicy: Never
---
# Source: supabase/templates/test/kong.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: supabase-basket-test-kong
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
  annotations:
    "helm.sh/hook": test
spec:
  ttlSecondsAfterFinished: 100
  template:
    spec:
      containers:
        - env:
            - name: DASHBOARD_USERNAME
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-dashboard
                  key: username
            - name: DASHBOARD_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: supabase-basket-dashboard
                  key: password
          name: test-kong
          image: kdevup/curljq
          imagePullPolicy: IfNotPresent
          command:
            - /bin/bash
            - -c
            - |
              echo "Attempting to access dashboard with provided credentials..."
              curl -sL --fail \
                -o /dev/null \
                "http://${DASHBOARD_USERNAME}:${DASHBOARD_PASSWORD}@supabase-basket-supabase-kong:8000" \
                || ( echo -e "\e[0;31mFailed to get a valid response." && exit 1 )
              echo "Successfully connected."
      restartPolicy: Never
---
# Source: supabase/templates/test/meta.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: supabase-basket-test-meta
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
  annotations:
    "helm.sh/hook": test
spec:
  ttlSecondsAfterFinished: 100
  template:
    spec:
      containers:
        - name: test-meta
          image: kdevup/curljq
          imagePullPolicy: IfNotPresent
          command:
            - /bin/bash
            - -c
            - |
              curl -sfo /dev/null \
                http://supabase-basket-supabase-meta:8080/health
              echo "Sevice supabase-basket-supabase-meta is healthy."
      restartPolicy: Never
---
# Source: supabase/templates/test/realtime.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: supabase-basket-test-realtime
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
  annotations:
    "helm.sh/hook": test
spec:
  ttlSecondsAfterFinished: 100
  template:
    spec:
      containers:
        - name: test-realtime
          image: kdevup/curljq
          imagePullPolicy: IfNotPresent
          command:
            - /bin/bash
            - -c
            - |
              curl -sfo /dev/null \
                http://supabase-basket-supabase-realtime:4000
              echo "Sevice supabase-basket-supabase-realtime is healthy."
      restartPolicy: Never
---
# Source: supabase/templates/test/rest.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: supabase-basket-test-rest
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
  annotations:
    "helm.sh/hook": test
spec:
  ttlSecondsAfterFinished: 100
  template:
    spec:
      containers:
        - name: test-rest
          image: kdevup/curljq
          imagePullPolicy: IfNotPresent
          command:
            - /bin/bash
            - -c
            - |
              curl -sfo /dev/null \
                http://supabase-basket-supabase-rest:3000
              echo "Sevice supabase-basket-supabase-rest is healthy."
      restartPolicy: Never
---
# Source: supabase/templates/test/storage.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: supabase-basket-test-storage
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
  annotations:
    "helm.sh/hook": test
spec:
  ttlSecondsAfterFinished: 100
  template:
    spec:
      containers:
        - name: test-storage
          image: kdevup/curljq
          imagePullPolicy: IfNotPresent
          command:
            - /bin/bash
            - -c
            - |
              curl -sfo /dev/null \
                http://supabase-basket-supabase-storage:5000/status
              echo "Sevice supabase-basket-supabase-storage is healthy."
      restartPolicy: Never
---
# Source: supabase/templates/test/studio.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: supabase-basket-test-studio
  labels:
    helm.sh/chart: supabase-0.5.6
    app.kubernetes.io/name: supabase
    app.kubernetes.io/instance: supabase-basket
    app.kubernetes.io/managed-by: Helm
  annotations:
    "helm.sh/hook": test
spec:
  ttlSecondsAfterFinished: 100
  template:
    spec:
      containers:
        - name: test-studio
          image: kdevup/curljq
          imagePullPolicy: IfNotPresent
          command:
            - /bin/bash
            - -c
            - |
              curl -sfo /dev/null \
                http://supabase-basket-supabase-studio:3000/api/profile
              echo "Sevice supabase-basket-supabase-studio is healthy."
      restartPolicy: Never