fchinembiri
/
geocrop-platform.
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
geocrop-platform./k8s/base/supabase-basket.yaml

3267 lines
102 KiB
YAML
Raw Blame History

---
# Source: supabase/templates/analytics/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: supabase-basket-supabase-analytics
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/auth/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: supabase-basket-supabase-auth
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/db/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: supabase-basket-supabase-db
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/functions/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: supabase-basket-supabase-functions
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/imgproxy/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: supabase-basket-supabase-imgproxy
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/kong/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: supabase-basket-supabase-kong
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/meta/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: supabase-basket-supabase-meta
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/realtime/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: supabase-basket-supabase-realtime
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/rest/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: supabase-basket-supabase-rest
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/storage/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: supabase-basket-supabase-storage
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/studio/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: supabase-basket-supabase-studio
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/vector/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: supabase-basket-supabase-vector
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
---
# Source: supabase/templates/secret/analytics.yaml
apiVersion: v1
kind: Secret
metadata:
name: supabase-basket-analytics
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
type: Opaque
data:
publicAccessToken: "eW91ci1zdXBlci1zZWNyZXQtYW5kLWxvbmctbG9nZmxhcmUta2V5LXB1YmxpYw=="
privateAccessToken: "eW91ci1zdXBlci1zZWNyZXQtYW5kLWxvbmctbG9nZmxhcmUta2V5LXByaXZhdGU="
---
# Source: supabase/templates/secret/apikey.yaml
apiVersion: v1
kind: Secret
metadata:
name: supabase-basket-apikey
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
type: Opaque
data:
publishableKey: ""
secretKey: ""
anonKeyAsymmetric: ""
serviceRoleKeyAsymmetric: ""
jwtKeys: ""
jwtJwks: ""
---
# Source: supabase/templates/secret/dashboard.yaml
apiVersion: v1
kind: Secret
metadata:
name: supabase-basket-dashboard
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
type: Opaque
data:
username: "c3VwYWJhc2U="
password: "dGhpc19wYXNzd29yZF9pc19pbnNlY3VyZV9hbmRfc2hvdWxkX2JlX3VwZGF0ZWQ="
openAiApiKey: "a2V5X3N1cGVyX3NlY3JldA=="
---
# Source: supabase/templates/secret/db.yaml
apiVersion: v1
kind: Secret
metadata:
name: supabase-basket-db
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
type: Opaque
data:
password: "eW91ci1zdXBlci1zZWNyZXQtYW5kLWxvbmctcG9zdGdyZXMtcGFzc3dvcmQ="
database: "cG9zdGdyZXM="
password_encoded: "eW91ci1zdXBlci1zZWNyZXQtYW5kLWxvbmctcG9zdGdyZXMtcGFzc3dvcmQ="
---
# Source: supabase/templates/secret/jwt.yaml
apiVersion: v1
kind: Secret
metadata:
name: supabase-basket-jwt
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
type: Opaque
data:
anonKey: "ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5QWdDaUFnSUNBaWNtOXNaU0k2SUNKaGJtOXVJaXdLSUNBZ0lDSnBjM01pT2lBaWMzVndZV0poYzJVdFpHVnRieUlzQ2lBZ0lDQWlhV0YwSWpvZ01UWTBNVGMyT1RJd01Dd0tJQ0FnSUNKbGVIQWlPaUF4TnprNU5UTTFOakF3Q24wLmRjX1g1aVJfVlBfcVQwenNpeWpfSV9PWjJUOUZ0UlUyQkJOV044QnU0R0U="
serviceKey: "ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5QWdDaUFnSUNBaWNtOXNaU0k2SUNKelpYSjJhV05sWDNKdmJHVWlMQW9nSUNBZ0ltbHpjeUk2SUNKemRYQmhZbUZ6WlMxa1pXMXZJaXdLSUNBZ0lDSnBZWFFpT2lBeE5qUXhOelk1TWpBd0xBb2dJQ0FnSW1WNGNDSTZJREUzT1RrMU16VTJNREFLZlEuRGFZbE5Fb1VyckVuMklnN3RxaWJTLVBISzV2Z3VzYmNibzdYMzZYVnQ0UQ=="
secret: "eW91ci1zdXBlci1zZWNyZXQtand0LXRva2VuLXdpdGgtYXQtbGVhc3QtMzItY2hhcmFjdGVycy1sb25n"
---
# Source: supabase/templates/secret/meta.yaml
apiVersion: v1
kind: Secret
metadata:
name: supabase-basket-meta
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
type: Opaque
data:
cryptoKey: "eW91ci1lbmNyeXB0aW9uLWtleS0zMi1jaGFycy1taW4="
---
# Source: supabase/templates/secret/minio.yaml
apiVersion: v1
kind: Secret
metadata:
name: supabase-basket-minio
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
type: Opaque
data:
user: "c3VwYS1zdG9yYWdl"
password: "c2VjcmV0MTIzNA=="
---
# Source: supabase/templates/secret/realtime.yaml
apiVersion: v1
kind: Secret
metadata:
name: supabase-basket-realtime
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
type: Opaque
data:
secretKeyBase: "VXBOVm50bjNjRHhISnBxOTlZTWMxVDFBUWdRcGM4a2ZZVHVSZ0JpWWExNUJMcng4ZXRRb1h6M2dadjEvdTJvcQ=="
---
# Source: supabase/templates/secret/s3.yaml
apiVersion: v1
kind: Secret
metadata:
name: supabase-basket-s3
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
type: Opaque
data:
keyId: "NjI1NzI5YTA4Yjk1YmYxYjdmZjM1MWE2NjNmM2EyM2M="
accessKey: "ODUwMTgxZTQ2NTJkZDAyM2I3YTk4YzU4YWUwZDJkMzRiZDQ4N2VlMGNjMzI1NGFlZDZlZGEzNzMwNzQyNTkwNw=="
---
# Source: supabase/templates/secret/smtp.yaml
apiVersion: v1
kind: Secret
metadata:
name: supabase-basket-smtp
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
type: Opaque
data:
username: "ZmFrZV9tYWlsX3VzZXI="
password: "ZmFrZV9tYWlsX3Bhc3N3b3Jk"
---
# Source: supabase/templates/db/initdb.config.yaml
kind: ConfigMap
apiVersion: v1
metadata:
name: supabase-basket-supabase-db-initdb
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
data:
99-jwt.sql: |
\set jwt_secret `echo "$JWT_SECRET"`
\set jwt_exp `echo "$JWT_EXP"`
ALTER DATABASE postgres SET "app.settings.jwt_secret" TO :'jwt_secret';
ALTER DATABASE postgres SET "app.settings.jwt_exp" TO :'jwt_exp';
99-pooler.sql: |
\set pguser `echo "$POSTGRES_USER"`
\c _supabase
create schema if not exists _supavisor;
alter schema _supavisor owner to :pguser;
\c postgres
99-logs.sql: |
\set pguser `echo "$POSTGRES_USER"`
\c _supabase
create schema if not exists _analytics;
alter schema _analytics owner to :pguser;
\c postgres
99-realtime.sql: |
\set pguser `echo "$POSTGRES_USER"`
create schema if not exists _realtime;
alter schema _realtime owner to :pguser;
99-roles.sql: |
-- NOTE: change to your own passwords for production environments
\set pgpass `echo "$POSTGRES_PASSWORD"`
ALTER USER authenticator WITH PASSWORD :'pgpass';
ALTER USER pgbouncer WITH PASSWORD :'pgpass';
ALTER USER supabase_auth_admin WITH PASSWORD :'pgpass';
ALTER USER supabase_functions_admin WITH PASSWORD :'pgpass';
ALTER USER supabase_storage_admin WITH PASSWORD :'pgpass';
97-_supabase.sql: |
\set pguser `echo "$POSTGRES_USER"`
CREATE DATABASE _supabase WITH OWNER :pguser;
98-webhooks.sql: |
BEGIN;
-- Create pg_net extension
CREATE EXTENSION IF NOT EXISTS pg_net SCHEMA extensions;
-- Create supabase_functions schema
CREATE SCHEMA supabase_functions AUTHORIZATION supabase_admin;
GRANT USAGE ON SCHEMA supabase_functions TO postgres, anon, authenticated, service_role;
ALTER DEFAULT PRIVILEGES IN SCHEMA supabase_functions GRANT ALL ON TABLES TO postgres, anon, authenticated, service_role;
ALTER DEFAULT PRIVILEGES IN SCHEMA supabase_functions GRANT ALL ON FUNCTIONS TO postgres, anon, authenticated, service_role;
ALTER DEFAULT PRIVILEGES IN SCHEMA supabase_functions GRANT ALL ON SEQUENCES TO postgres, anon, authenticated, service_role;
-- supabase_functions.migrations definition
CREATE TABLE supabase_functions.migrations (
version text PRIMARY KEY,
inserted_at timestamptz NOT NULL DEFAULT NOW()
);
-- Initial supabase_functions migration
INSERT INTO supabase_functions.migrations (version) VALUES ('initial');
-- supabase_functions.hooks definition
CREATE TABLE supabase_functions.hooks (
id bigserial PRIMARY KEY,
hook_table_id integer NOT NULL,
hook_name text NOT NULL,
created_at timestamptz NOT NULL DEFAULT NOW(),
request_id bigint
);
CREATE INDEX supabase_functions_hooks_request_id_idx ON supabase_functions.hooks USING btree (request_id);
CREATE INDEX supabase_functions_hooks_h_table_id_h_name_idx ON supabase_functions.hooks USING btree (hook_table_id, hook_name);
COMMENT ON TABLE supabase_functions.hooks IS 'Supabase Functions Hooks: Audit trail for triggered hooks.';
CREATE FUNCTION supabase_functions.http_request()
RETURNS trigger
LANGUAGE plpgsql
AS $function$
DECLARE
request_id bigint;
payload jsonb;
url text := TG_ARGV[0]::text;
method text := TG_ARGV[1]::text;
headers jsonb DEFAULT '{}'::jsonb;
params jsonb DEFAULT '{}'::jsonb;
timeout_ms integer DEFAULT 1000;
BEGIN
IF url IS NULL OR url = 'null' THEN
RAISE EXCEPTION 'url argument is missing';
END IF;
IF method IS NULL OR method = 'null' THEN
RAISE EXCEPTION 'method argument is missing';
END IF;
IF TG_ARGV[2] IS NULL OR TG_ARGV[2] = 'null' THEN
headers = '{"Content-Type": "application/json"}'::jsonb;
ELSE
headers = TG_ARGV[2]::jsonb;
END IF;
IF TG_ARGV[3] IS NULL OR TG_ARGV[3] = 'null' THEN
params = '{}'::jsonb;
ELSE
params = TG_ARGV[3]::jsonb;
END IF;
IF TG_ARGV[4] IS NULL OR TG_ARGV[4] = 'null' THEN
timeout_ms = 1000;
ELSE
timeout_ms = TG_ARGV[4]::integer;
END IF;
CASE
WHEN method = 'GET' THEN
SELECT http_get INTO request_id FROM net.http_get(
url,
params,
headers,
timeout_ms
);
WHEN method = 'POST' THEN
payload = jsonb_build_object(
'old_record', OLD,
'record', NEW,
'type', TG_OP,
'table', TG_TABLE_NAME,
'schema', TG_TABLE_SCHEMA
);
SELECT http_post INTO request_id FROM net.http_post(
url,
payload,
params,
headers,
timeout_ms
);
ELSE
RAISE EXCEPTION 'method argument % is invalid', method;
END CASE;
INSERT INTO supabase_functions.hooks
(hook_table_id, hook_name, request_id)
VALUES
(TG_RELID, TG_NAME, request_id);
RETURN NEW;
END
$function$;
-- Supabase super admin
DO
$$
BEGIN
IF NOT EXISTS (
SELECT 1
FROM pg_roles
WHERE rolname = 'supabase_functions_admin'
)
THEN
CREATE USER supabase_functions_admin NOINHERIT CREATEROLE LOGIN NOREPLICATION;
END IF;
END
$$;
GRANT ALL PRIVILEGES ON SCHEMA supabase_functions TO supabase_functions_admin;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA supabase_functions TO supabase_functions_admin;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA supabase_functions TO supabase_functions_admin;
ALTER USER supabase_functions_admin SET search_path = "supabase_functions";
ALTER table "supabase_functions".migrations OWNER TO supabase_functions_admin;
ALTER table "supabase_functions".hooks OWNER TO supabase_functions_admin;
ALTER function "supabase_functions".http_request() OWNER TO supabase_functions_admin;
GRANT supabase_functions_admin TO postgres;
-- Remove unused supabase_pg_net_admin role
DO
$$
BEGIN
IF EXISTS (
SELECT 1
FROM pg_roles
WHERE rolname = 'supabase_pg_net_admin'
)
THEN
REASSIGN OWNED BY supabase_pg_net_admin TO supabase_admin;
DROP OWNED BY supabase_pg_net_admin;
DROP ROLE supabase_pg_net_admin;
END IF;
END
$$;
-- pg_net grants when extension is already enabled
DO
$$
BEGIN
IF EXISTS (
SELECT 1
FROM pg_extension
WHERE extname = 'pg_net'
)
THEN
GRANT USAGE ON SCHEMA net TO supabase_functions_admin, postgres, anon, authenticated, service_role;
ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
REVOKE ALL ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
REVOKE ALL ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
GRANT EXECUTE ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
GRANT EXECUTE ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
END IF;
END
$$;
-- Event trigger for pg_net
CREATE OR REPLACE FUNCTION extensions.grant_pg_net_access()
RETURNS event_trigger
LANGUAGE plpgsql
AS $$
BEGIN
IF EXISTS (
SELECT 1
FROM pg_event_trigger_ddl_commands() AS ev
JOIN pg_extension AS ext
ON ev.objid = ext.oid
WHERE ext.extname = 'pg_net'
)
THEN
GRANT USAGE ON SCHEMA net TO supabase_functions_admin, postgres, anon, authenticated, service_role;
ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
REVOKE ALL ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
REVOKE ALL ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
GRANT EXECUTE ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
GRANT EXECUTE ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
END IF;
END;
$$;
COMMENT ON FUNCTION extensions.grant_pg_net_access IS 'Grants access to pg_net';
DO
$$
BEGIN
IF NOT EXISTS (
SELECT 1
FROM pg_event_trigger
WHERE evtname = 'issue_pg_net_access'
) THEN
CREATE EVENT TRIGGER issue_pg_net_access ON ddl_command_end WHEN TAG IN ('CREATE EXTENSION')
EXECUTE PROCEDURE extensions.grant_pg_net_access();
END IF;
END
$$;
INSERT INTO supabase_functions.migrations (version) VALUES ('20210809183423_update_grants');
ALTER function supabase_functions.http_request() SECURITY DEFINER;
ALTER function supabase_functions.http_request() SET search_path = supabase_functions;
REVOKE ALL ON FUNCTION supabase_functions.http_request() FROM PUBLIC;
GRANT EXECUTE ON FUNCTION supabase_functions.http_request() TO postgres, anon, authenticated, service_role;
COMMIT;
---
# Source: supabase/templates/db/migration.config.yaml
kind: ConfigMap
apiVersion: v1
metadata:
name: supabase-basket-supabase-db-migrations
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
data:
null
---
# Source: supabase/templates/functions/functions.config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: supabase-basket-supabase-functions-main
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
data:
index.ts: |
import * as jose from 'https://deno.land/x/jose@v4.14.4/index.ts'
console.log('main function started')
const JWT_SECRET = Deno.env.get('JWT_SECRET')
const VERIFY_JWT = Deno.env.get('VERIFY_JWT') === 'true'
function getAuthToken(req: Request) {
const authHeader = req.headers.get('authorization')
if (!authHeader) {
throw new Error('Missing authorization header')
}
const [bearer, token] = authHeader.split(' ')
if (bearer !== 'Bearer') {
throw new Error(`Auth header is not 'Bearer {token}'`)
}
return token
}
async function verifyJWT(jwt: string): Promise<boolean> {
const encoder = new TextEncoder()
const secretKey = encoder.encode(JWT_SECRET)
try {
await jose.jwtVerify(jwt, secretKey)
} catch (err) {
console.error(err)
return false
}
return true
}
Deno.serve(async (req: Request) => {
if (req.method !== 'OPTIONS' && VERIFY_JWT) {
try {
const token = getAuthToken(req)
const isValidJWT = await verifyJWT(token)
if (!isValidJWT) {
return new Response(JSON.stringify({ msg: 'Invalid JWT' }), {
status: 401,
headers: { 'Content-Type': 'application/json' },
})
}
} catch (e) {
console.error(e)
return new Response(JSON.stringify({ msg: e.toString() }), {
status: 401,
headers: { 'Content-Type': 'application/json' },
})
}
}
const url = new URL(req.url)
const { pathname } = url
const path_parts = pathname.split('/')
const service_name = path_parts[1]
if (!service_name || service_name === '') {
const error = { msg: 'missing function name in request' }
return new Response(JSON.stringify(error), {
status: 400,
headers: { 'Content-Type': 'application/json' },
})
}
const servicePath = `/home/deno/functions/${service_name}`
console.error(`serving the request with ${servicePath}`)
const memoryLimitMb = 150
const workerTimeoutMs = 1 * 60 * 1000
const noModuleCache = false
const importMapPath = null
const envVarsObj = Deno.env.toObject()
const envVars = Object.keys(envVarsObj).map((k) => [k, envVarsObj[k]])
try {
const worker = await EdgeRuntime.userWorkers.create({
servicePath,
memoryLimitMb,
workerTimeoutMs,
noModuleCache,
importMapPath,
envVars,
})
return await worker.fetch(req)
} catch (e) {
const error = { msg: e.toString() }
return new Response(JSON.stringify(error), {
status: 500,
headers: { 'Content-Type': 'application/json' },
})
}
})
---
# Source: supabase/templates/kong/config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: supabase-basket-supabase-kong
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
data:
kong-entrypoint.sh: |
#!/bin/bash
set -euo pipefail
if [ -n "${SUPABASE_SECRET_KEY:-}" ] && [ -n "${SUPABASE_PUBLISHABLE_KEY:-}" ]; then
export LUA_AUTH_EXPR="\$((headers.authorization ~= nil and headers.authorization:sub(1, 10) ~= 'Bearer sb_' and headers.authorization) or (headers.apikey == '${SUPABASE_SECRET_KEY}' and 'Bearer ${SERVICE_ROLE_KEY_ASYMMETRIC}') or (headers.apikey == '${SUPABASE_PUBLISHABLE_KEY}' and 'Bearer ${ANON_KEY_ASYMMETRIC}') or headers.apikey)"
export LUA_RT_WS_EXPR="\$((query_params.apikey == '${SUPABASE_SECRET_KEY}' and '${SERVICE_ROLE_KEY_ASYMMETRIC}') or (query_params.apikey == '${SUPABASE_PUBLISHABLE_KEY}' and '${ANON_KEY_ASYMMETRIC}') or query_params.apikey)"
else
export LUA_AUTH_EXPR="\$((headers.authorization ~= nil and headers.authorization:sub(1, 10) ~= 'Bearer sb_' and headers.authorization) or headers.apikey)"
export LUA_RT_WS_EXPR="\$(query_params.apikey)"
fi
echo "Replacing env placeholders of /usr/local/kong/kong.yml"
sed \
-e "s|\${SUPABASE_ANON_KEY}|${SUPABASE_ANON_KEY}|" \
-e "s|\${SUPABASE_SERVICE_KEY}|${SUPABASE_SERVICE_KEY}|" \
-e "s|\${SUPABASE_PUBLISHABLE_KEY}|${SUPABASE_PUBLISHABLE_KEY:-}|" \
-e "s|\${SUPABASE_SECRET_KEY}|${SUPABASE_SECRET_KEY:-}|" \
-e "s|\${ANON_KEY_ASYMMETRIC}|${ANON_KEY_ASYMMETRIC:-}|" \
-e "s|\${SERVICE_ROLE_KEY_ASYMMETRIC}|${SERVICE_ROLE_KEY_ASYMMETRIC:-}|" \
-e "s|\${LUA_AUTH_EXPR}|${LUA_AUTH_EXPR}|" \
-e "s|\${LUA_RT_WS_EXPR}|${LUA_RT_WS_EXPR}|" \
-e "s|\${DASHBOARD_USERNAME}|${DASHBOARD_USERNAME}|" \
-e "s|\${DASHBOARD_PASSWORD}|${DASHBOARD_PASSWORD}|" \
/usr/local/kong/template.yml \
> /usr/local/kong/kong.yml
sed -i '/^[[:space:]]*- key:[[:space:]]*$/d' /usr/local/kong/kong.yml
exec /entrypoint.sh kong docker-start
kong.yml: |
_format_version: '2.1'
_transform: true
consumers:
- username: DASHBOARD
- username: anon
keyauth_credentials:
- key: ${SUPABASE_ANON_KEY}
- key: ${SUPABASE_PUBLISHABLE_KEY}
- username: service_role
keyauth_credentials:
- key: ${SUPABASE_SERVICE_KEY}
- key: ${SUPABASE_SECRET_KEY}
acls:
- consumer: anon
group: anon
- consumer: service_role
group: admin
basicauth_credentials:
- consumer: DASHBOARD
username: '${DASHBOARD_USERNAME}'
password: '${DASHBOARD_PASSWORD}'
services:
- name: auth-v1-open
url: http://supabase-basket-supabase-auth:9999/verify
routes:
- name: auth-v1-open
strip_path: true
paths:
- /auth/v1/verify
plugins:
- name: cors
- name: auth-v1-open-callback
url: http://supabase-basket-supabase-auth:9999/callback
routes:
- name: auth-v1-open-callback
strip_path: true
paths:
- /auth/v1/callback
plugins:
- name: cors
- name: auth-v1-open-authorize
url: http://supabase-basket-supabase-auth:9999/authorize
routes:
- name: auth-v1-open-authorize
strip_path: true
paths:
- /auth/v1/authorize
plugins:
- name: cors
- name: auth-v1-open-jwks
url: http://supabase-basket-supabase-auth:9999/.well-known/jwks.json
routes:
- name: auth-v1-open-jwks
strip_path: true
paths:
- /auth/v1/.well-known/jwks.json
plugins:
- name: cors
- name: well-known-oauth
_comment: 'Auth: /.well-known/oauth-authorization-server -> http://supabase-basket-supabase-auth:9999/.well-known/oauth-authorization-server'
url: http://supabase-basket-supabase-auth:9999/.well-known/oauth-authorization-server
routes:
- name: well-known-oauth
strip_path: true
paths:
- /.well-known/oauth-authorization-server
plugins:
- name: cors
- name: auth-v1-open-sso-acs
url: "http://auth:9999/sso/saml/acs"
routes:
- name: auth-v1-open-sso-acs
strip_path: true
paths:
- /sso/saml/acs
plugins:
- name: cors
- name: auth-v1-open-sso-metadata
url: "http://auth:9999/sso/saml/metadata"
routes:
- name: auth-v1-open-sso-metadata
strip_path: true
paths:
- /sso/saml/metadata
plugins:
- name: cors
- name: auth-v1
_comment: "GoTrue: /auth/v1/* -> http://supabase-basket-supabase-auth:9999/*"
url: http://supabase-basket-supabase-auth:9999
routes:
- name: auth-v1-all
strip_path: true
paths:
- /auth/v1/
plugins:
- name: cors
- name: key-auth
config:
hide_credentials: false
- name: request-transformer
config:
add:
headers:
- "Authorization: ${LUA_AUTH_EXPR}"
replace:
headers:
- "Authorization: ${LUA_AUTH_EXPR}"
- name: acl
config:
hide_groups_header: true
allow:
- admin
- anon
- name: rest-v1
_comment: "PostgREST: /rest/v1/* -> http://supabase-basket-supabase-rest:3000/*"
url: http://supabase-basket-supabase-rest:3000/
routes:
- name: rest-v1-all
strip_path: true
paths:
- /rest/v1/
plugins:
- name: cors
- name: key-auth
config:
hide_credentials: false
- name: request-transformer
config:
add:
headers:
- "Authorization: ${LUA_AUTH_EXPR}"
replace:
headers:
- "Authorization: ${LUA_AUTH_EXPR}"
- name: acl
config:
hide_groups_header: true
allow:
- admin
- anon
- name: graphql-v1
_comment: 'PostgREST: /graphql/v1/* -> http://supabase-basket-supabase-rest:3000/rpc/graphql'
url: http://supabase-basket-supabase-rest:3000/rpc/graphql
routes:
- name: graphql-v1-all
strip_path: true
paths:
- /graphql/v1
plugins:
- name: cors
- name: key-auth
config:
hide_credentials: false
- name: request-transformer
config:
add:
headers:
- "Content-Profile: graphql_public"
- "Authorization: ${LUA_AUTH_EXPR}"
replace:
headers:
- "Authorization: ${LUA_AUTH_EXPR}"
- name: acl
config:
hide_groups_header: true
allow:
- admin
- anon
- name: realtime-v1-ws
_comment: "Realtime: /realtime/v1/* -> ws://supabase-basket-supabase-realtime:4000/socket/*"
url: http://supabase-basket-supabase-realtime:4000/socket
protocol: ws
routes:
- name: realtime-v1-ws
strip_path: true
paths:
- /realtime/v1/
plugins:
- name: cors
- name: key-auth
config:
hide_credentials: false
- name: request-transformer
config:
add:
headers:
- "x-api-key:${LUA_RT_WS_EXPR}"
replace:
querystring:
- "apikey:${LUA_RT_WS_EXPR}"
- name: acl
config:
hide_groups_header: true
allow:
- admin
- anon
- name: realtime-v1-rest
_comment: 'Realtime: /realtime/v1/* -> http://supabase-basket-supabase-realtime:4000/api/*'
url: http://supabase-basket-supabase-realtime:4000/api
protocol: http
routes:
- name: realtime-v1-rest
strip_path: true
paths:
- /realtime/v1/api
plugins:
- name: cors
- name: key-auth
config:
hide_credentials: false
- name: request-transformer
config:
add:
headers:
- "Authorization: ${LUA_AUTH_EXPR}"
replace:
headers:
- "Authorization: ${LUA_AUTH_EXPR}"
- name: acl
config:
hide_groups_header: true
allow:
- admin
- anon
- name: storage-v1
_comment: "Storage: /storage/v1/* -> http://supabase-basket-supabase-storage:5000/*"
url: http://supabase-basket-supabase-storage:5000/
routes:
- name: storage-v1-all
strip_path: true
paths:
- /storage/v1/
plugins:
- name: cors
- name: request-transformer
config:
add:
headers:
- "Authorization: ${LUA_AUTH_EXPR}"
replace:
headers:
- "Authorization: ${LUA_AUTH_EXPR}"
- name: post-function
config:
access:
- |
local auth = kong.request.get_header("authorization")
if auth == nil or auth == "" or auth:find("^%s*$") then
kong.service.request.clear_header("authorization")
end
- name: functions-v1
_comment: 'Edge Functions: /functions/v1/* -> http://supabase-basket-supabase-functions:9000/*'
url: http://supabase-basket-supabase-functions:9000/
read_timeout: 150000
routes:
- name: functions-v1-all
strip_path: true
paths:
- /functions/v1/
plugins:
- name: cors
- name: meta
_comment: "pg-meta: /pg/* -> http://supabase-basket-supabase-meta:8080/*"
url: http://supabase-basket-supabase-meta:8080/
routes:
- name: meta-all
strip_path: true
paths:
- /pg/
plugins:
- name: key-auth
config:
hide_credentials: false
- name: acl
config:
hide_groups_header: true
allow:
- admin
- name: dashboard
_comment: 'Studio: /* -> http://supabase-basket-supabase-studio:3000/*'
url: http://supabase-basket-supabase-studio:3000/
routes:
- name: dashboard-all
strip_path: true
paths:
- /
plugins:
- name: cors
- name: basic-auth
config:
hide_credentials: true
---
# Source: supabase/templates/vector/config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: supabase-basket-supabase-vector-config
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
data:
vector.yml: |
api:
enabled: true
address: 0.0.0.0:9001
sources:
kubernetes_host:
type: kubernetes_logs
extra_label_selector: app.kubernetes.io/instance=supabase-basket,app.kubernetes.io/name!=supabase-vector
transforms:
project_logs:
type: remap
inputs:
- kubernetes_host
source: |-
.project = "default"
.event_message = del(.message)
.appname = del(.kubernetes.container_name)
del(.file)
del(.kubernetes)
del(.source_type)
del(.stream)
router:
type: route
inputs:
- project_logs
route:
kong: '.appname == "supabase-kong"'
auth: '.appname == "supabase-auth"'
rest: '.appname == "supabase-rest"'
realtime: '.appname == "supabase-realtime"'
storage: '.appname == "supabase-storage"'
functions: '.appname == "supabase-functions"'
db: '.appname == "supabase-db"'
# Ignores non nginx errors since they are related with kong booting up
kong_logs:
type: remap
inputs:
- router.kong
source: |-
req, err = parse_nginx_log(.event_message, "combined")
if err == null {
.timestamp = req.timestamp
.metadata.request.headers.referer = req.referer
.metadata.request.headers.user_agent = req.agent
.metadata.request.headers.cf_connecting_ip = req.client
.metadata.response.status_code = req.status
url, split_err = split(req.request, " ")
if split_err == null {
.metadata.request.method = url[0]
.metadata.request.path = url[1]
.metadata.request.protocol = url[2]
}
}
if err != null {
abort
}
# Ignores non nginx errors since they are related with kong booting up
kong_err:
type: remap
inputs:
- router.kong
source: |-
.metadata.request.method = "GET"
.metadata.response.status_code = 200
parsed, err = parse_nginx_log(.event_message, "error")
if err == null {
.timestamp = parsed.timestamp
.severity = parsed.severity
.metadata.request.host = parsed.host
.metadata.request.headers.cf_connecting_ip = parsed.client
url, err = split(parsed.request, " ")
if err == null {
.metadata.request.method = url[0]
.metadata.request.path = url[1]
.metadata.request.protocol = url[2]
}
}
if err != null {
abort
}
# Gotrue logs are structured json strings which frontend parses directly. But we keep metadata for consistency.
auth_logs:
type: remap
inputs:
- router.auth
source: |-
parsed, err = parse_json(.event_message)
if err == null {
.metadata.timestamp = parsed.time
.metadata = merge!(.metadata, parsed)
}
# PostgREST logs are structured so we separate timestamp from message using regex
rest_logs:
type: remap
inputs:
- router.rest
source: |-
parsed, err = parse_regex(.event_message, r'^(?P<time>.*): (?P<msg>.*)$')
if err == null {
.event_message = parsed.msg
.timestamp = parse_timestamp!(value: parsed.time,format: "%d/%b/%Y:%H:%M:%S %z")
.metadata.host = .project
}
# Filter out healthcheck logs from Realtime
realtime_logs_filtered:
type: filter
inputs:
- router.realtime
condition: '!contains(string!(.event_message), "/health")'
# Realtime logs are structured so we parse the severity level using regex (ignore time because it has no date)
realtime_logs:
type: remap
inputs:
- realtime_logs_filtered
source: |-
.metadata.project = del(.project)
.metadata.external_id = .metadata.project
parsed, err = parse_regex(.event_message, r'^(?P<time>\d+:\d+:\d+\.\d+) \[(?P<level>\w+)\] (?P<msg>.*)$')
if err == null {
.event_message = parsed.msg
.metadata.level = parsed.level
}
# Function logs are unstructured messages on stderr
functions_logs:
type: remap
inputs:
- router.functions
source: |-
.metadata.project_ref = del(.project)
# Storage logs may contain json objects so we parse them for completeness
storage_logs:
type: remap
inputs:
- router.storage
source: |-
.metadata.project = del(.project)
.metadata.tenantId = .metadata.project
parsed, err = parse_json(.event_message)
if err == null {
.event_message = parsed.msg
.metadata.level = parsed.level
.metadata.timestamp = parsed.time
.metadata.context[0].host = parsed.hostname
.metadata.context[0].pid = parsed.pid
}
# Postgres logs some messages to stderr which we map to warning severity level
db_logs:
type: remap
inputs:
- router.db
source: |-
.metadata.host = "db-default"
.metadata.parsed.timestamp = .timestamp
parsed, err = parse_regex(.event_message, r'.*(?P<level>INFO|NOTICE|WARNING|ERROR|LOG|FATAL|PANIC?):.*', numeric_groups: true)
if err != null || parsed == null {
.metadata.parsed.error_severity = "info"
}
if parsed.level != null {
.metadata.parsed.error_severity = parsed.level
}
if .metadata.parsed.error_severity == "info" {
.metadata.parsed.error_severity = "log"
}
.metadata.parsed.error_severity = upcase!(.metadata.parsed.error_severity)
sinks:
logflare_auth:
type: 'http'
inputs:
- auth_logs
encoding:
codec: 'json'
method: 'post'
request:
retry_max_duration_secs: 30
headers:
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
uri: 'http://supabase-basket-supabase-analytics:4000/api/logs?source_name=gotrue.logs.prod'
logflare_realtime:
type: 'http'
inputs:
- realtime_logs
encoding:
codec: 'json'
method: 'post'
request:
retry_max_duration_secs: 30
headers:
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
uri: 'http://supabase-basket-supabase-analytics:4000/api/logs?source_name=realtime.logs.prod'
logflare_rest:
type: 'http'
inputs:
- rest_logs
encoding:
codec: 'json'
method: 'post'
request:
retry_max_duration_secs: 30
headers:
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
uri: 'http://supabase-basket-supabase-analytics:4000/api/logs?source_name=postgREST.logs.prod'
logflare_db:
type: 'http'
inputs:
- db_logs
encoding:
codec: 'json'
method: 'post'
request:
retry_max_duration_secs: 30
headers:
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
# We must route the sink through kong because ingesting logs before logflare is fully initialised will
# lead to broken queries from studio. This works by the assumption that containers are started in the
# following order: vector > db > logflare > kong
uri: 'http://supabase-basket-supabase-analytics:4000/api/logs?source_name=postgres.logs'
logflare_functions:
type: 'http'
inputs:
- functions_logs
encoding:
codec: 'json'
method: 'post'
request:
retry_max_duration_secs: 30
headers:
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
uri: 'http://supabase-basket-supabase-analytics:4000/api/logs?source_name=deno-relay-logs'
logflare_storage:
type: 'http'
inputs:
- storage_logs
encoding:
codec: 'json'
method: 'post'
request:
retry_max_duration_secs: 30
headers:
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
uri: 'http://supabase-basket-supabase-analytics:4000/api/logs?source_name=storage.logs.prod.2'
logflare_kong:
type: 'http'
inputs:
- kong_logs
- kong_err
encoding:
codec: 'json'
method: 'post'
request:
retry_max_duration_secs: 30
headers:
x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required}
uri: 'http://supabase-basket-supabase-analytics:4000/api/logs?source_name=cloudflare.logs.prod'
---
# Source: supabase/templates/persistence.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: supabase-basket-db
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "5Gi"
---
# Source: supabase/templates/persistence.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: supabase-basket-functions
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "1Gi"
---
# Source: supabase/templates/persistence.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: supabase-basket-imgproxy
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "1Gi"
---
# Source: supabase/templates/persistence.yaml
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: supabase-basket-snippets
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "1Gi"
---
# Source: supabase/templates/persistence.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: supabase-basket-storage
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "1Gi"
---
# Source: supabase/templates/persistence.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: supabase-basket-deno
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "1Gi"
---
# Source: supabase/templates/vector/serviceaccount.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: supabase-basket-reader
rules:
- apiGroups: [""]
resources: ["nodes", "namespaces", "pods"]
verbs: ["list", "watch"]
- apiGroups: [""]
resources: ["pods/log"]
resourceNames:
- supabase-basket-*
verbs: ["get"]
---
# Source: supabase/templates/vector/serviceaccount.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: supabase-basket-view
subjects:
- kind: ServiceAccount
name: supabase-basket-supabase-vector
namespace: supabase-basket
roleRef:
kind: ClusterRole
name: supabase-basket-reader
apiGroup: rbac.authorization.k8s.io
---
# Source: supabase/templates/analytics/service.yaml
apiVersion: v1
kind: Service
metadata:
name: supabase-basket-supabase-analytics
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 4000
targetPort: 4000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: supabase-analytics
app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/auth/service.yaml
apiVersion: v1
kind: Service
metadata:
name: supabase-basket-supabase-auth
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 9999
targetPort: 9999
protocol: TCP
name: http
selector:
app.kubernetes.io/name: supabase-auth
app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/db/service.yaml
apiVersion: v1
kind: Service
metadata:
name: supabase-basket-supabase-db
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 5432
targetPort: 5432
protocol: TCP
name: http
selector:
app.kubernetes.io/name: supabase-db
app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/functions/service.yaml
apiVersion: v1
kind: Service
metadata:
name: supabase-basket-supabase-functions
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 9000
targetPort: 9000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: supabase-functions
app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/imgproxy/service.yaml
apiVersion: v1
kind: Service
metadata:
name: supabase-basket-supabase-imgproxy
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 5001
targetPort: 5001
protocol: TCP
name: http
selector:
app.kubernetes.io/name: supabase-imgproxy
app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/kong/service.yaml
apiVersion: v1
kind: Service
metadata:
name: supabase-basket-supabase-kong
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 8000
targetPort: 8000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: supabase-kong
app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/meta/service.yaml
apiVersion: v1
kind: Service
metadata:
name: supabase-basket-supabase-meta
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 8080
targetPort: 8080
protocol: TCP
name: http
selector:
app.kubernetes.io/name: supabase-meta
app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/realtime/service.yaml
apiVersion: v1
kind: Service
metadata:
name: supabase-basket-supabase-realtime
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 4000
targetPort: 4000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: supabase-realtime
app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/rest/service.yaml
apiVersion: v1
kind: Service
metadata:
name: supabase-basket-supabase-rest
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 3000
targetPort: 3000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: supabase-rest
app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/storage/service.yaml
apiVersion: v1
kind: Service
metadata:
name: supabase-basket-supabase-storage
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 5000
targetPort: 5000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: supabase-storage
app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/studio/service.yaml
apiVersion: v1
kind: Service
metadata:
name: supabase-basket-supabase-studio
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 3000
targetPort: 3000
protocol: TCP
name: http
selector:
app.kubernetes.io/name: supabase-studio
app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/vector/service.yaml
apiVersion: v1
kind: Service
metadata:
name: supabase-basket-supabase-vector
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
type: ClusterIP
ports:
- port: 9001
targetPort: 9001
protocol: TCP
name: http
selector:
app.kubernetes.io/name: supabase-vector
app.kubernetes.io/instance: supabase-basket
---
# Source: supabase/templates/analytics/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: supabase-basket-supabase-analytics
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: supabase-analytics
app.kubernetes.io/instance: supabase-basket
template:
metadata:
labels:
app.kubernetes.io/name: supabase-analytics
app.kubernetes.io/instance: supabase-basket
spec:
serviceAccountName: supabase-basket-supabase-analytics
securityContext:
null
initContainers:
- name: init-db
image: "postgres:15-alpine"
imagePullPolicy: IfNotPresent
env:
- name: DB_HOST
value: "supabase-basket-supabase-db"
- name: DB_PORT
value: "5432"
command: ["/bin/sh", "-c"]
args:
- |
until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres; do
echo "Waiting for database to start..."
sleep 2
done
- echo "Database is ready"
containers:
- name: supabase-analytics
securityContext:
{}
image: "supabase/logflare:1.36.1"
imagePullPolicy: IfNotPresent
env:
- name: DB_DATABASE
value: "_supabase"
- name: DB_DRIVER
value: "postgresql"
- name: DB_SCHEMA
value: "_analytics"
- name: DB_USERNAME
value: "supabase_admin"
- name: LOGFLARE_FEATURE_FLAG_OVERRIDE
value: "multibackend=true"
- name: LOGFLARE_NODE_HOST
value: "127.0.0.1"
- name: LOGFLARE_SINGLE_TENANT
value: "true"
- name: LOGFLARE_SUPABASE_MODE
value: "true"
- name: POSTGRES_BACKEND_SCHEMA
value: "_analytics"
- name: DB_HOSTNAME
value: "supabase-basket-supabase-db"
- name: DB_PORT
value: "5432"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: password
- name: DB_PASSWORD_ENC
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: password_encoded
- name: LOGFLARE_PUBLIC_ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: supabase-basket-analytics
key: publicAccessToken
- name: LOGFLARE_PRIVATE_ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: supabase-basket-analytics
key: privateAccessToken
- name: POSTGRES_BACKEND_URL
value: $(DB_DRIVER)://$(DB_USERNAME):$(DB_PASSWORD_ENC)@$(DB_HOSTNAME):$(DB_PORT)/$(DB_DATABASE)
ports:
- containerPort: 4000
protocol: TCP
---
# Source: supabase/templates/auth/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: supabase-basket-supabase-auth
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: supabase-auth
app.kubernetes.io/instance: supabase-basket
template:
metadata:
labels:
app.kubernetes.io/name: supabase-auth
app.kubernetes.io/instance: supabase-basket
spec:
serviceAccountName: supabase-basket-supabase-auth
securityContext:
null
initContainers:
- name: init-db
image: "postgres:15-alpine"
imagePullPolicy: IfNotPresent
env:
- name: DB_HOST
value: "supabase-basket-supabase-db"
- name: DB_PORT
value: "5432"
command: ["/bin/sh", "-c"]
args:
- |
until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres; do
echo "Waiting for database to start..."
sleep 2
done
- echo "Database is ready"
containers:
- name: supabase-auth
securityContext:
{}
image: "supabase/gotrue:v2.186.0"
imagePullPolicy: IfNotPresent
env:
- name: API_EXTERNAL_URL
value: "http://supabase.local"
- name: DB_DRIVER
value: "postgres"
- name: DB_SSL
value: "disable"
- name: DB_USER
value: "supabase_auth_admin"
- name: GOTRUE_API_HOST
value: "0.0.0.0"
- name: GOTRUE_API_PORT
value: "9999"
- name: GOTRUE_DISABLE_SIGNUP
value: "false"
- name: GOTRUE_EXTERNAL_ANONYMOUS_USERS_ENABLED
value: "false"
- name: GOTRUE_EXTERNAL_EMAIL_ENABLED
value: "true"
- name: GOTRUE_EXTERNAL_PHONE_ENABLED
value: "false"
- name: GOTRUE_JWT_ADMIN_ROLES
value: "service_role"
- name: GOTRUE_JWT_AUD
value: "authenticated"
- name: GOTRUE_JWT_DEFAULT_GROUP_NAME
value: "authenticated"
- name: GOTRUE_JWT_EXP
value: "3600"
- name: GOTRUE_MAILER_AUTOCONFIRM
value: "true"
- name: GOTRUE_MAILER_URLPATHS_CONFIRMATION
value: "/auth/v1/verify"
- name: GOTRUE_MAILER_URLPATHS_EMAIL_CHANGE
value: "/auth/v1/verify"
- name: GOTRUE_MAILER_URLPATHS_INVITE
value: "/auth/v1/verify"
- name: GOTRUE_MAILER_URLPATHS_RECOVERY
value: "/auth/v1/verify"
- name: GOTRUE_SITE_URL
value: "http://supabase.local"
- name: GOTRUE_SMS_AUTOCONFIRM
value: "false"
- name: GOTRUE_SMTP_ADMIN_EMAIL
value: "SMTP_ADMIN_MAIL"
- name: GOTRUE_SMTP_HOST
value: "SMTP_HOST"
- name: GOTRUE_SMTP_PORT
value: "123"
- name: GOTRUE_SMTP_SENDER_NAME
value: "SMTP_SENDER_NAME"
- name: GOTRUE_URI_ALLOW_LIST
value: "*"
- name: DB_HOST
value: "supabase-basket-supabase-db"
- name: DB_PORT
value: "5432"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: password
- name: DB_PASSWORD_ENC
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: password_encoded
- name: DB_NAME
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: database
- name: GOTRUE_DB_DATABASE_URL
value: $(DB_DRIVER)://$(DB_USER):$(DB_PASSWORD_ENC)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=$(DB_SSL)
- name: GOTRUE_DB_DRIVER
value: $(DB_DRIVER)
- name: GOTRUE_JWT_SECRET
valueFrom:
secretKeyRef:
name: supabase-basket-jwt
key: secret
- name: GOTRUE_SMTP_USER
valueFrom:
secretKeyRef:
name: supabase-basket-smtp
key: username
- name: GOTRUE_SMTP_PASS
valueFrom:
secretKeyRef:
name: supabase-basket-smtp
key: password
ports:
- name: http
containerPort: 9999
protocol: TCP
---
# Source: supabase/templates/functions/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: supabase-basket-supabase-functions
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: supabase-functions
app.kubernetes.io/instance: supabase-basket
template:
metadata:
labels:
app.kubernetes.io/name: supabase-functions
app.kubernetes.io/instance: supabase-basket
spec:
serviceAccountName: supabase-basket-supabase-functions
securityContext:
null
containers:
- args:
- start
- --main-service
- /home/deno/functions/main
name: supabase-functions
securityContext:
{}
image: "supabase/edge-runtime:v1.71.2"
imagePullPolicy: IfNotPresent
env:
- name: DB_DRIVER
value: "postgresql"
- name: DB_SSL
value: "disable"
- name: DB_USERNAME
value: "postgres"
- name: VERIFY_JWT
value: "false"
- name: SUPABASE_URL
value: http://supabase-basket-supabase-kong:8000
- name: DB_HOSTNAME
value: "supabase-basket-supabase-db"
- name: DB_PORT
value: "5432"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: password
- name: DB_PASSWORD_ENC
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: password_encoded
- name: DB_DATABASE
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: database
- name: JWT_SECRET
valueFrom:
secretKeyRef:
name: supabase-basket-jwt
key: secret
- name: SUPABASE_ANON_KEY
valueFrom:
secretKeyRef:
name: supabase-basket-jwt
key: anonKey
- name: SUPABASE_SERVICE_ROLE_KEY
valueFrom:
secretKeyRef:
name: supabase-basket-jwt
key: serviceKey
- name: SUPABASE_PUBLISHABLE_KEY
valueFrom:
secretKeyRef:
name: supabase-basket-apikey
key: publishableKey
- name: SUPABASE_SECRET_KEY
valueFrom:
secretKeyRef:
name: supabase-basket-apikey
key: secretKey
- name: SUPABASE_PUBLISHABLE_KEYS
value: '{"default":"$(SUPABASE_PUBLISHABLE_KEY)"}'
- name: SUPABASE_SECRET_KEYS
value: '{"default":"$(SUPABASE_SECRET_KEY)"}'
- name: SUPABASE_DB_URL
value: $(DB_DRIVER)://$(DB_USERNAME):$(DB_PASSWORD_ENC)@$(DB_HOSTNAME):$(DB_PORT)/$(DB_DATABASE)?search_path=auth&sslmode=$(DB_SSL)
volumeMounts:
- name: functions-storage
mountPath: /home/deno/functions
- name: deno-cache
mountPath: /root/.cache/deno
- mountPath: /home/deno/functions/main/index.ts
name: functions-main
subPath: index.ts
volumes:
- name: functions-storage
persistentVolumeClaim:
claimName: supabase-basket-functions
- name: deno-cache
persistentVolumeClaim:
claimName: supabase-basket-deno
- name: functions-main
configMap:
name: supabase-basket-supabase-functions-main
---
# Source: supabase/templates/imgproxy/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: supabase-basket-supabase-imgproxy
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: supabase-imgproxy
app.kubernetes.io/instance: supabase-basket
template:
metadata:
labels:
app.kubernetes.io/name: supabase-imgproxy
app.kubernetes.io/instance: supabase-basket
spec:
serviceAccountName: supabase-basket-supabase-imgproxy
securityContext:
null
containers:
- name: supabase-imgproxy
securityContext:
{}
image: "darthsim/imgproxy:v3.30.1"
imagePullPolicy: IfNotPresent
env:
- name: IMGPROXY_BIND
value: ":5001"
- name: IMGPROXY_ENABLE_WEBP_DETECTION
value: "true"
- name: IMGPROXY_LOCAL_FILESYSTEM_ROOT
value: "/"
- name: IMGPROXY_USE_ETAG
value: "true"
ports:
- name: http
containerPort: 8080
protocol: TCP
volumeMounts:
- mountPath: /var/lib/storage
name: imgproxy-volume
volumes:
- name: imgproxy-volume
persistentVolumeClaim:
claimName: supabase-basket-imgproxy
---
# Source: supabase/templates/kong/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: supabase-basket-supabase-kong
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: supabase-kong
app.kubernetes.io/instance: supabase-basket
template:
metadata:
labels:
app.kubernetes.io/name: supabase-kong
app.kubernetes.io/instance: supabase-basket
spec:
serviceAccountName: supabase-basket-supabase-kong
securityContext:
null
containers:
- name: supabase-kong
securityContext:
{}
image: "kong/kong:3.9.1"
imagePullPolicy: IfNotPresent
command: ["/bin/bash"]
args: ["/scripts/kong-entrypoint.sh"]
env:
- name: KONG_DATABASE
value: "off"
- name: KONG_DECLARATIVE_CONFIG
value: "/usr/local/kong/kong.yml"
- name: KONG_DNS_ORDER
value: "LAST,A,CNAME"
- name: KONG_LOG_LEVEL
value: "warn"
- name: KONG_NGINX_PROXY_PROXY_BUFFERS
value: "64 160k"
- name: KONG_NGINX_PROXY_PROXY_BUFFER_SIZE
value: "160k"
- name: KONG_PLUGINS
value: "request-transformer,cors,key-auth,acl,basic-auth,post-function"
- name: SUPABASE_ANON_KEY
valueFrom:
secretKeyRef:
name: supabase-basket-jwt
key: anonKey
- name: SUPABASE_SERVICE_KEY
valueFrom:
secretKeyRef:
name: supabase-basket-jwt
key: serviceKey
- name: SUPABASE_PUBLISHABLE_KEY
valueFrom:
secretKeyRef:
name: supabase-basket-apikey
key: publishableKey
- name: SUPABASE_SECRET_KEY
valueFrom:
secretKeyRef:
name: supabase-basket-apikey
key: secretKey
- name: ANON_KEY_ASYMMETRIC
valueFrom:
secretKeyRef:
name: supabase-basket-apikey
key: anonKeyAsymmetric
- name: SERVICE_ROLE_KEY_ASYMMETRIC
valueFrom:
secretKeyRef:
name: supabase-basket-apikey
key: serviceRoleKeyAsymmetric
- name: DASHBOARD_USERNAME
valueFrom:
secretKeyRef:
name: supabase-basket-dashboard
key: username
- name: DASHBOARD_PASSWORD
valueFrom:
secretKeyRef:
name: supabase-basket-dashboard
key: password
ports:
- name: http
containerPort: 8000
protocol: TCP
volumeMounts:
- mountPath: /usr/local/kong/template.yml
name: config
subPath: template.yml
- mountPath: /scripts
name: wrapper
volumes:
- name: config
configMap:
name: supabase-basket-supabase-kong
defaultMode: 0777
items:
- key: kong.yml
path: template.yml
- name: wrapper
configMap:
name: supabase-basket-supabase-kong
defaultMode: 0777
items:
- key: kong-entrypoint.sh
path: kong-entrypoint.sh
---
# Source: supabase/templates/meta/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: supabase-basket-supabase-meta
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: supabase-meta
app.kubernetes.io/instance: supabase-basket
template:
metadata:
labels:
app.kubernetes.io/name: supabase-meta
app.kubernetes.io/instance: supabase-basket
spec:
serviceAccountName: supabase-basket-supabase-meta
securityContext:
null
containers:
- name: supabase-meta
securityContext:
{}
image: "supabase/postgres-meta:v0.96.3"
imagePullPolicy: IfNotPresent
env:
- name: DB_DRIVER
value: "postgres"
- name: DB_SSL
value: "disable"
- name: DB_USER
value: "supabase_admin"
- name: PG_META_PORT
value: "8080"
- name: DB_HOST
value: "supabase-basket-supabase-db"
- name: DB_PORT
value: "5432"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: database
- name: PG_META_DB_HOST
value: $(DB_HOST)
- name: PG_META_DB_PORT
value: $(DB_PORT)
- name: PG_META_DB_NAME
value: $(DB_NAME)
- name: PG_META_DB_USER
value: $(DB_USER)
- name: PG_META_DB_PASSWORD
value: $(DB_PASSWORD)
- name: PG_META_DB_SSL_MODE
value: $(DB_SSL)
- name: CRYPTO_KEY
valueFrom:
secretKeyRef:
name: supabase-basket-meta
key: cryptoKey
ports:
- name: http
containerPort: 8080
protocol: TCP
---
# Source: supabase/templates/realtime/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: supabase-basket-supabase-realtime
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: supabase-realtime
app.kubernetes.io/instance: supabase-basket
template:
metadata:
labels:
app.kubernetes.io/name: supabase-realtime
app.kubernetes.io/instance: supabase-basket
spec:
serviceAccountName: supabase-basket-supabase-realtime
securityContext:
null
initContainers:
- name: init-db
image: "postgres:15-alpine"
imagePullPolicy: IfNotPresent
env:
- name: DB_HOST
value: "supabase-basket-supabase-db"
- name: DB_PORT
value: "5432"
command: ["/bin/sh", "-c"]
args:
- |
until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres; do
echo "Waiting for database to start..."
sleep 2
done
- echo "Database is ready"
containers:
- name: supabase-realtime
securityContext:
{}
image: "supabase/realtime:v2.76.5"
imagePullPolicy: IfNotPresent
command: ["/bin/sh"]
args: ["-c", "/app/bin/migrate && /app/bin/realtime eval 'Realtime.Release.seeds(Realtime.Repo)' && /app/bin/server"]
env:
- name: APP_NAME
value: "realtime"
- name: DB_AFTER_CONNECT_QUERY
value: "SET search_path TO _realtime"
- name: DB_ENC_KEY
value: "supabaserealtime"
- name: DB_SSL
value: "false"
- name: DB_USER
value: "supabase_admin"
- name: DNS_NODES
value: "''"
- name: ENABLE_TAILSCALE
value: "false"
- name: ERL_AFLAGS
value: "-proto_dist inet_tcp"
- name: FLY_ALLOC_ID
value: "fly123"
- name: FLY_APP_NAME
value: "realtime"
- name: PORT
value: "4000"
- name: RLIMIT_NOFILE
value: "10000"
- name: RUN_JANITOR
value: "true"
- name: SEED_SELF_HOST
value: "true"
- name: DB_HOST
value: "supabase-basket-supabase-db"
- name: DB_PORT
value: "5432"
- name: SELF_HOST_TENANT_NAME
value: supabase-basket-supabase-realtime
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: password
- name: DB_NAME
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: database
- name: JWT_SECRET
valueFrom:
secretKeyRef:
name: supabase-basket-jwt
key: secret
- name: API_JWT_SECRET
valueFrom:
secretKeyRef:
name: supabase-basket-jwt
key: secret
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
name: supabase-basket-realtime
key: secretKeyBase
ports:
- name: http
containerPort: 4000
protocol: TCP
---
# Source: supabase/templates/rest/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: supabase-basket-supabase-rest
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: supabase-rest
app.kubernetes.io/instance: supabase-basket
template:
metadata:
labels:
app.kubernetes.io/name: supabase-rest
app.kubernetes.io/instance: supabase-basket
spec:
serviceAccountName: supabase-basket-supabase-rest
securityContext:
null
initContainers:
- name: init-db
image: "postgres:15-alpine"
imagePullPolicy: IfNotPresent
env:
- name: DB_HOST
value: "supabase-basket-supabase-db"
- name: DB_PORT
value: "5432"
command: ["/bin/sh", "-c"]
args:
- |
until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres; do
echo "Waiting for database to start..."
sleep 2
done
- echo "Database is ready"
containers:
- name: supabase-rest
securityContext:
{}
image: "postgrest/postgrest:v14.8"
imagePullPolicy: IfNotPresent
env:
- name: DB_DRIVER
value: "postgres"
- name: DB_SSL
value: "disable"
- name: DB_USER
value: "authenticator"
- name: PGRST_APP_SETTINGS_JWT_EXP
value: "3600"
- name: PGRST_DB_ANON_ROLE
value: "anon"
- name: PGRST_DB_SCHEMAS
value: "public,storage,graphql_public"
- name: PGRST_DB_USE_LEGACY_GUCS
value: "false"
- name: DB_HOST
value: "supabase-basket-supabase-db"
- name: DB_PORT
value: "5432"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: password
- name: DB_PASSWORD_ENC
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: password_encoded
- name: DB_NAME
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: database
- name: PGRST_DB_URI
value: $(DB_DRIVER)://$(DB_USER):$(DB_PASSWORD_ENC)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=$(DB_SSL)
- name: PGRST_JWT_SECRET
valueFrom:
secretKeyRef:
name: supabase-basket-jwt
key: secret
- name: PGRST_APP_SETTINGS_JWT_SECRET
valueFrom:
secretKeyRef:
name: supabase-basket-jwt
key: secret
ports:
- name: http
containerPort: 3000
protocol: TCP
---
# Source: supabase/templates/storage/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: supabase-basket-supabase-storage
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: supabase-storage
app.kubernetes.io/instance: supabase-basket
template:
metadata:
labels:
app.kubernetes.io/name: supabase-storage
app.kubernetes.io/instance: supabase-basket
spec:
restartPolicy: Always
serviceAccountName: supabase-basket-supabase-storage
securityContext:
null
initContainers:
- name: init-db
image: "postgres:15-alpine"
imagePullPolicy: IfNotPresent
env:
- name: DB_HOST
value: "supabase-basket-supabase-db"
- name: DB_PORT
value: "5432"
command: ["/bin/sh", "-c"]
args:
- |
until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres; do
echo "Waiting for database to start..."
sleep 2
done
- echo "Database is ready"
containers:
- name: supabase-storage
securityContext:
{}
image: "supabase/storage-api:v1.48.26"
imagePullPolicy: IfNotPresent
env:
- name: DB_DRIVER
value: "postgres"
- name: DB_SSL
value: "disable"
- name: DB_USER
value: "supabase_storage_admin"
- name: ENABLE_IMAGE_TRANSFORMATION
value: "true"
- name: FILE_SIZE_LIMIT
value: "52428800"
- name: FILE_STORAGE_BACKEND_PATH
value: "/var/lib/storage"
- name: GLOBAL_S3_BUCKET
value: "stub"
- name: REGION
value: "stub"
- name: REQUEST_ALLOW_X_FORWARDED_PATH
value: "true"
- name: TENANT_ID
value: "stub"
# 2. Now handle STORAGE_BACKEND specifically
- name: STORAGE_BACKEND
value: "file"
- name: DB_HOST
value: "supabase-basket-supabase-db"
- name: DB_PORT
value: "5432"
- name: POSTGREST_URL
value: http://supabase-basket-supabase-rest:3000
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: password
- name: DB_PASSWORD_ENC
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: password_encoded
- name: DB_NAME
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: database
- name: DATABASE_URL
value: $(DB_DRIVER)://$(DB_USER):$(DB_PASSWORD_ENC)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=$(DB_SSL)
- name: PGRST_JWT_SECRET
valueFrom:
secretKeyRef:
name: supabase-basket-jwt
key: secret
- name: AUTH_JWT_SECRET
valueFrom:
secretKeyRef:
name: supabase-basket-jwt
key: secret
- name: ANON_KEY
valueFrom:
secretKeyRef:
name: supabase-basket-jwt
key: anonKey
- name: SERVICE_KEY
valueFrom:
secretKeyRef:
name: supabase-basket-jwt
key: serviceKey
- name: S3_PROTOCOL_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: supabase-basket-s3
key: keyId
- name: S3_PROTOCOL_ACCESS_KEY_SECRET
valueFrom:
secretKeyRef:
name: supabase-basket-s3
key: accessKey
- name: IMGPROXY_URL
value: http://supabase-basket-supabase-imgproxy:5001
ports:
- name: http
containerPort: 5000
protocol: TCP
volumeMounts:
- mountPath: /var/lib/storage
name: storage-data
volumes:
- name: storage-data
persistentVolumeClaim:
claimName: supabase-basket-storage
---
# Source: supabase/templates/studio/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: supabase-basket-supabase-studio
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: supabase-studio
app.kubernetes.io/instance: supabase-basket
template:
metadata:
labels:
app.kubernetes.io/name: supabase-studio
app.kubernetes.io/instance: supabase-basket
spec:
serviceAccountName: supabase-basket-supabase-studio
securityContext:
null
containers:
- name: supabase-studio
securityContext:
{}
image: "supabase/studio:2026.04.08-sha-205cbe7"
imagePullPolicy: IfNotPresent
env:
- name: DEFAULT_ORGANIZATION_NAME
value: "Default Organization"
- name: DEFAULT_PROJECT_NAME
value: "Default Project"
- name: HOSTNAME
value: "::"
- name: NEXT_ANALYTICS_BACKEND_PROVIDER
value: "postgres"
- name: NEXT_PUBLIC_ENABLE_LOGS
value: "true"
- name: POSTGRES_PORT
value: "5432"
- name: STUDIO_PORT
value: "3000"
- name: SUPABASE_PUBLIC_URL
value: "http://supabase.local"
- name: SUPABASE_URL
value: http://supabase-basket-supabase-kong:8000
- name: STUDIO_PG_META_URL
value: http://supabase-basket-supabase-meta:8080
- name: POSTGRES_HOST
value: supabase-basket-supabase-db
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: database
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: password
- name: PG_META_CRYPTO_KEY
valueFrom:
secretKeyRef:
name: supabase-basket-meta
key: cryptoKey
- name: OPENAI_API_KEY
valueFrom:
secretKeyRef:
name: supabase-basket-dashboard
key: openAiApiKey
- name: SUPABASE_ANON_KEY
valueFrom:
secretKeyRef:
name: supabase-basket-jwt
key: anonKey
- name: SUPABASE_SERVICE_KEY
valueFrom:
secretKeyRef:
name: supabase-basket-jwt
key: serviceKey
- name: AUTH_JWT_SECRET
valueFrom:
secretKeyRef:
name: supabase-basket-jwt
key: secret
- name: LOGFLARE_URL
value: http://supabase-basket-supabase-analytics:4000
- name: LOGFLARE_PUBLIC_ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: supabase-basket-analytics
key: publicAccessToken
- name: LOGFLARE_PRIVATE_ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: supabase-basket-analytics
key: privateAccessToken
- name: EDGE_FUNCTIONS_MANAGEMENT_FOLDER
value: /home/deno/functions
- name: SNIPPETS_MANAGEMENT_FOLDER
value: /app/snippets
ports:
- name: http
containerPort: 3000
protocol: TCP
volumeMounts:
- name: functions-storage
mountPath: /home/deno/functions
- name: snippets-storage
mountPath: /app/snippets
volumes:
- name: functions-storage
persistentVolumeClaim:
claimName: supabase-basket-functions
- name: snippets-storage
persistentVolumeClaim:
claimName: supabase-basket-snippets
---
# Source: supabase/templates/vector/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: supabase-basket-supabase-vector
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
vector.dev/exclude: "true"
spec:
selector:
matchLabels:
app.kubernetes.io/name: supabase-vector
app.kubernetes.io/instance: supabase-basket
template:
metadata:
annotations:
checksum/config: bc90c241e29802f5d00dcc778b7af85a514750c581e5d6f00fb1c1cf1c9802d2
labels:
app.kubernetes.io/name: supabase-vector
app.kubernetes.io/instance: supabase-basket
spec:
serviceAccountName: supabase-basket-supabase-vector
securityContext:
null
containers:
- args:
- --config
- /etc/vector/vector.yml
name: supabase-vector
securityContext:
{}
image: "timberio/vector:0.53.0-alpine"
imagePullPolicy: IfNotPresent
env:
- name: VECTOR_SELF_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: LOGFLARE_PUBLIC_ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: supabase-basket-analytics
key: publicAccessToken
ports:
- containerPort: 9001
protocol: TCP
volumeMounts:
- mountPath: /etc/vector/vector.yml
name: vector-config
subPath: vector.yml
- name: varlog
mountPath: /var/log
readOnly: true
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
volumes:
- name: vector-config
configMap:
name: supabase-basket-supabase-vector-config
defaultMode: 0777
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
---
# Source: supabase/templates/db/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: supabase-basket-supabase-db
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
spec:
selector:
matchLabels:
app.kubernetes.io/name: supabase-db
app.kubernetes.io/instance: supabase-basket
serviceName: supabase-basket-supabase-db
template:
metadata:
labels:
app.kubernetes.io/name: supabase-db
app.kubernetes.io/instance: supabase-basket
spec:
serviceAccountName: supabase-basket-supabase-db
securityContext:
null
initContainers:
- name: init-db
image: "supabase/postgres:15.8.1.085"
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args:
- |
echo "Copying init scripts into existing image script directory..."
cp -r /docker-entrypoint-initdb.d/* /initdb.d/
cp /custom-init-scripts/98-webhooks.sql /initdb.d/init-scripts/
cp /custom-init-scripts/99-roles.sql /initdb.d/init-scripts/
cp /custom-init-scripts/99-jwt.sql /initdb.d/init-scripts/
cp /custom-init-scripts/99-logs.sql /initdb.d/migrations/
cp /custom-init-scripts/99-realtime.sql /initdb.d/migrations/
cp /custom-init-scripts/97-_supabase.sql /initdb.d/migrations/
cp /custom-init-scripts/99-pooler.sql /initdb.d/migrations/
echo "Copying user-defined migration scripts..."
cp /custom-migrations/* /initdb.d/migrations/ || echo "Skip migrations"
echo "Initialization scripts are ready"
volumeMounts:
- mountPath: /custom-init-scripts
name: custom-init-scripts
- mountPath: /custom-migrations
name: custom-migrations
- mountPath: /initdb.d
name: initdb-scripts-data
containers:
- name: supabase-db
securityContext:
{}
image: "supabase/postgres:15.8.1.085"
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "pg_ctl -D /var/lib/postgres/data -w -t 60 -m fast stop"]
env:
- name: JWT_EXP
value: "3600"
- name: PGPORT
value: "5432"
- name: POSTGRES_HOST
value: "/var/run/postgresql"
- name: POSTGRES_PORT
value: "5432"
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: password
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: password
- name: PGDATABASE
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: database
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: supabase-basket-db
key: database
- name: JWT_SECRET
valueFrom:
secretKeyRef:
name: supabase-basket-jwt
key: secret
ports:
- name: http
containerPort: 5432
protocol: TCP
volumeMounts:
- mountPath: /docker-entrypoint-initdb.d
name: initdb-scripts-data
- mountPath: /var/lib/postgresql/data
name: postgres-volume
subPath: postgres-data
volumes:
- name: initdb-scripts-data
emptyDir:
medium: ""
- name: custom-init-scripts
configMap:
name: supabase-basket-supabase-db-initdb
- name: custom-migrations
configMap:
name: supabase-basket-supabase-db-migrations
- name: postgres-volume
persistentVolumeClaim:
claimName: supabase-basket-db
---
# Source: supabase/templates/kong/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: supabase-basket-supabase-kong
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: "supabase.local"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: supabase-basket-supabase-kong
port:
number: 8000
---
# Source: supabase/templates/test/analytics.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: supabase-basket-test-analytics
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
annotations:
"helm.sh/hook": test
spec:
ttlSecondsAfterFinished: 100
template:
spec:
containers:
- name: test-analytics
image: kdevup/curljq
imagePullPolicy: IfNotPresent
command:
- /bin/bash
- -c
- |
curl -sfo /dev/null \
http://supabase-basket-supabase-analytics:4000/health
echo "Sevice supabase-basket-supabase-analytics is healthy."
restartPolicy: Never
---
# Source: supabase/templates/test/auth.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: supabase-basket-test-auth
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
annotations:
"helm.sh/hook": test
spec:
ttlSecondsAfterFinished: 100
template:
spec:
containers:
- name: test-auth
image: kdevup/curljq
imagePullPolicy: IfNotPresent
command:
- /bin/bash
- -c
- |
curl -sfo /dev/null \
http://supabase-basket-supabase-auth:9999/health
echo "Sevice supabase-basket-supabase-auth is healthy."
restartPolicy: Never
---
# Source: supabase/templates/test/db.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: supabase-basket-test-db
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
annotations:
"helm.sh/hook": test
spec:
ttlSecondsAfterFinished: 100
template:
spec:
containers:
- command:
- /bin/sh
- -c
- |
pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres || $(echo "\e[0;31mFailed to connect to the database." && exit 1)
echo "Database is ready"
env:
- name: DB_HOST
value: "supabase-basket-supabase-db"
- name: DB_PORT
value: "5432"
image: postgres:15-alpine
imagePullPolicy: IfNotPresent
name: test-db
restartPolicy: Never
---
# Source: supabase/templates/test/imgproxy.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: supabase-basket-test-imgproxy
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
annotations:
"helm.sh/hook": test
spec:
ttlSecondsAfterFinished: 100
template:
spec:
containers:
- name: test-imgproxy
image: kdevup/curljq
imagePullPolicy: IfNotPresent
command:
- /bin/bash
- -c
- |
curl -sfo /dev/null \
http://supabase-basket-supabase-imgproxy:5001/health
echo "Sevice supabase-basket-supabase-imgproxy is healthy."
restartPolicy: Never
---
# Source: supabase/templates/test/kong.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: supabase-basket-test-kong
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
annotations:
"helm.sh/hook": test
spec:
ttlSecondsAfterFinished: 100
template:
spec:
containers:
- env:
- name: DASHBOARD_USERNAME
valueFrom:
secretKeyRef:
name: supabase-basket-dashboard
key: username
- name: DASHBOARD_PASSWORD
valueFrom:
secretKeyRef:
name: supabase-basket-dashboard
key: password
name: test-kong
image: kdevup/curljq
imagePullPolicy: IfNotPresent
command:
- /bin/bash
- -c
- |
echo "Attempting to access dashboard with provided credentials..."
curl -sL --fail \
-o /dev/null \
"http://${DASHBOARD_USERNAME}:${DASHBOARD_PASSWORD}@supabase-basket-supabase-kong:8000" \
|| ( echo -e "\e[0;31mFailed to get a valid response." && exit 1 )
echo "Successfully connected."
restartPolicy: Never
---
# Source: supabase/templates/test/meta.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: supabase-basket-test-meta
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
annotations:
"helm.sh/hook": test
spec:
ttlSecondsAfterFinished: 100
template:
spec:
containers:
- name: test-meta
image: kdevup/curljq
imagePullPolicy: IfNotPresent
command:
- /bin/bash
- -c
- |
curl -sfo /dev/null \
http://supabase-basket-supabase-meta:8080/health
echo "Sevice supabase-basket-supabase-meta is healthy."
restartPolicy: Never
---
# Source: supabase/templates/test/realtime.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: supabase-basket-test-realtime
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
annotations:
"helm.sh/hook": test
spec:
ttlSecondsAfterFinished: 100
template:
spec:
containers:
- name: test-realtime
image: kdevup/curljq
imagePullPolicy: IfNotPresent
command:
- /bin/bash
- -c
- |
curl -sfo /dev/null \
http://supabase-basket-supabase-realtime:4000
echo "Sevice supabase-basket-supabase-realtime is healthy."
restartPolicy: Never
---
# Source: supabase/templates/test/rest.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: supabase-basket-test-rest
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
annotations:
"helm.sh/hook": test
spec:
ttlSecondsAfterFinished: 100
template:
spec:
containers:
- name: test-rest
image: kdevup/curljq
imagePullPolicy: IfNotPresent
command:
- /bin/bash
- -c
- |
curl -sfo /dev/null \
http://supabase-basket-supabase-rest:3000
echo "Sevice supabase-basket-supabase-rest is healthy."
restartPolicy: Never
---
# Source: supabase/templates/test/storage.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: supabase-basket-test-storage
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
annotations:
"helm.sh/hook": test
spec:
ttlSecondsAfterFinished: 100
template:
spec:
containers:
- name: test-storage
image: kdevup/curljq
imagePullPolicy: IfNotPresent
command:
- /bin/bash
- -c
- |
curl -sfo /dev/null \
http://supabase-basket-supabase-storage:5000/status
echo "Sevice supabase-basket-supabase-storage is healthy."
restartPolicy: Never
---
# Source: supabase/templates/test/studio.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: supabase-basket-test-studio
labels:
helm.sh/chart: supabase-0.5.6
app.kubernetes.io/name: supabase
app.kubernetes.io/instance: supabase-basket
app.kubernetes.io/managed-by: Helm
annotations:
"helm.sh/hook": test
spec:
ttlSecondsAfterFinished: 100
template:
spec:
containers:
- name: test-studio
image: kdevup/curljq
imagePullPolicy: IfNotPresent
command:
- /bin/bash
- -c
- |
curl -sfo /dev/null \
http://supabase-basket-supabase-studio:3000/api/profile
echo "Sevice supabase-basket-supabase-studio is healthy."
restartPolicy: Never
Reference in New Issue View Git Blame Copy Permalink