diff --git a/.github/workflows/cd-pipeline.yml b/.github/workflows/cd-pipeline.yml
index 3daddbe564..0584be9de5 100644
--- a/.github/workflows/cd-pipeline.yml
+++ b/.github/workflows/cd-pipeline.yml
@@ -95,6 +95,7 @@ on: # rebuild any PRs and main branch changes
- 'bitnami/spark/**'
- 'bitnami/spring-cloud-dataflow/**'
- 'bitnami/suitecrm/**'
+ - 'bitnami/supabase/**'
- 'bitnami/tensorflow-resnet/**'
- 'bitnami/thanos/**'
- 'bitnami/tomcat/**'
diff --git a/.vib/supabase/cypress/cypress.json b/.vib/supabase/cypress/cypress.json
new file mode 100644
index 0000000000..b107be3633
--- /dev/null
+++ b/.vib/supabase/cypress/cypress.json
@@ -0,0 +1,7 @@
+{
+ "baseUrl": "http://localhost",
+ "env": {
+ "serviceKey": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICAgInJvbGUiOiAic2VydmljZV9yb2xlIiwKICAgICJpc3MiOiAic3VwYWJhc2UiLAogICAgImlhdCI6IDE2NzU0MDA0MDAsCiAgICAiZXhwIjogMTgzMzE2NjgwMAp9.qNsmXzz4tG7eqJPh1Y58DbtIlJBauwpqx39UF-MwM8k"
+ },
+ "responseTimeout": 30000
+}
diff --git a/.vib/supabase/cypress/cypress/fixtures/buckets.json b/.vib/supabase/cypress/cypress/fixtures/buckets.json
new file mode 100644
index 0000000000..6656c121fd
--- /dev/null
+++ b/.vib/supabase/cypress/cypress/fixtures/buckets.json
@@ -0,0 +1,6 @@
+{
+ "newBucket": {
+ "name": "testbucket",
+ "public": true
+ }
+}
diff --git a/.vib/supabase/cypress/cypress/fixtures/files.json b/.vib/supabase/cypress/cypress/fixtures/files.json
new file mode 100644
index 0000000000..bbda56e874
--- /dev/null
+++ b/.vib/supabase/cypress/cypress/fixtures/files.json
@@ -0,0 +1,6 @@
+{
+ "newFile": {
+ "name": "testfile",
+ "content": "itworks"
+ }
+}
diff --git a/.vib/supabase/cypress/cypress/fixtures/schemas.json b/.vib/supabase/cypress/cypress/fixtures/schemas.json
new file mode 100644
index 0000000000..eaefd61703
--- /dev/null
+++ b/.vib/supabase/cypress/cypress/fixtures/schemas.json
@@ -0,0 +1,6 @@
+{
+ "newSchema": {
+ "name": "testschema",
+ "owner": "postgres"
+ }
+}
diff --git a/.vib/supabase/cypress/cypress/fixtures/users.json b/.vib/supabase/cypress/cypress/fixtures/users.json
new file mode 100644
index 0000000000..0c54417dea
--- /dev/null
+++ b/.vib/supabase/cypress/cypress/fixtures/users.json
@@ -0,0 +1,6 @@
+{
+ "newUser": {
+ "email": "thea@mail.com",
+ "password": "someComplicatedPass12345!"
+ }
+}
diff --git a/.vib/supabase/cypress/cypress/integration/supabase_spec.js b/.vib/supabase/cypress/cypress/integration/supabase_spec.js
new file mode 100644
index 0000000000..aa64189039
--- /dev/null
+++ b/.vib/supabase/cypress/cypress/integration/supabase_spec.js
@@ -0,0 +1,142 @@
+///
+import {
+ random
+} from '../support/utils';
+
+/*
+ Out of the possible components, these are the ones that can be tested without
+ having to create a full Supabase development project. Here we check
+
+ - The Authorization service: checking that we can create a user
+ - The Postgres Meta service: checking that we can interact with the database
+ - The Storage service: checking that we can create a bucket
+*/
+
+it('can create a user and generate a token to it (auth)', () => {
+ // Source: https://github.com/netlify/gotrue
+ cy.fixture('users').then((users) => {
+ const userPayload = {
+ email: `${random}${users.newUser.email}`,
+ password: `${users.newUser.password}-${random}`,
+ };
+ cy.request({
+ method: 'POST',
+ headers: { apikey: Cypress.env('serviceKey') },
+ url: '/auth/v1/signup',
+ body: userPayload,
+ }).then((response) => {
+ expect(response.status).to.eq(200);
+ expect(JSON.stringify(response.body)).to.have.string(userPayload.email);
+ });
+
+ cy.request({
+ method: 'POST',
+ headers: { apikey: Cypress.env('serviceKey') },
+ // This one works with URL parameters, not with a body
+ url: '/auth/v1/token',
+ qs: {
+ grant_type: 'password',
+ username: userPayload.email,
+ password: userPayload.password,
+ },
+ }).then((response) => {
+ expect(response.status).to.eq(200);
+ expect(JSON.stringify(response.body)).to.have.string('access_token');
+ });
+ });
+});
+
+it('can create a schema and it appears on the list of schemas (meta)', () => {
+ // Source: https://supabase.github.io/postgres-meta/
+ cy.fixture('schemas').then((schemas) => {
+ const schemaPayload = {
+ name: `${schemas.newSchema.name}${random}`,
+ owner: schemas.newSchema.owner,
+ };
+ cy.request({
+ method: 'POST',
+ headers: { apikey: Cypress.env('serviceKey') },
+ url: '/pg/schemas',
+ body: schemaPayload,
+ }).then((response) => {
+ expect(response.status).to.eq(200);
+ expect(JSON.stringify(response.body)).to.have.string(schemaPayload.name);
+ });
+
+ cy.request({
+ method: 'GET',
+ headers: { apikey: Cypress.env('serviceKey') },
+ url: '/pg/schemas',
+ }).then((response) => {
+ expect(response.status).to.eq(200);
+ expect(JSON.stringify(response.body)).to.have.string(schemaPayload.name);
+ });
+ });
+});
+
+it('can create a bucket and upload a file (storage)', () => {
+ // Source: https://github.com/supabase/storage-api
+ cy.fixture('buckets').then((buckets) => {
+ const bucketPayload = {
+ id: `${buckets.newBucket.name}${random}`,
+ name: `${buckets.newBucket.name}${random}`,
+ public: buckets.newBucket.public,
+ };
+ cy.request({
+ method: 'POST',
+ headers: {
+ apikey: Cypress.env('serviceKey'),
+ Authorization: `Bearer ${Cypress.env('serviceKey')}`,
+ },
+ url: '/storage/v1/bucket',
+ body: bucketPayload,
+ }).then((response) => {
+ expect(response.status).to.eq(200);
+ expect(JSON.stringify(response.body)).to.have.string(bucketPayload.id);
+ });
+
+ cy.request({
+ method: 'GET',
+ headers: {
+ apikey: Cypress.env('serviceKey'),
+ Authorization: `Bearer ${Cypress.env('serviceKey')}`,
+ },
+ url: '/storage/v1/bucket',
+ body: bucketPayload,
+ }).then((response) => {
+ expect(response.status).to.eq(200);
+ expect(JSON.stringify(response.body)).to.have.string(bucketPayload.id);
+ });
+
+ cy.fixture('files').then((files) => {
+ const filePayload = {
+ name: `${files.newFile.name}${random}`,
+ content: `${random}_${files.newFile.content}`,
+ };
+ cy.request({
+ method: 'POST',
+ headers: {
+ apikey: Cypress.env('serviceKey'),
+ Authorization: `Bearer ${Cypress.env('serviceKey')}`,
+ },
+ url: `/storage/v1/object/${bucketPayload.id}/${filePayload.name}`,
+ body: filePayload.content,
+ }).then((response) => {
+ expect(response.status).to.eq(200);
+ expect(JSON.stringify(response.body)).to.have.string(`${bucketPayload.id}/${filePayload.name}`);
+ });
+
+ cy.request({
+ method: 'GET',
+ headers: {
+ apikey: Cypress.env('serviceKey'),
+ Authorization: `Bearer ${Cypress.env('serviceKey')}`,
+ },
+ url: `/storage/v1/object/${bucketPayload.id}/${filePayload.name}`,
+ }).then((response) => {
+ expect(response.status).to.eq(200);
+ expect(JSON.stringify(response.body)).to.have.string(filePayload.content);
+ });
+ });
+ });
+});
diff --git a/.vib/supabase/cypress/cypress/support/utils.js b/.vib/supabase/cypress/cypress/support/utils.js
new file mode 100644
index 0000000000..f0217c9773
--- /dev/null
+++ b/.vib/supabase/cypress/cypress/support/utils.js
@@ -0,0 +1,3 @@
+///
+
+export let random = (Math.random() + 1).toString(36).substring(7);
diff --git a/.vib/supabase/goss/goss.yaml b/.vib/supabase/goss/goss.yaml
new file mode 100644
index 0000000000..183c6cd5bd
--- /dev/null
+++ b/.vib/supabase/goss/goss.yaml
@@ -0,0 +1,29 @@
+http:
+ http://supabase-auth:{{ .Vars.auth.service.ports.http }}/health:
+ status: 200
+ http://supabase-meta:{{ .Vars.meta.service.ports.http }}/health:
+ status: 200
+ http://supabase-realtime:{{ .Vars.realtime.service.ports.http }}/:
+ status: 200
+ http://supabase-rest:{{ .Vars.rest.service.ports.http }}/:
+ status: 200
+ http://supabase-storage:{{ .Vars.storage.service.ports.http }}/status:
+ status: 200
+ http://supabase-studio:{{ .Vars.studio.service.ports.http }}/:
+ status: 200
+
+file:
+ {{- $mount := index .Vars.kong.kong.extraVolumeMounts 0 }}
+ {{ $mount.mountPath }}/kong.yml:
+ exists: true
+ filetype: file
+ mode: '0644'
+ # Supabase Studio is not included in the declarative Kong configuration, so we don't check for it here.
+ contains:
+ - /http://supabase-auth:{{ .Vars.auth.service.ports.http }}/
+ - /http://supabase-meta:{{ .Vars.meta.service.ports.http }}/
+ - /http://supabase-realtime:{{ .Vars.realtime.service.ports.http }}/
+ - /http://supabase-rest:{{ .Vars.rest.service.ports.http }}/
+ - /http://supabase-storage:{{ .Vars.storage.service.ports.http }}/
+ - /key.*{{ .Vars.jwt.anonKey }}/
+ - /key.*{{ .Vars.jwt.serviceKey }}/
diff --git a/.vib/supabase/goss/vars.yaml b/.vib/supabase/goss/vars.yaml
new file mode 100644
index 0000000000..853c75025e
--- /dev/null
+++ b/.vib/supabase/goss/vars.yaml
@@ -0,0 +1,34 @@
+jwt:
+ anonKey: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICAgInJvbGUiOiAiYW5vbiIsCiAgICAiaXNzIjogInN1cGFiYXNlIiwKICAgICJpYXQiOiAxNjc1NDAwNDAwLAogICAgImV4cCI6IDE4MzMxNjY4MDAKfQ.ztuiBzjaVoFHmoljUXWmnuDN6QU2WgJICeqwyzyZO88"
+ serviceKey: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICAgInJvbGUiOiAic2VydmljZV9yb2xlIiwKICAgICJpc3MiOiAic3VwYWJhc2UiLAogICAgImlhdCI6IDE2NzU0MDA0MDAsCiAgICAiZXhwIjogMTgzMzE2NjgwMAp9.qNsmXzz4tG7eqJPh1Y58DbtIlJBauwpqx39UF-MwM8k"
+
+auth:
+ service:
+ ports:
+ http: 2222
+meta:
+ service:
+ ports:
+ http: 2223
+realtime:
+ service:
+ ports:
+ http: 2224
+rest:
+ service:
+ ports:
+ http: 2225
+storage:
+ service:
+ ports:
+ http: 2226
+studio:
+ service:
+ ports:
+ http: 2227
+
+kong:
+ kong:
+ extraVolumeMounts:
+ - name: rendered-declarative-conf
+ mountPath: /bitnami/kong/declarative-conf
diff --git a/.vib/supabase/vib-publish.json b/.vib/supabase/vib-publish.json
new file mode 100644
index 0000000000..36a572623d
--- /dev/null
+++ b/.vib/supabase/vib-publish.json
@@ -0,0 +1,86 @@
+{
+ "phases": {
+ "package": {
+ "context": {
+ "resources": {
+ "url": "{SHA_ARCHIVE}",
+ "path": "/bitnami/supabase"
+ }
+ },
+ "actions": [
+ {
+ "action_id": "helm-package"
+ },
+ {
+ "action_id": "helm-lint"
+ }
+ ]
+ },
+ "verify": {
+ "context": {
+ "resources": {
+ "url": "{SHA_ARCHIVE}",
+ "path": "/bitnami/supabase"
+ },
+ "runtime_parameters": "and0OgogIHNlY3JldDogImFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MTIzNDU2IgogIGFub25LZXk6ICJleUpoYkdjaU9pSklVekkxTmlJc0luUjVjQ0k2SWtwWFZDSjkuZXdvZ0lDQWdJbkp2YkdVaU9pQWlZVzV2YmlJc0NpQWdJQ0FpYVhOeklqb2dJbk4xY0dGaVlYTmxJaXdLSUNBZ0lDSnBZWFFpT2lBeE5qYzFOREF3TkRBd0xBb2dJQ0FnSW1WNGNDSTZJREU0TXpNeE5qWTRNREFLZlEuenR1aUJ6amFWb0ZIbW9salVYV21udURONlFVMldnSklDZXF3eXp5Wk84OCIKICBzZXJ2aWNlS2V5OiAiZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV3b2dJQ0FnSW5KdmJHVWlPaUFpYzJWeWRtbGpaVjl5YjJ4bElpd0tJQ0FnSUNKcGMzTWlPaUFpYzNWd1lXSmhjMlVpTEFvZ0lDQWdJbWxoZENJNklERTJOelUwTURBME1EQXNDaUFnSUNBaVpYaHdJam9nTVRnek16RTJOamd3TUFwOS5xTnNtWHp6NHRHN2VxSlBoMVk1OERidElsSkJhdXdwcXgzOVVGLU13TThrIgoKYXV0aDoKICBzZXJ2aWNlOgogICAgcG9ydHM6CiAgICAgIGh0dHA6IDIyMjIKbWV0YToKICBzZXJ2aWNlOgogICAgcG9ydHM6CiAgICAgIGh0dHA6IDIyMjMKcmVhbHRpbWU6CiAgc2VydmljZToKICAgIHBvcnRzOgogICAgICBodHRwOiAyMjI0CnJlc3Q6CiAgc2VydmljZToKICAgIHBvcnRzOgogICAgICBodHRwOiAyMjI1CnN0b3JhZ2U6CiAgc2VydmljZToKICAgIHBvcnRzOgogICAgICBodHRwOiAyMjI2CnN0dWRpbzoKICBzZXJ2aWNlOgogICAgcG9ydHM6CiAgICAgIGh0dHA6IDIyMjcKCmtvbmc6CiAgc2VydmljZToKICAgIHBvcnRzOgogICAgICBwcm94eUh0dHA6IDgwCiAga29uZzoKICAgIGV4dHJhVm9sdW1lTW91bnRzOgogICAgICAtIG5hbWU6IHJlbmRlcmVkLWRlY2xhcmF0aXZlLWNvbmYKICAgICAgICBtb3VudFBhdGg6IC9iaXRuYW1pL2tvbmcvZGVjbGFyYXRpdmUtY29uZi8KICAgIGV4dHJhRW52VmFyczoKICAgICAgLSBuYW1lOiBLT05HX0RFQ0xBUkFUSVZFX0NPTkZJRwogICAgICAgIHZhbHVlOiAiL2JpdG5hbWkva29uZy9kZWNsYXJhdGl2ZS1jb25mL2tvbmcueW1sIgogICAgICAtIG5hbWU6IEtPTkdfRE5TX09SREVSCiAgICAgICAgdmFsdWU6IExBU1QsQSxDTkFNRQogICAgICAtIG5hbWU6IEtPTkdfUExVR0lOUwogICAgICAgIHZhbHVlOiByZXF1ZXN0LXRyYW5zZm9ybWVyLGNvcnMsa2V5LWF1dGgsYWNsCg==",
+ "target_platform": {
+ "target_platform_id": "{VIB_ENV_TARGET_PLATFORM}",
+ "size": {
+ "name": "M4"
+ }
+ }
+ },
+ "actions": [
+ {
+ "action_id": "health-check",
+ "params": {
+ "endpoint": "lb-supabase-kong-http-proxy",
+ "app_protocol": "HTTP"
+ }
+ },
+ {
+ "action_id": "goss",
+ "params": {
+ "resources": {
+ "path": "/.vib/supabase/goss"
+ },
+ "remote": {
+ "pod": {
+ "workload": "deploy-supabase-kong"
+ }
+ },
+ "vars_file": "vars.yaml"
+ }
+ },
+ {
+ "action_id": "cypress",
+ "params": {
+ "resources": {
+ "path": "/.vib/supabase/cypress"
+ },
+ "endpoint": "lb-supabase-kong-http-proxy",
+ "app_protocol": "HTTP",
+ "env": {
+ "serviceKey": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICAgInJvbGUiOiAic2VydmljZV9yb2xlIiwKICAgICJpc3MiOiAic3VwYWJhc2UiLAogICAgImlhdCI6IDE2NzU0MDA0MDAsCiAgICAiZXhwIjogMTgzMzE2NjgwMAp9.qNsmXzz4tG7eqJPh1Y58DbtIlJBauwpqx39UF-MwM8k"
+ }
+ }
+ }
+ ]
+ },
+ "publish": {
+ "actions": [
+ {
+ "action_id": "helm-publish",
+ "params": {
+ "repository": {
+ "kind": "S3",
+ "url": "{VIB_ENV_S3_URL}",
+ "username": "{VIB_ENV_S3_USERNAME}",
+ "password": "{VIB_ENV_S3_PASSWORD}"
+ }
+ }
+ }
+ ]
+ }
+ }
+}
diff --git a/.vib/supabase/vib-verify.json b/.vib/supabase/vib-verify.json
new file mode 100644
index 0000000000..40992c4841
--- /dev/null
+++ b/.vib/supabase/vib-verify.json
@@ -0,0 +1,69 @@
+{
+ "phases": {
+ "package": {
+ "context": {
+ "resources": {
+ "url": "{SHA_ARCHIVE}",
+ "path": "/bitnami/supabase"
+ }
+ },
+ "actions": [
+ {
+ "action_id": "helm-package"
+ },
+ {
+ "action_id": "helm-lint"
+ }
+ ]
+ },
+ "verify": {
+ "context": {
+ "resources": {
+ "url": "{SHA_ARCHIVE}",
+ "path": "/bitnami/supabase"
+ },
+ "runtime_parameters": "and0OgogIHNlY3JldDogImFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MTIzNDU2IgogIGFub25LZXk6ICJleUpoYkdjaU9pSklVekkxTmlJc0luUjVjQ0k2SWtwWFZDSjkuZXdvZ0lDQWdJbkp2YkdVaU9pQWlZVzV2YmlJc0NpQWdJQ0FpYVhOeklqb2dJbk4xY0dGaVlYTmxJaXdLSUNBZ0lDSnBZWFFpT2lBeE5qYzFOREF3TkRBd0xBb2dJQ0FnSW1WNGNDSTZJREU0TXpNeE5qWTRNREFLZlEuenR1aUJ6amFWb0ZIbW9salVYV21udURONlFVMldnSklDZXF3eXp5Wk84OCIKICBzZXJ2aWNlS2V5OiAiZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV3b2dJQ0FnSW5KdmJHVWlPaUFpYzJWeWRtbGpaVjl5YjJ4bElpd0tJQ0FnSUNKcGMzTWlPaUFpYzNWd1lXSmhjMlVpTEFvZ0lDQWdJbWxoZENJNklERTJOelUwTURBME1EQXNDaUFnSUNBaVpYaHdJam9nTVRnek16RTJOamd3TUFwOS5xTnNtWHp6NHRHN2VxSlBoMVk1OERidElsSkJhdXdwcXgzOVVGLU13TThrIgoKYXV0aDoKICBzZXJ2aWNlOgogICAgcG9ydHM6CiAgICAgIGh0dHA6IDIyMjIKbWV0YToKICBzZXJ2aWNlOgogICAgcG9ydHM6CiAgICAgIGh0dHA6IDIyMjMKcmVhbHRpbWU6CiAgc2VydmljZToKICAgIHBvcnRzOgogICAgICBodHRwOiAyMjI0CnJlc3Q6CiAgc2VydmljZToKICAgIHBvcnRzOgogICAgICBodHRwOiAyMjI1CnN0b3JhZ2U6CiAgc2VydmljZToKICAgIHBvcnRzOgogICAgICBodHRwOiAyMjI2CnN0dWRpbzoKICBzZXJ2aWNlOgogICAgcG9ydHM6CiAgICAgIGh0dHA6IDIyMjcKCmtvbmc6CiAgc2VydmljZToKICAgIHBvcnRzOgogICAgICBwcm94eUh0dHA6IDgwCiAga29uZzoKICAgIGV4dHJhVm9sdW1lTW91bnRzOgogICAgICAtIG5hbWU6IHJlbmRlcmVkLWRlY2xhcmF0aXZlLWNvbmYKICAgICAgICBtb3VudFBhdGg6IC9iaXRuYW1pL2tvbmcvZGVjbGFyYXRpdmUtY29uZi8KICAgIGV4dHJhRW52VmFyczoKICAgICAgLSBuYW1lOiBLT05HX0RFQ0xBUkFUSVZFX0NPTkZJRwogICAgICAgIHZhbHVlOiAiL2JpdG5hbWkva29uZy9kZWNsYXJhdGl2ZS1jb25mL2tvbmcueW1sIgogICAgICAtIG5hbWU6IEtPTkdfRE5TX09SREVSCiAgICAgICAgdmFsdWU6IExBU1QsQSxDTkFNRQogICAgICAtIG5hbWU6IEtPTkdfUExVR0lOUwogICAgICAgIHZhbHVlOiByZXF1ZXN0LXRyYW5zZm9ybWVyLGNvcnMsa2V5LWF1dGgsYWNsCg==",
+ "target_platform": {
+ "target_platform_id": "{VIB_ENV_TARGET_PLATFORM}",
+ "size": {
+ "name": "M4"
+ }
+ }
+ },
+ "actions": [
+ {
+ "action_id": "health-check",
+ "params": {
+ "endpoint": "lb-supabase-kong-http-proxy",
+ "app_protocol": "HTTP"
+ }
+ },
+ {
+ "action_id": "goss",
+ "params": {
+ "resources": {
+ "path": "/.vib/supabase/goss"
+ },
+ "remote": {
+ "workload": "deploy-supabase-kong"
+ },
+ "vars_file": "vars.yaml"
+ }
+ },
+ {
+ "action_id": "cypress",
+ "params": {
+ "resources": {
+ "path": "/.vib/supabase/cypress"
+ },
+ "endpoint": "lb-supabase-kong-http-proxy",
+ "app_protocol": "HTTP",
+ "env": {
+ "serviceKey": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICAgInJvbGUiOiAic2VydmljZV9yb2xlIiwKICAgICJpc3MiOiAic3VwYWJhc2UiLAogICAgImlhdCI6IDE2NzU0MDA0MDAsCiAgICAiZXhwIjogMTgzMzE2NjgwMAp9.qNsmXzz4tG7eqJPh1Y58DbtIlJBauwpqx39UF-MwM8k"
+ }
+ }
+ }
+ ]
+ }
+ }
+}
diff --git a/bitnami/supabase/.helmignore b/bitnami/supabase/.helmignore
new file mode 100644
index 0000000000..f0c1319444
--- /dev/null
+++ b/bitnami/supabase/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/bitnami/supabase/Chart.lock b/bitnami/supabase/Chart.lock
new file mode 100644
index 0000000000..174ca06469
--- /dev/null
+++ b/bitnami/supabase/Chart.lock
@@ -0,0 +1,12 @@
+dependencies:
+- name: postgresql
+ repository: https://charts.bitnami.com/bitnami
+ version: 12.2.1
+- name: kong
+ repository: https://charts.bitnami.com/bitnami
+ version: 9.1.2
+- name: common
+ repository: https://charts.bitnami.com/bitnami
+ version: 2.2.3
+digest: sha256:1dd8863e8681319157ae273ba2ea800813eb546e53dd7d6006407d3186f7dd30
+generated: "2023-02-22T16:30:09.329402+01:00"
diff --git a/bitnami/supabase/Chart.yaml b/bitnami/supabase/Chart.yaml
new file mode 100644
index 0000000000..91ee122699
--- /dev/null
+++ b/bitnami/supabase/Chart.yaml
@@ -0,0 +1,33 @@
+annotations:
+ category: CMS
+ licenses: Apache-2.0
+apiVersion: v2
+appVersion: 0.22.11
+dependencies:
+ - condition: postgresql.enabled
+ name: postgresql
+ repository: https://charts.bitnami.com/bitnami
+ version: 12.x.x
+ - condition: kong.enabled
+ name: kong
+ repository: https://charts.bitnami.com/bitnami
+ version: 9.x.x
+ - name: common
+ repository: https://charts.bitnami.com/bitnami
+ tags:
+ - bitnami-common
+ version: 2.x.x
+description: Supabase is an open source Firebase alternative. Provides all the necessary backend features to build your application in a scalable way. Uses PostgreSQL as datastore.
+home: https://www.supabase.com/
+icon: https://bitnami.com/assets/stacks/supabase/img/supabase-stack-220x234.png
+keywords:
+ - development
+ - dashboards
+maintainers:
+ - name: Bitnami
+ url: https://github.com/bitnami/charts
+name: supabase
+sources:
+ - https://github.com/bitnami/containers/tree/main/bitnami/supabase
+ - https://github.com/supabaseorg/supabase/
+version: 0.1.0
diff --git a/bitnami/supabase/README.md b/bitnami/supabase/README.md
new file mode 100644
index 0000000000..7d1f7eeb30
--- /dev/null
+++ b/bitnami/supabase/README.md
@@ -0,0 +1,873 @@
+
+
+# Supabase packaged by Bitnami
+
+Supabase is an open source Firebase alternative. Provides all the necessary backend features to build your application in a scalable way. Uses PostgreSQL as datastore.
+
+[Overview of Supabase](https://supabase.com/)
+
+Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
+
+## TL;DR
+
+```console
+$ helm repo add my-repo https://charts.bitnami.com/bitnami
+$ helm install my-release my-repo/supabase
+```
+
+## Introduction
+
+Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads.
+
+This chart bootstraps a [Supabase](https://www.supabase.com/) deployment in a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters.
+
+[Learn more about the default configuration of the chart](https://docs.bitnami.com/kubernetes/infrastructure/supabase/get-started/).
+
+## Prerequisites
+
+- Kubernetes 1.19+
+- Helm 3.2.0+
+- PV provisioner support in the underlying infrastructure
+- ReadWriteMany volumes for deployment scaling
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+$ helm repo add my-repo https://charts.bitnami.com/bitnami
+$ helm install my-release my-repo/supabase
+```
+
+The command deploys Supabase on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+$ helm delete my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Parameters
+
+### Global parameters
+
+| Name | Description | Value |
+| ------------------------------------- | ------------------------------------------------------------- | ------------- |
+| `global.imageRegistry` | Global Docker image registry | `""` |
+| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
+| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
+| `global.jwt.existingSecret` | The name of the existing secret containing the JWT secret | `""` |
+| `global.jwt.existingSecretKey` | The key in the existing secret containing the JWT secret | `secret` |
+| `global.jwt.existingSecretAnonKey` | The key in the existing secret containing the JWT anon key | `anon-key` |
+| `global.jwt.existingSecretServiceKey` | The key in the existing secret containing the JWT service key | `service-key` |
+
+### Common parameters
+
+| Name | Description | Value |
+| ------------------------ | --------------------------------------------------------------------------------------- | --------------- |
+| `kubeVersion` | Override Kubernetes version | `""` |
+| `nameOverride` | String to partially override common.names.name | `""` |
+| `fullnameOverride` | String to fully override common.names.fullname | `""` |
+| `namespaceOverride` | String to fully override common.names.namespace | `""` |
+| `commonLabels` | Labels to add to all deployed objects | `{}` |
+| `commonAnnotations` | Annotations to add to all deployed objects | `{}` |
+| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` |
+| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
+| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
+| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` |
+| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` |
+
+### Supabase Common parameters
+
+| Name | Description | Value |
+| -------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
+| `jwt.secret` | The secret string used to sign JWT tokens | `""` |
+| `jwt.anonKey` | JWT string for annonymous users | `""` |
+| `jwt.serviceKey` | JWT string for service users | `""` |
+| `jwt.autoGenerate.forceRun` | Force the run of the JWT generation job | `false` |
+| `jwt.autoGenerate.image.registry` | JWT CLI image registry | `docker.io` |
+| `jwt.autoGenerate.image.repository` | JWT CLI image repository | `bitnami/jwt-cli` |
+| `jwt.autoGenerate.image.tag` | JWT CLI image tag (immutable tags are recommended) | `5.0.3-debian-11-r4` |
+| `jwt.autoGenerate.image.digest` | JWT CLI image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` |
+| `jwt.autoGenerate.image.pullPolicy` | JWT CLI image pull policy | `IfNotPresent` |
+| `jwt.autoGenerate.image.pullSecrets` | JWT CLI image pull secrets | `[]` |
+| `jwt.autoGenerate.kubectlImage.registry` | Kubectl image registry | `docker.io` |
+| `jwt.autoGenerate.kubectlImage.repository` | Kubectl image repository | `bitnami/kubectl` |
+| `jwt.autoGenerate.kubectlImage.tag` | Kubectl image tag (immutable tags are recommended) | `1.25.5-debian-11-r14` |
+| `jwt.autoGenerate.kubectlImage.digest` | Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
+| `jwt.autoGenerate.kubectlImage.pullPolicy` | Kubectl image pull policy | `IfNotPresent` |
+| `jwt.autoGenerate.kubectlImage.pullSecrets` | Kubectl image pull secrets | `[]` |
+| `jwt.autoGenerate.backoffLimit` | set backoff limit of the job | `10` |
+| `jwt.autoGenerate.extraVolumes` | Optionally specify extra list of additional volumes for the jwt init job | `[]` |
+| `jwt.autoGenerate.containerSecurityContext.enabled` | Enabled jwt init job containers' Security Context | `true` |
+| `jwt.autoGenerate.containerSecurityContext.runAsUser` | Set jwt init job containers' Security Context runAsUser | `1001` |
+| `jwt.autoGenerate.containerSecurityContext.runAsNonRoot` | Set jwt init job containers' Security Context runAsNonRoot | `true` |
+| `jwt.autoGenerate.containerSecurityContext.readOnlyRootFilesystem` | Set jwt init job containers' Security Context runAsNonRoot | `false` |
+| `jwt.autoGenerate.containerSecurityContext.allowPrivilegeEscalation` | Set container's privilege escalation | `false` |
+| `jwt.autoGenerate.containerSecurityContext.capabilities.drop` | Set container's Security Context runAsNonRoot | `["ALL"]` |
+| `jwt.autoGenerate.podSecurityContext.enabled` | Enabled jwt init job pods' Security Context | `true` |
+| `jwt.autoGenerate.podSecurityContext.fsGroup` | Set jwt init job pod's Security Context fsGroup | `1001` |
+| `jwt.autoGenerate.podSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
+| `jwt.autoGenerate.extraEnvVars` | Array containing extra env vars to configure the jwt init job | `[]` |
+| `jwt.autoGenerate.extraEnvVarsCM` | ConfigMap containing extra env vars to configure the jwt init job | `""` |
+| `jwt.autoGenerate.extraEnvVarsSecret` | Secret containing extra env vars to configure the jwt init job (in case of sensitive data) | `""` |
+| `jwt.autoGenerate.extraVolumeMounts` | Array of extra volume mounts to be added to the jwt Container (evaluated as template). Normally used with `extraVolumes`. | `[]` |
+| `jwt.autoGenerate.resources.limits` | The resources limits for the container | `{}` |
+| `jwt.autoGenerate.resources.requests` | The requested resources for the container | `{}` |
+| `jwt.autoGenerate.hostAliases` | Add deployment host aliases | `[]` |
+| `jwt.autoGenerate.annotations` | Add annotations to the job | `{}` |
+| `jwt.autoGenerate.podLabels` | Additional pod labels | `{}` |
+| `jwt.autoGenerate.podAnnotations` | Additional pod annotations | `{}` |
+| `publicURL` | Supabase API public URL | `""` |
+| `dbSSL` | Supabase API database connection mode for SSL. Applied to all components. Allowed values: verify-ca, verify-full, disable, allow, prefer, require | `disable` |
+
+### Supabase Auth Parameters
+
+| Name | Description | Value |
+| ------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------- |
+| `auth.enabled` | Enable Supabase auth | `true` |
+| `auth.replicaCount` | Number of Supabase auth replicas to deploy | `1` |
+| `auth.defaultConfig` | Supabase auth default configuration | `""` |
+| `auth.extraConfig` | Supabase auth extra configuration | `{}` |
+| `auth.existingConfigmap` | The name of an existing ConfigMap with the default configuration | `""` |
+| `auth.extraConfigExistingConfigmap` | The name of an existing ConfigMap with extra configuration | `""` |
+| `auth.image.registry` | Gotrue image registry | `docker.io` |
+| `auth.image.repository` | Gotrue image repository | `bitnami/gotrue` |
+| `auth.image.tag` | Gotrue image tag (immutable tags are recommended) | `1.0.1-debian-11-r2` |
+| `auth.image.digest` | Gotrue image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` |
+| `auth.image.pullPolicy` | Gotrue image pull policy | `IfNotPresent` |
+| `auth.image.pullSecrets` | Gotrue image pull secrets | `[]` |
+| `auth.containerPorts.http` | Supabase auth HTTP container port | `9999` |
+| `auth.livenessProbe.enabled` | Enable livenessProbe on Supabase auth containers | `true` |
+| `auth.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
+| `auth.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
+| `auth.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
+| `auth.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
+| `auth.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
+| `auth.readinessProbe.enabled` | Enable readinessProbe on Supabase auth containers | `true` |
+| `auth.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
+| `auth.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
+| `auth.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
+| `auth.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
+| `auth.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
+| `auth.startupProbe.enabled` | Enable startupProbe on Supabase auth containers | `false` |
+| `auth.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
+| `auth.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
+| `auth.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
+| `auth.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
+| `auth.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
+| `auth.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
+| `auth.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
+| `auth.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
+| `auth.resources.limits` | The resources limits for the Supabase auth containers | `{}` |
+| `auth.resources.requests` | The requested resources for the Supabase auth containers | `{}` |
+| `auth.podSecurityContext.enabled` | Enabled Supabase auth pods' Security Context | `true` |
+| `auth.podSecurityContext.fsGroup` | Set Supabase auth pod's Security Context fsGroup | `1001` |
+| `auth.containerSecurityContext.enabled` | Enabled Supabase auth containers' Security Context | `true` |
+| `auth.containerSecurityContext.runAsUser` | Set Supabase auth containers' Security Context runAsUser | `1001` |
+| `auth.containerSecurityContext.runAsNonRoot` | Set Supabase auth containers' Security Context runAsNonRoot | `true` |
+| `auth.containerSecurityContext.readOnlyRootFilesystem` | Set Supabase auth containers' Security Context runAsNonRoot | `false` |
+| `auth.command` | Override default container command (useful when using custom images) | `[]` |
+| `auth.args` | Override default container args (useful when using custom images) | `[]` |
+| `auth.hostAliases` | Supabase auth pods host aliases | `[]` |
+| `auth.podLabels` | Extra labels for Supabase auth pods | `{}` |
+| `auth.podAnnotations` | Annotations for Supabase auth pods | `{}` |
+| `auth.podAffinityPreset` | Pod affinity preset. Ignored if `auth.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `auth.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `auth.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
+| `auth.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `auth.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `auth.nodeAffinityPreset.key` | Node label key to match. Ignored if `auth.affinity` is set | `""` |
+| `auth.nodeAffinityPreset.values` | Node label values to match. Ignored if `auth.affinity` is set | `[]` |
+| `auth.affinity` | Affinity for Supabase auth pods assignment | `{}` |
+| `auth.nodeSelector` | Node labels for Supabase auth pods assignment | `{}` |
+| `auth.tolerations` | Tolerations for Supabase auth pods assignment | `[]` |
+| `auth.updateStrategy.type` | Supabase auth statefulset strategy type | `RollingUpdate` |
+| `auth.priorityClassName` | Supabase auth pods' priorityClassName | `""` |
+| `auth.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
+| `auth.schedulerName` | Name of the k8s scheduler (other than default) for Supabase auth pods | `""` |
+| `auth.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` |
+| `auth.lifecycleHooks` | for the Supabase auth container(s) to automate configuration before or after startup | `{}` |
+| `auth.extraEnvVars` | Array with extra environment variables to add to Supabase auth nodes | `[]` |
+| `auth.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Supabase auth nodes | `""` |
+| `auth.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Supabase auth nodes | `""` |
+| `auth.extraVolumes` | Optionally specify extra list of additional volumes for the Supabase auth pod(s) | `[]` |
+| `auth.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Supabase auth container(s) | `[]` |
+| `auth.sidecars` | Add additional sidecar containers to the Supabase auth pod(s) | `[]` |
+| `auth.initContainers` | Add additional init containers to the Supabase auth pod(s) | `[]` |
+
+### Supabase Auth Traffic Exposure Parameters
+
+| Name | Description | Value |
+| --------------------------------------- | ---------------------------------------------------------------------------------------- | ----------- |
+| `auth.service.type` | Supabase auth service type | `ClusterIP` |
+| `auth.service.ports.http` | Supabase auth service HTTP port | `80` |
+| `auth.service.nodePorts.http` | Node port for HTTP | `""` |
+| `auth.service.clusterIP` | Supabase auth service Cluster IP | `""` |
+| `auth.service.loadBalancerIP` | Supabase auth service Load Balancer IP | `""` |
+| `auth.service.loadBalancerSourceRanges` | Supabase auth service Load Balancer sources | `[]` |
+| `auth.service.externalTrafficPolicy` | Supabase auth service external traffic policy | `Cluster` |
+| `auth.service.annotations` | Additional custom annotations for Supabase auth service | `{}` |
+| `auth.service.extraPorts` | Extra ports to expose in Supabase auth service (normally used with the `sidecars` value) | `[]` |
+| `auth.service.sessionAffinity` | Control where auth requests go, to the same pod or round-robin | `None` |
+| `auth.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
+
+### Supabase Meta Parameters
+
+| Name | Description | Value |
+| ------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- |
+| `meta.enabled` | Enable Supabase Postgres Meta | `true` |
+| `meta.replicaCount` | Number of Supabase Postgres Meta replicas to deploy | `1` |
+| `meta.defaultConfig` | Default Supabase Postgres Meta configuration | `""` |
+| `meta.extraConfig` | Extra Supabase Postgres Meta configuration | `{}` |
+| `meta.existingConfigmap` | The name of an existing ConfigMap with the default configuration | `""` |
+| `meta.extraConfigExistingConfigmap` | The name of an existing ConfigMap with extra configuration | `""` |
+| `meta.image.registry` | Supabase Postgres Meta image registry | `docker.io` |
+| `meta.image.repository` | Supabase Postgres Meta image repository | `bitnami/supabase-postgres-meta` |
+| `meta.image.tag` | Supabase Postgres Meta image tag (immutable tags are recommended) | `0.60.3-debian-11-r4` |
+| `meta.image.digest` | Supabase Postgres Meta image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` |
+| `meta.image.pullPolicy` | Supabase Postgres Meta image pull policy | `IfNotPresent` |
+| `meta.image.pullSecrets` | Supabase Postgres Meta image pull secrets | `[]` |
+| `meta.containerPorts.http` | Supabase Postgres Meta HTTP container port | `8080` |
+| `meta.livenessProbe.enabled` | Enable livenessProbe on Supabase Postgres Meta containers | `true` |
+| `meta.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
+| `meta.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
+| `meta.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
+| `meta.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
+| `meta.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
+| `meta.readinessProbe.enabled` | Enable readinessProbe on Supabase Postgres Meta containers | `true` |
+| `meta.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
+| `meta.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
+| `meta.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
+| `meta.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
+| `meta.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
+| `meta.startupProbe.enabled` | Enable startupProbe on Supabase Postgres Meta containers | `false` |
+| `meta.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
+| `meta.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
+| `meta.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
+| `meta.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
+| `meta.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
+| `meta.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
+| `meta.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
+| `meta.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
+| `meta.resources.limits` | The resources limits for the Supabase Postgres Meta containers | `{}` |
+| `meta.resources.requests` | The requested resources for the Supabase Postgres Meta containers | `{}` |
+| `meta.podSecurityContext.enabled` | Enabled Supabase Postgres Meta pods' Security Context | `true` |
+| `meta.podSecurityContext.fsGroup` | Set Supabase Postgres Meta pod's Security Context fsGroup | `1001` |
+| `meta.containerSecurityContext.enabled` | Enabled Supabase Postgres Meta containers' Security Context | `true` |
+| `meta.containerSecurityContext.runAsUser` | Set Supabase Postgres Meta containers' Security Context runAsUser | `1001` |
+| `meta.containerSecurityContext.runAsNonRoot` | Set Supabase Postgres Meta containers' Security Context runAsNonRoot | `true` |
+| `meta.containerSecurityContext.readOnlyRootFilesystem` | Set Supabase Postgres Meta containers' Security Context runAsNonRoot | `false` |
+| `meta.command` | Override default container command (useful when using custom images) | `[]` |
+| `meta.args` | Override default container args (useful when using custom images) | `[]` |
+| `meta.hostAliases` | Supabase Postgres Meta pods host aliases | `[]` |
+| `meta.podLabels` | Extra labels for Supabase Postgres Meta pods | `{}` |
+| `meta.podAnnotations` | Annotations for Supabase Postgres Meta pods | `{}` |
+| `meta.podAffinityPreset` | Pod affinity preset. Ignored if `meta.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `meta.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `meta.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
+| `meta.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `meta.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `meta.nodeAffinityPreset.key` | Node label key to match. Ignored if `meta.affinity` is set | `""` |
+| `meta.nodeAffinityPreset.values` | Node label values to match. Ignored if `meta.affinity` is set | `[]` |
+| `meta.affinity` | Affinity for Supabase Postgres Meta pods assignment | `{}` |
+| `meta.nodeSelector` | Node labels for Supabase Postgres Meta pods assignment | `{}` |
+| `meta.tolerations` | Tolerations for Supabase Postgres Meta pods assignment | `[]` |
+| `meta.updateStrategy.type` | Supabase Postgres Meta statefulset strategy type | `RollingUpdate` |
+| `meta.priorityClassName` | Supabase Postgres Meta pods' priorityClassName | `""` |
+| `meta.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
+| `meta.schedulerName` | Name of the k8s scheduler (other than default) for Supabase Postgres Meta pods | `""` |
+| `meta.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` |
+| `meta.lifecycleHooks` | for the Supabase Postgres Meta container(s) to automate configuration before or after startup | `{}` |
+| `meta.extraEnvVars` | Array with extra environment variables to add to Supabase Postgres Meta nodes | `[]` |
+| `meta.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Supabase Postgres Meta nodes | `""` |
+| `meta.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Supabase Postgres Meta nodes | `""` |
+| `meta.extraVolumes` | Optionally specify extra list of additional volumes for the Supabase Postgres Meta pod(s) | `[]` |
+| `meta.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Supabase Postgres Meta container(s) | `[]` |
+| `meta.sidecars` | Add additional sidecar containers to the Supabase Postgres Meta pod(s) | `[]` |
+| `meta.initContainers` | Add additional init containers to the Supabase Postgres Meta pod(s) | `[]` |
+
+### Supabase Meta Traffic Exposure Parameters
+
+| Name | Description | Value |
+| --------------------------------------- | ------------------------------------------------------------------------------------------------- | ----------- |
+| `meta.service.type` | Supabase Postgres Meta service type | `ClusterIP` |
+| `meta.service.ports.http` | Supabase Postgres Meta service HTTP port | `80` |
+| `meta.service.nodePorts.http` | Node port for HTTP | `""` |
+| `meta.service.clusterIP` | Supabase Postgres Meta service Cluster IP | `""` |
+| `meta.service.loadBalancerIP` | Supabase Postgres Meta service Load Balancer IP | `""` |
+| `meta.service.loadBalancerSourceRanges` | Supabase Postgres Meta service Load Balancer sources | `[]` |
+| `meta.service.externalTrafficPolicy` | Supabase Postgres Meta service external traffic policy | `Cluster` |
+| `meta.service.annotations` | Additional custom annotations for Supabase Postgres Meta service | `{}` |
+| `meta.service.extraPorts` | Extra ports to expose in Supabase Postgres Meta service (normally used with the `sidecars` value) | `[]` |
+| `meta.service.sessionAffinity` | Control where meta requests go, to the same pod or round-robin | `None` |
+| `meta.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
+
+### Supabase Realtime Parameters
+
+| Name | Description | Value |
+| ---------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------- |
+| `realtime.enabled` | Enable Supabase realtime | `true` |
+| `realtime.replicaCount` | Number of Supabase realtime replicas to deploy | `1` |
+| `realtime.keyBase` | key base for Supabase realtime | `""` |
+| `realtime.existingSecret` | Name of an existing secret containing the key base for Supabase realtime | `""` |
+| `realtime.existingSecretKey` | Key in the existing secret containing the key base for Supabase realtime | `key-base` |
+| `realtime.defaultConfig` | Default configuration for Supabase realtime | `""` |
+| `realtime.extraConfig` | Extra configuration for Supabase realtime | `{}` |
+| `realtime.existingConfigmap` | The name of an existing ConfigMap with the default configuration | `""` |
+| `realtime.extraConfigExistingConfigmap` | The name of an existing ConfigMap with extra configuration | `""` |
+| `realtime.image.registry` | Realtime image registry | `docker.io` |
+| `realtime.image.repository` | Realtime image repository | `bitnami/supabase-realtime` |
+| `realtime.image.tag` | Realtime image tag (immutable tags are recommended) | `2.4.0-debian-11-r3` |
+| `realtime.image.digest` | Realtime image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` |
+| `realtime.image.pullPolicy` | Realtime image pull policy | `IfNotPresent` |
+| `realtime.image.pullSecrets` | Realtime image pull secrets | `[]` |
+| `realtime.containerPorts.http` | Supabase realtime HTTP container port | `9999` |
+| `realtime.livenessProbe.enabled` | Enable livenessProbe on Supabase realtime containers | `true` |
+| `realtime.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
+| `realtime.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
+| `realtime.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
+| `realtime.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
+| `realtime.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
+| `realtime.readinessProbe.enabled` | Enable readinessProbe on Supabase realtime containers | `true` |
+| `realtime.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
+| `realtime.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
+| `realtime.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
+| `realtime.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
+| `realtime.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
+| `realtime.startupProbe.enabled` | Enable startupProbe on Supabase realtime containers | `false` |
+| `realtime.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
+| `realtime.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
+| `realtime.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
+| `realtime.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
+| `realtime.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
+| `realtime.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
+| `realtime.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
+| `realtime.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
+| `realtime.resources.limits` | The resources limits for the Supabase realtime containers | `{}` |
+| `realtime.resources.requests` | The requested resources for the Supabase realtime containers | `{}` |
+| `realtime.podSecurityContext.enabled` | Enabled Supabase realtime pods' Security Context | `true` |
+| `realtime.podSecurityContext.fsGroup` | Set Supabase realtime pod's Security Context fsGroup | `1001` |
+| `realtime.containerSecurityContext.enabled` | Enabled Supabase realtime containers' Security Context | `true` |
+| `realtime.containerSecurityContext.runAsUser` | Set Supabase realtime containers' Security Context runAsUser | `1001` |
+| `realtime.containerSecurityContext.runAsNonRoot` | Set Supabase realtime containers' Security Context runAsNonRoot | `true` |
+| `realtime.containerSecurityContext.readOnlyRootFilesystem` | Set Supabase realtime containers' Security Context runAsNonRoot | `false` |
+| `realtime.command` | Override default container command (useful when using custom images) | `[]` |
+| `realtime.args` | Override default container args (useful when using custom images) | `[]` |
+| `realtime.hostAliases` | Supabase realtime pods host aliases | `[]` |
+| `realtime.podLabels` | Extra labels for Supabase realtime pods | `{}` |
+| `realtime.podAnnotations` | Annotations for Supabase realtime pods | `{}` |
+| `realtime.podAffinityPreset` | Pod affinity preset. Ignored if `realtime.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `realtime.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `realtime.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
+| `realtime.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `realtime.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `realtime.nodeAffinityPreset.key` | Node label key to match. Ignored if `realtime.affinity` is set | `""` |
+| `realtime.nodeAffinityPreset.values` | Node label values to match. Ignored if `realtime.affinity` is set | `[]` |
+| `realtime.affinity` | Affinity for Supabase realtime pods assignment | `{}` |
+| `realtime.nodeSelector` | Node labels for Supabase realtime pods assignment | `{}` |
+| `realtime.tolerations` | Tolerations for Supabase realtime pods assignment | `[]` |
+| `realtime.updateStrategy.type` | Supabase realtime statefulset strategy type | `RollingUpdate` |
+| `realtime.priorityClassName` | Supabase realtime pods' priorityClassName | `""` |
+| `realtime.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
+| `realtime.schedulerName` | Name of the k8s scheduler (other than default) for Supabase realtime pods | `""` |
+| `realtime.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` |
+| `realtime.lifecycleHooks` | for the Supabase realtime container(s) to automate configuration before or after startup | `{}` |
+| `realtime.extraEnvVars` | Array with extra environment variables to add to Supabase realtime nodes | `[]` |
+| `realtime.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Supabase realtime nodes | `""` |
+| `realtime.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Supabase realtime nodes | `""` |
+| `realtime.extraVolumes` | Optionally specify extra list of additional volumes for the Supabase realtime pod(s) | `[]` |
+| `realtime.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Supabase realtime container(s) | `[]` |
+| `realtime.sidecars` | Add additional sidecar containers to the Supabase realtime pod(s) | `[]` |
+| `realtime.initContainers` | Add additional init containers to the Supabase realtime pod(s) | `[]` |
+
+### Supabase Realtime Traffic Exposure Parameters
+
+| Name | Description | Value |
+| ------------------------------------------- | -------------------------------------------------------------------------------------------- | ----------- |
+| `realtime.service.type` | Supabase realtime service type | `ClusterIP` |
+| `realtime.service.ports.http` | Supabase realtime service HTTP port | `80` |
+| `realtime.service.nodePorts.http` | Node port for HTTP | `""` |
+| `realtime.service.clusterIP` | Supabase realtime service Cluster IP | `""` |
+| `realtime.service.loadBalancerIP` | Supabase realtime service Load Balancer IP | `""` |
+| `realtime.service.loadBalancerSourceRanges` | Supabase realtime service Load Balancer sources | `[]` |
+| `realtime.service.externalTrafficPolicy` | Supabase realtime service external traffic policy | `Cluster` |
+| `realtime.service.annotations` | Additional custom annotations for Supabase realtime service | `{}` |
+| `realtime.service.extraPorts` | Extra ports to expose in Supabase realtime service (normally used with the `sidecars` value) | `[]` |
+| `realtime.service.sessionAffinity` | Control where realtime requests go, to the same pod or round-robin | `None` |
+| `realtime.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
+
+### Supabase Rest Parameters
+
+| Name | Description | Value |
+| ------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
+| `rest.enabled` | Enable Supabase rest | `true` |
+| `rest.replicaCount` | Number of Supabase rest replicas to deploy | `1` |
+| `rest.defaultConfig` | Default configuration for the Supabase rest service | `""` |
+| `rest.extraConfig` | Extra configuration for the Supabase rest service | `{}` |
+| `rest.existingConfigmap` | The name of an existing ConfigMap with the default configuration | `""` |
+| `rest.extraConfigExistingConfigmap` | The name of an existing ConfigMap with extra configuration | `""` |
+| `rest.image.registry` | PostgREST image registry | `docker.io` |
+| `rest.image.repository` | PostgREST image repository | `bitnami/postgrest` |
+| `rest.image.tag` | PostgREST image tag (immutable tags are recommended) | `10.1.2-debian-11-r2` |
+| `rest.image.digest` | PostgREST image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` |
+| `rest.image.pullPolicy` | PostgREST image pull policy | `IfNotPresent` |
+| `rest.image.pullSecrets` | PostgREST image pull secrets | `[]` |
+| `rest.containerPorts.http` | Supabase rest HTTP container port | `3000` |
+| `rest.livenessProbe.enabled` | Enable livenessProbe on Supabase rest containers | `true` |
+| `rest.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
+| `rest.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
+| `rest.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
+| `rest.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
+| `rest.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
+| `rest.readinessProbe.enabled` | Enable readinessProbe on Supabase rest containers | `true` |
+| `rest.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
+| `rest.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
+| `rest.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
+| `rest.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
+| `rest.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
+| `rest.startupProbe.enabled` | Enable startupProbe on Supabase rest containers | `false` |
+| `rest.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
+| `rest.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
+| `rest.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
+| `rest.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
+| `rest.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
+| `rest.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
+| `rest.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
+| `rest.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
+| `rest.resources.limits` | The resources limits for the Supabase rest containers | `{}` |
+| `rest.resources.requests` | The requested resources for the Supabase rest containers | `{}` |
+| `rest.podSecurityContext.enabled` | Enabled Supabase rest pods' Security Context | `true` |
+| `rest.podSecurityContext.fsGroup` | Set Supabase rest pod's Security Context fsGroup | `1001` |
+| `rest.containerSecurityContext.enabled` | Enabled Supabase rest containers' Security Context | `true` |
+| `rest.containerSecurityContext.runAsUser` | Set Supabase rest containers' Security Context runAsUser | `1001` |
+| `rest.containerSecurityContext.runAsNonRoot` | Set Supabase rest containers' Security Context runAsNonRoot | `true` |
+| `rest.containerSecurityContext.readOnlyRootFilesystem` | Set Supabase rest containers' Security Context runAsNonRoot | `false` |
+| `rest.command` | Override default container command (useful when using custom images) | `[]` |
+| `rest.args` | Override default container args (useful when using custom images) | `[]` |
+| `rest.hostAliases` | Supabase rest pods host aliases | `[]` |
+| `rest.podLabels` | Extra labels for Supabase rest pods | `{}` |
+| `rest.podAnnotations` | Annotations for Supabase rest pods | `{}` |
+| `rest.podAffinityPreset` | Pod affinity preset. Ignored if `rest.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `rest.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `rest.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
+| `rest.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `rest.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `rest.nodeAffinityPreset.key` | Node label key to match. Ignored if `rest.affinity` is set | `""` |
+| `rest.nodeAffinityPreset.values` | Node label values to match. Ignored if `rest.affinity` is set | `[]` |
+| `rest.affinity` | Affinity for Supabase rest pods assignment | `{}` |
+| `rest.nodeSelector` | Node labels for Supabase rest pods assignment | `{}` |
+| `rest.tolerations` | Tolerations for Supabase rest pods assignment | `[]` |
+| `rest.updateStrategy.type` | Supabase rest statefulset strategy type | `RollingUpdate` |
+| `rest.priorityClassName` | Supabase rest pods' priorityClassName | `""` |
+| `rest.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
+| `rest.schedulerName` | Name of the k8s scheduler (other than default) for Supabase rest pods | `""` |
+| `rest.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` |
+| `rest.lifecycleHooks` | for the Supabase rest container(s) to automate configuration before or after startup | `{}` |
+| `rest.extraEnvVars` | Array with extra environment variables to add to Supabase rest nodes | `[]` |
+| `rest.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Supabase rest nodes | `""` |
+| `rest.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Supabase rest nodes | `""` |
+| `rest.extraVolumes` | Optionally specify extra list of additional volumes for the Supabase rest pod(s) | `[]` |
+| `rest.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Supabase rest container(s) | `[]` |
+| `rest.sidecars` | Add additional sidecar containers to the Supabase rest pod(s) | `[]` |
+| `rest.initContainers` | Add additional init containers to the Supabase rest pod(s) | `[]` |
+
+### Supabase Rest Traffic Exposure Parameters
+
+| Name | Description | Value |
+| --------------------------------------- | ---------------------------------------------------------------------------------------- | ----------- |
+| `rest.service.type` | Supabase rest service type | `ClusterIP` |
+| `rest.service.ports.http` | Supabase rest service HTTP port | `80` |
+| `rest.service.nodePorts.http` | Node port for HTTP | `""` |
+| `rest.service.clusterIP` | Supabase rest service Cluster IP | `""` |
+| `rest.service.loadBalancerIP` | Supabase rest service Load Balancer IP | `""` |
+| `rest.service.loadBalancerSourceRanges` | Supabase rest service Load Balancer sources | `[]` |
+| `rest.service.externalTrafficPolicy` | Supabase rest service external traffic policy | `Cluster` |
+| `rest.service.annotations` | Additional custom annotations for Supabase rest service | `{}` |
+| `rest.service.extraPorts` | Extra ports to expose in Supabase rest service (normally used with the `sidecars` value) | `[]` |
+| `rest.service.sessionAffinity` | Control where rest requests go, to the same pod or round-robin | `None` |
+| `rest.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
+
+### Supabase Storage Parameters
+
+| Name | Description | Value |
+| --------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
+| `storage.enabled` | Enable Supabase storage | `true` |
+| `storage.replicaCount` | Number of Supabase storage replicas to deploy | `1` |
+| `storage.defaultConfig` | Default configuration for Supabase storage | `""` |
+| `storage.extraConfig` | Extra configuration for Supabase storage | `{}` |
+| `storage.existingConfigmap` | The name of an existing ConfigMap with the default configuration | `""` |
+| `storage.extraConfigExistingConfigmap` | The name of an existing ConfigMap with extra configuration | `""` |
+| `storage.image.registry` | Storage image registry | `docker.io` |
+| `storage.image.repository` | Storage image repository | `bitnami/supabase-storage` |
+| `storage.image.tag` | Storage image tag (immutable tags are recommended) | `0.28.2-debian-11-r10` |
+| `storage.image.digest` | Storage image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` |
+| `storage.image.pullPolicy` | Storage image pull policy | `IfNotPresent` |
+| `storage.image.pullSecrets` | Storage image pull secrets | `[]` |
+| `storage.containerPorts.http` | Supabase storage HTTP container port | `5000` |
+| `storage.livenessProbe.enabled` | Enable livenessProbe on Supabase storage containers | `true` |
+| `storage.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
+| `storage.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
+| `storage.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
+| `storage.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
+| `storage.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
+| `storage.readinessProbe.enabled` | Enable readinessProbe on Supabase storage containers | `true` |
+| `storage.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
+| `storage.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
+| `storage.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
+| `storage.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
+| `storage.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
+| `storage.startupProbe.enabled` | Enable startupProbe on Supabase storage containers | `false` |
+| `storage.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
+| `storage.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
+| `storage.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
+| `storage.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
+| `storage.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
+| `storage.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
+| `storage.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
+| `storage.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
+| `storage.resources.limits` | The resources limits for the Supabase storage containers | `{}` |
+| `storage.resources.requests` | The requested resources for the Supabase storage containers | `{}` |
+| `storage.podSecurityContext.enabled` | Enabled Supabase storage pods' Security Context | `true` |
+| `storage.podSecurityContext.fsGroup` | Set Supabase storage pod's Security Context fsGroup | `1001` |
+| `storage.containerSecurityContext.enabled` | Enabled Supabase storage containers' Security Context | `true` |
+| `storage.containerSecurityContext.runAsUser` | Set Supabase storage containers' Security Context runAsUser | `1001` |
+| `storage.containerSecurityContext.runAsNonRoot` | Set Supabase storage containers' Security Context runAsNonRoot | `true` |
+| `storage.containerSecurityContext.readOnlyRootFilesystem` | Set Supabase storage containers' Security Context runAsNonRoot | `false` |
+| `storage.command` | Override default container command (useful when using custom images) | `[]` |
+| `storage.args` | Override default container args (useful when using custom images) | `[]` |
+| `storage.hostAliases` | Supabase storage pods host aliases | `[]` |
+| `storage.podLabels` | Extra labels for Supabase storage pods | `{}` |
+| `storage.podAnnotations` | Annotations for Supabase storage pods | `{}` |
+| `storage.podAffinityPreset` | Pod affinity preset. Ignored if `storage.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `storage.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `storage.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
+| `storage.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `storage.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `storage.nodeAffinityPreset.key` | Node label key to match. Ignored if `storage.affinity` is set | `""` |
+| `storage.nodeAffinityPreset.values` | Node label values to match. Ignored if `storage.affinity` is set | `[]` |
+| `storage.affinity` | Affinity for Supabase storage pods assignment | `{}` |
+| `storage.nodeSelector` | Node labels for Supabase storage pods assignment | `{}` |
+| `storage.tolerations` | Tolerations for Supabase storage pods assignment | `[]` |
+| `storage.updateStrategy.type` | Supabase storage statefulset strategy type | `RollingUpdate` |
+| `storage.priorityClassName` | Supabase storage pods' priorityClassName | `""` |
+| `storage.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
+| `storage.schedulerName` | Name of the k8s scheduler (other than default) for Supabase storage pods | `""` |
+| `storage.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` |
+| `storage.lifecycleHooks` | for the Supabase storage container(s) to automate configuration before or after startup | `{}` |
+| `storage.extraEnvVars` | Array with extra environment variables to add to Supabase storage nodes | `[]` |
+| `storage.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Supabase storage nodes | `""` |
+| `storage.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Supabase storage nodes | `""` |
+| `storage.extraVolumes` | Optionally specify extra list of additional volumes for the Supabase storage pod(s) | `[]` |
+| `storage.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Supabase storage container(s) | `[]` |
+| `storage.sidecars` | Add additional sidecar containers to the Supabase storage pod(s) | `[]` |
+| `storage.initContainers` | Add additional init containers to the Supabase storage pod(s) | `[]` |
+
+### Supabase Storage Traffic Exposure Parameters
+
+| Name | Description | Value |
+| ------------------------------------------ | ------------------------------------------------------------------------------------------- | ----------- |
+| `storage.service.type` | Supabase storage service type | `ClusterIP` |
+| `storage.service.ports.http` | Supabase storage service HTTP port | `80` |
+| `storage.service.nodePorts.http` | Node port for HTTP | `""` |
+| `storage.service.clusterIP` | Supabase storage service Cluster IP | `""` |
+| `storage.service.loadBalancerIP` | Supabase storage service Load Balancer IP | `""` |
+| `storage.service.loadBalancerSourceRanges` | Supabase storage service Load Balancer sources | `[]` |
+| `storage.service.externalTrafficPolicy` | Supabase storage service external traffic policy | `Cluster` |
+| `storage.service.annotations` | Additional custom annotations for Supabase storage service | `{}` |
+| `storage.service.extraPorts` | Extra ports to expose in Supabase storage service (normally used with the `sidecars` value) | `[]` |
+| `storage.service.sessionAffinity` | Control where storage requests go, to the same pod or round-robin | `None` |
+| `storage.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
+
+### Storage Persistence Parameters
+
+| Name | Description | Value |
+| ----------------------------------- | ------------------------------------------------------------------------------------------------------- | --------------------------- |
+| `storage.persistence.enabled` | Enable persistence using Persistent Volume Claims | `true` |
+| `storage.persistence.mountPath` | Path to mount the volume at. | `/bitnami/supabase-storage` |
+| `storage.persistence.subPath` | The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services | `""` |
+| `storage.persistence.storageClass` | Storage class of backing PVC | `""` |
+| `storage.persistence.annotations` | Persistent Volume Claim annotations | `{}` |
+| `storage.persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` |
+| `storage.persistence.size` | Size of data volume | `8Gi` |
+| `storage.persistence.existingClaim` | The name of an existing PVC to use for persistence | `""` |
+| `storage.persistence.selector` | Selector to match an existing Persistent Volume for WordPress data PVC | `{}` |
+| `storage.persistence.dataSource` | Custom PVC data source | `{}` |
+
+### Supabase Studio Parameters
+
+| Name | Description | Value |
+| -------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
+| `studio.enabled` | Enable Supabase studio | `true` |
+| `studio.publicURL` | Supabase studio public URL | `""` |
+| `studio.replicaCount` | Number of Supabase studio replicas to deploy | `1` |
+| `studio.defaultConfig` | Supabase studio default configuration | `""` |
+| `studio.extraConfig` | Supabase studio extra configuration | `{}` |
+| `studio.existingConfigmap` | The name of an existing ConfigMap with the default configuration | `""` |
+| `studio.extraConfigExistingConfigmap` | The name of an existing ConfigMap with extra configuration | `""` |
+| `studio.image.registry` | Studio image registry | `docker.io` |
+| `studio.image.repository` | Studio image repository | `bitnami/supabase-studio` |
+| `studio.image.tag` | Studio image tag (immutable tags are recommended) | `0.23.1-debian-11-r0` |
+| `studio.image.digest` | Studio image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` |
+| `studio.image.pullPolicy` | Studio image pull policy | `IfNotPresent` |
+| `studio.image.pullSecrets` | Studio image pull secrets | `[]` |
+| `studio.containerPorts.http` | Supabase studio HTTP container port | `3000` |
+| `studio.livenessProbe.enabled` | Enable livenessProbe on Supabase studio containers | `true` |
+| `studio.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
+| `studio.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
+| `studio.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
+| `studio.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
+| `studio.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
+| `studio.readinessProbe.enabled` | Enable readinessProbe on Supabase studio containers | `true` |
+| `studio.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
+| `studio.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
+| `studio.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
+| `studio.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
+| `studio.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
+| `studio.startupProbe.enabled` | Enable startupProbe on Supabase studio containers | `false` |
+| `studio.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
+| `studio.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
+| `studio.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
+| `studio.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
+| `studio.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
+| `studio.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
+| `studio.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
+| `studio.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
+| `studio.resources.limits` | The resources limits for the Supabase studio containers | `{}` |
+| `studio.resources.requests` | The requested resources for the Supabase studio containers | `{}` |
+| `studio.podSecurityContext.enabled` | Enabled Supabase studio pods' Security Context | `true` |
+| `studio.podSecurityContext.fsGroup` | Set Supabase studio pod's Security Context fsGroup | `1001` |
+| `studio.containerSecurityContext.enabled` | Enabled Supabase studio containers' Security Context | `true` |
+| `studio.containerSecurityContext.runAsUser` | Set Supabase studio containers' Security Context runAsUser | `1001` |
+| `studio.containerSecurityContext.runAsNonRoot` | Set Supabase studio containers' Security Context runAsNonRoot | `true` |
+| `studio.containerSecurityContext.readOnlyRootFilesystem` | Set Supabase studio containers' Security Context runAsNonRoot | `false` |
+| `studio.command` | Override default container command (useful when using custom images) | `[]` |
+| `studio.args` | Override default container args (useful when using custom images) | `[]` |
+| `studio.hostAliases` | Supabase studio pods host aliases | `[]` |
+| `studio.podLabels` | Extra labels for Supabase studio pods | `{}` |
+| `studio.podAnnotations` | Annotations for Supabase studio pods | `{}` |
+| `studio.podAffinityPreset` | Pod affinity preset. Ignored if `studio.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `studio.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `studio.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
+| `studio.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `studio.affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `studio.nodeAffinityPreset.key` | Node label key to match. Ignored if `studio.affinity` is set | `""` |
+| `studio.nodeAffinityPreset.values` | Node label values to match. Ignored if `studio.affinity` is set | `[]` |
+| `studio.affinity` | Affinity for Supabase studio pods assignment | `{}` |
+| `studio.nodeSelector` | Node labels for Supabase studio pods assignment | `{}` |
+| `studio.tolerations` | Tolerations for Supabase studio pods assignment | `[]` |
+| `studio.updateStrategy.type` | Supabase studio statefulset strategy type | `RollingUpdate` |
+| `studio.priorityClassName` | Supabase studio pods' priorityClassName | `""` |
+| `studio.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
+| `studio.schedulerName` | Name of the k8s scheduler (other than default) for Supabase studio pods | `""` |
+| `studio.terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` |
+| `studio.lifecycleHooks` | for the Supabase studio container(s) to automate configuration before or after startup | `{}` |
+| `studio.extraEnvVars` | Array with extra environment variables to add to Supabase studio nodes | `[]` |
+| `studio.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Supabase studio nodes | `""` |
+| `studio.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Supabase studio nodes | `""` |
+| `studio.extraVolumes` | Optionally specify extra list of additional volumes for the Supabase studio pod(s) | `[]` |
+| `studio.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Supabase studio container(s) | `[]` |
+| `studio.sidecars` | Add additional sidecar containers to the Supabase studio pod(s) | `[]` |
+| `studio.initContainers` | Add additional init containers to the Supabase studio pod(s) | `[]` |
+
+### Supabase Studio Traffic Exposure Parameters
+
+| Name | Description | Value |
+| ----------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
+| `studio.service.type` | Supabase studio service type | `ClusterIP` |
+| `studio.service.ports.http` | Supabase studio service HTTP port | `80` |
+| `studio.service.nodePorts.http` | Node port for HTTP | `""` |
+| `studio.service.clusterIP` | Supabase studio service Cluster IP | `""` |
+| `studio.service.loadBalancerIP` | Supabase studio service Load Balancer IP | `""` |
+| `studio.service.loadBalancerSourceRanges` | Supabase studio service Load Balancer sources | `[]` |
+| `studio.service.externalTrafficPolicy` | Supabase studio service external traffic policy | `Cluster` |
+| `studio.service.annotations` | Additional custom annotations for Supabase studio service | `{}` |
+| `studio.service.extraPorts` | Extra ports to expose in Supabase studio service (normally used with the `sidecars` value) | `[]` |
+| `studio.service.sessionAffinity` | Control where studio requests go, to the same pod or round-robin | `None` |
+| `studio.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
+| `studio.ingress.enabled` | Enable ingress record generation for Supabase | `false` |
+| `studio.ingress.pathType` | Ingress path type | `ImplementationSpecific` |
+| `studio.ingress.hostname` | Default host for the ingress record | `supabase-studio.local` |
+| `studio.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` |
+| `studio.ingress.path` | Default path for the ingress record | `/` |
+| `studio.ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` |
+| `studio.ingress.tls` | Enable TLS configuration for the host defined at `studio.ingress.hostname` parameter | `false` |
+| `studio.ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` |
+| `studio.ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` |
+| `studio.ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` |
+| `studio.ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` |
+| `studio.ingress.secrets` | Custom TLS certificates as secrets | `[]` |
+| `studio.ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` |
+
+### Init Container Parameters
+
+| Name | Description | Value |
+| ------------------------------------------------------ | ----------------------------------------------------------------------------------------------- | --------------------------- |
+| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
+| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` |
+| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` |
+| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r75` |
+| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` |
+| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` |
+| `volumePermissions.resources.limits` | The resources limits for the init container | `{}` |
+| `volumePermissions.resources.requests` | The requested resources for the init container | `{}` |
+| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` |
+| `psqlImage.registry` | PostgreSQL client image registry | `docker.io` |
+| `psqlImage.repository` | PostgreSQL client image repository | `bitnami/supabase-postgres` |
+| `psqlImage.digest` | PostgreSQL client image digest (overrides image tag) | `""` |
+| `psqlImage.tag` | PostgreSQL client image tag (immutable tags are recommended) | `15.1.0-debian-11-r4` |
+| `psqlImage.pullPolicy` | PostgreSQL client image pull policy | `IfNotPresent` |
+| `psqlImage.pullSecrets` | PostgreSQL client image pull secrets | `[]` |
+| `psqlImage.debug` | Enable PostgreSQL client image debug mode | `false` |
+
+### Other Parameters
+
+| Name | Description | Value |
+| --------------------------------------------- | ---------------------------------------------------------------- | ------ |
+| `rbac.create` | Specifies whether RBAC resources should be created | `true` |
+| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
+| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
+| `serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` |
+| `serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `true` |
+
+### Kong sub-chart parameters
+
+| Name | Description | Value |
+| -------------------------------- | ------------------------------------------------------------------------------ | ---------------- |
+| `kong.enabled` | Enable Kong | `true` |
+| `kong.database` | Database to use | `off` |
+| `kong.initContainers` | Add additional init containers to the Kong pods | `""` |
+| `kong.ingressController.enabled` | Enable Kong Ingress Controller | `false` |
+| `kong.kong.extraVolumeMounts` | Additional volumeMounts to the Kong container | `[]` |
+| `kong.kong.extraEnvVars` | Additional environment variables to set | `[]` |
+| `kong.extraVolumes` | Additional volumes to the Kong pods | `[]` |
+| `kong.ingress.enabled` | Enable Ingress rule | `false` |
+| `kong.ingress.hostname` | Kong Ingress hostname | `supabase.local` |
+| `kong.ingress.tls` | Enable TLS for Kong Ingress | `false` |
+| `kong.service.loadBalancerIP` | Kubernetes service LoadBalancer IP | `""` |
+| `kong.service.type` | Kubernetes service type | `LoadBalancer` |
+| `kong.service.ports.proxyHttp` | Kong service port | `80` |
+| `kong.postgresql.enabled` | Switch to enable or disable the PostgreSQL helm chart inside the Kong subchart | `false` |
+
+### PostgreSQL sub-chart parameters
+
+| Name | Description | Value |
+| --------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- |
+| `postgresql.enabled` | Switch to enable or disable the PostgreSQL helm chart | `true` |
+| `postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials | `""` |
+| `postgresql.architecture` | PostgreSQL architecture (`standalone` or `replication`) | `standalone` |
+| `postgresql.service.ports.postgresql` | PostgreSQL service port | `5432` |
+| `postgresql.image.registry` | PostgreSQL image registry | `docker.io` |
+| `postgresql.image.repository` | PostgreSQL image repository | `bitnami/supabase-postgres` |
+| `postgresql.image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.1.0-debian-11-r4` |
+| `postgresql.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
+| `postgresql.image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` |
+| `postgresql.image.pullSecrets` | Specify image pull secrets | `[]` |
+| `postgresql.image.debug` | Specify if debug values should be set | `false` |
+| `postgresql.postgresqlSharedPreloadLibraries` | Set the shared_preload_libraries parameter in postgresql.conf | `pg_stat_statements, pg_stat_monitor, pgaudit, plpgsql, plpgsql_check, pg_cron, pg_net, pgsodium, timescaledb, auto_explain` |
+| `postgresql.auth.postgresPassword` | PostgreSQL admin password | `""` |
+| `postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials | `""` |
+| `postgresql.architecture` | PostgreSQL architecture (`standalone` or `replication`) | `standalone` |
+| `postgresql.service.ports.postgresql` | PostgreSQL service port | `5432` |
+| `externalDatabase.host` | Database host | `""` |
+| `externalDatabase.port` | Database port number | `5432` |
+| `externalDatabase.user` | Non-root username for PostgreSQL | `supabase_admin` |
+| `externalDatabase.password` | Password for the non-root username for PostgreSQL | `""` |
+| `externalDatabase.database` | PostgreSQL database name | `postgres` |
+| `externalDatabase.existingSecret` | Name of an existing secret resource containing the database credentials | `""` |
+| `externalDatabase.existingSecretPasswordKey` | Name of an existing secret key containing the database credentials | `db-password` |
+
+The above parameters map to the env variables defined in [bitnami/supabase](https://github.com/bitnami/containers/tree/main/bitnami/supabase). For more information please refer to the [bitnami/supabase](https://github.com/bitnami/containers/tree/main/bitnami/supabase) image documentation.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+$ helm install my-release \
+ --set postgresql.auth.postgresPassword=secretpassword \
+ my-repo/supabase
+```
+
+The above command sets the PostgreSQL `postgres` user password to `secretpassword`.
+
+> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+$ helm install my-release -f values.yaml my-repo/supabase
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)
+
+## Configuration and installation details
+
+### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/)
+
+It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
+
+Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
+
+### External database support
+
+You may want to have supabase connect to an external database rather than installing one inside your cluster. Typical reasons for this are to use a managed database service, or to share a common database server for all your applications. To achieve this, the chart allows you to specify credentials for an external database with the [`externalDatabase` parameter](#parameters). You should also disable the MongoDB installation with the `postgresql.enabled` option. Here is an example:
+
+```console
+postgresql.enabled=false
+externalDatabase.host=myexternalhost
+externalDatabase.user=myuser
+externalDatabase.password=mypassword
+externalDatabase.database=mydatabase
+externalDatabase.port=5432
+```
+
+### Ingress
+
+This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application.
+
+To enable Ingress integration, set `studio.ingress.enabled` to `true`. The `studio.ingress.hostname` property can be used to set the host name. The `studio.ingress.tls` parameter can be used to add the TLS configuration for this host. It is also possible to have more than one host, with a separate TLS configuration for each host. [Learn more about configuring and using Ingress](https://docs.bitnami.com/kubernetes/apps/supabase/configuration/configure-use-ingress/).
+
+### TLS secrets
+
+The chart also facilitates the creation of TLS secrets for use with the Ingress controller, with different options for certificate management. [Learn more about TLS secrets](https://docs.bitnami.com/kubernetes/apps/supabase/administration/enable-tls/).
+
+## Persistence
+
+The [Bitnami supabase](https://github.com/bitnami/containers/tree/main/bitnami/supabase) image stores the supabase data and configurations at the `/bitnami` path of the container. Persistent Volume Claims are used to keep the data across deployments. [Learn more about persistence in the chart documentation](https://docs.bitnami.com/kubernetes/apps/supabase/configuration/chart-persistence/).
+
+### Additional environment variables
+
+In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property inside the different component sections.
+
+```yaml
+rest:
+ extraEnvVars:
+ - name: LOG_LEVEL
+ value: error
+```
+
+Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values inside the specific component sections.
+
+### Sidecars
+
+If additional containers are needed in the same pod as supabase (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter inside the component specific sections. If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter. [Learn more about configuring and using sidecar containers](https://docs.bitnami.com/kubernetes/apps/supabase/administration/configure-use-sidecars/).
+
+### Pod affinity
+
+This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
+
+As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters inside the specific component sections.
+
+## Troubleshooting
+
+Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
+
+## License
+
+Copyright © 2022 Bitnami
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/bitnami/supabase/templates/NOTES.txt b/bitnami/supabase/templates/NOTES.txt
new file mode 100644
index 0000000000..0a04239759
--- /dev/null
+++ b/bitnami/supabase/templates/NOTES.txt
@@ -0,0 +1,152 @@
+CHART NAME: {{ .Chart.Name }}
+CHART VERSION: {{ .Chart.Version }}
+APP VERSION: {{ .Chart.AppVersion }}
+
+** Please be patient while the chart is being deployed **
+
+The following elements have been deployed
+
+{{- if .Values.auth.enabled }}
+ - auth
+{{- end }}
+{{- if .Values.meta.enabled }}
+ - meta
+{{- end }}
+{{- if .Values.realtime.enabled }}
+ - realtime
+{{- end }}
+{{- if .Values.rest.enabled }}
+ - rest
+{{- end }}
+{{- if .Values.storage.enabled }}
+ - storage
+{{- end }}
+{{- if .Values.studio.enabled }}
+ - studio
+{{- end }}
+
+{{- if .Values.diagnosticMode.enabled }}
+The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
+
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
+
+Get the list of pods by executing:
+
+ kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
+
+Access the pod you want to debug by executing
+
+ kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash
+
+{{- else }}
+
+Supabase API can be accessed through the following DNS name from within your cluster:
+
+ {{ include "supabase.kong.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.kong.service.ports.proxyHttp }})
+
+To access the Supabase API from outside the cluster follow the steps below:
+
+{{- if .Values.kong.ingress.enabled }}
+
+1. Get the Supabase API URL and associate the Supabase API hostname to your cluster external IP:
+
+ export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
+ echo "Supabase URL: http{{ if .Values.kong.ingress.tls }}s{{ end }}://{{ .Values.kong.ingress.hostname }}/"
+ echo "$CLUSTER_IP {{ .Values.kong.ingress.hostname }}" | sudo tee -a /etc/hosts
+
+{{- else }}
+{{- $port := .Values.kong.service.ports.proxyHttp | toString }}
+
+1. Get the Supabase URL by running these commands:
+
+{{- if contains "NodePort" .Values.kong.service.type }}
+
+ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "supabase.kong.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo "Supabase Studio URL: http://$NODE_IP:$NODE_PORT/"
+
+{{- else if contains "LoadBalancer" .Values.kong.service.type }}
+
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "supabase.kong.fullname" . }}'
+
+ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "supabase.kong.fullname" . }} --include "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
+ echo "Supabase Studio URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.kong.service.ports.proxyHttp }}{{ end }}/"
+
+{{- else if contains "ClusterIP" .Values.kong.service.type }}
+
+ kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "supabase.kong.fullname" . }} {{ .Values.kong.service.ports.proxyHttp }}:{{ .Values.kong.service.ports.proxyHttp }} &
+ echo "Supabase Studio URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.kong.service.ports.proxyHttp }}{{ end }}/"
+
+{{- end }}
+{{- end }}
+
+2. Obtain the Supabase Service JWT Tokens:
+
+ echo Anon JWT Token: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "supabase.jwt.secretName" . }} -o jsonpath="{.data.anon-key}" | base64 -d)
+ echo Service JWT Token: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "supabase.jwt.secretName" . }} -o jsonpath="{.data.service-key}" | base64 -d)
+
+3. Configure your application code to access the Supabase API.
+
+{{- if .Values.studio.enabled }}
+
+EXTRA: If you want to access Supabase Studio:
+
+{{- if .Values.studio.ingress.enabled }}
+
+1. Get the Supabase Studio URL and associate Supabase hostname to your cluster external IP:
+
+ export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
+ echo "Supabase URL: http{{ if .Values.studio.ingress.tls }}s{{ end }}://{{ .Values.studio.ingress.hostname }}/"
+ echo "$CLUSTER_IP {{ .Values.studio.ingress.hostname }}" | sudo tee -a /etc/hosts
+
+{{- else }}
+{{- $port := .Values.studio.service.ports.http | toString }}
+
+1. Get the Supabase URL by running these commands:
+
+{{- if contains "NodePort" .Values.studio.service.type }}
+
+ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "supabase.studio.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo "Supabase Studio URL: http://$NODE_IP:$NODE_PORT/"
+
+{{- else if contains "LoadBalancer" .Values.studio.service.type }}
+
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "supabase.studio.fullname" . }}'
+
+ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "supabase.studio.fullname" . }} --include "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
+ echo "Supabase Studio URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.studio.service.ports.http }}{{ end }}/"
+
+{{- else if contains "ClusterIP" .Values.studio.service.type }}
+
+ kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "supabase.studio.fullname" . }} {{ .Values.studio.service.ports.http }}:{{ .Values.studio.service.ports.http }} &
+ echo "Supabase Studio URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.studio.service.ports.http }}{{ end }}/"
+
+{{- end }}
+{{- end }}
+
+{{- if (or (not .Values.auth.enabled) (not .Values.meta.enabled) (not .Values.rest.enabled) (not .Values.realtime.enabled) (not .Values.storage.enabled))}}
+
+WARNING: Some of the Supabase components are deactivated. This may cause issues in some of the Studio features.
+{{- end }}
+
+IMPORTANT: When accessing Studio via browser, it will try to access the API via {{ include "supabase.api.publicURL" . }}. Make sure that this address is accessible or update the release setting the `publicURL` value.
+
+{{- end }}
+
+{{- end }}
+
+{{- include "supabase.validateValues" . }}
+{{- include "common.warnings.rollingTag" .Values.auth.image }}
+{{- include "common.warnings.rollingTag" .Values.meta.image }}
+{{- include "common.warnings.rollingTag" .Values.rest.image }}
+{{- include "common.warnings.rollingTag" .Values.storage.image }}
+{{- include "common.warnings.rollingTag" .Values.realtime.image }}
+{{- include "common.warnings.rollingTag" .Values.psqlImage }}
+{{- include "common.warnings.rollingTag" .Values.studio.image }}
+{{- include "common.warnings.rollingTag" .Values.jwt.autoGenerate.image }}
+{{- include "common.warnings.rollingTag" .Values.jwt.autoGenerate.kubectlImage }}
+{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
diff --git a/bitnami/supabase/templates/_helpers.tpl b/bitnami/supabase/templates/_helpers.tpl
new file mode 100644
index 0000000000..1c1b777e09
--- /dev/null
+++ b/bitnami/supabase/templates/_helpers.tpl
@@ -0,0 +1,588 @@
+{{/*
+Return the proper Supabase Studio Public URL
+*/}}
+{{- define "supabase.studio.publicURL" -}}
+{{- if .Values.studio.publicURL -}}
+{{- print .Values.studio.publicURL -}}
+{{- else if .Values.studio.ingress.enabled -}}
+{{- printf "http://%s" .Values.studio.ingress.hostname -}}
+{{- else if (and (eq .Values.studio.service.type "LoadBalancer") .Values.studio.service.loadBalancerIP) -}}
+{{- printf "http://%s:%d" .Values.studio.service.loadBalancerIP (int .Values.studio.service.ports.http) -}}
+{{- else -}}
+{{- printf "http://localhost:%d" (int .Values.kong.service.ports.proxyHttp) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Supabase API Public URL
+*/}}
+{{- define "supabase.api.publicURL" -}}
+{{- if .Values.publicURL -}}
+{{- print .Values.publicURL -}}
+{{- else if .Values.kong.ingress.enabled -}}
+{{- printf "http://%s" .Values.kong.ingress.hostname -}}
+{{- else if (and (eq .Values.kong.service.type "LoadBalancer") .Values.kong.service.loadBalancerIP) -}}
+{{- printf "http://%s:%d" .Values.kong.service.loadBalancerIP (int .Values.kong.service.ports.proxyHttp) -}}
+{{- else -}}
+{{- printf "http://localhost:%d" (int .Values.kong.service.ports.proxyHttp) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Supabase auth image name
+*/}}
+{{- define "supabase.auth.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.auth.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper Supabase auth fullname
+*/}}
+{{- define "supabase.auth.fullname" -}}
+{{- printf "%s-%s" (include "common.names.fullname" .) "auth" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Default configuration ConfigMap name (auth)
+*/}}
+{{- define "supabase.auth.defaultConfigmapName" -}}
+{{- if .Values.auth.existingConfigmap -}}
+ {{- print .Values.auth.existingConfigmap -}}
+{{- else -}}
+ {{- printf "%s-default" (include "supabase.auth.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Extra configuration ConfigMap name (auth)
+*/}}
+{{- define "supabase.auth.extraConfigmapName" -}}
+{{- if .Values.auth.extraConfigExistingConfigmap -}}
+ {{- print .Values.auth.extraConfigExistingConfigmap -}}
+{{- else -}}
+ {{- printf "%s-extra" (include "supabase.auth.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Supabase meta image name
+*/}}
+{{- define "supabase.meta.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.meta.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper Supabase meta fullname
+*/}}
+{{- define "supabase.meta.fullname" -}}
+{{- printf "%s-%s" (include "common.names.fullname" .) "meta" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Default configuration ConfigMap name (meta)
+*/}}
+{{- define "supabase.meta.defaultConfigmapName" -}}
+{{- if .Values.meta.existingConfigmap -}}
+ {{- print .Values.meta.existingConfigmap -}}
+{{- else -}}
+ {{- printf "%s-default" (include "supabase.meta.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Extra configuration ConfigMap name (meta)
+*/}}
+{{- define "supabase.meta.extraConfigmapName" -}}
+{{- if .Values.meta.extraConfigExistingConfigmap -}}
+ {{- print .Values.meta.extraConfigExistingConfigmap -}}
+{{- else -}}
+ {{- printf "%s-extra" (include "supabase.meta.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Supabase realtime image name
+*/}}
+{{- define "supabase.realtime.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.realtime.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper Supabase realtime fullname
+*/}}
+{{- define "supabase.realtime.fullname" -}}
+{{- printf "%s-%s" (include "common.names.fullname" .) "realtime" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Default configuration ConfigMap name (realtime)
+*/}}
+{{- define "supabase.realtime.defaultConfigmapName" -}}
+{{- if .Values.realtime.existingConfigmap -}}
+ {{- print .Values.realtime.existingConfigmap -}}
+{{- else -}}
+ {{- printf "%s-default" (include "supabase.realtime.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Extra configuration ConfigMap name (realtime)
+*/}}
+{{- define "supabase.realtime.extraConfigmapName" -}}
+{{- if .Values.realtime.extraConfigExistingConfigmap -}}
+ {{- print .Values.realtime.extraConfigExistingConfigmap -}}
+{{- else -}}
+ {{- printf "%s-extra" (include "supabase.realtime.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Supabase rest image name
+*/}}
+{{- define "supabase.rest.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.rest.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper Supabase rest fullname
+*/}}
+{{- define "supabase.rest.fullname" -}}
+{{- printf "%s-%s" (include "common.names.fullname" .) "rest" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Default configuration ConfigMap name (rest)
+*/}}
+{{- define "supabase.rest.defaultConfigmapName" -}}
+{{- if .Values.rest.existingConfigmap -}}
+ {{- print .Values.rest.existingConfigmap -}}
+{{- else -}}
+ {{- printf "%s-default" (include "supabase.rest.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Extra configuration ConfigMap name (rest)
+*/}}
+{{- define "supabase.rest.extraConfigmapName" -}}
+{{- if .Values.rest.extraConfigExistingConfigmap -}}
+ {{- print .Values.rest.extraConfigExistingConfigmap -}}
+{{- else -}}
+ {{- printf "%s-extra" (include "supabase.rest.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Supabase storage image name
+*/}}
+{{- define "supabase.storage.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.storage.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper Supabase storage fullname
+*/}}
+{{- define "supabase.storage.fullname" -}}
+{{- printf "%s-%s" (include "common.names.fullname" .) "storage" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Default configuration ConfigMap name (storage)
+*/}}
+{{- define "supabase.storage.defaultConfigmapName" -}}
+{{- if .Values.storage.existingConfigmap -}}
+ {{- print .Values.storage.existingConfigmap -}}
+{{- else -}}
+ {{- printf "%s-default" (include "supabase.storage.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Extra configuration ConfigMap name (storage)
+*/}}
+{{- define "supabase.storage.extraConfigmapName" -}}
+{{- if .Values.storage.extraConfigExistingConfigmap -}}
+ {{- print .Values.storage.extraConfigExistingConfigmap -}}
+{{- else -}}
+ {{- printf "%s-extra" (include "supabase.storage.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Supabase studio image name
+*/}}
+{{- define "supabase.studio.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.studio.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper Supabase studio fullname
+*/}}
+{{- define "supabase.studio.fullname" -}}
+{{- printf "%s-%s" (include "common.names.fullname" .) "studio" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Default configuration ConfigMap name (studio)
+*/}}
+{{- define "supabase.studio.defaultConfigmapName" -}}
+{{- if .Values.studio.existingConfigmap -}}
+ {{- print .Values.studio.existingConfigmap -}}
+{{- else -}}
+ {{- printf "%s-default" (include "supabase.studio.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Extra configuration ConfigMap name
+*/}}
+{{- define "supabase.studio.extraConfigmapName" -}}
+{{- if .Values.studio.extraConfigExistingConfigmap -}}
+ {{- print .Values.studio.extraConfigExistingConfigmap -}}
+{{- else -}}
+ {{- printf "%s-extra" (include "supabase.studio.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper JWT CLI image name
+*/}}
+{{- define "supabase.jwt-cli.image" -}}
+{{- include "common.images.image" (dict "imageRoot" .Values.jwt.autoGenerate.image "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Return the proper JWT CLI image name
+*/}}
+{{- define "supabase.kubectl.image" -}}
+{{- include "common.images.image" (dict "imageRoot" .Values.jwt.autoGenerate.kubectlImage "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Return the proper JWT CLI image name
+*/}}
+{{- define "supabase.createInitJob" -}}
+{{- if or .Values.jwt.autoGenerate.forceRun (and (not (and .Values.jwt.secret .Values.jwt.anonKey .Values.jwt.serviceKey)) .Release.IsInstall) -}}
+ {{/* We need to run the job if:
+ 1) We activate the "force" flag
+ 2) The secret is missing of any of the parameters (only on first install)
+ */}}
+ {{- true -}}
+{{- else -}}
+ {{/* Do not return anything */}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Extra configuration ConfigMap name
+*/}}
+{{- define "supabase.studio.host" -}}
+{{- if .Values.studio.host -}}
+ {{- print .Values.studio.host -}}
+{{- else if .Values.studio.ingress.enabled -}}
+ {{- print .Values.studio.ingress.hostname -}}
+{{- else if (eq .Values.studio.service.type "ClusterIP") -}}
+ {{- print "http://127.0.0.1" -}}
+{{- else if (eq .Values.studio.service.type "LoadBalancer") -}}
+ {{- if .Values.studio.service.loadBalancerIP -}}
+ {{- print .Values.studio.service.loadBalancerIP -}}
+ {{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+JWT credential secret name. Using Release.Name as it is used in subcharts as well
+*/}}
+{{- define "supabase.jwt.secretName" -}}
+{{- coalesce .Values.global.jwt.existingSecret (printf "%s-jwt" .Release.Name) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+JWT credential anon secret key
+*/}}
+{{- define "supabase.jwt.secretKey" -}}
+{{- if .Values.global.jwt.existingSecret -}}
+ {{- print .Values.global.jwt.existingSecretKey -}}
+{{- else -}}
+ {{- print "secret" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Supabase Realtime credential secret name. Using Release.Name as it is used in subcharts as well
+*/}}
+{{- define "supabase.realtime.secretName" -}}
+{{- coalesce .Values.realtime.existingSecret (include "supabase.realtime.fullname" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Supabase Realtime credential secret key
+*/}}
+{{- define "supabase.realtime.secretKey" -}}
+{{- if .Values.realtime.existingSecret -}}
+ {{- print .Values.realtime.existingSecretKey -}}
+{{- else -}}
+ {{- print "key-base" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+JWT credential anon secret key
+*/}}
+{{- define "supabase.jwt.anonSecretKey" -}}
+{{- if .Values.global.jwt.existingSecret -}}
+ {{- print .Values.global.jwt.existingSecretAnonKey -}}
+{{- else -}}
+ {{- print "anon-key" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+JWT credential service secret key
+*/}}
+{{- define "supabase.jwt.serviceSecretKey" -}}
+{{- if .Values.global.jwt.existingSecret -}}
+ {{- print .Values.global.jwt.existingSecretServiceKey -}}
+{{- else -}}
+ {{- print "service-key" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Supabase image name
+*/}}
+{{- define "supabase.psql.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.psqlImage "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "supabase.volumePermissions.image" -}}
+{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "supabase.imagePullSecrets" -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.auth.image .Values.meta.image .Values.realtime.image .Values.rest.image .Values.storage.image .Values.studio.image .Values.volumePermissions.image) "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "supabase.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return postgresql fullname
+*/}}
+{{- define "supabase.database.fullname" -}}
+{{- include "common.names.dependency.fullname" (dict "chartName" "postgresql" "chartValues" .Values.postgresql "context" $) -}}
+{{- end -}}
+
+{{/*
+Return postgresql fullname
+*/}}
+{{- define "supabase.kong.fullname" -}}
+{{- include "common.names.dependency.fullname" (dict "chartName" "kong" "chartValues" .Values.kong "context" $) -}}
+{{- end -}}
+
+{{/*
+Return the PostgreSQL Hostname
+*/}}
+{{- define "supabase.database.host" -}}
+{{- if .Values.postgresql.enabled -}}
+ {{- if eq .Values.postgresql.architecture "replication" -}}
+ {{- printf "%s-%s" (include "supabase.database.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}}
+ {{- else -}}
+ {{- print (include "supabase.database.fullname" .) -}}
+ {{- end -}}
+{{- else -}}
+ {{- print .Values.externalDatabase.host -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return postgresql port
+*/}}
+{{- define "supabase.database.port" -}}
+{{- if .Values.postgresql.enabled -}}
+ {{- print .Values.postgresql.service.ports.postgresql -}}
+{{- else -}}
+ {{- print .Values.externalDatabase.port -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the PostgreSQL Secret Name
+*/}}
+{{- define "supabase.database.secretName" -}}
+{{- if .Values.postgresql.enabled -}}
+ {{- if .Values.postgresql.auth.existingSecret -}}
+ {{- print .Values.postgresql.auth.existingSecret -}}
+ {{- else -}}
+ {{- print (include "supabase.database.fullname" .) -}}
+ {{- end -}}
+{{- else if .Values.externalDatabase.existingSecret -}}
+ {{- print .Values.externalDatabase.existingSecret -}}
+{{- else -}}
+ {{- printf "%s-%s" (include "common.names.fullname" .) "externaldb" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the PostgreSQL Database Name
+*/}}
+{{- define "supabase.database.name" -}}
+{{- if .Values.postgresql.enabled -}}
+ {{/*
+ In the supabase-postgres container the database is hardcoded to postgres following
+ what's done in upstream
+ */}}
+ {{- print "postgres" -}}
+{{- else -}}
+ {{- print .Values.externalDatabase.database -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the PostgreSQL User
+*/}}
+{{- define "supabase.database.user" -}}
+{{/* The supabase-postgres container creates a hardcoded supabase_admin user.
+ This is because we are using the upstream migration scripts */}}
+{{- if .Values.postgresql.enabled }}
+ {{- print "supabase_admin" -}}
+{{- else -}}
+ {{- print .Values.externalDatabase.user -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "supabase.waitForDBInitContainer" -}}
+# We need to wait for the postgresql database to be ready in order to start with Supabase.
+# As it is a ReplicaSet, we need that all nodes are configured in order to start with
+# the application or race conditions can occur
+- name: wait-for-db
+ image: {{ template "supabase.psql.image" . }}
+ imagePullPolicy: {{ .Values.psqlImage.pullPolicy }}
+ {{- if .Values.auth.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.auth.containerSecurityContext "enabled" | toYaml | nindent 4 }}
+ {{- end }}
+ command:
+ - bash
+ - -ec
+ - |
+ #!/bin/bash
+
+ set -o errexit
+ set -o nounset
+ set -o pipefail
+
+ . /opt/bitnami/scripts/liblog.sh
+ . /opt/bitnami/scripts/libvalidations.sh
+ . /opt/bitnami/scripts/libpostgresql.sh
+ . /opt/bitnami/scripts/postgresql-env.sh
+
+ info "Waiting for host $DATABASE_HOST"
+ psql_is_ready() {
+ if ! PGCONNECT_TIMEOUT="5" PGPASSWORD="$DATABASE_PASSWORD" psql -U "$DATABASE_USER" -d "$DATABASE_NAME" -h "$DATABASE_HOST" -p "$DATABASE_PORT_NUMBER" -c "SELECT 1"; then
+ return 1
+ fi
+ return 0
+ }
+ if ! retry_while "debug_execute psql_is_ready"; then
+ error "Database not ready"
+ exit 1
+ fi
+ info "Database is ready"
+ env:
+ - name: BITNAMI_DEBUG
+ value: {{ ternary "true" "false" (or .Values.psqlImage.debug .Values.diagnosticMode.enabled) | quote }}
+ - name: DATABASE_HOST
+ value: {{ include "supabase.database.host" . | quote }}
+ - name: DATABASE_PORT_NUMBER
+ value: {{ include "supabase.database.port" . | quote }}
+ - name: DATABASE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "supabase.database.secretName" . }}
+ key: {{ include "supabase.database.passwordKey" . }}
+ - name: DATABASE_USER
+ value: {{ include "supabase.database.user" . | quote }}
+ - name: DATABASE_NAME
+ value: {{ include "supabase.database.name" . | quote }}
+{{- end -}}
+
+{{/*
+Retrieve key of the postgresql secret
+*/}}
+{{- define "supabase.database.passwordKey" -}}
+{{- if .Values.postgresql.enabled -}}
+ {{- print "postgres-password" -}}
+{{- else -}}
+ {{- if .Values.externalDatabase.existingSecret -}}
+ {{- if .Values.externalDatabase.existingSecretPasswordKey -}}
+ {{- printf "%s" .Values.externalDatabase.existingSecretPasswordKey -}}
+ {{- else -}}
+ {{- print "postgres-password" -}}
+ {{- end -}}
+ {{- else -}}
+ {{- print "postgres-password" -}}
+ {{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message.
+*/}}
+{{- define "supabase.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "supabase.validateValues.postgresql" .) -}}
+{{- $messages := append $messages (include "supabase.validateValues.secret" .) -}}
+{{- $messages := append $messages (include "supabase.validateValues.services" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{- printf "\nVALUES VALIDATION:\n%s" $message -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Validate values of Supabase - postgresql */}}
+{{- define "supabase.validateValues.postgresql" -}}
+{{- if and .Values.postgresql.enabled .Values.externalDatabase.host -}}
+supabase: postgresql
+ You can only use one database.
+ Please choose installing a postgresql chart (--set postgresql.enabled=true) or
+ using an external database (--set externalDatabase.host)
+{{- end -}}
+{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.host) -}}
+supabase: Nopostgresql
+ You did not set any database.
+ Please choose installing a postgresql chart (--set postgresql.enabled=true) or
+ using an external instance (--set externalDatabase.hosts)
+{{- end -}}
+{{- end -}}
+
+{{/* Validate values of Supabase - postgresql */}}
+{{- define "supabase.validateValues.secret" -}}
+{{- if and (or .Values.jwt.anonKey .Values.jwt.serviceKey) (not .Values.jwt.secret) -}}
+supabase: JWT Secret
+ You configured the JWT keys but did not set a secret. Please set a secret (--set jwt.secret)
+{{- end -}}
+{{- end -}}
+
+{{/* Validate values of Supabase - postgresql */}}
+{{- define "supabase.validateValues.services" -}}
+{{- if not (or .Values.auth.enabled .Values.meta.enabled .Values.realtime.enabled .Values.rest.enabled .Values.storage.enabled .Values.studio.enabled) -}}
+supabase: Services
+ You did not deploy any of the Supabase services. Please enable at least one service (auth, meta, realtime, rest, storage, studio)
+{{- end -}}
+{{- end -}}
diff --git a/bitnami/supabase/templates/auth/default-configmap.yaml b/bitnami/supabase/templates/auth/default-configmap.yaml
new file mode 100644
index 0000000000..64225d3765
--- /dev/null
+++ b/bitnami/supabase/templates/auth/default-configmap.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.auth.enabled (not .Values.auth.existingConfigmap) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-default" (include "supabase.auth.fullname" .) | trunc 63 | trimSuffix "-" }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: auth
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data: {{- include "common.tplvalues.render" (dict "value" .Values.auth.defaultConfig "context" $) | nindent 2 }}
+{{- end }}
diff --git a/bitnami/supabase/templates/auth/deployment.yaml b/bitnami/supabase/templates/auth/deployment.yaml
new file mode 100644
index 0000000000..6f44dbdc6c
--- /dev/null
+++ b/bitnami/supabase/templates/auth/deployment.yaml
@@ -0,0 +1,193 @@
+{{- if .Values.auth.enabled }}
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+ name: {{ template "supabase.auth.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: auth
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.auth.replicaCount }}
+ {{- if .Values.auth.updateStrategy }}
+ strategy: {{- toYaml .Values.auth.updateStrategy | nindent 4 }}
+ {{- end }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+ app.kubernetes.io/component: auth
+ template:
+ metadata:
+ annotations:
+ {{- if .Values.auth.podAnnotations }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.auth.podAnnotations "context" $) | nindent 8 }}
+ {{- end }}
+ checksum/default-configmap: {{ include (print $.Template.BasePath "/auth/default-configmap.yaml") . | sha256sum }}
+ {{- if .Values.auth.extraConfig }}
+ checksum/extra-configmap: {{ include (print $.Template.BasePath "/auth/extra-configmap.yaml") . | sha256sum }}
+ {{- end }}
+ checksum/jwt-secret: {{ include (print $.Template.BasePath "/jwt-secret.yaml") . | sha256sum }}
+ labels: {{- include "common.labels.standard" . | nindent 8 }}
+ app.kubernetes.io/component: auth
+ {{- if .Values.auth.podLabels }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.auth.podLabels "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }}
+ {{- end }}
+ spec:
+ serviceAccountName: {{ template "supabase.serviceAccountName" . }}
+ {{- include "supabase.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.auth.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.auth.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.auth.affinity }}
+ affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.auth.affinity "context" $) | nindent 8 }}
+ {{- else }}
+ affinity:
+ podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.auth.podAffinityPreset "component" "auth" "context" $) | nindent 10 }}
+ podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.auth.podAntiAffinityPreset "component" "auth" "context" $) | nindent 10 }}
+ nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.auth.nodeAffinityPreset.type "key" .Values.auth.nodeAffinityPreset.key "values" .Values.auth.nodeAffinityPreset.values) | nindent 10 }}
+ {{- end }}
+ {{- if .Values.auth.nodeSelector }}
+ nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.auth.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.auth.tolerations }}
+ tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.auth.tolerations "context" .) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.auth.priorityClassName }}
+ priorityClassName: {{ .Values.auth.priorityClassName | quote }}
+ {{- end }}
+ {{- if .Values.auth.schedulerName }}
+ schedulerName: {{ .Values.auth.schedulerName | quote }}
+ {{- end }}
+ {{- if .Values.auth.topologySpreadConstraints }}
+ topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.auth.topologySpreadConstraints "context" .) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.auth.podSecurityContext.enabled }}
+ securityContext: {{- omit .Values.auth.podSecurityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ {{- if .Values.auth.terminationGracePeriodSeconds }}
+ terminationGracePeriodSeconds: {{ .Values.auth.terminationGracePeriodSeconds }}
+ {{- end }}
+ initContainers:
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- include "supabase.waitForDBInitContainer" . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.auth.initContainers }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.auth.initContainers "context" $) | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: gotrue
+ image: {{ template "supabase.auth.image" . }}
+ imagePullPolicy: {{ .Values.auth.image.pullPolicy }}
+ {{- if .Values.auth.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.auth.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+ {{- else if .Values.auth.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.auth.command "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+ {{- else if .Values.auth.args }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.auth.args "context" $) | nindent 12 }}
+ {{- end }}
+ env:
+ - name: DB_USER
+ value: {{ include "supabase.database.user" . | quote }}
+ - name: DB_HOST
+ value: {{ include "supabase.database.host" . | quote }}
+ - name: DB_PORT
+ value: {{ include "supabase.database.port" . | quote }}
+ - name: DB_NAME
+ value: {{ include "supabase.database.name" . | quote }}
+ - name: DB_SSL
+ value: {{ .Values.dbSSL | quote }}
+ - name: DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "supabase.database.secretName" . }}
+ key: {{ include "supabase.database.passwordKey" . | quote }}
+ - name: GOTRUE_DB_DATABASE_URL
+ value: "postgresql://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?search_path=auth&sslmode=$(DB_SSL)"
+ - name: GOTRUE_JWT_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "supabase.jwt.secretName" . }}
+ key: {{ include "supabase.jwt.secretKey" . }}
+ - name: GOTRUE_OPERATOR_TOKEN
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "supabase.jwt.secretName" . }}
+ key: {{ include "supabase.jwt.secretKey" . }}
+ {{- if .Values.auth.extraEnvVars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.auth.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "supabase.auth.defaultConfigmapName" . }}
+ {{- if .Values.auth.extraConfigExistingConfigmap }}
+ - configMapRef:
+ name: {{ include "supabase.auth.extraConfigmapName" . }}
+ {{- end }}
+ {{- if .Values.auth.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ include "common.tplvalues.render" (dict "value" .Values.auth.extraEnvVarsCM "context" $) }}
+ {{- end }}
+ {{- if .Values.auth.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ include "common.tplvalues.render" (dict "value" .Values.auth.extraEnvVarsSecret "context" $) }}
+ {{- end }}
+ {{- if .Values.auth.resources }}
+ resources: {{- toYaml .Values.auth.resources | nindent 12 }}
+ {{- end }}
+ ports:
+ - name: http
+ containerPort: {{ .Values.auth.containerPorts.http }}
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.auth.customLivenessProbe }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.auth.customLivenessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.auth.livenessProbe.enabled }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.auth.livenessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /health
+ port: http
+ {{- end }}
+ {{- if .Values.auth.customReadinessProbe }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.auth.customReadinessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.auth.readinessProbe.enabled }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.auth.readinessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /health
+ port: http
+ {{- end }}
+ {{- if .Values.auth.customStartupProbe }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.auth.customStartupProbe "context" $) | nindent 12 }}
+ {{- else if .Values.auth.startupProbe.enabled }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.auth.startupProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /health
+ port: http
+ {{- end }}
+ {{- end }}
+ {{- if .Values.auth.lifecycleHooks }}
+ lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.auth.lifecycleHooks "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.auth.extraVolumeMounts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.auth.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.auth.sidecars }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.auth.sidecars "context" $) | nindent 8 }}
+ {{- end }}
+ volumes:
+ {{- if .Values.auth.extraVolumes }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.auth.extraVolumes "context" $) | nindent 8 }}
+ {{- end }}
+{{- end }}
diff --git a/bitnami/supabase/templates/auth/extra-configmap.yaml b/bitnami/supabase/templates/auth/extra-configmap.yaml
new file mode 100644
index 0000000000..a793b5ac6a
--- /dev/null
+++ b/bitnami/supabase/templates/auth/extra-configmap.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.auth.enabled .Values.auth.extraConfig (not .Values.auth.extraConfigExistingConfigmap) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-extra" (include "supabase.auth.fullname" .) | trunc 63 | trimSuffix "-" }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: auth
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data: {{- include "common.tplvalues.render" (dict "value" .Values.auth.extraConfig "context" $) | nindent 2 }}
+{{- end }}
diff --git a/bitnami/supabase/templates/auth/service.yaml b/bitnami/supabase/templates/auth/service.yaml
new file mode 100644
index 0000000000..665a63c770
--- /dev/null
+++ b/bitnami/supabase/templates/auth/service.yaml
@@ -0,0 +1,55 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "supabase.auth.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: auth
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.auth.service.annotations .Values.commonAnnotations }}
+ annotations:
+ {{- if .Values.auth.service.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.auth.service.annotations "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ type: {{ .Values.auth.service.type }}
+ {{- if and .Values.auth.service.clusterIP (eq .Values.auth.service.type "ClusterIP") }}
+ clusterIP: {{ .Values.auth.service.clusterIP }}
+ {{- end }}
+ {{- if .Values.auth.service.sessionAffinity }}
+ sessionAffinity: {{ .Values.auth.service.sessionAffinity }}
+ {{- end }}
+ {{- if .Values.auth.service.sessionAffinityConfig }}
+ sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.auth.service.sessionAffinityConfig "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if or (eq .Values.auth.service.type "LoadBalancer") (eq .Values.auth.service.type "NodePort") }}
+ externalTrafficPolicy: {{ .Values.auth.service.externalTrafficPolicy | quote }}
+ {{- end }}
+ {{- if and (eq .Values.auth.service.type "LoadBalancer") (not (empty .Values.auth.service.loadBalancerSourceRanges)) }}
+ loadBalancerSourceRanges: {{ .Values.auth.service.loadBalancerSourceRanges }}
+ {{- end }}
+ {{- if and (eq .Values.auth.service.type "LoadBalancer") (not (empty .Values.auth.service.loadBalancerIP)) }}
+ loadBalancerIP: {{ .Values.auth.service.loadBalancerIP }}
+ {{- end }}
+ ports:
+ - name: http
+ port: {{ .Values.auth.service.ports.http }}
+ targetPort: http
+ protocol: TCP
+ {{- if and (or (eq .Values.auth.service.type "NodePort") (eq .Values.auth.service.type "LoadBalancer")) (not (empty .Values.auth.service.nodePorts.http)) }}
+ nodePort: {{ .Values.auth.service.nodePorts.http }}
+ {{- else if eq .Values.auth.service.type "ClusterIP" }}
+ nodePort: null
+ {{- end }}
+ {{- if .Values.auth.service.extraPorts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.auth.service.extraPorts "context" $) | nindent 4 }}
+ {{- end }}
+ selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
+ app.kubernetes.io/component: auth
diff --git a/bitnami/supabase/templates/externaldb-secrets.yaml b/bitnami/supabase/templates/externaldb-secrets.yaml
new file mode 100644
index 0000000000..3869ea708e
--- /dev/null
+++ b/bitnami/supabase/templates/externaldb-secrets.yaml
@@ -0,0 +1,18 @@
+{{- if not .Values.postgresql.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ printf "%s-externaldb" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+type: Opaque
+data:
+ db-password: {{ .Values.externalDatabase.password | b64enc | quote }}
+{{- end }}
diff --git a/bitnami/supabase/templates/extra-list.yaml b/bitnami/supabase/templates/extra-list.yaml
new file mode 100644
index 0000000000..9ac65f9e16
--- /dev/null
+++ b/bitnami/supabase/templates/extra-list.yaml
@@ -0,0 +1,4 @@
+{{- range .Values.extraDeploy }}
+---
+{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
+{{- end }}
diff --git a/bitnami/supabase/templates/jwt-init-job.yaml b/bitnami/supabase/templates/jwt-init-job.yaml
new file mode 100644
index 0000000000..8e13f68266
--- /dev/null
+++ b/bitnami/supabase/templates/jwt-init-job.yaml
@@ -0,0 +1,150 @@
+{{- if (include "supabase.createInitJob" .) }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.names.fullname" . }}-jwt-init
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.jwt.autoGenerate.annotations "context" $ ) | nindent 4 }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ backoffLimit: {{ .Values.jwt.autoGenerate.backoffLimit }}
+ template:
+ metadata:
+ labels: {{- include "common.labels.standard" . | nindent 8 }}
+ app.kubernetes.io/component: init
+ {{- if .Values.jwt.autoGenerate.podLabels }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.jwt.autoGenerate.podLabels "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.jwt.autoGenerate.podAnnotations }}
+ annotations: {{- include "common.tplvalues.render" (dict "value" .Values.jwt.autoGenerate.podAnnotations "context" $) | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- include "supabase.imagePullSecrets" . | nindent 6 }}
+ serviceAccountName: {{ template "supabase.serviceAccountName" . }}
+ restartPolicy: OnFailure
+ {{- if .Values.jwt.autoGenerate.podSecurityContext.enabled }}
+ securityContext: {{- omit .Values.jwt.autoGenerate.podSecurityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ {{- if .Values.jwt.autoGenerate.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.jwt.autoGenerate.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ initContainers:
+ - name: create-jwt-token
+ image: {{ template "supabase.jwt-cli.image" . }}
+ imagePullPolicy: {{ .Values.jwt.autoGenerate.image.pullPolicy }}
+ command:
+ - /bin/bash
+ - -ec
+ args:
+ - |
+ #!/bin/bash
+ echo "Generating JWT token"
+ # Taken from https://supabase.com/docs/guides/self-hosting#api-keys
+ {{- if not .Values.jwt.anonKey }}
+ ANON_KEY="$(jwt encode --secret=$SECRET '{"role":"anon","iss":"supabase","iat":1676934000,"exp":1834700400}')"
+ {{- end }}
+ {{- if not .Values.jwt.serviceKey }}
+ SERVICE_KEY="$(jwt encode --secret=$SECRET '{"role":"service_role","iss":"supabase","iat":1676934000,"exp":1834700400}')"
+ {{- end }}
+ echo "Writing JWT token to file"
+ echo -n "$SECRET" > /bitnami/supabase/secrets/secret
+ echo -n "$ANON_KEY" > /bitnami/supabase/secrets/anon-key
+ echo -n "$SERVICE_KEY" > /bitnami/supabase/secrets/service-key
+ env:
+ - name: SECRET
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "supabase.jwt.secretName" . }}
+ key: secret
+ {{- if .Values.jwt.anonKey }}
+ - name: ANON_KEY
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "supabase.jwt.secretName" . }}
+ key: secret
+ {{- end }}
+ {{- if .Values.jwt.serviceKey }}
+ - name: SERVICE_KEY
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "supabase.jwt.secretName" . }}
+ key: secret
+ {{- end }}
+ {{- if .Values.jwt.autoGenerate.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.jwt.autoGenerate.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if or .Values.jwt.autoGenerate.extraEnvVarsCM .Values.jwt.autoGenerate.extraEnvVarsSecret }}
+ envFrom:
+ {{- if .Values.jwt.autoGenerate.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ .Values.jwt.autoGenerate.extraEnvVarsCM }}
+ {{- end }}
+ {{- if .Values.jwt.autoGenerate.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ .Values.jwt.autoGenerate.extraEnvVarsSecret }}
+ {{- end }}
+ {{- end }}
+ volumeMounts:
+ - name: secret-files
+ mountPath: /bitnami/supabase/secrets
+ {{- if .Values.jwt.autoGenerate.extraVolumeMounts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.jwt.autoGenerate.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.jwt.autoGenerate.resources }}
+ resources: {{- toYaml .Values.jwt.autoGenerate.resources | nindent 12 }}
+ {{- end }}
+ containers:
+ - name: create-update-secret
+ image: {{ template "supabase.kubectl.image" . }}
+ imagePullPolicy: {{ .Values.jwt.autoGenerate.kubectlImage.pullPolicy }}
+ command:
+ - /bin/bash
+ - -ec
+ args:
+ - |
+ #!/bin/bash
+ set -o errexit
+ set -o nounset
+ set -o pipefail
+ echo "Creating secret"
+ kubectl create secret --namespace={{ include "common.names.namespace" . }} generic {{ include "supabase.jwt.secretName" . }} --from-file=/bitnami/supabase/secrets/secret --from-file=/bitnami/supabase/secrets/anon-key --from-file=/bitnami/supabase/secrets/service-key --dry-run -o yaml | kubectl apply -f -
+ {{- if .Values.jwt.autoGenerate.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.jwt.autoGenerate.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if or .Values.jwt.autoGenerate.extraEnvVarsCM .Values.jwt.autoGenerate.extraEnvVarsSecret }}
+ envFrom:
+ {{- if .Values.jwt.autoGenerate.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ .Values.jwt.autoGenerate.extraEnvVarsCM }}
+ {{- end }}
+ {{- if .Values.jwt.autoGenerate.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ .Values.jwt.autoGenerate.extraEnvVarsSecret }}
+ {{- end }}
+ {{- end }}
+ volumeMounts:
+ - name: secret-files
+ mountPath: /bitnami/supabase/secrets
+ {{- if .Values.jwt.autoGenerate.extraVolumeMounts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.jwt.autoGenerate.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.jwt.autoGenerate.resources }}
+ resources: {{- toYaml .Values.jwt.autoGenerate.resources | nindent 12 }}
+ {{- end }}
+ volumes:
+ - name: secret-files
+ emptyDir: {}
+ {{- if .Values.extraVolumes }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.jwt.autoGenerate.extraVolumes "context" $) | nindent 6 }}
+ {{- end }}
+{{- end }}
diff --git a/bitnami/supabase/templates/jwt-rbac.yaml b/bitnami/supabase/templates/jwt-rbac.yaml
new file mode 100644
index 0000000000..72c95384d7
--- /dev/null
+++ b/bitnami/supabase/templates/jwt-rbac.yaml
@@ -0,0 +1,52 @@
+{{- if and (include "supabase.createInitJob" .) .Values.rbac.create -}}
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+kind: Role
+metadata:
+ name: {{ printf "%s-jwt-init" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+rules:
+ - apiGroups:
+ - ''
+ resources:
+ - secrets
+ resourceNames:
+ - {{ include "supabase.jwt.secretName" . | quote }}
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+---
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+kind: RoleBinding
+metadata:
+ name: {{ printf "%s-jwt-init" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "supabase.serviceAccountName" . }}
+ namespace: {{ include "common.names.namespace" . }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ printf "%s-jwt-init" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
+{{- end }}
diff --git a/bitnami/supabase/templates/jwt-secret.yaml b/bitnami/supabase/templates/jwt-secret.yaml
new file mode 100644
index 0000000000..218625ec3d
--- /dev/null
+++ b/bitnami/supabase/templates/jwt-secret.yaml
@@ -0,0 +1,24 @@
+{{- if (not .Values.global.jwt.existingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "supabase.jwt.secretName" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+type: Opaque
+data:
+ secret: {{ include "common.secrets.passwords.manage" (dict "secret" (include "supabase.jwt.secretName" .) "key" "secret" "providedValues" (list "jwt.secret") "length" 42 "context" $) }}
+ {{- if or .Values.jwt.anonKey .Release.IsUpgrade }}
+ anon-key: {{ include "common.secrets.passwords.manage" (dict "secret" (include "supabase.jwt.secretName" .) "key" "anon-key" "providedValues" (list "jwt.anonKey") "context" $) }}
+ {{- end }}
+ {{- if or .Values.jwt.serviceKey .Release.IsUpgrade }}
+ service-key: {{ include "common.secrets.passwords.manage" (dict "secret" (include "supabase.jwt.secretName" .) "key" "service-key" "providedValues" (list "jwt.serviceKey") "context" $) }}
+ {{- end }}
+{{- end }}
diff --git a/bitnami/supabase/templates/kong/declarative-conf-configmap.yaml b/bitnami/supabase/templates/kong/declarative-conf-configmap.yaml
new file mode 100644
index 0000000000..d4ed09b110
--- /dev/null
+++ b/bitnami/supabase/templates/kong/declarative-conf-configmap.yaml
@@ -0,0 +1,152 @@
+{{- if and .Values.kong.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ {{/* Using .Release.Name because the configmap is used by the Kong subchart */}}
+ name: {{ printf "%s-kong-declarative-config" .Release.Name | trunc 63 | trimSuffix "-" }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: kong
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data:
+ kong.yml.tpl: |
+ _format_version: "1.1"
+
+ consumers:
+ - username: anon
+ keyauth_credentials:
+ - key: {{ print "{{SUPABASE_ANON_KEY}}" }}
+ - username: service_role
+ keyauth_credentials:
+ - key: {{ print "{{SUPABASE_SERVICE_KEY}}" }}
+
+ acls:
+ - consumer: anon
+ group: anon
+ - consumer: service_role
+ group: admin
+
+ services:
+ - name: auth-v1-open
+ url: http://{{ include "supabase.auth.fullname" . }}:{{ .Values.auth.service.ports.http }}/verify
+ routes:
+ - name: auth-v1-open
+ strip_path: true
+ paths:
+ - /auth/v1/verify
+ plugins:
+ - name: cors
+ - name: auth-v1-open-callback
+ url: http://{{ include "supabase.auth.fullname" . }}:{{ .Values.auth.service.ports.http }}/callback
+ routes:
+ - name: auth-v1-open-callback
+ strip_path: true
+ paths:
+ - /auth/v1/callback
+ plugins:
+ - name: cors
+ - name: auth-v1-open-authorize
+ url: http://{{ include "supabase.auth.fullname" . }}:{{ .Values.auth.service.ports.http }}/authorize
+ routes:
+ - name: auth-v1-open-authorize
+ strip_path: true
+ paths:
+ - /auth/v1/authorize
+ plugins:
+ - name: cors
+
+ - name: auth-v1
+ _comment: "GoTrue: /auth/v1/* -> http://{{ include "supabase.auth.fullname" . }}:{{ .Values.auth.service.ports.http }}/*"
+ url: http://{{ include "supabase.auth.fullname" . }}:{{ .Values.auth.service.ports.http }}
+ routes:
+ - name: auth-v1-all
+ strip_path: true
+ paths:
+ - /auth/v1/
+ plugins:
+ - name: cors
+ - name: key-auth
+ config:
+ hide_credentials: false
+ - name: acl
+ config:
+ hide_groups_header: true
+ allow:
+ - admin
+ - anon
+
+ - name: rest-v1
+ _comment: "PostgREST: /rest/v1/* -> http://{{ include "supabase.rest.fullname" . }}:{{ .Values.rest.service.ports.http }}/*"
+ url: http://{{ include "supabase.rest.fullname" . }}:{{ .Values.rest.service.ports.http }}/
+ routes:
+ - name: rest-v1-all
+ strip_path: true
+ paths:
+ - /rest/v1/
+ plugins:
+ - name: cors
+ - name: key-auth
+ config:
+ hide_credentials: true
+ - name: acl
+ config:
+ hide_groups_header: true
+ allow:
+ - admin
+ - anon
+
+ - name: realtime-v1
+ _comment: "Realtime: /realtime/v1/* -> ws://{{ include "supabase.realtime.fullname" . }}:{{ .Values.realtime.service.ports.http }}/socket/*"
+ url: http://{{ include "supabase.realtime.fullname" . }}:{{ .Values.realtime.service.ports.http }}/socket
+ routes:
+ - name: realtime-v1-all
+ strip_path: true
+ paths:
+ - /realtime/v1/
+ plugins:
+ - name: cors
+ - name: key-auth
+ config:
+ hide_credentials: false
+ - name: acl
+ config:
+ hide_groups_header: true
+ allow:
+ - admin
+ - anon
+
+ - name: storage-v1
+ _comment: "Storage: /storage/v1/* -> http://{{ include "supabase.storage.fullname" . }}:{{ .Values.storage.service.ports.http }}/*"
+ url: http://{{ include "supabase.storage.fullname" . }}:{{ .Values.storage.service.ports.http }}/
+ routes:
+ - name: storage-v1-all
+ strip_path: true
+ paths:
+ - /storage/v1/
+ plugins:
+ - name: cors
+
+ - name: meta
+ _comment: "pg-meta: /pg/* -> http://{{ include "supabase.meta.fullname" . }}:{{ .Values.meta.service.ports.http }}/*"
+ url: http://{{ include "supabase.meta.fullname" . }}:{{ .Values.meta.service.ports.http }}/
+ routes:
+ - name: meta-all
+ strip_path: true
+ paths:
+ - /pg/
+ plugins:
+ - name: key-auth
+ config:
+ hide_credentials: false
+ - name: acl
+ config:
+ hide_groups_header: true
+ allow:
+ - admin
+{{- end }}
diff --git a/bitnami/supabase/templates/meta/default-configmap.yaml b/bitnami/supabase/templates/meta/default-configmap.yaml
new file mode 100644
index 0000000000..7a1f275e83
--- /dev/null
+++ b/bitnami/supabase/templates/meta/default-configmap.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.meta.enabled (not .Values.meta.existingConfigmap) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-default" (include "supabase.meta.fullname" .) | trunc 63 | trimSuffix "-" }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: meta
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data: {{- include "common.tplvalues.render" (dict "value" .Values.meta.defaultConfig "context" $) | nindent 2 }}
+{{- end }}
diff --git a/bitnami/supabase/templates/meta/deployment.yaml b/bitnami/supabase/templates/meta/deployment.yaml
new file mode 100644
index 0000000000..cce09ed1ce
--- /dev/null
+++ b/bitnami/supabase/templates/meta/deployment.yaml
@@ -0,0 +1,172 @@
+{{- if .Values.meta.enabled }}
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+ name: {{ template "supabase.meta.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: meta
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.meta.replicaCount }}
+ {{- if .Values.meta.updateStrategy }}
+ strategy: {{- toYaml .Values.meta.updateStrategy | nindent 4 }}
+ {{- end }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+ app.kubernetes.io/component: meta
+ template:
+ metadata:
+ annotations:
+ {{- if .Values.meta.podAnnotations }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.meta.podAnnotations "context" $) | nindent 8 }}
+ {{- end }}
+ checksum/default-configmap: {{ include (print $.Template.BasePath "/meta/default-configmap.yaml") . | sha256sum }}
+ {{- if .Values.meta.extraConfig }}
+ checksum/extra-configmap: {{ include (print $.Template.BasePath "/meta/extra-configmap.yaml") . | sha256sum }}
+ {{- end }}
+ checksum/jwt-secret: {{ include (print $.Template.BasePath "/jwt-secret.yaml") . | sha256sum }}
+ labels: {{- include "common.labels.standard" . | nindent 8 }}
+ app.kubernetes.io/component: meta
+ {{- if .Values.meta.podLabels }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.meta.podLabels "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }}
+ {{- end }}
+ spec:
+ serviceAccountName: {{ template "supabase.serviceAccountName" . }}
+ {{- include "supabase.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.meta.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.meta.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.meta.affinity }}
+ affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.meta.affinity "context" $) | nindent 8 }}
+ {{- else }}
+ affinity:
+ podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.meta.podAffinityPreset "component" "meta" "context" $) | nindent 10 }}
+ podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.meta.podAntiAffinityPreset "component" "meta" "context" $) | nindent 10 }}
+ nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.meta.nodeAffinityPreset.type "key" .Values.meta.nodeAffinityPreset.key "values" .Values.meta.nodeAffinityPreset.values) | nindent 10 }}
+ {{- end }}
+ {{- if .Values.meta.nodeSelector }}
+ nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.meta.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.meta.tolerations }}
+ tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.meta.tolerations "context" .) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.meta.priorityClassName }}
+ priorityClassName: {{ .Values.meta.priorityClassName | quote }}
+ {{- end }}
+ {{- if .Values.meta.schedulerName }}
+ schedulerName: {{ .Values.meta.schedulerName | quote }}
+ {{- end }}
+ {{- if .Values.meta.topologySpreadConstraints }}
+ topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.meta.topologySpreadConstraints "context" .) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.meta.podSecurityContext.enabled }}
+ securityContext: {{- omit .Values.meta.podSecurityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ {{- if .Values.meta.terminationGracePeriodSeconds }}
+ terminationGracePeriodSeconds: {{ .Values.meta.terminationGracePeriodSeconds }}
+ {{- end }}
+ initContainers:
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- include "supabase.waitForDBInitContainer" . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.meta.initContainers }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.meta.initContainers "context" $) | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: supabase-postgres-meta
+ image: {{ template "supabase.meta.image" . }}
+ imagePullPolicy: {{ .Values.meta.image.pullPolicy }}
+ {{- if .Values.meta.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.meta.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+ {{- else if .Values.meta.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.meta.command "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+ {{- else if .Values.meta.args }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.meta.args "context" $) | nindent 12 }}
+ {{- end }}
+ env:
+ - name: PG_META_DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "supabase.database.secretName" . }}
+ key: {{ include "supabase.database.passwordKey" . | quote }}
+ {{- if .Values.meta.extraEnvVars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.meta.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "supabase.meta.defaultConfigmapName" . }}
+ {{- if .Values.meta.extraConfigExistingConfigmap }}
+ - configMapRef:
+ name: {{ include "supabase.meta.extraConfigmapName" . }}
+ {{- end }}
+ {{- if .Values.meta.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ include "common.tplvalues.render" (dict "value" .Values.meta.extraEnvVarsCM "context" $) }}
+ {{- end }}
+ {{- if .Values.meta.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ include "common.tplvalues.render" (dict "value" .Values.meta.extraEnvVarsSecret "context" $) }}
+ {{- end }}
+ {{- if .Values.meta.resources }}
+ resources: {{- toYaml .Values.meta.resources | nindent 12 }}
+ {{- end }}
+ ports:
+ - name: http
+ containerPort: {{ .Values.meta.containerPorts.http }}
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.meta.customLivenessProbe }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.meta.customLivenessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.meta.livenessProbe.enabled }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.meta.livenessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /health
+ port: http
+ {{- end }}
+ {{- if .Values.meta.customReadinessProbe }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.meta.customReadinessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.meta.readinessProbe.enabled }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.meta.readinessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /health
+ port: http
+ {{- end }}
+ {{- if .Values.meta.customStartupProbe }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.meta.customStartupProbe "context" $) | nindent 12 }}
+ {{- else if .Values.meta.startupProbe.enabled }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.meta.startupProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /health
+ port: http
+ {{- end }}
+ {{- end }}
+ {{- if .Values.meta.lifecycleHooks }}
+ lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.meta.lifecycleHooks "context" $) | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.meta.extraVolumeMounts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.meta.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.meta.sidecars }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.meta.sidecars "context" $) | nindent 8 }}
+ {{- end }}
+ volumes:
+ {{- if .Values.meta.extraVolumes }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.meta.extraVolumes "context" $) | nindent 8 }}
+ {{- end }}
+{{- end }}
diff --git a/bitnami/supabase/templates/meta/extra-configmap.yaml b/bitnami/supabase/templates/meta/extra-configmap.yaml
new file mode 100644
index 0000000000..c6dd52f8c2
--- /dev/null
+++ b/bitnami/supabase/templates/meta/extra-configmap.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.meta.enabled .Values.meta.extraConfig (not .Values.meta.extraConfigExistingConfigmap) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-extra" (include "supabase.meta.fullname" .) | trunc 63 | trimSuffix "-" }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: meta
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data: {{- include "common.tplvalues.render" (dict "value" .Values.meta.extraConfig "context" $) | nindent 2 }}
+{{- end }}
diff --git a/bitnami/supabase/templates/meta/service.yaml b/bitnami/supabase/templates/meta/service.yaml
new file mode 100644
index 0000000000..be0c4ca0f6
--- /dev/null
+++ b/bitnami/supabase/templates/meta/service.yaml
@@ -0,0 +1,55 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "supabase.meta.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: meta
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.meta.service.annotations .Values.commonAnnotations }}
+ annotations:
+ {{- if .Values.meta.service.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.meta.service.annotations "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ type: {{ .Values.meta.service.type }}
+ {{- if and .Values.meta.service.clusterIP (eq .Values.meta.service.type "ClusterIP") }}
+ clusterIP: {{ .Values.meta.service.clusterIP }}
+ {{- end }}
+ {{- if .Values.meta.service.sessionAffinity }}
+ sessionAffinity: {{ .Values.meta.service.sessionAffinity }}
+ {{- end }}
+ {{- if .Values.meta.service.sessionAffinityConfig }}
+ sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.meta.service.sessionAffinityConfig "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if or (eq .Values.meta.service.type "LoadBalancer") (eq .Values.meta.service.type "NodePort") }}
+ externalTrafficPolicy: {{ .Values.meta.service.externalTrafficPolicy | quote }}
+ {{- end }}
+ {{- if and (eq .Values.meta.service.type "LoadBalancer") (not (empty .Values.meta.service.loadBalancerSourceRanges)) }}
+ loadBalancerSourceRanges: {{ .Values.meta.service.loadBalancerSourceRanges }}
+ {{- end }}
+ {{- if and (eq .Values.meta.service.type "LoadBalancer") (not (empty .Values.meta.service.loadBalancerIP)) }}
+ loadBalancerIP: {{ .Values.meta.service.loadBalancerIP }}
+ {{- end }}
+ ports:
+ - name: http
+ port: {{ .Values.meta.service.ports.http }}
+ targetPort: http
+ protocol: TCP
+ {{- if and (or (eq .Values.meta.service.type "NodePort") (eq .Values.meta.service.type "LoadBalancer")) (not (empty .Values.meta.service.nodePorts.http)) }}
+ nodePort: {{ .Values.meta.service.nodePorts.http }}
+ {{- else if eq .Values.meta.service.type "ClusterIP" }}
+ nodePort: null
+ {{- end }}
+ {{- if .Values.meta.service.extraPorts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.meta.service.extraPorts "context" $) | nindent 4 }}
+ {{- end }}
+ selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
+ app.kubernetes.io/component: meta
diff --git a/bitnami/supabase/templates/realtime/default-configmap.yaml b/bitnami/supabase/templates/realtime/default-configmap.yaml
new file mode 100644
index 0000000000..b86297a90c
--- /dev/null
+++ b/bitnami/supabase/templates/realtime/default-configmap.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.realtime.enabled (not .Values.realtime.existingConfigmap) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-default" (include "supabase.realtime.fullname" .) | trunc 63 | trimSuffix "-" }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: realtime
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data: {{- include "common.tplvalues.render" (dict "value" .Values.realtime.defaultConfig "context" $) | nindent 2 }}
+{{- end }}
diff --git a/bitnami/supabase/templates/realtime/deployment.yaml b/bitnami/supabase/templates/realtime/deployment.yaml
new file mode 100644
index 0000000000..d91dafac73
--- /dev/null
+++ b/bitnami/supabase/templates/realtime/deployment.yaml
@@ -0,0 +1,191 @@
+{{- if .Values.realtime.enabled }}
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+ name: {{ template "supabase.realtime.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: realtime
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.realtime.replicaCount }}
+ {{- if .Values.realtime.updateStrategy }}
+ strategy: {{- toYaml .Values.realtime.updateStrategy | nindent 4 }}
+ {{- end }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+ app.kubernetes.io/component: realtime
+ template:
+ metadata:
+ annotations:
+ {{- if .Values.realtime.podAnnotations }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.realtime.podAnnotations "context" $) | nindent 8 }}
+ {{- end }}
+ checksum/default-configmap: {{ include (print $.Template.BasePath "/realtime/default-configmap.yaml") . | sha256sum }}
+ {{- if .Values.realtime.extraConfig }}
+ checksum/extra-configmap: {{ include (print $.Template.BasePath "/realtime/extra-configmap.yaml") . | sha256sum }}
+ {{- end }}
+ checksum/jwt-secret: {{ include (print $.Template.BasePath "/jwt-secret.yaml") . | sha256sum }}
+ checksum/secret: {{ include (print $.Template.BasePath "/realtime/secret.yaml") . | sha256sum }}
+ labels: {{- include "common.labels.standard" . | nindent 8 }}
+ app.kubernetes.io/component: realtime
+ {{- if .Values.realtime.podLabels }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.realtime.podLabels "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }}
+ {{- end }}
+ spec:
+ serviceAccountName: {{ template "supabase.serviceAccountName" . }}
+ {{- include "supabase.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.realtime.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.realtime.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.realtime.affinity }}
+ affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.realtime.affinity "context" $) | nindent 8 }}
+ {{- else }}
+ affinity:
+ podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.realtime.podAffinityPreset "component" "realtime" "context" $) | nindent 10 }}
+ podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.realtime.podAntiAffinityPreset "component" "realtime" "context" $) | nindent 10 }}
+ nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.realtime.nodeAffinityPreset.type "key" .Values.realtime.nodeAffinityPreset.key "values" .Values.realtime.nodeAffinityPreset.values) | nindent 10 }}
+ {{- end }}
+ {{- if .Values.realtime.nodeSelector }}
+ nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.realtime.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.realtime.tolerations }}
+ tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.realtime.tolerations "context" .) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.realtime.priorityClassName }}
+ priorityClassName: {{ .Values.realtime.priorityClassName | quote }}
+ {{- end }}
+ {{- if .Values.realtime.schedulerName }}
+ schedulerName: {{ .Values.realtime.schedulerName | quote }}
+ {{- end }}
+ {{- if .Values.realtime.topologySpreadConstraints }}
+ topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.realtime.topologySpreadConstraints "context" .) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.realtime.podSecurityContext.enabled }}
+ securityContext: {{- omit .Values.realtime.podSecurityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ {{- if .Values.realtime.terminationGracePeriodSeconds }}
+ terminationGracePeriodSeconds: {{ .Values.realtime.terminationGracePeriodSeconds }}
+ {{- end }}
+ initContainers:
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- include "supabase.waitForDBInitContainer" . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.realtime.initContainers }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.realtime.initContainers "context" $) | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: supabase-realtime
+ image: {{ template "supabase.realtime.image" . }}
+ imagePullPolicy: {{ .Values.realtime.image.pullPolicy }}
+ {{- if .Values.realtime.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.realtime.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+ {{- else if .Values.realtime.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.realtime.command "context" $) | nindent 12 }}
+ {{- else }}
+ command:
+ - /bin/bash
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+ {{- else if .Values.realtime.args }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.realtime.args "context" $) | nindent 12 }}
+ {{- else }}
+ args:
+ - -ec
+ - |
+ realtime eval Realtime.Release.migrate && realtime start
+ {{- end }}
+ env:
+ - name: DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "supabase.database.secretName" . | quote }}
+ key: {{ include "supabase.database.passwordKey" . | quote }}
+ - name: API_JWT_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "supabase.jwt.secretName" . | quote }}
+ key: {{ include "supabase.jwt.secretKey" . | quote }}
+ - name: SECRET_KEY_BASE
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "supabase.realtime.secretName" . | quote }}
+ key: {{ include "supabase.realtime.secretKey" . | quote }}
+ {{- if .Values.realtime.extraEnvVars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.realtime.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "supabase.realtime.defaultConfigmapName" . }}
+ {{- if .Values.realtime.extraConfigExistingConfigmap }}
+ - configMapRef:
+ name: {{ include "supabase.realtime.extraConfigmapName" . }}
+ {{- end }}
+ {{- if .Values.realtime.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ include "common.tplvalues.render" (dict "value" .Values.realtime.extraEnvVarsCM "context" $) }}
+ {{- end }}
+ {{- if .Values.realtime.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ include "common.tplvalues.render" (dict "value" .Values.realtime.extraEnvVarsSecret "context" $) }}
+ {{- end }}
+ {{- if .Values.realtime.resources }}
+ resources: {{- toYaml .Values.realtime.resources | nindent 12 }}
+ {{- end }}
+ ports:
+ - name: http
+ containerPort: {{ .Values.realtime.containerPorts.http }}
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.realtime.customLivenessProbe }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.realtime.customLivenessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.realtime.livenessProbe.enabled }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.realtime.livenessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /
+ port: http
+ {{- end }}
+ {{- if .Values.realtime.customReadinessProbe }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.realtime.customReadinessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.realtime.readinessProbe.enabled }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.realtime.readinessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /
+ port: http
+ {{- end }}
+ {{- if .Values.realtime.customStartupProbe }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.realtime.customStartupProbe "context" $) | nindent 12 }}
+ {{- else if .Values.realtime.startupProbe.enabled }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.realtime.startupProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /
+ port: http
+ {{- end }}
+ {{- end }}
+ {{- if .Values.realtime.lifecycleHooks }}
+ lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.realtime.lifecycleHooks "context" $) | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.realtime.extraVolumeMounts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.realtime.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.realtime.sidecars }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.realtime.sidecars "context" $) | nindent 8 }}
+ {{- end }}
+ volumes:
+ {{- if .Values.realtime.extraVolumes }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.realtime.extraVolumes "context" $) | nindent 8 }}
+ {{- end }}
+{{- end }}
diff --git a/bitnami/supabase/templates/realtime/extra-configmap.yaml b/bitnami/supabase/templates/realtime/extra-configmap.yaml
new file mode 100644
index 0000000000..714ae2dda9
--- /dev/null
+++ b/bitnami/supabase/templates/realtime/extra-configmap.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.realtime.enabled .Values.realtime.extraConfig (not .Values.realtime.extraConfigExistingConfigmap) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-extra" (include "supabase.realtime.fullname" .) | trunc 63 | trimSuffix "-" }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: realtime
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data: {{- include "common.tplvalues.render" (dict "value" .Values.realtime.extraConfig "context" $) | nindent 2 }}
+{{- end }}
diff --git a/bitnami/supabase/templates/realtime/secret.yaml b/bitnami/supabase/templates/realtime/secret.yaml
new file mode 100644
index 0000000000..c97c455ca8
--- /dev/null
+++ b/bitnami/supabase/templates/realtime/secret.yaml
@@ -0,0 +1,19 @@
+{{- if (not .Values.realtime.existingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "supabase.realtime.secretName" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: realtime
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+type: Opaque
+data:
+ key-base: {{ include "common.secrets.passwords.manage" (dict "secret" (include "supabase.realtime.secretName" .) "key" "key-base" "providedValues" (list "realtime.keyBase") "length" 64 "context" $) }}
+{{- end }}
diff --git a/bitnami/supabase/templates/realtime/service.yaml b/bitnami/supabase/templates/realtime/service.yaml
new file mode 100644
index 0000000000..c4fff0cfc5
--- /dev/null
+++ b/bitnami/supabase/templates/realtime/service.yaml
@@ -0,0 +1,55 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "supabase.realtime.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: realtime
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.realtime.service.annotations .Values.commonAnnotations }}
+ annotations:
+ {{- if .Values.realtime.service.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.realtime.service.annotations "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ type: {{ .Values.realtime.service.type }}
+ {{- if and .Values.realtime.service.clusterIP (eq .Values.realtime.service.type "ClusterIP") }}
+ clusterIP: {{ .Values.realtime.service.clusterIP }}
+ {{- end }}
+ {{- if .Values.realtime.service.sessionAffinity }}
+ sessionAffinity: {{ .Values.realtime.service.sessionAffinity }}
+ {{- end }}
+ {{- if .Values.realtime.service.sessionAffinityConfig }}
+ sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.realtime.service.sessionAffinityConfig "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if or (eq .Values.realtime.service.type "LoadBalancer") (eq .Values.realtime.service.type "NodePort") }}
+ externalTrafficPolicy: {{ .Values.realtime.service.externalTrafficPolicy | quote }}
+ {{- end }}
+ {{- if and (eq .Values.realtime.service.type "LoadBalancer") (not (empty .Values.realtime.service.loadBalancerSourceRanges)) }}
+ loadBalancerSourceRanges: {{ .Values.realtime.service.loadBalancerSourceRanges }}
+ {{- end }}
+ {{- if and (eq .Values.realtime.service.type "LoadBalancer") (not (empty .Values.realtime.service.loadBalancerIP)) }}
+ loadBalancerIP: {{ .Values.realtime.service.loadBalancerIP }}
+ {{- end }}
+ ports:
+ - name: http
+ port: {{ .Values.realtime.service.ports.http }}
+ targetPort: http
+ protocol: TCP
+ {{- if and (or (eq .Values.realtime.service.type "NodePort") (eq .Values.realtime.service.type "LoadBalancer")) (not (empty .Values.realtime.service.nodePorts.http)) }}
+ nodePort: {{ .Values.realtime.service.nodePorts.http }}
+ {{- else if eq .Values.realtime.service.type "ClusterIP" }}
+ nodePort: null
+ {{- end }}
+ {{- if .Values.realtime.service.extraPorts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.realtime.service.extraPorts "context" $) | nindent 4 }}
+ {{- end }}
+ selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
+ app.kubernetes.io/component: realtime
diff --git a/bitnami/supabase/templates/rest/default-configmap.yaml b/bitnami/supabase/templates/rest/default-configmap.yaml
new file mode 100644
index 0000000000..b147f350bf
--- /dev/null
+++ b/bitnami/supabase/templates/rest/default-configmap.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.rest.enabled (not .Values.rest.existingConfigmap) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-default" (include "supabase.rest.fullname" .) | trunc 63 | trimSuffix "-" }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: rest
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data: {{- include "common.tplvalues.render" (dict "value" .Values.rest.defaultConfig "context" $) | nindent 2 }}
+{{- end }}
diff --git a/bitnami/supabase/templates/rest/deployment.yaml b/bitnami/supabase/templates/rest/deployment.yaml
new file mode 100644
index 0000000000..b5f90fba1f
--- /dev/null
+++ b/bitnami/supabase/templates/rest/deployment.yaml
@@ -0,0 +1,189 @@
+{{- if .Values.rest.enabled }}
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+ name: {{ template "supabase.rest.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: rest
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.rest.replicaCount }}
+ {{- if .Values.rest.updateStrategy }}
+ strategy: {{- toYaml .Values.rest.updateStrategy | nindent 4 }}
+ {{- end }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+ app.kubernetes.io/component: rest
+ template:
+ metadata:
+ annotations:
+ {{- if .Values.rest.podAnnotations }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.rest.podAnnotations "context" $) | nindent 8 }}
+ {{- end }}
+ checksum/default-configmap: {{ include (print $.Template.BasePath "/rest/default-configmap.yaml") . | sha256sum }}
+ {{- if .Values.rest.extraConfig }}
+ checksum/extra-configmap: {{ include (print $.Template.BasePath "/rest/extra-configmap.yaml") . | sha256sum }}
+ {{- end }}
+ checksum/jwt-secret: {{ include (print $.Template.BasePath "/jwt-secret.yaml") . | sha256sum }}
+ labels: {{- include "common.labels.standard" . | nindent 8 }}
+ app.kubernetes.io/component: rest
+ {{- if .Values.rest.podLabels }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.rest.podLabels "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }}
+ {{- end }}
+ spec:
+ serviceAccountName: {{ template "supabase.serviceAccountName" . }}
+ {{- include "supabase.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.rest.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.rest.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.rest.affinity }}
+ affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.rest.affinity "context" $) | nindent 8 }}
+ {{- else }}
+ affinity:
+ podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.rest.podAffinityPreset "component" "rest" "context" $) | nindent 10 }}
+ podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.rest.podAntiAffinityPreset "component" "rest" "context" $) | nindent 10 }}
+ nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.rest.nodeAffinityPreset.type "key" .Values.rest.nodeAffinityPreset.key "values" .Values.rest.nodeAffinityPreset.values) | nindent 10 }}
+ {{- end }}
+ {{- if .Values.rest.nodeSelector }}
+ nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.rest.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.rest.tolerations }}
+ tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.rest.tolerations "context" .) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.rest.priorityClassName }}
+ priorityClassName: {{ .Values.rest.priorityClassName | quote }}
+ {{- end }}
+ {{- if .Values.rest.schedulerName }}
+ schedulerName: {{ .Values.rest.schedulerName | quote }}
+ {{- end }}
+ {{- if .Values.rest.topologySpreadConstraints }}
+ topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.rest.topologySpreadConstraints "context" .) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.rest.podSecurityContext.enabled }}
+ securityContext: {{- omit .Values.rest.podSecurityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ {{- if .Values.rest.terminationGracePeriodSeconds }}
+ terminationGracePeriodSeconds: {{ .Values.rest.terminationGracePeriodSeconds }}
+ {{- end }}
+ initContainers:
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- include "supabase.waitForDBInitContainer" . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.rest.initContainers }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.rest.initContainers "context" $) | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: postgrest
+ image: {{ template "supabase.rest.image" . }}
+ imagePullPolicy: {{ .Values.rest.image.pullPolicy }}
+ {{- if .Values.rest.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.rest.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+ {{- else if .Values.rest.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.rest.command "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+ {{- else if .Values.rest.args }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.rest.args "context" $) | nindent 12 }}
+ {{- end }}
+ env:
+ - name: DB_USER
+ value: {{ include "supabase.database.user" . | quote }}
+ - name: DB_HOST
+ value: {{ include "supabase.database.host" . | quote }}
+ - name: DB_PORT
+ value: {{ include "supabase.database.port" . | quote }}
+ - name: DB_NAME
+ value: {{ include "supabase.database.name" . | quote }}
+ - name: DB_SSL
+ value: {{ .Values.dbSSL | quote }}
+ - name: DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "supabase.database.secretName" . }}
+ key: {{ include "supabase.database.passwordKey" . | quote }}
+ - name: PGRST_DB_URI
+ value: "postgresql://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=$(DB_SSL)"
+ - name: PGRST_JWT_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "supabase.jwt.secretName" . }}
+ key: {{ include "supabase.jwt.secretKey" . }}
+ {{- if .Values.rest.extraEnvVars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.rest.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "supabase.rest.defaultConfigmapName" . }}
+ {{- if .Values.rest.extraConfigExistingConfigmap }}
+ - configMapRef:
+ name: {{ include "supabase.rest.extraConfigmapName" . }}
+ {{- end }}
+ {{- if .Values.rest.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ include "common.tplvalues.render" (dict "value" .Values.rest.extraEnvVarsCM "context" $) }}
+ {{- end }}
+ {{- if .Values.rest.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ include "common.tplvalues.render" (dict "value" .Values.rest.extraEnvVarsSecret "context" $) }}
+ {{- end }}
+ {{- if .Values.rest.resources }}
+ resources: {{- toYaml .Values.rest.resources | nindent 12 }}
+ {{- end }}
+ ports:
+ - name: http
+ containerPort: {{ .Values.rest.containerPorts.http }}
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.rest.customLivenessProbe }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.rest.customLivenessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.rest.livenessProbe.enabled }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.rest.livenessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /
+ port: http
+ {{- end }}
+ {{- if .Values.rest.customReadinessProbe }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.rest.customReadinessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.rest.readinessProbe.enabled }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.rest.readinessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /
+ port: http
+ {{- end }}
+ {{- if .Values.rest.customStartupProbe }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.rest.customStartupProbe "context" $) | nindent 12 }}
+ {{- else if .Values.rest.startupProbe.enabled }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.rest.startupProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /
+ port: http
+ {{- end }}
+ {{- end }}
+ {{- if .Values.rest.lifecycleHooks }}
+ lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.rest.lifecycleHooks "context" $) | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.rest.extraVolumeMounts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.rest.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.rest.sidecars }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.rest.sidecars "context" $) | nindent 8 }}
+ {{- end }}
+ volumes:
+ {{- if .Values.rest.extraVolumes }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.rest.extraVolumes "context" $) | nindent 8 }}
+ {{- end }}
+{{- end }}
diff --git a/bitnami/supabase/templates/rest/extra-configmap.yaml b/bitnami/supabase/templates/rest/extra-configmap.yaml
new file mode 100644
index 0000000000..81ae99191a
--- /dev/null
+++ b/bitnami/supabase/templates/rest/extra-configmap.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.rest.enabled .Values.rest.extraConfig (not .Values.rest.extraConfigExistingConfigmap) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-extra" (include "supabase.rest.fullname" .) | trunc 63 | trimSuffix "-" }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: rest
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data: {{- include "common.tplvalues.render" (dict "value" .Values.rest.extraConfig "context" $) | nindent 2 }}
+{{- end }}
diff --git a/bitnami/supabase/templates/rest/service.yaml b/bitnami/supabase/templates/rest/service.yaml
new file mode 100644
index 0000000000..df28a4a8a0
--- /dev/null
+++ b/bitnami/supabase/templates/rest/service.yaml
@@ -0,0 +1,55 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "supabase.rest.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: rest
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.rest.service.annotations .Values.commonAnnotations }}
+ annotations:
+ {{- if .Values.rest.service.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.rest.service.annotations "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ type: {{ .Values.rest.service.type }}
+ {{- if and .Values.rest.service.clusterIP (eq .Values.rest.service.type "ClusterIP") }}
+ clusterIP: {{ .Values.rest.service.clusterIP }}
+ {{- end }}
+ {{- if .Values.rest.service.sessionAffinity }}
+ sessionAffinity: {{ .Values.rest.service.sessionAffinity }}
+ {{- end }}
+ {{- if .Values.rest.service.sessionAffinityConfig }}
+ sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.rest.service.sessionAffinityConfig "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if or (eq .Values.rest.service.type "LoadBalancer") (eq .Values.rest.service.type "NodePort") }}
+ externalTrafficPolicy: {{ .Values.rest.service.externalTrafficPolicy | quote }}
+ {{- end }}
+ {{- if and (eq .Values.rest.service.type "LoadBalancer") (not (empty .Values.rest.service.loadBalancerSourceRanges)) }}
+ loadBalancerSourceRanges: {{ .Values.rest.service.loadBalancerSourceRanges }}
+ {{- end }}
+ {{- if and (eq .Values.rest.service.type "LoadBalancer") (not (empty .Values.rest.service.loadBalancerIP)) }}
+ loadBalancerIP: {{ .Values.rest.service.loadBalancerIP }}
+ {{- end }}
+ ports:
+ - name: http
+ port: {{ .Values.rest.service.ports.http }}
+ targetPort: http
+ protocol: TCP
+ {{- if and (or (eq .Values.rest.service.type "NodePort") (eq .Values.rest.service.type "LoadBalancer")) (not (empty .Values.rest.service.nodePorts.http)) }}
+ nodePort: {{ .Values.rest.service.nodePorts.http }}
+ {{- else if eq .Values.rest.service.type "ClusterIP" }}
+ nodePort: null
+ {{- end }}
+ {{- if .Values.rest.service.extraPorts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.rest.service.extraPorts "context" $) | nindent 4 }}
+ {{- end }}
+ selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
+ app.kubernetes.io/component: rest
diff --git a/bitnami/supabase/templates/service-account.yaml b/bitnami/supabase/templates/service-account.yaml
new file mode 100644
index 0000000000..a878519308
--- /dev/null
+++ b/bitnami/supabase/templates/service-account.yaml
@@ -0,0 +1,22 @@
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "supabase.serviceAccountName" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
+ annotations:
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.serviceAccount.annotations }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+{{- end }}
diff --git a/bitnami/supabase/templates/storage/default-configmap.yaml b/bitnami/supabase/templates/storage/default-configmap.yaml
new file mode 100644
index 0000000000..fd03ab08f0
--- /dev/null
+++ b/bitnami/supabase/templates/storage/default-configmap.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.storage.enabled (not .Values.storage.existingConfigmap) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-default" (include "supabase.storage.fullname" .) | trunc 63 | trimSuffix "-" }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: storage
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data: {{- include "common.tplvalues.render" (dict "value" .Values.storage.defaultConfig "context" $) | nindent 2 }}
+{{- end }}
diff --git a/bitnami/supabase/templates/storage/deployment.yaml b/bitnami/supabase/templates/storage/deployment.yaml
new file mode 100644
index 0000000000..3701945ed4
--- /dev/null
+++ b/bitnami/supabase/templates/storage/deployment.yaml
@@ -0,0 +1,237 @@
+{{- if .Values.storage.enabled }}
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+ name: {{ template "supabase.storage.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: storage
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.storage.replicaCount }}
+ {{- if .Values.storage.updateStrategy }}
+ strategy: {{- toYaml .Values.storage.updateStrategy | nindent 4 }}
+ {{- end }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+ app.kubernetes.io/component: storage
+ template:
+ metadata:
+ annotations:
+ {{- if .Values.storage.podAnnotations }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.storage.podAnnotations "context" $) | nindent 8 }}
+ {{- end }}
+ checksum/default-configmap: {{ include (print $.Template.BasePath "/storage/default-configmap.yaml") . | sha256sum }}
+ {{- if .Values.storage.extraConfig }}
+ checksum/extra-configmap: {{ include (print $.Template.BasePath "/storage/extra-configmap.yaml") . | sha256sum }}
+ {{- end }}
+ checksum/jwt-secret: {{ include (print $.Template.BasePath "/jwt-secret.yaml") . | sha256sum }}
+ labels: {{- include "common.labels.standard" . | nindent 8 }}
+ app.kubernetes.io/component: storage
+ {{- if .Values.storage.podLabels }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.storage.podLabels "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }}
+ {{- end }}
+ spec:
+ serviceAccountName: {{ template "supabase.serviceAccountName" . }}
+ {{- include "supabase.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.storage.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.storage.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.storage.affinity }}
+ affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.storage.affinity "context" $) | nindent 8 }}
+ {{- else }}
+ affinity:
+ podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.storage.podAffinityPreset "component" "storage" "context" $) | nindent 10 }}
+ podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.storage.podAntiAffinityPreset "component" "storage" "context" $) | nindent 10 }}
+ nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.storage.nodeAffinityPreset.type "key" .Values.storage.nodeAffinityPreset.key "values" .Values.storage.nodeAffinityPreset.values) | nindent 10 }}
+ {{- end }}
+ {{- if .Values.storage.nodeSelector }}
+ nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.storage.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.storage.tolerations }}
+ tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.storage.tolerations "context" .) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.storage.priorityClassName }}
+ priorityClassName: {{ .Values.storage.priorityClassName | quote }}
+ {{- end }}
+ {{- if .Values.storage.schedulerName }}
+ schedulerName: {{ .Values.storage.schedulerName | quote }}
+ {{- end }}
+ {{- if .Values.storage.topologySpreadConstraints }}
+ topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.storage.topologySpreadConstraints "context" .) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.storage.podSecurityContext.enabled }}
+ securityContext: {{- omit .Values.storage.podSecurityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ {{- if .Values.storage.terminationGracePeriodSeconds }}
+ terminationGracePeriodSeconds: {{ .Values.storage.terminationGracePeriodSeconds }}
+ {{- end }}
+ initContainers:
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if and .Values.volumePermissions.enabled .Values.storage.containerSecurityContext.enabled }}
+ - name: volume-permissions
+ image: {{ include "supabase.volumePermissions.image" . }}
+ imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+ command:
+ - sh
+ - -c
+ - |
+ mkdir -p {{ .Values.storage.persistence.mountPath }}
+ find {{ .Values.storage.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs chown -R {{ .Values.storage.containerSecurityContext.runAsUser }}:{{ .Values.storage.podSecurityContext.fsGroup }}
+ securityContext: {{- include "common.tplvalues.render" (dict "value" .Values.volumePermissions.containerSecurityContext "context" $) | nindent 12 }}
+ resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+ volumeMounts:
+ - name: data
+ mountPath: {{ .Values.storage.persistence.mountPath }}
+ subPath: {{ .Values.storage.persistence.subPath }}
+ {{- end }}
+ {{- include "supabase.waitForDBInitContainer" . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.storage.initContainers }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.storage.initContainers "context" $) | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: supabase-storage
+ image: {{ template "supabase.storage.image" . }}
+ imagePullPolicy: {{ .Values.storage.image.pullPolicy }}
+ {{- if .Values.storage.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.storage.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+ {{- else if .Values.storage.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.storage.command "context" $) | nindent 12 }}
+ {{- else }}
+ command:
+ - /bin/bash
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+ {{- else if .Values.storage.args }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.storage.args "context" $) | nindent 12 }}
+ {{- else }}
+ args:
+ - -ec
+ - |
+ #!/bin/bash
+
+ cd /opt/bitnami/supabase-storage
+ pm2-runtime start ecosystem.config.js
+ {{- end }}
+ env:
+ - name: DB_USER
+ value: {{ include "supabase.database.user" . | quote }}
+ - name: DB_HOST
+ value: {{ include "supabase.database.host" . | quote }}
+ - name: DB_PORT
+ value: {{ include "supabase.database.port" . | quote }}
+ - name: DB_NAME
+ value: {{ include "supabase.database.name" . | quote }}
+ - name: DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "supabase.database.secretName" . }}
+ key: {{ include "supabase.database.passwordKey" . | quote }}
+ - name: DATABASE_URL
+ value: "postgresql://$(DB_USER):$(DB_PASSWORD)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)"
+ - name: PGRST_JWT_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "supabase.jwt.secretName" . }}
+ key: {{ include "supabase.jwt.secretKey" . }}
+ - name: ANON_KEY
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "supabase.jwt.secretName" . }}
+ key: {{ include "supabase.jwt.anonSecretKey" . }}
+ - name: SERVICE_KEY
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "supabase.jwt.secretName" . }}
+ key: {{ include "supabase.jwt.serviceSecretKey" . }}
+ {{- if .Values.storage.extraEnvVars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.storage.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "supabase.storage.defaultConfigmapName" . }}
+ {{- if .Values.storage.extraConfigExistingConfigmap }}
+ - configMapRef:
+ name: {{ include "supabase.storage.extraConfigmapName" . }}
+ {{- end }}
+ {{- if .Values.storage.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ include "common.tplvalues.render" (dict "value" .Values.storage.extraEnvVarsCM "context" $) }}
+ {{- end }}
+ {{- if .Values.storage.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ include "common.tplvalues.render" (dict "value" .Values.storage.extraEnvVarsSecret "context" $) }}
+ {{- end }}
+ {{- if .Values.storage.resources }}
+ resources: {{- toYaml .Values.storage.resources | nindent 12 }}
+ {{- end }}
+ ports:
+ - name: http
+ containerPort: {{ .Values.storage.containerPorts.http }}
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.storage.customLivenessProbe }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.storage.customLivenessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.storage.livenessProbe.enabled }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.storage.livenessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /status
+ port: http
+ {{- end }}
+ {{- if .Values.storage.customReadinessProbe }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.storage.customReadinessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.storage.readinessProbe.enabled }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.storage.readinessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /status
+ port: http
+ {{- end }}
+ {{- if .Values.storage.customStartupProbe }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.storage.customStartupProbe "context" $) | nindent 12 }}
+ {{- else if .Values.storage.startupProbe.enabled }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.storage.startupProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /status
+ port: http
+ {{- end }}
+ {{- end }}
+ {{- if .Values.storage.lifecycleHooks }}
+ lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.storage.lifecycleHooks "context" $) | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: data
+ mountPath: {{ .Values.storage.persistence.mountPath }}
+ {{- if .Values.storage.persistence.subPath }}
+ subPath: {{ .Values.storage.persistence.subPath }}
+ {{- end }}
+ {{- if .Values.storage.extraVolumeMounts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.storage.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.storage.sidecars }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.storage.sidecars "context" $) | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: data
+ {{- if .Values.storage.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ default (include "supabase.storage.fullname" .) .Values.storage.persistence.existingClaim }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ {{- if .Values.storage.extraVolumes }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.storage.extraVolumes "context" $) | nindent 8 }}
+ {{- end }}
+{{- end }}
diff --git a/bitnami/supabase/templates/storage/extra-configmap.yaml b/bitnami/supabase/templates/storage/extra-configmap.yaml
new file mode 100644
index 0000000000..8db1e174ad
--- /dev/null
+++ b/bitnami/supabase/templates/storage/extra-configmap.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.storage.enabled .Values.storage.extraConfig (not .Values.storage.extraConfigExistingConfigmap) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-extra" (include "supabase.storage.fullname" .) | trunc 63 | trimSuffix "-" }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: storage
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data: {{- include "common.tplvalues.render" (dict "value" .Values.storage.extraConfig "context" $) | nindent 2 }}
+{{- end }}
diff --git a/bitnami/supabase/templates/storage/pvc.yaml b/bitnami/supabase/templates/storage/pvc.yaml
new file mode 100644
index 0000000000..d978d1dfdf
--- /dev/null
+++ b/bitnami/supabase/templates/storage/pvc.yaml
@@ -0,0 +1,37 @@
+{{- if and .Values.storage.persistence.enabled (not .Values.storage.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "supabase.storage.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: storage
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.storage.persistence.annotations .Values.commonAnnotations }}
+ annotations:
+ {{- if .Values.storage.persistence.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.storage.persistence.annotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ accessModes:
+ {{- range .Values.storage.persistence.accessModes }}
+ - {{ . | quote }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.storage.persistence.size | quote }}
+ {{- if .Values.storage.persistence.selector }}
+ selector: {{- include "common.tplvalues.render" (dict "value" .Values.storage.persistence.selector "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.storage.persistence.dataSource }}
+ dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.storage.persistence.dataSource "context" $) | nindent 4 }}
+ {{- end }}
+ {{- include "common.storage.class" (dict "persistence" .Values.storage.persistence "global" .Values.global) | nindent 2 }}
+{{- end -}}
diff --git a/bitnami/supabase/templates/storage/service.yaml b/bitnami/supabase/templates/storage/service.yaml
new file mode 100644
index 0000000000..7b8329bec4
--- /dev/null
+++ b/bitnami/supabase/templates/storage/service.yaml
@@ -0,0 +1,55 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "supabase.storage.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: storage
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.storage.service.annotations .Values.commonAnnotations }}
+ annotations:
+ {{- if .Values.storage.service.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.storage.service.annotations "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ type: {{ .Values.storage.service.type }}
+ {{- if and .Values.storage.service.clusterIP (eq .Values.storage.service.type "ClusterIP") }}
+ clusterIP: {{ .Values.storage.service.clusterIP }}
+ {{- end }}
+ {{- if .Values.storage.service.sessionAffinity }}
+ sessionAffinity: {{ .Values.storage.service.sessionAffinity }}
+ {{- end }}
+ {{- if .Values.storage.service.sessionAffinityConfig }}
+ sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.storage.service.sessionAffinityConfig "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if or (eq .Values.storage.service.type "LoadBalancer") (eq .Values.storage.service.type "NodePort") }}
+ externalTrafficPolicy: {{ .Values.storage.service.externalTrafficPolicy | quote }}
+ {{- end }}
+ {{- if and (eq .Values.storage.service.type "LoadBalancer") (not (empty .Values.storage.service.loadBalancerSourceRanges)) }}
+ loadBalancerSourceRanges: {{ .Values.storage.service.loadBalancerSourceRanges }}
+ {{- end }}
+ {{- if and (eq .Values.storage.service.type "LoadBalancer") (not (empty .Values.storage.service.loadBalancerIP)) }}
+ loadBalancerIP: {{ .Values.storage.service.loadBalancerIP }}
+ {{- end }}
+ ports:
+ - name: http
+ port: {{ .Values.storage.service.ports.http }}
+ targetPort: http
+ protocol: TCP
+ {{- if and (or (eq .Values.storage.service.type "NodePort") (eq .Values.storage.service.type "LoadBalancer")) (not (empty .Values.storage.service.nodePorts.http)) }}
+ nodePort: {{ .Values.storage.service.nodePorts.http }}
+ {{- else if eq .Values.storage.service.type "ClusterIP" }}
+ nodePort: null
+ {{- end }}
+ {{- if .Values.storage.service.extraPorts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.storage.service.extraPorts "context" $) | nindent 4 }}
+ {{- end }}
+ selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
+ app.kubernetes.io/component: storage
diff --git a/bitnami/supabase/templates/studio/default-configmap.yaml b/bitnami/supabase/templates/studio/default-configmap.yaml
new file mode 100644
index 0000000000..2170eddabf
--- /dev/null
+++ b/bitnami/supabase/templates/studio/default-configmap.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.studio.enabled (not .Values.studio.existingConfigmap) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-default" (include "supabase.studio.fullname" .) | trunc 63 | trimSuffix "-" }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: studio
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data: {{- include "common.tplvalues.render" (dict "value" .Values.studio.defaultConfig "context" $) | nindent 2 }}
+{{- end }}
diff --git a/bitnami/supabase/templates/studio/deployment.yaml b/bitnami/supabase/templates/studio/deployment.yaml
new file mode 100644
index 0000000000..179015b09c
--- /dev/null
+++ b/bitnami/supabase/templates/studio/deployment.yaml
@@ -0,0 +1,182 @@
+{{- if .Values.studio.enabled }}
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+ name: {{ template "supabase.studio.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: studio
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ .Values.studio.replicaCount }}
+ {{- if .Values.studio.updateStrategy }}
+ strategy: {{- toYaml .Values.studio.updateStrategy | nindent 4 }}
+ {{- end }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }}
+ app.kubernetes.io/component: studio
+ template:
+ metadata:
+ annotations:
+ {{- if .Values.studio.podAnnotations }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.studio.podAnnotations "context" $) | nindent 8 }}
+ {{- end }}
+ checksum/default-configmap: {{ include (print $.Template.BasePath "/studio/default-configmap.yaml") . | sha256sum }}
+ {{- if .Values.studio.extraConfig }}
+ checksum/extra-configmap: {{ include (print $.Template.BasePath "/studio/extra-configmap.yaml") . | sha256sum }}
+ {{- end }}
+ checksum/jwt-secret: {{ include (print $.Template.BasePath "/jwt-secret.yaml") . | sha256sum }}
+ labels: {{- include "common.labels.standard" . | nindent 8 }}
+ app.kubernetes.io/component: studio
+ {{- if .Values.studio.podLabels }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.studio.podLabels "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }}
+ {{- end }}
+ spec:
+ serviceAccountName: {{ template "supabase.serviceAccountName" . }}
+ {{- include "supabase.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.studio.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.studio.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.studio.affinity }}
+ affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.studio.affinity "context" $) | nindent 8 }}
+ {{- else }}
+ affinity:
+ podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.studio.podAffinityPreset "component" "studio" "context" $) | nindent 10 }}
+ podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.studio.podAntiAffinityPreset "component" "studio" "context" $) | nindent 10 }}
+ nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.studio.nodeAffinityPreset.type "key" .Values.studio.nodeAffinityPreset.key "values" .Values.studio.nodeAffinityPreset.values) | nindent 10 }}
+ {{- end }}
+ {{- if .Values.studio.nodeSelector }}
+ nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.studio.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.studio.tolerations }}
+ tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.studio.tolerations "context" .) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.studio.priorityClassName }}
+ priorityClassName: {{ .Values.studio.priorityClassName | quote }}
+ {{- end }}
+ {{- if .Values.studio.schedulerName }}
+ schedulerName: {{ .Values.studio.schedulerName | quote }}
+ {{- end }}
+ {{- if .Values.studio.topologySpreadConstraints }}
+ topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.studio.topologySpreadConstraints "context" .) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.studio.podSecurityContext.enabled }}
+ securityContext: {{- omit .Values.studio.podSecurityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ {{- if .Values.studio.terminationGracePeriodSeconds }}
+ terminationGracePeriodSeconds: {{ .Values.studio.terminationGracePeriodSeconds }}
+ {{- end }}
+ initContainers:
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- include "supabase.waitForDBInitContainer" . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.studio.initContainers }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.studio.initContainers "context" $) | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: supabase-studio
+ image: {{ template "supabase.studio.image" . }}
+ imagePullPolicy: {{ .Values.studio.image.pullPolicy }}
+ {{- if .Values.studio.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.studio.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+ {{- else if .Values.studio.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.studio.command "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+ {{- else if .Values.studio.args }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.studio.args "context" $) | nindent 12 }}
+ {{- end }}
+ env:
+ - name: SUPABASE_ANON_KEY
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "supabase.jwt.secretName" . }}
+ key: {{ include "supabase.jwt.anonSecretKey" . }}
+ - name: SUPABASE_SERVICE_KEY
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "supabase.jwt.secretName" . }}
+ key: {{ include "supabase.jwt.serviceSecretKey" . }}
+ - name: SUPABASE_KEY_ADMIN
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "supabase.jwt.secretName" . }}
+ key: {{ include "supabase.jwt.serviceSecretKey" . }}
+ {{- if .Values.studio.extraEnvVars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.studio.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "supabase.studio.defaultConfigmapName" . }}
+ {{- if .Values.studio.extraConfigExistingConfigmap }}
+ - configMapRef:
+ name: {{ include "supabase.studio.extraConfigmapName" . }}
+ {{- end }}
+ {{- if .Values.studio.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ include "common.tplvalues.render" (dict "value" .Values.studio.extraEnvVarsCM "context" $) }}
+ {{- end }}
+ {{- if .Values.studio.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ include "common.tplvalues.render" (dict "value" .Values.studio.extraEnvVarsSecret "context" $) }}
+ {{- end }}
+ {{- if .Values.studio.resources }}
+ resources: {{- toYaml .Values.studio.resources | nindent 12 }}
+ {{- end }}
+ ports:
+ - name: http
+ containerPort: {{ .Values.studio.containerPorts.http }}
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.studio.customLivenessProbe }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.studio.customLivenessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.studio.livenessProbe.enabled }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.studio.livenessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /
+ port: http
+ {{- end }}
+ {{- if .Values.studio.customReadinessProbe }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.studio.customReadinessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.studio.readinessProbe.enabled }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.studio.readinessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /
+ port: http
+ {{- end }}
+ {{- if .Values.studio.customStartupProbe }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.studio.customStartupProbe "context" $) | nindent 12 }}
+ {{- else if .Values.studio.startupProbe.enabled }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.studio.startupProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /
+ port: http
+ {{- end }}
+ {{- end }}
+ {{- if .Values.studio.lifecycleHooks }}
+ lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.studio.lifecycleHooks "context" $) | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.studio.extraVolumeMounts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.studio.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.studio.sidecars }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.studio.sidecars "context" $) | nindent 8 }}
+ {{- end }}
+ volumes:
+ {{- if .Values.studio.extraVolumes }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.studio.extraVolumes "context" $) | nindent 8 }}
+ {{- end }}
+{{- end }}
diff --git a/bitnami/supabase/templates/studio/extra-configmap.yaml b/bitnami/supabase/templates/studio/extra-configmap.yaml
new file mode 100644
index 0000000000..6df076fcbd
--- /dev/null
+++ b/bitnami/supabase/templates/studio/extra-configmap.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.studio.enabled .Values.studio.extraConfig (not .Values.studio.extraConfigExistingConfigmap) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-extra" (include "supabase.studio.fullname" .) | trunc 63 | trimSuffix "-" }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: studio
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data: {{- include "common.tplvalues.render" (dict "value" .Values.studio.extraConfig "context" $) | nindent 2 }}
+{{- end }}
diff --git a/bitnami/supabase/templates/studio/ingress.yaml b/bitnami/supabase/templates/studio/ingress.yaml
new file mode 100644
index 0000000000..18db411774
--- /dev/null
+++ b/bitnami/supabase/templates/studio/ingress.yaml
@@ -0,0 +1,64 @@
+{{- if .Values.studio.ingress.enabled }}
+apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+ name: {{ template "common.names.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: studio
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.studio.ingress.annotations .Values.commonAnnotations }}
+ annotations:
+ {{- if .Values.studio.ingress.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.studio.ingress.annotations "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ {{- if and .Values.studio.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
+ ingressClassName: {{ .Values.studio.ingress.ingressClassName | quote }}
+ {{- end }}
+ rules:
+ {{- if .Values.studio.ingress.hostname }}
+ - host: {{ .Values.studio.ingress.hostname }}
+ http:
+ paths:
+ {{- if .Values.studio.ingress.extraPaths }}
+ {{- toYaml .Values.studio.ingress.extraPaths | nindent 10 }}
+ {{- end }}
+ - path: {{ .Values.studio.ingress.path }}
+ {{- if eq "true" (include "common.ingress.supportsPathType" .) }}
+ pathType: {{ .Values.studio.ingress.pathType }}
+ {{- end }}
+ backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }}
+ {{- end }}
+ {{- range .Values.studio.ingress.extraHosts }}
+ - host: {{ .name | quote }}
+ http:
+ paths:
+ - path: {{ default "/" .path }}
+ {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
+ pathType: {{ default "ImplementationSpecific" .pathType }}
+ {{- end }}
+ backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
+ {{- end }}
+ {{- if .Values.studio.ingress.extraRules }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.studio.ingress.extraRules "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if or (and .Values.studio.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.studio.ingress.annotations )) .Values.studio.ingress.selfSigned)) .Values.studio.ingress.extraTls }}
+ tls:
+ {{- if and .Values.studio.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.studio.ingress.annotations )) .Values.studio.ingress.selfSigned) }}
+ - hosts:
+ - {{ .Values.studio.ingress.hostname | quote }}
+ secretName: {{ printf "%s-tls" .Values.studio.ingress.hostname }}
+ {{- end }}
+ {{- if .Values.studio.ingress.extraTls }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.studio.ingress.extraTls "context" $) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/bitnami/supabase/templates/studio/service.yaml b/bitnami/supabase/templates/studio/service.yaml
new file mode 100644
index 0000000000..b2bc22f63a
--- /dev/null
+++ b/bitnami/supabase/templates/studio/service.yaml
@@ -0,0 +1,55 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "supabase.studio.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: studio
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.studio.service.annotations .Values.commonAnnotations }}
+ annotations:
+ {{- if .Values.studio.service.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.studio.service.annotations "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ type: {{ .Values.studio.service.type }}
+ {{- if and .Values.studio.service.clusterIP (eq .Values.studio.service.type "ClusterIP") }}
+ clusterIP: {{ .Values.studio.service.clusterIP }}
+ {{- end }}
+ {{- if .Values.studio.service.sessionAffinity }}
+ sessionAffinity: {{ .Values.studio.service.sessionAffinity }}
+ {{- end }}
+ {{- if .Values.studio.service.sessionAffinityConfig }}
+ sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.studio.service.sessionAffinityConfig "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if or (eq .Values.studio.service.type "LoadBalancer") (eq .Values.studio.service.type "NodePort") }}
+ externalTrafficPolicy: {{ .Values.studio.service.externalTrafficPolicy | quote }}
+ {{- end }}
+ {{- if and (eq .Values.studio.service.type "LoadBalancer") (not (empty .Values.studio.service.loadBalancerSourceRanges)) }}
+ loadBalancerSourceRanges: {{ .Values.studio.service.loadBalancerSourceRanges }}
+ {{- end }}
+ {{- if and (eq .Values.studio.service.type "LoadBalancer") (not (empty .Values.studio.service.loadBalancerIP)) }}
+ loadBalancerIP: {{ .Values.studio.service.loadBalancerIP }}
+ {{- end }}
+ ports:
+ - name: http
+ port: {{ .Values.studio.service.ports.http }}
+ targetPort: http
+ protocol: TCP
+ {{- if and (or (eq .Values.studio.service.type "NodePort") (eq .Values.studio.service.type "LoadBalancer")) (not (empty .Values.studio.service.nodePorts.http)) }}
+ nodePort: {{ .Values.studio.service.nodePorts.http }}
+ {{- else if eq .Values.studio.service.type "ClusterIP" }}
+ nodePort: null
+ {{- end }}
+ {{- if .Values.studio.service.extraPorts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.studio.service.extraPorts "context" $) | nindent 4 }}
+ {{- end }}
+ selector: {{- include "common.labels.matchLabels" . | nindent 4 }}
+ app.kubernetes.io/component: studio
diff --git a/bitnami/supabase/templates/studio/tls-secret.yaml b/bitnami/supabase/templates/studio/tls-secret.yaml
new file mode 100644
index 0000000000..9f3d1414aa
--- /dev/null
+++ b/bitnami/supabase/templates/studio/tls-secret.yaml
@@ -0,0 +1,48 @@
+{{- if .Values.studio.ingress.enabled }}
+{{- if .Values.studio.ingress.secrets }}
+{{- range .Values.studio.ingress.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .name }}
+ namespace: {{ include "common.names.namespace" $ | quote }}
+ labels: {{- include "common.labels.standard" $ | nindent 4 }}
+ app.kubernetes.io/part-of: supabase
+ app.kubernetes.io/component: studio
+ {{- if $.Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if $.Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+type: kubernetes.io/tls
+data:
+ tls.crt: {{ .certificate | b64enc }}
+ tls.key: {{ .key | b64enc }}
+---
+{{- end }}
+{{- end }}
+{{- if and .Values.studio.ingress.tls .Values.studio.ingress.selfSigned }}
+{{- $secretName := printf "%s-tls" .Values.studio.ingress.hostname }}
+{{- $ca := genCA "studio-ca" 365 }}
+{{- $cert := genSignedCert .Values.studio.ingress.hostname nil (list .Values.studio.ingress.hostname) 365 $ca }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ $secretName }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: studio
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+type: kubernetes.io/tls
+data:
+ tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
+ tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
+ ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
+{{- end }}
+{{- end }}
diff --git a/bitnami/supabase/values.yaml b/bitnami/supabase/values.yaml
new file mode 100644
index 0000000000..ff4547e9e2
--- /dev/null
+++ b/bitnami/supabase/values.yaml
@@ -0,0 +1,2649 @@
+## @section Global parameters
+## Global Docker image parameters
+## Please, note that this will override the image parameters, including dependencies, configured to use the global value
+## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
+##
+
+## @param global.imageRegistry Global Docker image registry
+## @param global.imagePullSecrets Global Docker registry secret names as an array
+## @param global.storageClass Global StorageClass for Persistent Volume(s)
+##
+global:
+ imageRegistry: ""
+ ## E.g.
+ ## imagePullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ imagePullSecrets: []
+ storageClass: ""
+ ## We need to add the existing secret in global in order to make it accessible to the Kong subchart
+ ##
+ jwt:
+ ## @param global.jwt.existingSecret The name of the existing secret containing the JWT secret
+ ##
+ existingSecret: ""
+ ## @param global.jwt.existingSecretKey The key in the existing secret containing the JWT secret
+ ##
+ existingSecretKey: "secret"
+ ## @param global.jwt.existingSecretAnonKey The key in the existing secret containing the JWT anon key
+ ##
+ existingSecretAnonKey: "anon-key"
+ ## @param global.jwt.existingSecretServiceKey The key in the existing secret containing the JWT service key
+ ##
+ existingSecretServiceKey: "service-key"
+
+## @section Common parameters
+##
+
+## @param kubeVersion Override Kubernetes version
+##
+kubeVersion: ""
+## @param nameOverride String to partially override common.names.name
+##
+nameOverride: ""
+## @param fullnameOverride String to fully override common.names.fullname
+##
+fullnameOverride: ""
+## @param namespaceOverride String to fully override common.names.namespace
+##
+namespaceOverride: ""
+## @param commonLabels Labels to add to all deployed objects
+##
+commonLabels: {}
+## @param commonAnnotations Annotations to add to all deployed objects
+##
+commonAnnotations: {}
+## @param clusterDomain Kubernetes cluster domain name
+##
+clusterDomain: cluster.local
+## @param extraDeploy Array of extra objects to deploy with the release
+##
+extraDeploy: []
+
+## Enable diagnostic mode in the deployment
+##
+diagnosticMode:
+ ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
+ ##
+ enabled: false
+ ## @param diagnosticMode.command Command to override all containers in the deployment
+ ##
+ command:
+ - sleep
+ ## @param diagnosticMode.args Args to override all containers in the deployment
+ ##
+ args:
+ - infinity
+
+## @section Supabase Common parameters
+##
+
+jwt:
+ ## @param jwt.secret The secret string used to sign JWT tokens
+ ##
+ secret: ""
+ ## @param jwt.anonKey JWT string for annonymous users
+ ##
+ anonKey: ""
+ ## @param jwt.serviceKey JWT string for service users
+ ##
+ serviceKey: ""
+ autoGenerate:
+ ## @param jwt.autoGenerate.forceRun Force the run of the JWT generation job
+ ##
+ forceRun: false
+ ## Bitnami JWT CLI image
+ ## ref: https://hub.docker.com/r/bitnami/jwt-cli/tags/
+ ## @param jwt.autoGenerate.image.registry JWT CLI image registry
+ ## @param jwt.autoGenerate.image.repository JWT CLI image repository
+ ## @param jwt.autoGenerate.image.tag JWT CLI image tag (immutable tags are recommended)
+ ## @param jwt.autoGenerate.image.digest JWT CLI image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
+ ## @param jwt.autoGenerate.image.pullPolicy JWT CLI image pull policy
+ ## @param jwt.autoGenerate.image.pullSecrets JWT CLI image pull secrets
+ ##
+ image:
+ registry: docker.io
+ repository: bitnami/jwt-cli
+ tag: 5.0.3-debian-11-r4
+ digest: ""
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ## e.g:
+ ## pullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ pullSecrets: []
+ kubectlImage:
+ ## Bitnami Kubectl image
+ ## ref: https://hub.docker.com/r/bitnami/kubectl/tags/
+ ## @param jwt.autoGenerate.kubectlImage.registry Kubectl image registry
+ ## @param jwt.autoGenerate.kubectlImage.repository Kubectl image repository
+ ## @param jwt.autoGenerate.kubectlImage.tag Kubectl image tag (immutable tags are recommended)
+ ## @param jwt.autoGenerate.kubectlImage.digest Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
+ ## @param jwt.autoGenerate.kubectlImage.pullPolicy Kubectl image pull policy
+ ## @param jwt.autoGenerate.kubectlImage.pullSecrets Kubectl image pull secrets
+ ##
+ registry: docker.io
+ repository: bitnami/kubectl
+ tag: 1.25.5-debian-11-r14
+ digest: ""
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ## Example:
+ ## pullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ pullSecrets: []
+ ## @param jwt.autoGenerate.backoffLimit set backoff limit of the job
+ ##
+ backoffLimit: 10
+ ## @param jwt.autoGenerate.extraVolumes Optionally specify extra list of additional volumes for the jwt init job
+ ##
+ extraVolumes: []
+
+ ## Configure Container Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+ ## @param jwt.autoGenerate.containerSecurityContext.enabled Enabled jwt init job containers' Security Context
+ ## @param jwt.autoGenerate.containerSecurityContext.runAsUser Set jwt init job containers' Security Context runAsUser
+ ## @param jwt.autoGenerate.containerSecurityContext.runAsNonRoot Set jwt init job containers' Security Context runAsNonRoot
+ ## @param jwt.autoGenerate.containerSecurityContext.readOnlyRootFilesystem Set jwt init job containers' Security Context runAsNonRoot
+ ## @param jwt.autoGenerate.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation
+ ## @param jwt.autoGenerate.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
+ ##
+ containerSecurityContext:
+ enabled: true
+ runAsUser: 1001
+ runAsNonRoot: true
+ readOnlyRootFilesystem: false
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: ["ALL"]
+ ## Configure Pods Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+ ## @param jwt.autoGenerate.podSecurityContext.enabled Enabled jwt init job pods' Security Context
+ ## @param jwt.autoGenerate.podSecurityContext.fsGroup Set jwt init job pod's Security Context fsGroup
+ ## @param jwt.autoGenerate.podSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
+ ##
+ podSecurityContext:
+ enabled: true
+ fsGroup: 1001
+ seccompProfile:
+ type: "RuntimeDefault"
+ ## @param jwt.autoGenerate.extraEnvVars Array containing extra env vars to configure the jwt init job
+ ## For example:
+ ## extraEnvVars:
+ ## - name: GF_DEFAULT_INSTANCE_NAME
+ ## value: my-instance
+ ##
+ extraEnvVars: []
+ ## @param jwt.autoGenerate.extraEnvVarsCM ConfigMap containing extra env vars to configure the jwt init job
+ ##
+ extraEnvVarsCM: ""
+ ## @param jwt.autoGenerate.extraEnvVarsSecret Secret containing extra env vars to configure the jwt init job (in case of sensitive data)
+ ##
+ extraEnvVarsSecret: ""
+ ## @param jwt.autoGenerate.extraVolumeMounts Array of extra volume mounts to be added to the jwt Container (evaluated as template). Normally used with `extraVolumes`.
+ ##
+ extraVolumeMounts: []
+ ## Container resource requests and limits
+ ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
+ ## @param jwt.autoGenerate.resources.limits The resources limits for the container
+ ## @param jwt.autoGenerate.resources.requests The requested resources for the container
+ ##
+ resources:
+ limits: {}
+ requests: {}
+ ## @param jwt.autoGenerate.hostAliases Add deployment host aliases
+ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+ ##
+ hostAliases: []
+ ## @param jwt.autoGenerate.annotations [object] Add annotations to the job
+ ##
+ annotations:
+ helm.sh/hook: post-install
+ helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+ # This should be executed after the minio provisioning job
+ helm.sh/hook-weight: "10"
+
+ ## @param jwt.autoGenerate.podLabels Additional pod labels
+ ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ ##
+ podLabels: {}
+ ## @param jwt.autoGenerate.podAnnotations Additional pod annotations
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+ ##
+ podAnnotations: {}
+
+## @param publicURL Supabase API public URL
+##
+publicURL: ""
+## @param dbSSL Supabase API database connection mode for SSL. Applied to all components. Allowed values: verify-ca, verify-full, disable, allow, prefer, require
+## https://www.postgresql.org/docs/current/libpq-ssl.html
+##
+dbSSL: "disable"
+
+## @section Supabase Auth Parameters
+##
+##
+auth:
+ ## @param auth.enabled Enable Supabase auth
+ ##
+ enabled: true
+ ## @param auth.replicaCount Number of Supabase auth replicas to deploy
+ ##
+ replicaCount: 1
+
+ ## @param auth.defaultConfig [string] Supabase auth default configuration
+ ##
+ defaultConfig: |
+ GOTRUE_API_HOST: "0.0.0.0"
+ GOTRUE_API_PORT: {{ .Values.auth.containerPorts.http | quote }}
+ GOTRUE_SITE_URL: {{ include "supabase.studio.publicURL" . | quote }}
+ GOTRUE_URI_ALLOW_LIST: "*"
+ GOTRUE_DISABLE_SIGNUP: "false"
+ GOTRUE_DB_DRIVER: "postgres"
+ GOTRUE_JWT_DEFAULT_GROUP_NAME: "authenticated"
+ GOTRUE_JWT_ADMIN_ROLES: "service_role"
+ GOTRUE_JWT_AUD: "authenticated"
+ GOTRUE_JWT_EXP: "3600"
+ GOTRUE_EXTERNAL_EMAIL_ENABLED: "true"
+ GOTRUE_MAILER_AUTOCONFIRM: "true"
+ GOTRUE_SMTP_ADMIN_EMAIL: "your-mail@example.com"
+ GOTRUE_SMTP_HOST: "smtp.example.com"
+ GOTRUE_SMTP_PORT: "587"
+ GOTRUE_SMTP_SENDER_NAME: "your-mail@example.com"
+ GOTRUE_EXTERNAL_PHONE_ENABLED: "false"
+ GOTRUE_SMS_AUTOCONFIRM: "false"
+ GOTRUE_MAILER_URLPATHS_INVITE: "{{ include "supabase.studio.publicURL" . }}/auth/v1/verify"
+ GOTRUE_MAILER_URLPATHS_CONFIRMATION: "{{ include "supabase.studio.publicURL" . }}/auth/v1/verify"
+ GOTRUE_MAILER_URLPATHS_RECOVERY: "{{ include "supabase.studio.publicURL" . }}/auth/v1/verify"
+ GOTRUE_MAILER_URLPATHS_EMAIL_CHANGE: "{{ include "supabase.studio.publicURL" . }}/auth/v1/verify"
+
+ ## @param auth.extraConfig Supabase auth extra configuration
+ ##
+ extraConfig: {}
+
+ ## @param auth.existingConfigmap The name of an existing ConfigMap with the default configuration
+ ##
+ existingConfigmap: ""
+ ## @param auth.extraConfigExistingConfigmap The name of an existing ConfigMap with extra configuration
+ ##
+ extraConfigExistingConfigmap: ""
+
+ ## Bitnami Gotrue image
+ ## ref: https://hub.docker.com/r/bitnami/gotrue/tags/
+ ## @param auth.image.registry Gotrue image registry
+ ## @param auth.image.repository Gotrue image repository
+ ## @param auth.image.tag Gotrue image tag (immutable tags are recommended)
+ ## @param auth.image.digest Gotrue image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
+ ## @param auth.image.pullPolicy Gotrue image pull policy
+ ## @param auth.image.pullSecrets Gotrue image pull secrets
+ ##
+ image:
+ registry: docker.io
+ repository: bitnami/gotrue
+ tag: 1.0.1-debian-11-r2
+ digest: ""
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ## e.g:
+ ## pullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ pullSecrets: []
+
+ ## @param auth.containerPorts.http Supabase auth HTTP container port
+ ##
+ containerPorts:
+ http: 9999
+ ## Configure extra options for Supabase auth containers' liveness and readiness probes
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+ ## @param auth.livenessProbe.enabled Enable livenessProbe on Supabase auth containers
+ ## @param auth.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
+ ## @param auth.livenessProbe.periodSeconds Period seconds for livenessProbe
+ ## @param auth.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
+ ## @param auth.livenessProbe.failureThreshold Failure threshold for livenessProbe
+ ## @param auth.livenessProbe.successThreshold Success threshold for livenessProbe
+ ##
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+ ## @param auth.readinessProbe.enabled Enable readinessProbe on Supabase auth containers
+ ## @param auth.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
+ ## @param auth.readinessProbe.periodSeconds Period seconds for readinessProbe
+ ## @param auth.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
+ ## @param auth.readinessProbe.failureThreshold Failure threshold for readinessProbe
+ ## @param auth.readinessProbe.successThreshold Success threshold for readinessProbe
+ ##
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+ ## @param auth.startupProbe.enabled Enable startupProbe on Supabase auth containers
+ ## @param auth.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
+ ## @param auth.startupProbe.periodSeconds Period seconds for startupProbe
+ ## @param auth.startupProbe.timeoutSeconds Timeout seconds for startupProbe
+ ## @param auth.startupProbe.failureThreshold Failure threshold for startupProbe
+ ## @param auth.startupProbe.successThreshold Success threshold for startupProbe
+ ##
+ startupProbe:
+ enabled: false
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+ ## @param auth.customLivenessProbe Custom livenessProbe that overrides the default one
+ ##
+ customLivenessProbe: {}
+ ## @param auth.customReadinessProbe Custom readinessProbe that overrides the default one
+ ##
+ customReadinessProbe: {}
+ ## @param auth.customStartupProbe Custom startupProbe that overrides the default one
+ ##
+ customStartupProbe: {}
+ ## Supabase auth resource requests and limits
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ## @param auth.resources.limits The resources limits for the Supabase auth containers
+ ## @param auth.resources.requests The requested resources for the Supabase auth containers
+ ##
+ resources:
+ limits: {}
+ requests: {}
+ ## Configure Pods Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+ ## @param auth.podSecurityContext.enabled Enabled Supabase auth pods' Security Context
+ ## @param auth.podSecurityContext.fsGroup Set Supabase auth pod's Security Context fsGroup
+ ##
+ podSecurityContext:
+ enabled: true
+ fsGroup: 1001
+ ## Configure Container Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+ ## @param auth.containerSecurityContext.enabled Enabled Supabase auth containers' Security Context
+ ## @param auth.containerSecurityContext.runAsUser Set Supabase auth containers' Security Context runAsUser
+ ## @param auth.containerSecurityContext.runAsNonRoot Set Supabase auth containers' Security Context runAsNonRoot
+ ## @param auth.containerSecurityContext.readOnlyRootFilesystem Set Supabase auth containers' Security Context runAsNonRoot
+ ##
+ containerSecurityContext:
+ enabled: true
+ runAsUser: 1001
+ runAsNonRoot: true
+ readOnlyRootFilesystem: false
+
+ ## @param auth.command Override default container command (useful when using custom images)
+ ##
+ command: []
+ ## @param auth.args Override default container args (useful when using custom images)
+ ##
+ args: []
+ ## @param auth.hostAliases Supabase auth pods host aliases
+ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+ ##
+ hostAliases: []
+ ## @param auth.podLabels Extra labels for Supabase auth pods
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ ##
+ podLabels: {}
+ ## @param auth.podAnnotations Annotations for Supabase auth pods
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+ ##
+ podAnnotations: {}
+ ## @param auth.podAffinityPreset Pod affinity preset. Ignored if `auth.affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAffinityPreset: ""
+ ## @param auth.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `auth.affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAntiAffinityPreset: soft
+ ## Node auth.affinity preset
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+ ##
+ nodeAffinityPreset:
+ ## @param auth.nodeAffinityPreset.type Node affinity preset type. Ignored if `auth.affinity` is set. Allowed values: `soft` or `hard`
+ ##
+ type: ""
+ ## @param auth.nodeAffinityPreset.key Node label key to match. Ignored if `auth.affinity` is set
+ ##
+ key: ""
+ ## @param auth.nodeAffinityPreset.values Node label values to match. Ignored if `auth.affinity` is set
+ ## E.g.
+ ## values:
+ ## - e2e-az1
+ ## - e2e-az2
+ ##
+ values: []
+ ## @param auth.affinity Affinity for Supabase auth pods assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ ## NOTE: `auth.podAffinityPreset`, `auth.podAntiAffinityPreset`, and `auth.nodeAffinityPreset` will be ignored when it's set
+ ##
+ affinity: {}
+ ## @param auth.nodeSelector Node labels for Supabase auth pods assignment
+ ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ##
+ nodeSelector: {}
+ ## @param auth.tolerations Tolerations for Supabase auth pods assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ ##
+ tolerations: []
+ ## @param auth.updateStrategy.type Supabase auth statefulset strategy type
+ ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+ ##
+ updateStrategy:
+ ## StrategyType
+ ## Can be set to RollingUpdate or OnDelete
+ ##
+ type: RollingUpdate
+
+ ## @param auth.priorityClassName Supabase auth pods' priorityClassName
+ ##
+ priorityClassName: ""
+ ## @param auth.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
+ ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
+ ##
+ topologySpreadConstraints: []
+ ## @param auth.schedulerName Name of the k8s scheduler (other than default) for Supabase auth pods
+ ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+ ##
+ schedulerName: ""
+ ## @param auth.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
+ ##
+ terminationGracePeriodSeconds: ""
+ ## @param auth.lifecycleHooks for the Supabase auth container(s) to automate configuration before or after startup
+ ##
+ lifecycleHooks: {}
+ ## @param auth.extraEnvVars Array with extra environment variables to add to Supabase auth nodes
+ ## e.g:
+ ## extraEnvVars:
+ ## - name: FOO
+ ## value: "bar"
+ ##
+ extraEnvVars: []
+ ## @param auth.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Supabase auth nodes
+ ##
+ extraEnvVarsCM: ""
+ ## @param auth.extraEnvVarsSecret Name of existing Secret containing extra env vars for Supabase auth nodes
+ ##
+ extraEnvVarsSecret: ""
+ ## @param auth.extraVolumes Optionally specify extra list of additional volumes for the Supabase auth pod(s)
+ ##
+ extraVolumes: []
+ ## @param auth.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Supabase auth container(s)
+ ##
+ extraVolumeMounts: []
+ ## @param auth.sidecars Add additional sidecar containers to the Supabase auth pod(s)
+ ## e.g:
+ ## sidecars:
+ ## - name: your-image-name
+ ## image: your-image
+ ## imagePullPolicy: Always
+ ## ports:
+ ## - name: portname
+ ## containerPort: 1234
+ ##
+ sidecars: []
+ ## @param auth.initContainers Add additional init containers to the Supabase auth pod(s)
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ ## e.g:
+ ## initContainers:
+ ## - name: your-image-name
+ ## image: your-image
+ ## imagePullPolicy: Always
+ ## command: ['sh', '-c', 'echo "hello world"']
+ ##
+ initContainers: []
+
+ ## @section Supabase Auth Traffic Exposure Parameters
+ ##
+ service:
+ ## @param auth.service.type Supabase auth service type
+ ##
+ type: ClusterIP
+ ## @param auth.service.ports.http Supabase auth service HTTP port
+ ##
+ ports:
+ http: 80
+ ## Node ports to expose
+ ## @param auth.service.nodePorts.http Node port for HTTP
+ ## NOTE: choose port between <30000-32767>
+ ##
+ nodePorts:
+ http: ""
+ ## @param auth.service.clusterIP Supabase auth service Cluster IP
+ ## e.g.:
+ ## clusterIP: None
+ ##
+ clusterIP: ""
+ ## @param auth.service.loadBalancerIP Supabase auth service Load Balancer IP
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
+ ##
+ loadBalancerIP: ""
+ ## @param auth.service.loadBalancerSourceRanges Supabase auth service Load Balancer sources
+ ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+ ## e.g:
+ ## loadBalancerSourceRanges:
+ ## - 10.10.10.0/24
+ ##
+ loadBalancerSourceRanges: []
+ ## @param auth.service.externalTrafficPolicy Supabase auth service external traffic policy
+ ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-auth-source-ip
+ ##
+ externalTrafficPolicy: Cluster
+ ## @param auth.service.annotations Additional custom annotations for Supabase auth service
+ ##
+ annotations: {}
+ ## @param auth.service.extraPorts Extra ports to expose in Supabase auth service (normally used with the `sidecars` value)
+ ##
+ extraPorts: []
+ ## @param auth.service.sessionAffinity Control where auth requests go, to the same pod or round-robin
+ ## Values: AuthIP or None
+ ## ref: https://kubernetes.io/docs/user-guide/services/
+ ##
+ sessionAffinity: None
+ ## @param auth.service.sessionAffinityConfig Additional settings for the sessionAffinity
+ ## sessionAffinityConfig:
+ ## authIP:
+ ## timeoutSeconds: 300
+ ##
+ sessionAffinityConfig: {}
+
+## @section Supabase Meta Parameters
+##
+##
+meta:
+ ## @param meta.enabled Enable Supabase Postgres Meta
+ ##
+ enabled: true
+ ## @param meta.replicaCount Number of Supabase Postgres Meta replicas to deploy
+ ##
+ replicaCount: 1
+
+ ## @param meta.defaultConfig [string] Default Supabase Postgres Meta configuration
+ ##
+ defaultConfig: |
+ PG_META_DB_USER: {{ include "supabase.database.user" . | quote }}
+ PG_META_DB_HOST: {{ include "supabase.database.host" . | quote }}
+ PG_META_DB_PORT: {{ include "supabase.database.port" . | quote }}
+ PG_META_DB_NAME: {{ include "supabase.database.name" . | quote }}
+ PG_META_DB_SSL_MODE: {{ .Values.dbSSL | quote }}
+ PG_META_PORT: {{ .Values.meta.containerPorts.http | quote }}
+
+ ## @param meta.extraConfig Extra Supabase Postgres Meta configuration
+ ##
+ extraConfig: {}
+
+ ## @param meta.existingConfigmap The name of an existing ConfigMap with the default configuration
+ ##
+ existingConfigmap: ""
+ ## @param meta.extraConfigExistingConfigmap The name of an existing ConfigMap with extra configuration
+ ##
+ extraConfigExistingConfigmap: ""
+
+ ## Bitnami Supabase Postgres Meta image
+ ## ref: https://hub.docker.com/r/bitnami/supabase-postgres-meta/tags/
+ ## @param meta.image.registry Supabase Postgres Meta image registry
+ ## @param meta.image.repository Supabase Postgres Meta image repository
+ ## @param meta.image.tag Supabase Postgres Meta image tag (immutable tags are recommended)
+ ## @param meta.image.digest Supabase Postgres Meta image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
+ ## @param meta.image.pullPolicy Supabase Postgres Meta image pull policy
+ ## @param meta.image.pullSecrets Supabase Postgres Meta image pull secrets
+ ##
+ image:
+ registry: docker.io
+ repository: bitnami/supabase-postgres-meta
+ tag: 0.60.3-debian-11-r4
+ digest: ""
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ## e.g:
+ ## pullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ pullSecrets: []
+
+ ## @param meta.containerPorts.http Supabase Postgres Meta HTTP container port
+ ##
+ containerPorts:
+ http: 8080
+ ## Configure extra options for Supabase Postgres Meta containers' liveness and readiness probes
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+ ## @param meta.livenessProbe.enabled Enable livenessProbe on Supabase Postgres Meta containers
+ ## @param meta.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
+ ## @param meta.livenessProbe.periodSeconds Period seconds for livenessProbe
+ ## @param meta.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
+ ## @param meta.livenessProbe.failureThreshold Failure threshold for livenessProbe
+ ## @param meta.livenessProbe.successThreshold Success threshold for livenessProbe
+ ##
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+ ## @param meta.readinessProbe.enabled Enable readinessProbe on Supabase Postgres Meta containers
+ ## @param meta.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
+ ## @param meta.readinessProbe.periodSeconds Period seconds for readinessProbe
+ ## @param meta.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
+ ## @param meta.readinessProbe.failureThreshold Failure threshold for readinessProbe
+ ## @param meta.readinessProbe.successThreshold Success threshold for readinessProbe
+ ##
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+ ## @param meta.startupProbe.enabled Enable startupProbe on Supabase Postgres Meta containers
+ ## @param meta.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
+ ## @param meta.startupProbe.periodSeconds Period seconds for startupProbe
+ ## @param meta.startupProbe.timeoutSeconds Timeout seconds for startupProbe
+ ## @param meta.startupProbe.failureThreshold Failure threshold for startupProbe
+ ## @param meta.startupProbe.successThreshold Success threshold for startupProbe
+ ##
+ startupProbe:
+ enabled: false
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+ ## @param meta.customLivenessProbe Custom livenessProbe that overrides the default one
+ ##
+ customLivenessProbe: {}
+ ## @param meta.customReadinessProbe Custom readinessProbe that overrides the default one
+ ##
+ customReadinessProbe: {}
+ ## @param meta.customStartupProbe Custom startupProbe that overrides the default one
+ ##
+ customStartupProbe: {}
+ ## Supabase Postgres Meta resource requests and limits
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ## @param meta.resources.limits The resources limits for the Supabase Postgres Meta containers
+ ## @param meta.resources.requests The requested resources for the Supabase Postgres Meta containers
+ ##
+ resources:
+ limits: {}
+ requests: {}
+ ## Configure Pods Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+ ## @param meta.podSecurityContext.enabled Enabled Supabase Postgres Meta pods' Security Context
+ ## @param meta.podSecurityContext.fsGroup Set Supabase Postgres Meta pod's Security Context fsGroup
+ ##
+ podSecurityContext:
+ enabled: true
+ fsGroup: 1001
+ ## Configure Container Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+ ## @param meta.containerSecurityContext.enabled Enabled Supabase Postgres Meta containers' Security Context
+ ## @param meta.containerSecurityContext.runAsUser Set Supabase Postgres Meta containers' Security Context runAsUser
+ ## @param meta.containerSecurityContext.runAsNonRoot Set Supabase Postgres Meta containers' Security Context runAsNonRoot
+ ## @param meta.containerSecurityContext.readOnlyRootFilesystem Set Supabase Postgres Meta containers' Security Context runAsNonRoot
+ ##
+ containerSecurityContext:
+ enabled: true
+ runAsUser: 1001
+ runAsNonRoot: true
+ readOnlyRootFilesystem: false
+
+ ## @param meta.command Override default container command (useful when using custom images)
+ ##
+ command: []
+ ## @param meta.args Override default container args (useful when using custom images)
+ ##
+ args: []
+ ## @param meta.hostAliases Supabase Postgres Meta pods host aliases
+ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+ ##
+ hostAliases: []
+ ## @param meta.podLabels Extra labels for Supabase Postgres Meta pods
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ ##
+ podLabels: {}
+ ## @param meta.podAnnotations Annotations for Supabase Postgres Meta pods
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+ ##
+ podAnnotations: {}
+ ## @param meta.podAffinityPreset Pod affinity preset. Ignored if `meta.affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAffinityPreset: ""
+ ## @param meta.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `meta.affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAntiAffinityPreset: soft
+ ## Node meta.affinity preset
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+ ##
+ nodeAffinityPreset:
+ ## @param meta.nodeAffinityPreset.type Node affinity preset type. Ignored if `meta.affinity` is set. Allowed values: `soft` or `hard`
+ ##
+ type: ""
+ ## @param meta.nodeAffinityPreset.key Node label key to match. Ignored if `meta.affinity` is set
+ ##
+ key: ""
+ ## @param meta.nodeAffinityPreset.values Node label values to match. Ignored if `meta.affinity` is set
+ ## E.g.
+ ## values:
+ ## - e2e-az1
+ ## - e2e-az2
+ ##
+ values: []
+ ## @param meta.affinity Affinity for Supabase Postgres Meta pods assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ ## NOTE: `meta.podAffinityPreset`, `meta.podAntiAffinityPreset`, and `meta.nodeAffinityPreset` will be ignored when it's set
+ ##
+ affinity: {}
+ ## @param meta.nodeSelector Node labels for Supabase Postgres Meta pods assignment
+ ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ##
+ nodeSelector: {}
+ ## @param meta.tolerations Tolerations for Supabase Postgres Meta pods assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ ##
+ tolerations: []
+ ## @param meta.updateStrategy.type Supabase Postgres Meta statefulset strategy type
+ ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+ ##
+ updateStrategy:
+ ## StrategyType
+ ## Can be set to RollingUpdate or OnDelete
+ ##
+ type: RollingUpdate
+
+ ## @param meta.priorityClassName Supabase Postgres Meta pods' priorityClassName
+ ##
+ priorityClassName: ""
+ ## @param meta.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
+ ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
+ ##
+ topologySpreadConstraints: []
+ ## @param meta.schedulerName Name of the k8s scheduler (other than default) for Supabase Postgres Meta pods
+ ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+ ##
+ schedulerName: ""
+ ## @param meta.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
+ ##
+ terminationGracePeriodSeconds: ""
+ ## @param meta.lifecycleHooks for the Supabase Postgres Meta container(s) to automate configuration before or after startup
+ ##
+ lifecycleHooks: {}
+ ## @param meta.extraEnvVars Array with extra environment variables to add to Supabase Postgres Meta nodes
+ ## e.g:
+ ## extraEnvVars:
+ ## - name: FOO
+ ## value: "bar"
+ ##
+ extraEnvVars: []
+ ## @param meta.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Supabase Postgres Meta nodes
+ ##
+ extraEnvVarsCM: ""
+ ## @param meta.extraEnvVarsSecret Name of existing Secret containing extra env vars for Supabase Postgres Meta nodes
+ ##
+ extraEnvVarsSecret: ""
+ ## @param meta.extraVolumes Optionally specify extra list of additional volumes for the Supabase Postgres Meta pod(s)
+ ##
+ extraVolumes: []
+ ## @param meta.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Supabase Postgres Meta container(s)
+ ##
+ extraVolumeMounts: []
+ ## @param meta.sidecars Add additional sidecar containers to the Supabase Postgres Meta pod(s)
+ ## e.g:
+ ## sidecars:
+ ## - name: your-image-name
+ ## image: your-image
+ ## imagePullPolicy: Always
+ ## ports:
+ ## - name: portname
+ ## containerPort: 1234
+ ##
+ sidecars: []
+ ## @param meta.initContainers Add additional init containers to the Supabase Postgres Meta pod(s)
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ ## e.g:
+ ## initContainers:
+ ## - name: your-image-name
+ ## image: your-image
+ ## imagePullPolicy: Always
+ ## command: ['sh', '-c', 'echo "hello world"']
+ ##
+ initContainers: []
+
+ ## @section Supabase Meta Traffic Exposure Parameters
+ ##
+ service:
+ ## @param meta.service.type Supabase Postgres Meta service type
+ ##
+ type: ClusterIP
+ ## @param meta.service.ports.http Supabase Postgres Meta service HTTP port
+ ##
+ ports:
+ http: 80
+ ## Node ports to expose
+ ## @param meta.service.nodePorts.http Node port for HTTP
+ ## NOTE: choose port between <30000-32767>
+ ##
+ nodePorts:
+ http: ""
+ ## @param meta.service.clusterIP Supabase Postgres Meta service Cluster IP
+ ## e.g.:
+ ## clusterIP: None
+ ##
+ clusterIP: ""
+ ## @param meta.service.loadBalancerIP Supabase Postgres Meta service Load Balancer IP
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
+ ##
+ loadBalancerIP: ""
+ ## @param meta.service.loadBalancerSourceRanges Supabase Postgres Meta service Load Balancer sources
+ ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+ ## e.g:
+ ## loadBalancerSourceRanges:
+ ## - 10.10.10.0/24
+ ##
+ loadBalancerSourceRanges: []
+ ## @param meta.service.externalTrafficPolicy Supabase Postgres Meta service external traffic policy
+ ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-meta-source-ip
+ ##
+ externalTrafficPolicy: Cluster
+ ## @param meta.service.annotations Additional custom annotations for Supabase Postgres Meta service
+ ##
+ annotations: {}
+ ## @param meta.service.extraPorts Extra ports to expose in Supabase Postgres Meta service (normally used with the `sidecars` value)
+ ##
+ extraPorts: []
+ ## @param meta.service.sessionAffinity Control where meta requests go, to the same pod or round-robin
+ ## Values: MetaIP or None
+ ## ref: https://kubernetes.io/docs/user-guide/services/
+ ##
+ sessionAffinity: None
+ ## @param meta.service.sessionAffinityConfig Additional settings for the sessionAffinity
+ ## sessionAffinityConfig:
+ ## metaIP:
+ ## timeoutSeconds: 300
+ ##
+ sessionAffinityConfig: {}
+
+## @section Supabase Realtime Parameters
+##
+##
+realtime:
+ ## @param realtime.enabled Enable Supabase realtime
+ ##
+ enabled: true
+ ## @param realtime.replicaCount Number of Supabase realtime replicas to deploy
+ ##
+ replicaCount: 1
+
+ ## @param realtime.keyBase key base for Supabase realtime
+ ##
+ keyBase: ""
+
+ ## @param realtime.existingSecret Name of an existing secret containing the key base for Supabase realtime
+ ##
+ existingSecret: ""
+
+ ## @param realtime.existingSecretKey Key in the existing secret containing the key base for Supabase realtime
+ ##
+ existingSecretKey: "key-base"
+
+ ## @param realtime.defaultConfig [string] Default configuration for Supabase realtime
+ ##
+ defaultConfig: |
+ DB_HOST: {{ include "supabase.database.host" . | quote }}
+ DB_PORT: {{ include "supabase.database.port" . | quote }}
+ DB_NAME: {{ include "supabase.database.name" . | quote }}
+ DB_SSL: {{ .Values.dbSSL | quote }}
+ PORT: {{ .Values.realtime.containerPorts.http | quote }}
+ FLY_ALLOC_ID: "realtime"
+ FLY_APP_NAME: "realtime"
+ ERL_AFLAGS: "-proto_dist inet_tcp"
+ REPLICATION_MODE: "RLS"
+ REPLICATION_POLL_INTERVAL: "100"
+ SECURE_CHANNELS: "true"
+ SLOT_NAME: "supabase_realtime_rls"
+ TEMPORARY_SLOT: "true"
+
+ ## @param realtime.extraConfig Extra configuration for Supabase realtime
+ ##
+ extraConfig: {}
+
+ ## @param realtime.existingConfigmap The name of an existing ConfigMap with the default configuration
+ ##
+ existingConfigmap: ""
+ ## @param realtime.extraConfigExistingConfigmap The name of an existing ConfigMap with extra configuration
+ ##
+ extraConfigExistingConfigmap: ""
+
+ ## Bitnami Realtime image
+ ## ref: https://hub.docker.com/r/bitnami/supabase-realtime/tags/
+ ## @param realtime.image.registry Realtime image registry
+ ## @param realtime.image.repository Realtime image repository
+ ## @param realtime.image.tag Realtime image tag (immutable tags are recommended)
+ ## @param realtime.image.digest Realtime image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
+ ## @param realtime.image.pullPolicy Realtime image pull policy
+ ## @param realtime.image.pullSecrets Realtime image pull secrets
+ ##
+ image:
+ registry: docker.io
+ repository: bitnami/supabase-realtime
+ tag: 2.4.0-debian-11-r3
+ digest: ""
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ## e.g:
+ ## pullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ pullSecrets: []
+
+ ## @param realtime.containerPorts.http Supabase realtime HTTP container port
+ ##
+ containerPorts:
+ http: 9999
+ ## Configure extra options for Supabase realtime containers' liveness and readiness probes
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+ ## @param realtime.livenessProbe.enabled Enable livenessProbe on Supabase realtime containers
+ ## @param realtime.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
+ ## @param realtime.livenessProbe.periodSeconds Period seconds for livenessProbe
+ ## @param realtime.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
+ ## @param realtime.livenessProbe.failureThreshold Failure threshold for livenessProbe
+ ## @param realtime.livenessProbe.successThreshold Success threshold for livenessProbe
+ ##
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+ ## @param realtime.readinessProbe.enabled Enable readinessProbe on Supabase realtime containers
+ ## @param realtime.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
+ ## @param realtime.readinessProbe.periodSeconds Period seconds for readinessProbe
+ ## @param realtime.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
+ ## @param realtime.readinessProbe.failureThreshold Failure threshold for readinessProbe
+ ## @param realtime.readinessProbe.successThreshold Success threshold for readinessProbe
+ ##
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+ ## @param realtime.startupProbe.enabled Enable startupProbe on Supabase realtime containers
+ ## @param realtime.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
+ ## @param realtime.startupProbe.periodSeconds Period seconds for startupProbe
+ ## @param realtime.startupProbe.timeoutSeconds Timeout seconds for startupProbe
+ ## @param realtime.startupProbe.failureThreshold Failure threshold for startupProbe
+ ## @param realtime.startupProbe.successThreshold Success threshold for startupProbe
+ ##
+ startupProbe:
+ enabled: false
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+ ## @param realtime.customLivenessProbe Custom livenessProbe that overrides the default one
+ ##
+ customLivenessProbe: {}
+ ## @param realtime.customReadinessProbe Custom readinessProbe that overrides the default one
+ ##
+ customReadinessProbe: {}
+ ## @param realtime.customStartupProbe Custom startupProbe that overrides the default one
+ ##
+ customStartupProbe: {}
+ ## Supabase realtime resource requests and limits
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ## @param realtime.resources.limits The resources limits for the Supabase realtime containers
+ ## @param realtime.resources.requests The requested resources for the Supabase realtime containers
+ ##
+ resources:
+ limits: {}
+ requests: {}
+ ## Configure Pods Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+ ## @param realtime.podSecurityContext.enabled Enabled Supabase realtime pods' Security Context
+ ## @param realtime.podSecurityContext.fsGroup Set Supabase realtime pod's Security Context fsGroup
+ ##
+ podSecurityContext:
+ enabled: true
+ fsGroup: 1001
+ ## Configure Container Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+ ## @param realtime.containerSecurityContext.enabled Enabled Supabase realtime containers' Security Context
+ ## @param realtime.containerSecurityContext.runAsUser Set Supabase realtime containers' Security Context runAsUser
+ ## @param realtime.containerSecurityContext.runAsNonRoot Set Supabase realtime containers' Security Context runAsNonRoot
+ ## @param realtime.containerSecurityContext.readOnlyRootFilesystem Set Supabase realtime containers' Security Context runAsNonRoot
+ ##
+ containerSecurityContext:
+ enabled: true
+ runAsUser: 1001
+ runAsNonRoot: true
+ readOnlyRootFilesystem: false
+
+ ## @param realtime.command Override default container command (useful when using custom images)
+ ##
+ command: []
+ ## @param realtime.args Override default container args (useful when using custom images)
+ ##
+ args: []
+ ## @param realtime.hostAliases Supabase realtime pods host aliases
+ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+ ##
+ hostAliases: []
+ ## @param realtime.podLabels Extra labels for Supabase realtime pods
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ ##
+ podLabels: {}
+ ## @param realtime.podAnnotations Annotations for Supabase realtime pods
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+ ##
+ podAnnotations: {}
+ ## @param realtime.podAffinityPreset Pod affinity preset. Ignored if `realtime.affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAffinityPreset: ""
+ ## @param realtime.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `realtime.affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAntiAffinityPreset: soft
+ ## Node realtime.affinity preset
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+ ##
+ nodeAffinityPreset:
+ ## @param realtime.nodeAffinityPreset.type Node affinity preset type. Ignored if `realtime.affinity` is set. Allowed values: `soft` or `hard`
+ ##
+ type: ""
+ ## @param realtime.nodeAffinityPreset.key Node label key to match. Ignored if `realtime.affinity` is set
+ ##
+ key: ""
+ ## @param realtime.nodeAffinityPreset.values Node label values to match. Ignored if `realtime.affinity` is set
+ ## E.g.
+ ## values:
+ ## - e2e-az1
+ ## - e2e-az2
+ ##
+ values: []
+ ## @param realtime.affinity Affinity for Supabase realtime pods assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ ## NOTE: `realtime.podAffinityPreset`, `realtime.podAntiAffinityPreset`, and `realtime.nodeAffinityPreset` will be ignored when it's set
+ ##
+ affinity: {}
+ ## @param realtime.nodeSelector Node labels for Supabase realtime pods assignment
+ ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ##
+ nodeSelector: {}
+ ## @param realtime.tolerations Tolerations for Supabase realtime pods assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ ##
+ tolerations: []
+ ## @param realtime.updateStrategy.type Supabase realtime statefulset strategy type
+ ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+ ##
+ updateStrategy:
+ ## StrategyType
+ ## Can be set to RollingUpdate or OnDelete
+ ##
+ type: RollingUpdate
+
+ ## @param realtime.priorityClassName Supabase realtime pods' priorityClassName
+ ##
+ priorityClassName: ""
+ ## @param realtime.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
+ ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
+ ##
+ topologySpreadConstraints: []
+ ## @param realtime.schedulerName Name of the k8s scheduler (other than default) for Supabase realtime pods
+ ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+ ##
+ schedulerName: ""
+ ## @param realtime.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
+ ##
+ terminationGracePeriodSeconds: ""
+ ## @param realtime.lifecycleHooks for the Supabase realtime container(s) to automate configuration before or after startup
+ ##
+ lifecycleHooks: {}
+ ## @param realtime.extraEnvVars Array with extra environment variables to add to Supabase realtime nodes
+ ## e.g:
+ ## extraEnvVars:
+ ## - name: FOO
+ ## value: "bar"
+ ##
+ extraEnvVars: []
+ ## @param realtime.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Supabase realtime nodes
+ ##
+ extraEnvVarsCM: ""
+ ## @param realtime.extraEnvVarsSecret Name of existing Secret containing extra env vars for Supabase realtime nodes
+ ##
+ extraEnvVarsSecret: ""
+ ## @param realtime.extraVolumes Optionally specify extra list of additional volumes for the Supabase realtime pod(s)
+ ##
+ extraVolumes: []
+ ## @param realtime.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Supabase realtime container(s)
+ ##
+ extraVolumeMounts: []
+ ## @param realtime.sidecars Add additional sidecar containers to the Supabase realtime pod(s)
+ ## e.g:
+ ## sidecars:
+ ## - name: your-image-name
+ ## image: your-image
+ ## imagePullPolicy: Always
+ ## ports:
+ ## - name: portname
+ ## containerPort: 1234
+ ##
+ sidecars: []
+ ## @param realtime.initContainers Add additional init containers to the Supabase realtime pod(s)
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ ## e.g:
+ ## initContainers:
+ ## - name: your-image-name
+ ## image: your-image
+ ## imagePullPolicy: Always
+ ## command: ['sh', '-c', 'echo "hello world"']
+ ##
+ initContainers: []
+
+ ## @section Supabase Realtime Traffic Exposure Parameters
+ ##
+ service:
+ ## @param realtime.service.type Supabase realtime service type
+ ##
+ type: ClusterIP
+ ## @param realtime.service.ports.http Supabase realtime service HTTP port
+ ##
+ ports:
+ http: 80
+ ## Node ports to expose
+ ## @param realtime.service.nodePorts.http Node port for HTTP
+ ## NOTE: choose port between <30000-32767>
+ ##
+ nodePorts:
+ http: ""
+ ## @param realtime.service.clusterIP Supabase realtime service Cluster IP
+ ## e.g.:
+ ## clusterIP: None
+ ##
+ clusterIP: ""
+ ## @param realtime.service.loadBalancerIP Supabase realtime service Load Balancer IP
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
+ ##
+ loadBalancerIP: ""
+ ## @param realtime.service.loadBalancerSourceRanges Supabase realtime service Load Balancer sources
+ ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+ ## e.g:
+ ## loadBalancerSourceRanges:
+ ## - 10.10.10.0/24
+ ##
+ loadBalancerSourceRanges: []
+ ## @param realtime.service.externalTrafficPolicy Supabase realtime service external traffic policy
+ ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-realtime-source-ip
+ ##
+ externalTrafficPolicy: Cluster
+ ## @param realtime.service.annotations Additional custom annotations for Supabase realtime service
+ ##
+ annotations: {}
+ ## @param realtime.service.extraPorts Extra ports to expose in Supabase realtime service (normally used with the `sidecars` value)
+ ##
+ extraPorts: []
+ ## @param realtime.service.sessionAffinity Control where realtime requests go, to the same pod or round-robin
+ ## Values: RealtimeIP or None
+ ## ref: https://kubernetes.io/docs/user-guide/services/
+ ##
+ sessionAffinity: None
+ ## @param realtime.service.sessionAffinityConfig Additional settings for the sessionAffinity
+ ## sessionAffinityConfig:
+ ## realtimeIP:
+ ## timeoutSeconds: 300
+ ##
+ sessionAffinityConfig: {}
+
+## @section Supabase Rest Parameters
+##
+##
+rest:
+ ## @param rest.enabled Enable Supabase rest
+ ##
+ enabled: true
+ ## @param rest.replicaCount Number of Supabase rest replicas to deploy
+ ##
+ replicaCount: 1
+
+ ## @param rest.defaultConfig [string] Default configuration for the Supabase rest service
+ ##
+ defaultConfig: |
+ PGRST_DB_SCHEMA: "public,storage"
+ PGRST_DB_ANON_ROLE: "anon"
+ PGRST_DB_USE_LEGACY_GUCS: "false"
+ PGRST_SERVER_PORT: {{ .Values.rest.containerPorts.http | quote }}
+
+ ## @param rest.extraConfig Extra configuration for the Supabase rest service
+ ##
+ extraConfig: {}
+
+ ## @param rest.existingConfigmap The name of an existing ConfigMap with the default configuration
+ ##
+ existingConfigmap: ""
+ ## @param rest.extraConfigExistingConfigmap The name of an existing ConfigMap with extra configuration
+ ##
+ extraConfigExistingConfigmap: ""
+
+ ## Bitnami PostgREST image
+ ## ref: https://hub.docker.com/r/bitnami/postgrest/tags/
+ ## @param rest.image.registry PostgREST image registry
+ ## @param rest.image.repository PostgREST image repository
+ ## @param rest.image.tag PostgREST image tag (immutable tags are recommended)
+ ## @param rest.image.digest PostgREST image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
+ ## @param rest.image.pullPolicy PostgREST image pull policy
+ ## @param rest.image.pullSecrets PostgREST image pull secrets
+ ##
+ image:
+ registry: docker.io
+ repository: bitnami/postgrest
+ tag: 10.1.2-debian-11-r2
+ digest: ""
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ## e.g:
+ ## pullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ pullSecrets: []
+
+ ## @param rest.containerPorts.http Supabase rest HTTP container port
+ ##
+ containerPorts:
+ http: 3000
+ ## Configure extra options for Supabase rest containers' liveness and readiness probes
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+ ## @param rest.livenessProbe.enabled Enable livenessProbe on Supabase rest containers
+ ## @param rest.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
+ ## @param rest.livenessProbe.periodSeconds Period seconds for livenessProbe
+ ## @param rest.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
+ ## @param rest.livenessProbe.failureThreshold Failure threshold for livenessProbe
+ ## @param rest.livenessProbe.successThreshold Success threshold for livenessProbe
+ ##
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+ ## @param rest.readinessProbe.enabled Enable readinessProbe on Supabase rest containers
+ ## @param rest.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
+ ## @param rest.readinessProbe.periodSeconds Period seconds for readinessProbe
+ ## @param rest.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
+ ## @param rest.readinessProbe.failureThreshold Failure threshold for readinessProbe
+ ## @param rest.readinessProbe.successThreshold Success threshold for readinessProbe
+ ##
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+ ## @param rest.startupProbe.enabled Enable startupProbe on Supabase rest containers
+ ## @param rest.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
+ ## @param rest.startupProbe.periodSeconds Period seconds for startupProbe
+ ## @param rest.startupProbe.timeoutSeconds Timeout seconds for startupProbe
+ ## @param rest.startupProbe.failureThreshold Failure threshold for startupProbe
+ ## @param rest.startupProbe.successThreshold Success threshold for startupProbe
+ ##
+ startupProbe:
+ enabled: false
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+ ## @param rest.customLivenessProbe Custom livenessProbe that overrides the default one
+ ##
+ customLivenessProbe: {}
+ ## @param rest.customReadinessProbe Custom readinessProbe that overrides the default one
+ ##
+ customReadinessProbe: {}
+ ## @param rest.customStartupProbe Custom startupProbe that overrides the default one
+ ##
+ customStartupProbe: {}
+ ## Supabase rest resource requests and limits
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ## @param rest.resources.limits The resources limits for the Supabase rest containers
+ ## @param rest.resources.requests The requested resources for the Supabase rest containers
+ ##
+ resources:
+ limits: {}
+ requests: {}
+ ## Configure Pods Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+ ## @param rest.podSecurityContext.enabled Enabled Supabase rest pods' Security Context
+ ## @param rest.podSecurityContext.fsGroup Set Supabase rest pod's Security Context fsGroup
+ ##
+ podSecurityContext:
+ enabled: true
+ fsGroup: 1001
+ ## Configure Container Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+ ## @param rest.containerSecurityContext.enabled Enabled Supabase rest containers' Security Context
+ ## @param rest.containerSecurityContext.runAsUser Set Supabase rest containers' Security Context runAsUser
+ ## @param rest.containerSecurityContext.runAsNonRoot Set Supabase rest containers' Security Context runAsNonRoot
+ ## @param rest.containerSecurityContext.readOnlyRootFilesystem Set Supabase rest containers' Security Context runAsNonRoot
+ ##
+ containerSecurityContext:
+ enabled: true
+ runAsUser: 1001
+ runAsNonRoot: true
+ readOnlyRootFilesystem: false
+
+ ## @param rest.command Override default container command (useful when using custom images)
+ ##
+ command: []
+ ## @param rest.args Override default container args (useful when using custom images)
+ ##
+ args: []
+ ## @param rest.hostAliases Supabase rest pods host aliases
+ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+ ##
+ hostAliases: []
+ ## @param rest.podLabels Extra labels for Supabase rest pods
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ ##
+ podLabels: {}
+ ## @param rest.podAnnotations Annotations for Supabase rest pods
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+ ##
+ podAnnotations: {}
+ ## @param rest.podAffinityPreset Pod affinity preset. Ignored if `rest.affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAffinityPreset: ""
+ ## @param rest.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `rest.affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAntiAffinityPreset: soft
+ ## Node rest.affinity preset
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+ ##
+ nodeAffinityPreset:
+ ## @param rest.nodeAffinityPreset.type Node affinity preset type. Ignored if `rest.affinity` is set. Allowed values: `soft` or `hard`
+ ##
+ type: ""
+ ## @param rest.nodeAffinityPreset.key Node label key to match. Ignored if `rest.affinity` is set
+ ##
+ key: ""
+ ## @param rest.nodeAffinityPreset.values Node label values to match. Ignored if `rest.affinity` is set
+ ## E.g.
+ ## values:
+ ## - e2e-az1
+ ## - e2e-az2
+ ##
+ values: []
+ ## @param rest.affinity Affinity for Supabase rest pods assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ ## NOTE: `rest.podAffinityPreset`, `rest.podAntiAffinityPreset`, and `rest.nodeAffinityPreset` will be ignored when it's set
+ ##
+ affinity: {}
+ ## @param rest.nodeSelector Node labels for Supabase rest pods assignment
+ ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ##
+ nodeSelector: {}
+ ## @param rest.tolerations Tolerations for Supabase rest pods assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ ##
+ tolerations: []
+ ## @param rest.updateStrategy.type Supabase rest statefulset strategy type
+ ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+ ##
+ updateStrategy:
+ ## StrategyType
+ ## Can be set to RollingUpdate or OnDelete
+ ##
+ type: RollingUpdate
+
+ ## @param rest.priorityClassName Supabase rest pods' priorityClassName
+ ##
+ priorityClassName: ""
+ ## @param rest.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
+ ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
+ ##
+ topologySpreadConstraints: []
+ ## @param rest.schedulerName Name of the k8s scheduler (other than default) for Supabase rest pods
+ ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+ ##
+ schedulerName: ""
+ ## @param rest.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
+ ##
+ terminationGracePeriodSeconds: ""
+ ## @param rest.lifecycleHooks for the Supabase rest container(s) to automate configuration before or after startup
+ ##
+ lifecycleHooks: {}
+ ## @param rest.extraEnvVars Array with extra environment variables to add to Supabase rest nodes
+ ## e.g:
+ ## extraEnvVars:
+ ## - name: FOO
+ ## value: "bar"
+ ##
+ extraEnvVars: []
+ ## @param rest.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Supabase rest nodes
+ ##
+ extraEnvVarsCM: ""
+ ## @param rest.extraEnvVarsSecret Name of existing Secret containing extra env vars for Supabase rest nodes
+ ##
+ extraEnvVarsSecret: ""
+ ## @param rest.extraVolumes Optionally specify extra list of additional volumes for the Supabase rest pod(s)
+ ##
+ extraVolumes: []
+ ## @param rest.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Supabase rest container(s)
+ ##
+ extraVolumeMounts: []
+ ## @param rest.sidecars Add additional sidecar containers to the Supabase rest pod(s)
+ ## e.g:
+ ## sidecars:
+ ## - name: your-image-name
+ ## image: your-image
+ ## imagePullPolicy: Always
+ ## ports:
+ ## - name: portname
+ ## containerPort: 1234
+ ##
+ sidecars: []
+ ## @param rest.initContainers Add additional init containers to the Supabase rest pod(s)
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ ## e.g:
+ ## initContainers:
+ ## - name: your-image-name
+ ## image: your-image
+ ## imagePullPolicy: Always
+ ## command: ['sh', '-c', 'echo "hello world"']
+ ##
+ initContainers: []
+
+ ## @section Supabase Rest Traffic Exposure Parameters
+ ##
+ service:
+ ## @param rest.service.type Supabase rest service type
+ ##
+ type: ClusterIP
+ ## @param rest.service.ports.http Supabase rest service HTTP port
+ ##
+ ports:
+ http: 80
+ ## Node ports to expose
+ ## @param rest.service.nodePorts.http Node port for HTTP
+ ## NOTE: choose port between <30000-32767>
+ ##
+ nodePorts:
+ http: ""
+ ## @param rest.service.clusterIP Supabase rest service Cluster IP
+ ## e.g.:
+ ## clusterIP: None
+ ##
+ clusterIP: ""
+ ## @param rest.service.loadBalancerIP Supabase rest service Load Balancer IP
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
+ ##
+ loadBalancerIP: ""
+ ## @param rest.service.loadBalancerSourceRanges Supabase rest service Load Balancer sources
+ ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+ ## e.g:
+ ## loadBalancerSourceRanges:
+ ## - 10.10.10.0/24
+ ##
+ loadBalancerSourceRanges: []
+ ## @param rest.service.externalTrafficPolicy Supabase rest service external traffic policy
+ ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-rest-source-ip
+ ##
+ externalTrafficPolicy: Cluster
+ ## @param rest.service.annotations Additional custom annotations for Supabase rest service
+ ##
+ annotations: {}
+ ## @param rest.service.extraPorts Extra ports to expose in Supabase rest service (normally used with the `sidecars` value)
+ ##
+ extraPorts: []
+ ## @param rest.service.sessionAffinity Control where rest requests go, to the same pod or round-robin
+ ## Values: RestIP or None
+ ## ref: https://kubernetes.io/docs/user-guide/services/
+ ##
+ sessionAffinity: None
+ ## @param rest.service.sessionAffinityConfig Additional settings for the sessionAffinity
+ ## sessionAffinityConfig:
+ ## restIP:
+ ## timeoutSeconds: 300
+ ##
+ sessionAffinityConfig: {}
+
+## @section Supabase Storage Parameters
+##
+##
+storage:
+ ## @param storage.enabled Enable Supabase storage
+ ##
+ enabled: true
+ ## @param storage.replicaCount Number of Supabase storage replicas to deploy
+ ##
+ replicaCount: 1
+
+ ## @param storage.defaultConfig [string] Default configuration for Supabase storage
+ ##
+ defaultConfig: |
+ POSTGREST_URL: "http://{{ include "supabase.rest.fullname" . }}:{{ .Values.rest.service.ports.http }}"
+ PGOPTIONS: "-c search_path=storage,public"
+ FILE_SIZE_LIMIT: "52428800"
+ STORAGE_BACKEND: "file"
+ FILE_STORAGE_BACKEND_PATH: {{ .Values.storage.persistence.mountPath | quote }}
+ TENANT_ID: "stub"
+ REGION: "stub"
+ GLOBAL_S3_BUCKET: "stub"
+ PORT: {{ .Values.storage.containerPorts.http | quote }}
+
+ ## @param storage.extraConfig Extra configuration for Supabase storage
+ ##
+ extraConfig: {}
+
+ ## @param storage.existingConfigmap The name of an existing ConfigMap with the default configuration
+ ##
+ existingConfigmap: ""
+ ## @param storage.extraConfigExistingConfigmap The name of an existing ConfigMap with extra configuration
+ ##
+ extraConfigExistingConfigmap: ""
+
+ ## Bitnami Storage image
+ ## ref: https://hub.docker.com/r/bitnami/supabase-storage/tags/
+ ## @param storage.image.registry Storage image registry
+ ## @param storage.image.repository Storage image repository
+ ## @param storage.image.tag Storage image tag (immutable tags are recommended)
+ ## @param storage.image.digest Storage image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
+ ## @param storage.image.pullPolicy Storage image pull policy
+ ## @param storage.image.pullSecrets Storage image pull secrets
+ ##
+ image:
+ registry: docker.io
+ repository: bitnami/supabase-storage
+ tag: 0.28.2-debian-11-r10
+ digest: ""
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ## e.g:
+ ## pullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ pullSecrets: []
+
+ ## @param storage.containerPorts.http Supabase storage HTTP container port
+ ##
+ containerPorts:
+ http: 5000
+ ## Configure extra options for Supabase storage containers' liveness and readiness probes
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+ ## @param storage.livenessProbe.enabled Enable livenessProbe on Supabase storage containers
+ ## @param storage.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
+ ## @param storage.livenessProbe.periodSeconds Period seconds for livenessProbe
+ ## @param storage.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
+ ## @param storage.livenessProbe.failureThreshold Failure threshold for livenessProbe
+ ## @param storage.livenessProbe.successThreshold Success threshold for livenessProbe
+ ##
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+ ## @param storage.readinessProbe.enabled Enable readinessProbe on Supabase storage containers
+ ## @param storage.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
+ ## @param storage.readinessProbe.periodSeconds Period seconds for readinessProbe
+ ## @param storage.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
+ ## @param storage.readinessProbe.failureThreshold Failure threshold for readinessProbe
+ ## @param storage.readinessProbe.successThreshold Success threshold for readinessProbe
+ ##
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+ ## @param storage.startupProbe.enabled Enable startupProbe on Supabase storage containers
+ ## @param storage.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
+ ## @param storage.startupProbe.periodSeconds Period seconds for startupProbe
+ ## @param storage.startupProbe.timeoutSeconds Timeout seconds for startupProbe
+ ## @param storage.startupProbe.failureThreshold Failure threshold for startupProbe
+ ## @param storage.startupProbe.successThreshold Success threshold for startupProbe
+ ##
+ startupProbe:
+ enabled: false
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+ ## @param storage.customLivenessProbe Custom livenessProbe that overrides the default one
+ ##
+ customLivenessProbe: {}
+ ## @param storage.customReadinessProbe Custom readinessProbe that overrides the default one
+ ##
+ customReadinessProbe: {}
+ ## @param storage.customStartupProbe Custom startupProbe that overrides the default one
+ ##
+ customStartupProbe: {}
+ ## Supabase storage resource requests and limits
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ## @param storage.resources.limits The resources limits for the Supabase storage containers
+ ## @param storage.resources.requests The requested resources for the Supabase storage containers
+ ##
+ resources:
+ limits: {}
+ requests: {}
+ ## Configure Pods Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+ ## @param storage.podSecurityContext.enabled Enabled Supabase storage pods' Security Context
+ ## @param storage.podSecurityContext.fsGroup Set Supabase storage pod's Security Context fsGroup
+ ##
+ podSecurityContext:
+ enabled: true
+ fsGroup: 1001
+ ## Configure Container Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+ ## @param storage.containerSecurityContext.enabled Enabled Supabase storage containers' Security Context
+ ## @param storage.containerSecurityContext.runAsUser Set Supabase storage containers' Security Context runAsUser
+ ## @param storage.containerSecurityContext.runAsNonRoot Set Supabase storage containers' Security Context runAsNonRoot
+ ## @param storage.containerSecurityContext.readOnlyRootFilesystem Set Supabase storage containers' Security Context runAsNonRoot
+ ##
+ containerSecurityContext:
+ enabled: true
+ runAsUser: 1001
+ runAsNonRoot: true
+ readOnlyRootFilesystem: false
+
+ ## @param storage.command Override default container command (useful when using custom images)
+ ##
+ command: []
+ ## @param storage.args Override default container args (useful when using custom images)
+ ##
+ args: []
+ ## @param storage.hostAliases Supabase storage pods host aliases
+ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+ ##
+ hostAliases: []
+ ## @param storage.podLabels Extra labels for Supabase storage pods
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ ##
+ podLabels: {}
+ ## @param storage.podAnnotations Annotations for Supabase storage pods
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+ ##
+ podAnnotations: {}
+ ## @param storage.podAffinityPreset Pod affinity preset. Ignored if `storage.affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAffinityPreset: ""
+ ## @param storage.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `storage.affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAntiAffinityPreset: soft
+ ## Node storage.affinity preset
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+ ##
+ nodeAffinityPreset:
+ ## @param storage.nodeAffinityPreset.type Node affinity preset type. Ignored if `storage.affinity` is set. Allowed values: `soft` or `hard`
+ ##
+ type: ""
+ ## @param storage.nodeAffinityPreset.key Node label key to match. Ignored if `storage.affinity` is set
+ ##
+ key: ""
+ ## @param storage.nodeAffinityPreset.values Node label values to match. Ignored if `storage.affinity` is set
+ ## E.g.
+ ## values:
+ ## - e2e-az1
+ ## - e2e-az2
+ ##
+ values: []
+ ## @param storage.affinity Affinity for Supabase storage pods assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ ## NOTE: `storage.podAffinityPreset`, `storage.podAntiAffinityPreset`, and `storage.nodeAffinityPreset` will be ignored when it's set
+ ##
+ affinity: {}
+ ## @param storage.nodeSelector Node labels for Supabase storage pods assignment
+ ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ##
+ nodeSelector: {}
+ ## @param storage.tolerations Tolerations for Supabase storage pods assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ ##
+ tolerations: []
+ ## @param storage.updateStrategy.type Supabase storage statefulset strategy type
+ ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+ ##
+ updateStrategy:
+ ## StrategyType
+ ## Can be set to RollingUpdate or OnDelete
+ ##
+ type: RollingUpdate
+
+ ## @param storage.priorityClassName Supabase storage pods' priorityClassName
+ ##
+ priorityClassName: ""
+ ## @param storage.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
+ ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
+ ##
+ topologySpreadConstraints: []
+ ## @param storage.schedulerName Name of the k8s scheduler (other than default) for Supabase storage pods
+ ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+ ##
+ schedulerName: ""
+ ## @param storage.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
+ ##
+ terminationGracePeriodSeconds: ""
+ ## @param storage.lifecycleHooks for the Supabase storage container(s) to automate configuration before or after startup
+ ##
+ lifecycleHooks: {}
+ ## @param storage.extraEnvVars Array with extra environment variables to add to Supabase storage nodes
+ ## e.g:
+ ## extraEnvVars:
+ ## - name: FOO
+ ## value: "bar"
+ ##
+ extraEnvVars: []
+ ## @param storage.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Supabase storage nodes
+ ##
+ extraEnvVarsCM: ""
+ ## @param storage.extraEnvVarsSecret Name of existing Secret containing extra env vars for Supabase storage nodes
+ ##
+ extraEnvVarsSecret: ""
+ ## @param storage.extraVolumes Optionally specify extra list of additional volumes for the Supabase storage pod(s)
+ ##
+ extraVolumes: []
+ ## @param storage.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Supabase storage container(s)
+ ##
+ extraVolumeMounts: []
+ ## @param storage.sidecars Add additional sidecar containers to the Supabase storage pod(s)
+ ## e.g:
+ ## sidecars:
+ ## - name: your-image-name
+ ## image: your-image
+ ## imagePullPolicy: Always
+ ## ports:
+ ## - name: portname
+ ## containerPort: 1234
+ ##
+ sidecars: []
+ ## @param storage.initContainers Add additional init containers to the Supabase storage pod(s)
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ ## e.g:
+ ## initContainers:
+ ## - name: your-image-name
+ ## image: your-image
+ ## imagePullPolicy: Always
+ ## command: ['sh', '-c', 'echo "hello world"']
+ ##
+ initContainers: []
+
+ ## @section Supabase Storage Traffic Exposure Parameters
+ ##
+ service:
+ ## @param storage.service.type Supabase storage service type
+ ##
+ type: ClusterIP
+ ## @param storage.service.ports.http Supabase storage service HTTP port
+ ##
+ ports:
+ http: 80
+ ## Node ports to expose
+ ## @param storage.service.nodePorts.http Node port for HTTP
+ ## NOTE: choose port between <30000-32767>
+ ##
+ nodePorts:
+ http: ""
+ ## @param storage.service.clusterIP Supabase storage service Cluster IP
+ ## e.g.:
+ ## clusterIP: None
+ ##
+ clusterIP: ""
+ ## @param storage.service.loadBalancerIP Supabase storage service Load Balancer IP
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
+ ##
+ loadBalancerIP: ""
+ ## @param storage.service.loadBalancerSourceRanges Supabase storage service Load Balancer sources
+ ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+ ## e.g:
+ ## loadBalancerSourceRanges:
+ ## - 10.10.10.0/24
+ ##
+ loadBalancerSourceRanges: []
+ ## @param storage.service.externalTrafficPolicy Supabase storage service external traffic policy
+ ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-storage-source-ip
+ ##
+ externalTrafficPolicy: Cluster
+ ## @param storage.service.annotations Additional custom annotations for Supabase storage service
+ ##
+ annotations: {}
+ ## @param storage.service.extraPorts Extra ports to expose in Supabase storage service (normally used with the `sidecars` value)
+ ##
+ extraPorts: []
+ ## @param storage.service.sessionAffinity Control where storage requests go, to the same pod or round-robin
+ ## Values: StorageIP or None
+ ## ref: https://kubernetes.io/docs/user-guide/services/
+ ##
+ sessionAffinity: None
+ ## @param storage.service.sessionAffinityConfig Additional settings for the sessionAffinity
+ ## sessionAffinityConfig:
+ ## storageIP:
+ ## timeoutSeconds: 300
+ ##
+ sessionAffinityConfig: {}
+
+ ## @section Storage Persistence Parameters
+ ##
+
+ ## Enable persistence using Persistent Volume Claims
+ ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes/
+ ##
+ persistence:
+ ## @param storage.persistence.enabled Enable persistence using Persistent Volume Claims
+ ##
+ enabled: true
+ ## @param storage.persistence.mountPath Path to mount the volume at.
+ ##
+ mountPath: /bitnami/supabase-storage
+ ## @param storage.persistence.subPath The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services
+ ##
+ subPath: ""
+ ## @param storage.persistence.storageClass Storage class of backing PVC
+ ## If defined, storageClassName:
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ storageClass: ""
+ ## @param storage.persistence.annotations Persistent Volume Claim annotations
+ ##
+ annotations: {}
+ ## @param storage.persistence.accessModes Persistent Volume Access Modes
+ ##
+ accessModes:
+ - ReadWriteOnce
+ ## @param storage.persistence.size Size of data volume
+ ##
+ size: 8Gi
+ ## @param storage.persistence.existingClaim The name of an existing PVC to use for persistence
+ ##
+ existingClaim: ""
+ ## @param storage.persistence.selector Selector to match an existing Persistent Volume for WordPress data PVC
+ ## If set, the PVC can't have a PV dynamically provisioned for it
+ ## E.g.
+ ## selector:
+ ## matchLabels:
+ ## app: my-app
+ ##
+ selector: {}
+ ## @param storage.persistence.dataSource Custom PVC data source
+ ##
+ dataSource: {}
+
+## @section Supabase Studio Parameters
+##
+##
+studio:
+ ## @param studio.enabled Enable Supabase studio
+ ##
+ enabled: true
+ ## @param studio.publicURL Supabase studio public URL
+ ##
+ publicURL: ""
+ ## @param studio.replicaCount Number of Supabase studio replicas to deploy
+ ##
+ replicaCount: 1
+
+ ## @param studio.defaultConfig [string] Supabase studio default configuration
+ ##
+ defaultConfig: |
+ SUPABASE_URL: "http://{{ include "supabase.kong.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}:{{ .Values.kong.service.ports.proxyHttp }}"
+ STUDIO_PG_META_URL: "http://{{ include "supabase.kong.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}:{{ .Values.kong.service.ports.proxyHttp }}/pg"
+ SUPABASE_PUBLIC_URL: {{ include "supabase.api.publicURL" . | quote }}
+ PORT: {{ .Values.studio.containerPorts.http | quote }}
+
+ ## @param studio.extraConfig Supabase studio extra configuration
+ ##
+ extraConfig: {}
+
+ ## @param studio.existingConfigmap The name of an existing ConfigMap with the default configuration
+ ##
+ existingConfigmap: ""
+ ## @param studio.extraConfigExistingConfigmap The name of an existing ConfigMap with extra configuration
+ ##
+ extraConfigExistingConfigmap: ""
+
+ ## Bitnami Studio image
+ ## ref: https://hub.docker.com/r/bitnami/supabase-studio/tags/
+ ## @param studio.image.registry Studio image registry
+ ## @param studio.image.repository Studio image repository
+ ## @param studio.image.tag Studio image tag (immutable tags are recommended)
+ ## @param studio.image.digest Studio image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
+ ## @param studio.image.pullPolicy Studio image pull policy
+ ## @param studio.image.pullSecrets Studio image pull secrets
+ ##
+ image:
+ registry: docker.io
+ repository: bitnami/supabase-studio
+ tag: 0.23.1-debian-11-r0
+ digest: ""
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ## e.g:
+ ## pullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ pullSecrets: []
+
+ ## @param studio.containerPorts.http Supabase studio HTTP container port
+ ##
+ containerPorts:
+ http: 3000
+ ## Configure extra options for Supabase studio containers' liveness and readiness probes
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+ ## @param studio.livenessProbe.enabled Enable livenessProbe on Supabase studio containers
+ ## @param studio.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
+ ## @param studio.livenessProbe.periodSeconds Period seconds for livenessProbe
+ ## @param studio.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
+ ## @param studio.livenessProbe.failureThreshold Failure threshold for livenessProbe
+ ## @param studio.livenessProbe.successThreshold Success threshold for livenessProbe
+ ##
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+ ## @param studio.readinessProbe.enabled Enable readinessProbe on Supabase studio containers
+ ## @param studio.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
+ ## @param studio.readinessProbe.periodSeconds Period seconds for readinessProbe
+ ## @param studio.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
+ ## @param studio.readinessProbe.failureThreshold Failure threshold for readinessProbe
+ ## @param studio.readinessProbe.successThreshold Success threshold for readinessProbe
+ ##
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+ ## @param studio.startupProbe.enabled Enable startupProbe on Supabase studio containers
+ ## @param studio.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
+ ## @param studio.startupProbe.periodSeconds Period seconds for startupProbe
+ ## @param studio.startupProbe.timeoutSeconds Timeout seconds for startupProbe
+ ## @param studio.startupProbe.failureThreshold Failure threshold for startupProbe
+ ## @param studio.startupProbe.successThreshold Success threshold for startupProbe
+ ##
+ startupProbe:
+ enabled: false
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+ ## @param studio.customLivenessProbe Custom livenessProbe that overrides the default one
+ ##
+ customLivenessProbe: {}
+ ## @param studio.customReadinessProbe Custom readinessProbe that overrides the default one
+ ##
+ customReadinessProbe: {}
+ ## @param studio.customStartupProbe Custom startupProbe that overrides the default one
+ ##
+ customStartupProbe: {}
+ ## Supabase studio resource requests and limits
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ## @param studio.resources.limits The resources limits for the Supabase studio containers
+ ## @param studio.resources.requests The requested resources for the Supabase studio containers
+ ##
+ resources:
+ limits: {}
+ requests: {}
+ ## Configure Pods Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+ ## @param studio.podSecurityContext.enabled Enabled Supabase studio pods' Security Context
+ ## @param studio.podSecurityContext.fsGroup Set Supabase studio pod's Security Context fsGroup
+ ##
+ podSecurityContext:
+ enabled: true
+ fsGroup: 1001
+ ## Configure Container Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+ ## @param studio.containerSecurityContext.enabled Enabled Supabase studio containers' Security Context
+ ## @param studio.containerSecurityContext.runAsUser Set Supabase studio containers' Security Context runAsUser
+ ## @param studio.containerSecurityContext.runAsNonRoot Set Supabase studio containers' Security Context runAsNonRoot
+ ## @param studio.containerSecurityContext.readOnlyRootFilesystem Set Supabase studio containers' Security Context runAsNonRoot
+ ##
+ containerSecurityContext:
+ enabled: true
+ runAsUser: 1001
+ runAsNonRoot: true
+ readOnlyRootFilesystem: false
+
+ ## @param studio.command Override default container command (useful when using custom images)
+ ##
+ command: []
+ ## @param studio.args Override default container args (useful when using custom images)
+ ##
+ args: []
+ ## @param studio.hostAliases Supabase studio pods host aliases
+ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+ ##
+ hostAliases: []
+ ## @param studio.podLabels Extra labels for Supabase studio pods
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ ##
+ podLabels: {}
+ ## @param studio.podAnnotations Annotations for Supabase studio pods
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+ ##
+ podAnnotations: {}
+ ## @param studio.podAffinityPreset Pod affinity preset. Ignored if `studio.affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAffinityPreset: ""
+ ## @param studio.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `studio.affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAntiAffinityPreset: soft
+ ## Node studio.affinity preset
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+ ##
+ nodeAffinityPreset:
+ ## @param studio.nodeAffinityPreset.type Node affinity preset type. Ignored if `studio.affinity` is set. Allowed values: `soft` or `hard`
+ ##
+ type: ""
+ ## @param studio.nodeAffinityPreset.key Node label key to match. Ignored if `studio.affinity` is set
+ ##
+ key: ""
+ ## @param studio.nodeAffinityPreset.values Node label values to match. Ignored if `studio.affinity` is set
+ ## E.g.
+ ## values:
+ ## - e2e-az1
+ ## - e2e-az2
+ ##
+ values: []
+ ## @param studio.affinity Affinity for Supabase studio pods assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ ## NOTE: `studio.podAffinityPreset`, `studio.podAntiAffinityPreset`, and `studio.nodeAffinityPreset` will be ignored when it's set
+ ##
+ affinity: {}
+ ## @param studio.nodeSelector Node labels for Supabase studio pods assignment
+ ## ref: https://kubernetes.io/docs/user-guide/node-selection/
+ ##
+ nodeSelector: {}
+ ## @param studio.tolerations Tolerations for Supabase studio pods assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ ##
+ tolerations: []
+ ## @param studio.updateStrategy.type Supabase studio statefulset strategy type
+ ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+ ##
+ updateStrategy:
+ ## StrategyType
+ ## Can be set to RollingUpdate or OnDelete
+ ##
+ type: RollingUpdate
+
+ ## @param studio.priorityClassName Supabase studio pods' priorityClassName
+ ##
+ priorityClassName: ""
+ ## @param studio.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
+ ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
+ ##
+ topologySpreadConstraints: []
+ ## @param studio.schedulerName Name of the k8s scheduler (other than default) for Supabase studio pods
+ ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+ ##
+ schedulerName: ""
+ ## @param studio.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
+ ##
+ terminationGracePeriodSeconds: ""
+ ## @param studio.lifecycleHooks for the Supabase studio container(s) to automate configuration before or after startup
+ ##
+ lifecycleHooks: {}
+ ## @param studio.extraEnvVars Array with extra environment variables to add to Supabase studio nodes
+ ## e.g:
+ ## extraEnvVars:
+ ## - name: FOO
+ ## value: "bar"
+ ##
+ extraEnvVars: []
+ ## @param studio.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Supabase studio nodes
+ ##
+ extraEnvVarsCM: ""
+ ## @param studio.extraEnvVarsSecret Name of existing Secret containing extra env vars for Supabase studio nodes
+ ##
+ extraEnvVarsSecret: ""
+ ## @param studio.extraVolumes Optionally specify extra list of additional volumes for the Supabase studio pod(s)
+ ##
+ extraVolumes: []
+ ## @param studio.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Supabase studio container(s)
+ ##
+ extraVolumeMounts: []
+ ## @param studio.sidecars Add additional sidecar containers to the Supabase studio pod(s)
+ ## e.g:
+ ## sidecars:
+ ## - name: your-image-name
+ ## image: your-image
+ ## imagePullPolicy: Always
+ ## ports:
+ ## - name: portname
+ ## containerPort: 1234
+ ##
+ sidecars: []
+ ## @param studio.initContainers Add additional init containers to the Supabase studio pod(s)
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ ## e.g:
+ ## initContainers:
+ ## - name: your-image-name
+ ## image: your-image
+ ## imagePullPolicy: Always
+ ## command: ['sh', '-c', 'echo "hello world"']
+ ##
+ initContainers: []
+
+ ## @section Supabase Studio Traffic Exposure Parameters
+ ##
+ service:
+ ## @param studio.service.type Supabase studio service type
+ ##
+ type: ClusterIP
+ ## @param studio.service.ports.http Supabase studio service HTTP port
+ ##
+ ports:
+ http: 80
+ ## Node ports to expose
+ ## @param studio.service.nodePorts.http Node port for HTTP
+ ## NOTE: choose port between <30000-32767>
+ ##
+ nodePorts:
+ http: ""
+ ## @param studio.service.clusterIP Supabase studio service Cluster IP
+ ## e.g.:
+ ## clusterIP: None
+ ##
+ clusterIP: ""
+ ## @param studio.service.loadBalancerIP Supabase studio service Load Balancer IP
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
+ ##
+ loadBalancerIP: ""
+ ## @param studio.service.loadBalancerSourceRanges Supabase studio service Load Balancer sources
+ ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+ ## e.g:
+ ## loadBalancerSourceRanges:
+ ## - 10.10.10.0/24
+ ##
+ loadBalancerSourceRanges: []
+ ## @param studio.service.externalTrafficPolicy Supabase studio service external traffic policy
+ ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-studio-source-ip
+ ##
+ externalTrafficPolicy: Cluster
+ ## @param studio.service.annotations Additional custom annotations for Supabase studio service
+ ##
+ annotations: {}
+ ## @param studio.service.extraPorts Extra ports to expose in Supabase studio service (normally used with the `sidecars` value)
+ ##
+ extraPorts: []
+ ## @param studio.service.sessionAffinity Control where studio requests go, to the same pod or round-robin
+ ## Values: StudioIP or None
+ ## ref: https://kubernetes.io/docs/user-guide/services/
+ ##
+ sessionAffinity: None
+ ## @param studio.service.sessionAffinityConfig Additional settings for the sessionAffinity
+ ## sessionAffinityConfig:
+ ## studioIP:
+ ## timeoutSeconds: 300
+ ##
+ sessionAffinityConfig: {}
+
+ ## ref: http://kubernetes.io/docs/user-guide/ingress/
+ ##
+ ingress:
+ ## @param studio.ingress.enabled Enable ingress record generation for Supabase
+ ##
+ enabled: false
+ ## @param studio.ingress.pathType Ingress path type
+ ##
+ pathType: ImplementationSpecific
+ ## @param studio.ingress.hostname Default host for the ingress record
+ ##
+ hostname: supabase-studio.local
+ ## @param studio.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
+ ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
+ ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
+ ##
+ ingressClassName: ""
+ ## @param studio.ingress.path Default path for the ingress record
+ ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
+ ##
+ path: /
+ ## @param studio.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
+ ## Use this parameter to set the required annotations for cert-manager, see
+ ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
+ ## e.g:
+ ## annotations:
+ ## kubernetes.io/ingress.class: nginx
+ ## cert-manager.io/cluster-issuer: cluster-issuer-name
+ ##
+ annotations: {}
+ ## @param studio.ingress.tls Enable TLS configuration for the host defined at `studio.ingress.hostname` parameter
+ ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
+ ## You can:
+ ## - Use the `studio.ingress.secrets` parameter to create this TLS secret
+ ## - Rely on cert-manager to create it by setting the corresponding annotations
+ ## - Rely on Helm to create self-signed certificates by setting `studio.ingress.selfSigned=true`
+ ##
+ tls: false
+ ## @param studio.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
+ ##
+ selfSigned: false
+ ## @param studio.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
+ ## e.g:
+ ## extraHosts:
+ ## - name: supabase.local
+ ## path: /
+ ##
+ extraHosts: []
+ ## @param studio.ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
+ ## e.g:
+ ## extraPaths:
+ ## - path: /*
+ ## auth:
+ ## serviceName: ssl-redirect
+ ## servicePort: use-annotation
+ ##
+ extraPaths: []
+ ## @param studio.ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+ ## e.g:
+ ## extraTls:
+ ## - hosts:
+ ## - supabase.local
+ ## secretName: supabase.local-tls
+ ##
+ extraTls: []
+ ## @param studio.ingress.secrets Custom TLS certificates as secrets
+ ## NOTE: 'key' and 'certificate' are expected in PEM format
+ ## NOTE: 'name' should line up with a 'secretName' set further up
+ ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
+ ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+ ## It is also possible to create and manage the certificates outside of this helm chart
+ ## Please see README.md for more information
+ ## e.g:
+ ## secrets:
+ ## - name: supabase.local-tls
+ ## key: |-
+ ## -----BEGIN RSA PRIVATE KEY-----
+ ## ...
+ ## -----END RSA PRIVATE KEY-----
+ ## certificate: |-
+ ## -----BEGIN CERTIFICATE-----
+ ## ...
+ ## -----END CERTIFICATE-----
+ ##
+ secrets: []
+ ## @param studio.ingress.extraRules Additional rules to be covered with this ingress record
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
+ ## e.g:
+ ## extraRules:
+ ## - host: example.local
+ ## http:
+ ## path: /
+ ## auth:
+ ## service:
+ ## name: example-svc
+ ## port:
+ ## name: http
+ ##
+ extraRules: []
+
+## @section Init Container Parameters
+##
+
+## 'volumePermissions' init container parameters
+## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values
+## based on the *podSecurityContext/*containerSecurityContext parameters
+##
+volumePermissions:
+ ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`
+ ##
+ enabled: false
+ ## Bitnami Shell image
+ ## ref: https://hub.docker.com/r/bitnami/bitnami-shell/tags/
+ ## @param volumePermissions.image.registry Bitnami Shell image registry
+ ## @param volumePermissions.image.repository Bitnami Shell image repository
+ ## @param volumePermissions.image.tag Bitnami Shell image tag (immutable tags are recommended)
+ ## @param volumePermissions.image.pullPolicy Bitnami Shell image pull policy
+ ## @param volumePermissions.image.pullSecrets Bitnami Shell image pull secrets
+ ##
+ image:
+ registry: docker.io
+ repository: bitnami/bitnami-shell
+ tag: 11-debian-11-r75
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ## e.g:
+ ## pullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ pullSecrets: []
+ ## Init container's resource requests and limits
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ## @param volumePermissions.resources.limits The resources limits for the init container
+ ## @param volumePermissions.resources.requests The requested resources for the init container
+ ##
+ resources:
+ limits: {}
+ requests: {}
+ ## Init container Container Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+ ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser
+ ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the
+ ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
+ ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)
+ ##
+ containerSecurityContext:
+ runAsUser: 0
+
+## Bitnami PostgreSQL image
+## ref: https://hub.docker.com/r/bitnami/supabase-postgres/tags/
+## @param psqlImage.registry PostgreSQL client image registry
+## @param psqlImage.repository PostgreSQL client image repository
+## @param psqlImage.digest PostgreSQL client image digest (overrides image tag)
+## @param psqlImage.tag PostgreSQL client image tag (immutable tags are recommended)
+## @param psqlImage.pullPolicy PostgreSQL client image pull policy
+## @param psqlImage.pullSecrets PostgreSQL client image pull secrets
+## @param psqlImage.debug Enable PostgreSQL client image debug mode
+##
+psqlImage:
+ registry: docker.io
+ repository: bitnami/supabase-postgres
+ tag: 15.1.0-debian-11-r4
+ digest: ""
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ## Example:
+ ## pullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ pullSecrets: []
+ ## Set to true if you would like to see extra information on logs
+ ##
+ debug: false
+
+## @section Other Parameters
+##
+
+## @param rbac.create Specifies whether RBAC resources should be created
+##
+rbac:
+ create: true
+
+## ServiceAccount configuration
+##
+serviceAccount:
+ ## @param serviceAccount.create Specifies whether a ServiceAccount should be created
+ ##
+ create: true
+ ## @param serviceAccount.name The name of the ServiceAccount to use.
+ ## If not set and create is true, a name is generated using the common.names.fullname template
+ ##
+ name: ""
+ ## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template)
+ ##
+ annotations: {}
+ ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account
+ ##
+ automountServiceAccountToken: true
+
+## @section Kong sub-chart parameters
+##
+
+kong:
+ ## @param kong.enabled Enable Kong
+ ##
+ enabled: true
+ ## @param kong.database Database to use
+ # We will use declarative configuration so we don't need the database
+ database: "off"
+ ## @param kong.initContainers [string] Add additional init containers to the Kong pods
+ ##
+ initContainers: |
+ - name: render-kong-declarative-conf
+ image: '{{ include "kong.image" . }}'
+ command:
+ - /bin/bash
+ args:
+ - -ec
+ - |
+ #!/bin/bash
+
+ . /opt/bitnami/scripts/liblog.sh
+
+ # We need to generate it in the tmp folder to ensure that we have write permissions
+ info "Rendering Supabase declarative config template"
+ render-template /bitnami/kong/declarative-template/kong.yml.tpl > "/bitnami/kong/declarative-conf/kong.yml"
+ volumeMounts:
+ - name: declarative-conf-template
+ mountPath: /bitnami/kong/declarative-template/
+ - name: rendered-declarative-conf
+ mountPath: /bitnami/kong/declarative-conf/
+ env:
+ - name: SUPABASE_ANON_KEY
+ valueFrom:
+ secretKeyRef:
+ name: '{{ include "supabase.jwt.secretName" . }}'
+ key: '{{ include "supabase.jwt.anonSecretKey" . }}'
+ - name: SUPABASE_SERVICE_KEY
+ valueFrom:
+ secretKeyRef:
+ name: '{{ include "supabase.jwt.secretName" . }}'
+ key: '{{ include "supabase.jwt.serviceSecretKey" . }}'
+
+ ## @param kong.ingressController.enabled Enable Kong Ingress Controller
+ ##
+ ingressController:
+ enabled: false
+ ## @param kong.kong.extraVolumeMounts [array] Additional volumeMounts to the Kong container
+ ## @param kong.kong.extraEnvVars [array] Additional environment variables to set
+ ##
+ kong:
+ extraVolumeMounts:
+ - name: rendered-declarative-conf
+ mountPath: /bitnami/kong/declarative-conf/
+ extraEnvVars:
+ - name: KONG_DECLARATIVE_CONFIG
+ value: "/bitnami/kong/declarative-conf/kong.yml"
+ - name: KONG_DNS_ORDER
+ value: LAST,A,CNAME
+ - name: KONG_PLUGINS
+ value: request-transformer,cors,key-auth,acl
+
+ ## @param kong.extraVolumes [array] Additional volumes to the Kong pods
+ ##
+ extraVolumes:
+ - name: declarative-conf-template
+ configMap:
+ name: "{{ .Release.Name }}-kong-declarative-config"
+ - name: rendered-declarative-conf
+ emptyDir: {}
+ ## @param kong.ingress.enabled Enable Ingress rule
+ ## @param kong.ingress.hostname Kong Ingress hostname
+ ## @param kong.ingress.tls Enable TLS for Kong Ingress
+ ##
+ ingress:
+ enabled: false
+ hostname: "supabase.local"
+ tls: false
+
+ ## @param kong.service.loadBalancerIP Kubernetes service LoadBalancer IP
+ ## @param kong.service.type Kubernetes service type
+ ## @param kong.service.ports.proxyHttp Kong service port
+ ##
+ service:
+ loadBalancerIP: ""
+ type: LoadBalancer
+ ports:
+ proxyHttp: 80
+
+ ## @param kong.postgresql.enabled Switch to enable or disable the PostgreSQL helm chart inside the Kong subchart
+ ##
+ postgresql:
+ enabled: false
+
+## @section PostgreSQL sub-chart parameters
+##
+
+## PostgreSQL chart configuration
+## ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml
+## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart
+## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials
+## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`)
+## @param postgresql.service.ports.postgresql PostgreSQL service port
+##
+postgresql:
+ enabled: true
+ ## Bitnami PostgreSQL image version
+ ## ref: https://hub.docker.com/r/bitnami/supabase-postgres/tags/
+ ## @param postgresql.image.registry PostgreSQL image registry
+ ## @param postgresql.image.repository PostgreSQL image repository
+ ## @param postgresql.image.tag PostgreSQL image tag (immutable tags are recommended)
+ ## @param postgresql.image.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
+ ## @param postgresql.image.pullPolicy PostgreSQL image pull policy
+ ## @param postgresql.image.pullSecrets Specify image pull secrets
+ ## @param postgresql.image.debug Specify if debug values should be set
+ ##
+ image:
+ registry: docker.io
+ repository: bitnami/supabase-postgres
+ tag: 15.1.0-debian-11-r4
+ digest: ""
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ## Example:
+ ## pullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ pullSecrets: []
+ ## Set to true if you would like to see extra information on logs
+ ##
+ debug: false
+ ## @param postgresql.postgresqlSharedPreloadLibraries Set the shared_preload_libraries parameter in postgresql.conf
+ ## Setting an empty value in order to force the default extensions of supabase-postgres
+ ##
+ postgresqlSharedPreloadLibraries: "pg_stat_statements, pg_stat_monitor, pgaudit, plpgsql, plpgsql_check, pg_cron, pg_net, pgsodium, timescaledb, auto_explain"
+ ## @param postgresql.auth.postgresPassword PostgreSQL admin password
+ ## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials
+ ## supabase-postgres creates its own hardcoded user supabase_admin so we cannot allow modifications
+ ##
+ auth:
+ postgresPassword: ""
+ existingSecret: ""
+ ## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`)
+ ##
+ architecture: standalone
+ ## @param postgresql.service.ports.postgresql PostgreSQL service port
+ ##
+ service:
+ ports:
+ postgresql: 5432
+
+## External PostgreSQL configuration
+## All of these values are only used when postgresql.enabled is set to false
+## @param externalDatabase.host Database host
+## @param externalDatabase.port Database port number
+## @param externalDatabase.user Non-root username for PostgreSQL
+## @param externalDatabase.password Password for the non-root username for PostgreSQL
+## @param externalDatabase.database PostgreSQL database name
+## @param externalDatabase.existingSecret Name of an existing secret resource containing the database credentials
+## @param externalDatabase.existingSecretPasswordKey Name of an existing secret key containing the database credentials
+##
+externalDatabase:
+ host: ""
+ port: 5432
+ user: supabase_admin
+ database: postgres
+ password: ""
+ existingSecret: ""
+ existingSecretPasswordKey: "db-password"