# Copyright VMware, Inc. # SPDX-License-Identifier: APACHE-2.0 ## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass ## ## @param global.imageRegistry Global Docker image registry ## @param global.imagePullSecrets Global Docker registry secret names as an array ## @param global.storageClass Global StorageClass for Persistent Volume(s) ## global: imageRegistry: "" ## E.g. ## imagePullSecrets: ## - myRegistryKeySecretName ## imagePullSecrets: [] storageClass: "" ## We need to add the existing secret in global in order to make it accessible to the Kong subchart ## jwt: ## @param global.jwt.existingSecret The name of the existing secret containing the JWT secret ## existingSecret: "" ## @param global.jwt.existingSecretKey The key in the existing secret containing the JWT secret ## existingSecretKey: "secret" ## @param global.jwt.existingSecretAnonKey The key in the existing secret containing the JWT anon key ## existingSecretAnonKey: "anon-key" ## @param global.jwt.existingSecretServiceKey The key in the existing secret containing the JWT service key ## existingSecretServiceKey: "service-key" ## Compatibility adaptations for Kubernetes platforms ## compatibility: ## Compatibility adaptations for Openshift ## openshift: ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) ## adaptSecurityContext: disabled ## @section Common parameters ## ## @param kubeVersion Override Kubernetes version ## kubeVersion: "" ## @param nameOverride String to partially override common.names.name ## nameOverride: "" ## @param fullnameOverride String to fully override common.names.fullname ## fullnameOverride: "" ## @param namespaceOverride String to fully override common.names.namespace ## namespaceOverride: "" ## @param commonLabels Labels to add to all deployed objects ## commonLabels: {} ## @param commonAnnotations Annotations to add to all deployed objects ## commonAnnotations: {} ## @param clusterDomain Kubernetes cluster domain name ## clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] ## Enable diagnostic mode in the deployment ## diagnosticMode: ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) ## enabled: false ## @param diagnosticMode.command Command to override all containers in the deployment ## command: - sleep ## @param diagnosticMode.args Args to override all containers in the deployment ## args: - infinity ## @section Supabase Common parameters ## jwt: ## @param jwt.secret The secret string used to sign JWT tokens ## secret: "" ## @param jwt.anonKey JWT string for annonymous users ## anonKey: "" ## @param jwt.serviceKey JWT string for service users ## serviceKey: "" autoGenerate: ## @param jwt.autoGenerate.forceRun Force the run of the JWT generation job ## forceRun: false ## Bitnami JWT CLI image ## ref: https://hub.docker.com/r/bitnami/jwt-cli/tags/ ## @param jwt.autoGenerate.image.registry [default: REGISTRY_NAME] JWT CLI image registry ## @param jwt.autoGenerate.image.repository [default: REPOSITORY_NAME/jwt-cli] JWT CLI image repository ## @skip jwt.autoGenerate.image.tag JWT CLI image tag (immutable tags are recommended) ## @param jwt.autoGenerate.image.digest JWT CLI image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) ## @param jwt.autoGenerate.image.pullPolicy JWT CLI image pull policy ## @param jwt.autoGenerate.image.pullSecrets JWT CLI image pull secrets ## image: registry: docker.io repository: bitnami/jwt-cli tag: 6.0.0-debian-12-r17 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] kubectlImage: ## Bitnami Kubectl image ## ref: https://hub.docker.com/r/bitnami/kubectl/tags/ ## @param jwt.autoGenerate.kubectlImage.registry [default: REGISTRY_NAME] Kubectl image registry ## @param jwt.autoGenerate.kubectlImage.repository [default: REPOSITORY_NAME/kubectl] Kubectl image repository ## @skip jwt.autoGenerate.kubectlImage.tag Kubectl image tag (immutable tags are recommended) ## @param jwt.autoGenerate.kubectlImage.digest Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param jwt.autoGenerate.kubectlImage.pullPolicy Kubectl image pull policy ## @param jwt.autoGenerate.kubectlImage.pullSecrets Kubectl image pull secrets ## registry: docker.io repository: bitnami/kubectl tag: 1.29.2-debian-12-r2 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## Example: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param jwt.autoGenerate.backoffLimit set backoff limit of the job ## backoffLimit: 10 ## @param jwt.autoGenerate.extraVolumes Optionally specify extra list of additional volumes for the jwt init job ## extraVolumes: [] ## ServiceAccount configuration ## serviceAccount: ## @param jwt.autoGenerate.serviceAccount.create Specifies whether a ServiceAccount should be created ## create: true ## @param jwt.autoGenerate.serviceAccount.name The name of the ServiceAccount to use. ## If not set and create is true, a name is generated using the common.names.fullname template ## name: "" ## @param jwt.autoGenerate.serviceAccount.annotations Additional Service Account annotations (evaluated as a template) ## annotations: {} ## @param jwt.autoGenerate.serviceAccount.automountServiceAccountToken Automount service account token for the server service account ## automountServiceAccountToken: false ## Configure Container Security Context ## @param jwt.autoGenerate.containerSecurityContext.enabled Enabled jwt init job containers' Security Context ## @param jwt.autoGenerate.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param jwt.autoGenerate.containerSecurityContext.runAsUser Set jwt init job containers' Security Context runAsUser ## @param jwt.autoGenerate.containerSecurityContext.runAsGroup Set jwt init job containers' Security Context runAsUser ## @param jwt.autoGenerate.containerSecurityContext.runAsNonRoot Set jwt init job container's Security Context runAsNonRoot ## @param jwt.autoGenerate.containerSecurityContext.privileged Set jwt init job container's Security Context privileged ## @param jwt.autoGenerate.containerSecurityContext.readOnlyRootFilesystem Set jwt init job container's Security Context readOnlyRootFilesystem ## @param jwt.autoGenerate.containerSecurityContext.allowPrivilegeEscalation Set jwt init job container's Security Context allowPrivilegeEscalation ## @param jwt.autoGenerate.containerSecurityContext.capabilities.drop List of jwt init job capabilities to be dropped ## @param jwt.autoGenerate.containerSecurityContext.seccompProfile.type Set jwt init job container's Security Context seccomp profile ## containerSecurityContext: enabled: true seLinuxOptions: null runAsUser: 1001 runAsGroup: 0 runAsNonRoot: true privileged: false readOnlyRootFilesystem: false allowPrivilegeEscalation: false capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param jwt.autoGenerate.podSecurityContext.enabled Enabled jwt init job pods' Security Context ## @param jwt.autoGenerate.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy ## @param jwt.autoGenerate.podSecurityContext.sysctls Set kernel settings using the sysctl interface ## @param jwt.autoGenerate.podSecurityContext.supplementalGroups Set filesystem extra groups ## @param jwt.autoGenerate.podSecurityContext.fsGroup Set jwt init job pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroupChangePolicy: Always sysctls: [] supplementalGroups: [] fsGroup: 1001 ## @param jwt.autoGenerate.extraEnvVars Array containing extra env vars to configure the jwt init job ## For example: ## extraEnvVars: ## - name: GF_DEFAULT_INSTANCE_NAME ## value: my-instance ## extraEnvVars: [] ## @param jwt.autoGenerate.extraEnvVarsCM ConfigMap containing extra env vars to configure the jwt init job ## extraEnvVarsCM: "" ## @param jwt.autoGenerate.extraEnvVarsSecret Secret containing extra env vars to configure the jwt init job (in case of sensitive data) ## extraEnvVarsSecret: "" ## @param jwt.autoGenerate.extraVolumeMounts Array of extra volume mounts to be added to the jwt Container (evaluated as template). Normally used with `extraVolumes`. ## extraVolumeMounts: [] ## Container resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param jwt.autoGenerate.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if jwt.autoGenerate.resources is set (jwt.autoGenerate.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "none" ## @param jwt.autoGenerate.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## @param jwt.autoGenerate.automountServiceAccountToken Mount Service Account token in pod ## automountServiceAccountToken: true ## @param jwt.autoGenerate.hostAliases Add deployment host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param jwt.autoGenerate.annotations [object] Add annotations to the job ## annotations: helm.sh/hook: post-install helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded # This should be executed after the minio provisioning job helm.sh/hook-weight: "10" ## @param jwt.autoGenerate.podLabels Additional pod labels ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param jwt.autoGenerate.podAnnotations Additional pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param publicURL Supabase API public URL ## publicURL: "" ## @param dbSSL Supabase API database connection mode for SSL. Applied to all components. Allowed values: verify-ca, verify-full, disable, allow, prefer, require ## https://www.postgresql.org/docs/current/libpq-ssl.html ## dbSSL: "disable" ## @section Supabase Auth Parameters ## ## auth: ## @param auth.enabled Enable Supabase auth ## enabled: true ## @param auth.replicaCount Number of Supabase auth replicas to deploy ## replicaCount: 1 ## @param auth.defaultConfig [string] Supabase auth default configuration ## defaultConfig: | GOTRUE_API_HOST: "0.0.0.0" GOTRUE_API_PORT: {{ .Values.auth.containerPorts.http | quote }} GOTRUE_SITE_URL: {{ include "supabase.studio.publicURL" . | quote }} GOTRUE_URI_ALLOW_LIST: "*" GOTRUE_DISABLE_SIGNUP: "false" GOTRUE_DB_DRIVER: "postgres" GOTRUE_JWT_DEFAULT_GROUP_NAME: "authenticated" GOTRUE_JWT_ADMIN_ROLES: "service_role" GOTRUE_JWT_AUD: "authenticated" GOTRUE_JWT_EXP: "3600" GOTRUE_EXTERNAL_EMAIL_ENABLED: "true" GOTRUE_MAILER_AUTOCONFIRM: "true" GOTRUE_SMTP_ADMIN_EMAIL: "your-mail@example.com" GOTRUE_SMTP_HOST: "smtp.example.com" GOTRUE_SMTP_PORT: "587" GOTRUE_SMTP_SENDER_NAME: "your-mail@example.com" GOTRUE_EXTERNAL_PHONE_ENABLED: "false" GOTRUE_SMS_AUTOCONFIRM: "false" GOTRUE_MAILER_URLPATHS_INVITE: "{{ include "supabase.studio.publicURL" . }}/auth/v1/verify" GOTRUE_MAILER_URLPATHS_CONFIRMATION: "{{ include "supabase.studio.publicURL" . }}/auth/v1/verify" GOTRUE_MAILER_URLPATHS_RECOVERY: "{{ include "supabase.studio.publicURL" . }}/auth/v1/verify" GOTRUE_MAILER_URLPATHS_EMAIL_CHANGE: "{{ include "supabase.studio.publicURL" . }}/auth/v1/verify" ## @param auth.extraConfig Supabase auth extra configuration ## extraConfig: {} ## @param auth.existingConfigmap The name of an existing ConfigMap with the default configuration ## existingConfigmap: "" ## @param auth.extraConfigExistingConfigmap The name of an existing ConfigMap with extra configuration ## extraConfigExistingConfigmap: "" ## Bitnami Gotrue image ## ref: https://hub.docker.com/r/bitnami/gotrue/tags/ ## @param auth.image.registry [default: REGISTRY_NAME] Gotrue image registry ## @param auth.image.repository [default: REPOSITORY_NAME/gotrue] Gotrue image repository ## @skip auth.image.tag Gotrue image tag (immutable tags are recommended) ## @param auth.image.digest Gotrue image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) ## @param auth.image.pullPolicy Gotrue image pull policy ## @param auth.image.pullSecrets Gotrue image pull secrets ## image: registry: docker.io repository: bitnami/gotrue tag: 1.0.1-debian-12-r21 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param auth.containerPorts.http Supabase auth HTTP container port ## containerPorts: http: 9999 ## Configure extra options for Supabase auth containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param auth.livenessProbe.enabled Enable livenessProbe on Supabase auth containers ## @param auth.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param auth.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param auth.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param auth.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param auth.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param auth.readinessProbe.enabled Enable readinessProbe on Supabase auth containers ## @param auth.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param auth.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param auth.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param auth.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param auth.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param auth.startupProbe.enabled Enable startupProbe on Supabase auth containers ## @param auth.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param auth.startupProbe.periodSeconds Period seconds for startupProbe ## @param auth.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param auth.startupProbe.failureThreshold Failure threshold for startupProbe ## @param auth.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param auth.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param auth.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param auth.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## Supabase auth resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param auth.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if auth.resources is set (auth.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "none" ## @param auth.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param auth.podSecurityContext.enabled Enabled Supabase auth pods' Security Context ## @param auth.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy ## @param auth.podSecurityContext.sysctls Set kernel settings using the sysctl interface ## @param auth.podSecurityContext.supplementalGroups Set filesystem extra groups ## @param auth.podSecurityContext.fsGroup Set Supabase auth pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroupChangePolicy: Always sysctls: [] supplementalGroups: [] fsGroup: 1001 ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param auth.containerSecurityContext.enabled Enabled containers' Security Context ## @param auth.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param auth.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param auth.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup ## @param auth.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param auth.containerSecurityContext.privileged Set container's Security Context privileged ## @param auth.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem ## @param auth.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation ## @param auth.containerSecurityContext.capabilities.drop List of capabilities to be dropped ## @param auth.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## containerSecurityContext: enabled: true seLinuxOptions: null runAsUser: 1001 runAsGroup: 0 runAsNonRoot: true privileged: false readOnlyRootFilesystem: false allowPrivilegeEscalation: false capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## @param auth.command Override default container command (useful when using custom images) ## command: [] ## @param auth.args Override default container args (useful when using custom images) ## args: [] ## @param auth.automountServiceAccountToken Mount Service Account token in pod ## automountServiceAccountToken: false ## @param auth.hostAliases Supabase auth pods host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param auth.podLabels Extra labels for Supabase auth pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param auth.podAnnotations Annotations for Supabase auth pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param auth.podAffinityPreset Pod affinity preset. Ignored if `auth.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param auth.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `auth.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node auth.affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param auth.nodeAffinityPreset.type Node affinity preset type. Ignored if `auth.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param auth.nodeAffinityPreset.key Node label key to match. Ignored if `auth.affinity` is set ## key: "" ## @param auth.nodeAffinityPreset.values Node label values to match. Ignored if `auth.affinity` is set ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param auth.affinity Affinity for Supabase auth pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: `auth.podAffinityPreset`, `auth.podAntiAffinityPreset`, and `auth.nodeAffinityPreset` will be ignored when it's set ## affinity: {} ## @param auth.nodeSelector Node labels for Supabase auth pods assignment ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} ## @param auth.tolerations Tolerations for Supabase auth pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param auth.updateStrategy.type Supabase auth statefulset strategy type ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies ## updateStrategy: ## StrategyType ## Can be set to RollingUpdate or OnDelete ## type: RollingUpdate ## @param auth.priorityClassName Supabase auth pods' priorityClassName ## priorityClassName: "" ## @param auth.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param auth.schedulerName Name of the k8s scheduler (other than default) for Supabase auth pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param auth.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## terminationGracePeriodSeconds: "" ## @param auth.lifecycleHooks for the Supabase auth container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param auth.extraEnvVars Array with extra environment variables to add to Supabase auth nodes ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param auth.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Supabase auth nodes ## extraEnvVarsCM: "" ## @param auth.extraEnvVarsSecret Name of existing Secret containing extra env vars for Supabase auth nodes ## extraEnvVarsSecret: "" ## @param auth.extraVolumes Optionally specify extra list of additional volumes for the Supabase auth pod(s) ## extraVolumes: [] ## @param auth.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Supabase auth container(s) ## extraVolumeMounts: [] ## @param auth.sidecars Add additional sidecar containers to the Supabase auth pod(s) ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param auth.initContainers Add additional init containers to the Supabase auth pod(s) ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] ## @section Supabase Auth Traffic Exposure Parameters ## service: ## @param auth.service.type Supabase auth service type ## type: ClusterIP ## @param auth.service.ports.http Supabase auth service HTTP port ## ports: http: 80 ## Node ports to expose ## @param auth.service.nodePorts.http Node port for HTTP ## NOTE: choose port between <30000-32767> ## nodePorts: http: "" ## @param auth.service.clusterIP Supabase auth service Cluster IP ## e.g.: ## clusterIP: None ## clusterIP: "" ## @param auth.service.loadBalancerIP Supabase auth service Load Balancer IP ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer ## loadBalancerIP: "" ## @param auth.service.loadBalancerSourceRanges Supabase auth service Load Balancer sources ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param auth.service.externalTrafficPolicy Supabase auth service external traffic policy ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-auth-source-ip ## externalTrafficPolicy: Cluster ## @param auth.service.annotations Additional custom annotations for Supabase auth service ## annotations: {} ## @param auth.service.extraPorts Extra ports to expose in Supabase auth service (normally used with the `sidecars` value) ## extraPorts: [] ## @param auth.service.sessionAffinity Control where auth requests go, to the same pod or round-robin ## Values: AuthIP or None ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ ## sessionAffinity: None ## @param auth.service.sessionAffinityConfig Additional settings for the sessionAffinity ## sessionAffinityConfig: ## authIP: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} ## Network Policies ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## networkPolicy: ## @param auth.networkPolicy.enabled Specifies whether a NetworkPolicy should be created ## enabled: true ## @param auth.networkPolicy.allowExternal Don't require client label for connections ## The Policy model to apply. When set to false, only pods with the correct ## client label will have network access to the ports the application is listening ## on. When true, the app will accept connections from any source ## (with the correct destination port). ## allowExternal: true ## @param auth.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. ## allowExternalEgress: true ## @param auth.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice ## e.g: ## extraIngress: ## - ports: ## - port: 1234 ## from: ## - podSelector: ## - matchLabels: ## - role: frontend ## - podSelector: ## - matchExpressions: ## - key: role ## operator: In ## values: ## - frontend extraIngress: [] ## @param auth.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy ## e.g: ## extraEgress: ## - ports: ## - port: 1234 ## to: ## - podSelector: ## - matchLabels: ## - role: frontend ## - podSelector: ## - matchExpressions: ## - key: role ## operator: In ## values: ## - frontend ## extraEgress: [] ## @param auth.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces ## @param auth.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} ## @section Supabase Meta Parameters ## ## meta: ## @param meta.enabled Enable Supabase Postgres Meta ## enabled: true ## @param meta.replicaCount Number of Supabase Postgres Meta replicas to deploy ## replicaCount: 1 ## @param meta.defaultConfig [string] Default Supabase Postgres Meta configuration ## defaultConfig: | PG_META_DB_USER: {{ include "supabase.database.user" . | quote }} PG_META_DB_HOST: {{ include "supabase.database.host" . | quote }} PG_META_DB_PORT: {{ include "supabase.database.port" . | quote }} PG_META_DB_NAME: {{ include "supabase.database.name" . | quote }} PG_META_DB_SSL_MODE: {{ .Values.dbSSL | quote }} PG_META_PORT: {{ .Values.meta.containerPorts.http | quote }} ## @param meta.extraConfig Extra Supabase Postgres Meta configuration ## extraConfig: {} ## @param meta.existingConfigmap The name of an existing ConfigMap with the default configuration ## existingConfigmap: "" ## @param meta.extraConfigExistingConfigmap The name of an existing ConfigMap with extra configuration ## extraConfigExistingConfigmap: "" ## Bitnami Supabase Postgres Meta image ## ref: https://hub.docker.com/r/bitnami/supabase-postgres-meta/tags/ ## @param meta.image.registry [default: REGISTRY_NAME] Supabase Postgres Meta image registry ## @param meta.image.repository [default: REPOSITORY_NAME/supabase-postgres-meta] Supabase Postgres Meta image repository ## @skip meta.image.tag Supabase Postgres Meta image tag (immutable tags are recommended) ## @param meta.image.digest Supabase Postgres Meta image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) ## @param meta.image.pullPolicy Supabase Postgres Meta image pull policy ## @param meta.image.pullSecrets Supabase Postgres Meta image pull secrets ## image: registry: docker.io repository: bitnami/supabase-postgres-meta tag: 0.79.0-debian-12-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param meta.containerPorts.http Supabase Postgres Meta HTTP container port ## containerPorts: http: 8080 ## Configure extra options for Supabase Postgres Meta containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param meta.livenessProbe.enabled Enable livenessProbe on Supabase Postgres Meta containers ## @param meta.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param meta.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param meta.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param meta.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param meta.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param meta.readinessProbe.enabled Enable readinessProbe on Supabase Postgres Meta containers ## @param meta.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param meta.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param meta.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param meta.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param meta.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param meta.startupProbe.enabled Enable startupProbe on Supabase Postgres Meta containers ## @param meta.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param meta.startupProbe.periodSeconds Period seconds for startupProbe ## @param meta.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param meta.startupProbe.failureThreshold Failure threshold for startupProbe ## @param meta.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param meta.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param meta.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param meta.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## Supabase Postgres Meta resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param meta.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if meta.resources is set (meta.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "none" ## @param meta.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param meta.podSecurityContext.enabled Enabled Supabase Postgres Meta pods' Security Context ## @param meta.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy ## @param meta.podSecurityContext.sysctls Set kernel settings using the sysctl interface ## @param meta.podSecurityContext.supplementalGroups Set filesystem extra groups ## @param meta.podSecurityContext.fsGroup Set Supabase Postgres Meta pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroupChangePolicy: Always sysctls: [] supplementalGroups: [] fsGroup: 1001 ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param meta.containerSecurityContext.enabled Enabled containers' Security Context ## @param meta.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param meta.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param meta.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup ## @param meta.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param meta.containerSecurityContext.privileged Set container's Security Context privileged ## @param meta.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem ## @param meta.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation ## @param meta.containerSecurityContext.capabilities.drop List of capabilities to be dropped ## @param meta.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## containerSecurityContext: enabled: true seLinuxOptions: null runAsUser: 1001 runAsGroup: 0 runAsNonRoot: true privileged: false readOnlyRootFilesystem: false allowPrivilegeEscalation: false capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## @param meta.command Override default container command (useful when using custom images) ## command: [] ## @param meta.args Override default container args (useful when using custom images) ## args: [] ## @param meta.automountServiceAccountToken Mount Service Account token in pod ## automountServiceAccountToken: false ## @param meta.hostAliases Supabase Postgres Meta pods host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param meta.podLabels Extra labels for Supabase Postgres Meta pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param meta.podAnnotations Annotations for Supabase Postgres Meta pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param meta.podAffinityPreset Pod affinity preset. Ignored if `meta.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param meta.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `meta.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node meta.affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param meta.nodeAffinityPreset.type Node affinity preset type. Ignored if `meta.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param meta.nodeAffinityPreset.key Node label key to match. Ignored if `meta.affinity` is set ## key: "" ## @param meta.nodeAffinityPreset.values Node label values to match. Ignored if `meta.affinity` is set ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param meta.affinity Affinity for Supabase Postgres Meta pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: `meta.podAffinityPreset`, `meta.podAntiAffinityPreset`, and `meta.nodeAffinityPreset` will be ignored when it's set ## affinity: {} ## @param meta.nodeSelector Node labels for Supabase Postgres Meta pods assignment ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} ## @param meta.tolerations Tolerations for Supabase Postgres Meta pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param meta.updateStrategy.type Supabase Postgres Meta statefulset strategy type ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies ## updateStrategy: ## StrategyType ## Can be set to RollingUpdate or OnDelete ## type: RollingUpdate ## @param meta.priorityClassName Supabase Postgres Meta pods' priorityClassName ## priorityClassName: "" ## @param meta.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param meta.schedulerName Name of the k8s scheduler (other than default) for Supabase Postgres Meta pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param meta.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## terminationGracePeriodSeconds: "" ## @param meta.lifecycleHooks for the Supabase Postgres Meta container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param meta.extraEnvVars Array with extra environment variables to add to Supabase Postgres Meta nodes ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param meta.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Supabase Postgres Meta nodes ## extraEnvVarsCM: "" ## @param meta.extraEnvVarsSecret Name of existing Secret containing extra env vars for Supabase Postgres Meta nodes ## extraEnvVarsSecret: "" ## @param meta.extraVolumes Optionally specify extra list of additional volumes for the Supabase Postgres Meta pod(s) ## extraVolumes: [] ## @param meta.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Supabase Postgres Meta container(s) ## extraVolumeMounts: [] ## @param meta.sidecars Add additional sidecar containers to the Supabase Postgres Meta pod(s) ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param meta.initContainers Add additional init containers to the Supabase Postgres Meta pod(s) ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] ## @section Supabase Meta Traffic Exposure Parameters ## service: ## @param meta.service.type Supabase Postgres Meta service type ## type: ClusterIP ## @param meta.service.ports.http Supabase Postgres Meta service HTTP port ## ports: http: 80 ## Node ports to expose ## @param meta.service.nodePorts.http Node port for HTTP ## NOTE: choose port between <30000-32767> ## nodePorts: http: "" ## @param meta.service.clusterIP Supabase Postgres Meta service Cluster IP ## e.g.: ## clusterIP: None ## clusterIP: "" ## @param meta.service.loadBalancerIP Supabase Postgres Meta service Load Balancer IP ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer ## loadBalancerIP: "" ## @param meta.service.loadBalancerSourceRanges Supabase Postgres Meta service Load Balancer sources ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param meta.service.externalTrafficPolicy Supabase Postgres Meta service external traffic policy ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-meta-source-ip ## externalTrafficPolicy: Cluster ## @param meta.service.annotations Additional custom annotations for Supabase Postgres Meta service ## annotations: {} ## @param meta.service.extraPorts Extra ports to expose in Supabase Postgres Meta service (normally used with the `sidecars` value) ## extraPorts: [] ## @param meta.service.sessionAffinity Control where meta requests go, to the same pod or round-robin ## Values: MetaIP or None ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ ## sessionAffinity: None ## @param meta.service.sessionAffinityConfig Additional settings for the sessionAffinity ## sessionAffinityConfig: ## metaIP: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} ## Network Policies ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## networkPolicy: ## @param meta.networkPolicy.enabled Specifies whether a NetworkPolicy should be created ## enabled: true ## @param meta.networkPolicy.allowExternal Don't require client label for connections ## The Policy model to apply. When set to false, only pods with the correct ## client label will have network access to the ports the application is listening ## on. When true, the app will accept connections from any source ## (with the correct destination port). ## allowExternal: true ## @param meta.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. ## allowExternalEgress: true ## @param meta.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice ## e.g: ## extraIngress: ## - ports: ## - port: 1234 ## from: ## - podSelector: ## - matchLabels: ## - role: frontend ## - podSelector: ## - matchExpressions: ## - key: role ## operator: In ## values: ## - frontend extraIngress: [] ## @param meta.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy ## e.g: ## extraEgress: ## - ports: ## - port: 1234 ## to: ## - podSelector: ## - matchLabels: ## - role: frontend ## - podSelector: ## - matchExpressions: ## - key: role ## operator: In ## values: ## - frontend ## extraEgress: [] ## @param meta.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces ## @param meta.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} ## @section Supabase Realtime Parameters ## ## realtime: ## @param realtime.enabled Enable Supabase realtime ## enabled: true ## @param realtime.replicaCount Number of Supabase realtime replicas to deploy ## replicaCount: 1 ## @param realtime.keyBase key base for Supabase realtime ## keyBase: "" ## @param realtime.existingSecret Name of an existing secret containing the key base for Supabase realtime ## existingSecret: "" ## @param realtime.existingSecretKey Key in the existing secret containing the key base for Supabase realtime ## existingSecretKey: "key-base" ## @param realtime.defaultConfig [string] Default configuration for Supabase realtime ## defaultConfig: | DB_HOST: {{ include "supabase.database.host" . | quote }} DB_PORT: {{ include "supabase.database.port" . | quote }} DB_NAME: {{ include "supabase.database.name" . | quote }} DB_SSL: {{ .Values.dbSSL | quote }} PORT: {{ .Values.realtime.containerPorts.http | quote }} FLY_ALLOC_ID: "realtime" FLY_APP_NAME: "realtime" ERL_AFLAGS: "-proto_dist inet_tcp" REPLICATION_MODE: "RLS" REPLICATION_POLL_INTERVAL: "100" SECURE_CHANNELS: "true" SLOT_NAME: "supabase_realtime_rls" TEMPORARY_SLOT: "true" ## @param realtime.extraConfig Extra configuration for Supabase realtime ## extraConfig: {} ## @param realtime.existingConfigmap The name of an existing ConfigMap with the default configuration ## existingConfigmap: "" ## @param realtime.extraConfigExistingConfigmap The name of an existing ConfigMap with extra configuration ## extraConfigExistingConfigmap: "" ## Bitnami Realtime image ## ref: https://hub.docker.com/r/bitnami/supabase-realtime/tags/ ## @param realtime.image.registry [default: REGISTRY_NAME] Realtime image registry ## @param realtime.image.repository [default: REPOSITORY_NAME/supabase-realtime] Realtime image repository ## @skip realtime.image.tag Realtime image tag (immutable tags are recommended) ## @param realtime.image.digest Realtime image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) ## @param realtime.image.pullPolicy Realtime image pull policy ## @param realtime.image.pullSecrets Realtime image pull secrets ## image: registry: docker.io repository: bitnami/supabase-realtime tag: 2.25.66-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param realtime.containerPorts.http Supabase realtime HTTP container port ## containerPorts: http: 9999 ## Configure extra options for Supabase realtime containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param realtime.livenessProbe.enabled Enable livenessProbe on Supabase realtime containers ## @param realtime.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param realtime.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param realtime.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param realtime.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param realtime.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param realtime.readinessProbe.enabled Enable readinessProbe on Supabase realtime containers ## @param realtime.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param realtime.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param realtime.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param realtime.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param realtime.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param realtime.startupProbe.enabled Enable startupProbe on Supabase realtime containers ## @param realtime.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param realtime.startupProbe.periodSeconds Period seconds for startupProbe ## @param realtime.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param realtime.startupProbe.failureThreshold Failure threshold for startupProbe ## @param realtime.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param realtime.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param realtime.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param realtime.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## Supabase realtime resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param realtime.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if realtime.resources is set (realtime.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "none" ## @param realtime.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param realtime.podSecurityContext.enabled Enabled Supabase realtime pods' Security Context ## @param realtime.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy ## @param realtime.podSecurityContext.sysctls Set kernel settings using the sysctl interface ## @param realtime.podSecurityContext.supplementalGroups Set filesystem extra groups ## @param realtime.podSecurityContext.fsGroup Set Supabase realtime pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroupChangePolicy: Always sysctls: [] supplementalGroups: [] fsGroup: 1001 ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param realtime.containerSecurityContext.enabled Enabled containers' Security Context ## @param realtime.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param realtime.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param realtime.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup ## @param realtime.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param realtime.containerSecurityContext.privileged Set container's Security Context privileged ## @param realtime.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem ## @param realtime.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation ## @param realtime.containerSecurityContext.capabilities.drop List of capabilities to be dropped ## @param realtime.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## containerSecurityContext: enabled: true seLinuxOptions: null runAsUser: 1001 runAsGroup: 0 runAsNonRoot: true privileged: false readOnlyRootFilesystem: false allowPrivilegeEscalation: false capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## @param realtime.command Override default container command (useful when using custom images) ## command: [] ## @param realtime.args Override default container args (useful when using custom images) ## args: [] ## @param realtime.automountServiceAccountToken Mount Service Account token in pod ## automountServiceAccountToken: false ## @param realtime.hostAliases Supabase realtime pods host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param realtime.podLabels Extra labels for Supabase realtime pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param realtime.podAnnotations Annotations for Supabase realtime pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param realtime.podAffinityPreset Pod affinity preset. Ignored if `realtime.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param realtime.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `realtime.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node realtime.affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param realtime.nodeAffinityPreset.type Node affinity preset type. Ignored if `realtime.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param realtime.nodeAffinityPreset.key Node label key to match. Ignored if `realtime.affinity` is set ## key: "" ## @param realtime.nodeAffinityPreset.values Node label values to match. Ignored if `realtime.affinity` is set ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param realtime.affinity Affinity for Supabase realtime pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: `realtime.podAffinityPreset`, `realtime.podAntiAffinityPreset`, and `realtime.nodeAffinityPreset` will be ignored when it's set ## affinity: {} ## @param realtime.nodeSelector Node labels for Supabase realtime pods assignment ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} ## @param realtime.tolerations Tolerations for Supabase realtime pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param realtime.updateStrategy.type Supabase realtime statefulset strategy type ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies ## updateStrategy: ## StrategyType ## Can be set to RollingUpdate or OnDelete ## type: RollingUpdate ## @param realtime.priorityClassName Supabase realtime pods' priorityClassName ## priorityClassName: "" ## @param realtime.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param realtime.schedulerName Name of the k8s scheduler (other than default) for Supabase realtime pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param realtime.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## terminationGracePeriodSeconds: "" ## @param realtime.lifecycleHooks for the Supabase realtime container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param realtime.extraEnvVars Array with extra environment variables to add to Supabase realtime nodes ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param realtime.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Supabase realtime nodes ## extraEnvVarsCM: "" ## @param realtime.extraEnvVarsSecret Name of existing Secret containing extra env vars for Supabase realtime nodes ## extraEnvVarsSecret: "" ## @param realtime.extraVolumes Optionally specify extra list of additional volumes for the Supabase realtime pod(s) ## extraVolumes: [] ## @param realtime.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Supabase realtime container(s) ## extraVolumeMounts: [] ## @param realtime.sidecars Add additional sidecar containers to the Supabase realtime pod(s) ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param realtime.initContainers Add additional init containers to the Supabase realtime pod(s) ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] ## @section Supabase Realtime Traffic Exposure Parameters ## service: ## @param realtime.service.type Supabase realtime service type ## type: ClusterIP ## @param realtime.service.ports.http Supabase realtime service HTTP port ## ports: http: 80 ## Node ports to expose ## @param realtime.service.nodePorts.http Node port for HTTP ## NOTE: choose port between <30000-32767> ## nodePorts: http: "" ## @param realtime.service.clusterIP Supabase realtime service Cluster IP ## e.g.: ## clusterIP: None ## clusterIP: "" ## @param realtime.service.loadBalancerIP Supabase realtime service Load Balancer IP ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer ## loadBalancerIP: "" ## @param realtime.service.loadBalancerSourceRanges Supabase realtime service Load Balancer sources ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param realtime.service.externalTrafficPolicy Supabase realtime service external traffic policy ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-realtime-source-ip ## externalTrafficPolicy: Cluster ## @param realtime.service.annotations Additional custom annotations for Supabase realtime service ## annotations: {} ## @param realtime.service.extraPorts Extra ports to expose in Supabase realtime service (normally used with the `sidecars` value) ## extraPorts: [] ## @param realtime.service.sessionAffinity Control where realtime requests go, to the same pod or round-robin ## Values: RealtimeIP or None ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ ## sessionAffinity: None ## @param realtime.service.sessionAffinityConfig Additional settings for the sessionAffinity ## sessionAffinityConfig: ## realtimeIP: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} ## Network Policies ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## networkPolicy: ## @param realtime.networkPolicy.enabled Specifies whether a NetworkPolicy should be created ## enabled: true ## @param realtime.networkPolicy.allowExternal Don't require client label for connections ## The Policy model to apply. When set to false, only pods with the correct ## client label will have network access to the ports the application is listening ## on. When true, the app will accept connections from any source ## (with the correct destination port). ## allowExternal: true ## @param realtime.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. ## allowExternalEgress: true ## @param realtime.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice ## e.g: ## extraIngress: ## - ports: ## - port: 1234 ## from: ## - podSelector: ## - matchLabels: ## - role: frontend ## - podSelector: ## - matchExpressions: ## - key: role ## operator: In ## values: ## - frontend extraIngress: [] ## @param realtime.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy ## e.g: ## extraEgress: ## - ports: ## - port: 1234 ## to: ## - podSelector: ## - matchLabels: ## - role: frontend ## - podSelector: ## - matchExpressions: ## - key: role ## operator: In ## values: ## - frontend ## extraEgress: [] ## @param realtime.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces ## @param realtime.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} ## @section Supabase Rest Parameters ## ## rest: ## @param rest.enabled Enable Supabase rest ## enabled: true ## @param rest.replicaCount Number of Supabase rest replicas to deploy ## replicaCount: 1 ## @param rest.defaultConfig [string] Default configuration for the Supabase rest service ## defaultConfig: | PGRST_DB_SCHEMA: "public,storage" PGRST_DB_ANON_ROLE: "anon" PGRST_DB_USE_LEGACY_GUCS: "false" PGRST_SERVER_PORT: {{ .Values.rest.containerPorts.http | quote }} ## @param rest.extraConfig Extra configuration for the Supabase rest service ## extraConfig: {} ## @param rest.existingConfigmap The name of an existing ConfigMap with the default configuration ## existingConfigmap: "" ## @param rest.extraConfigExistingConfigmap The name of an existing ConfigMap with extra configuration ## extraConfigExistingConfigmap: "" ## Bitnami PostgREST image ## ref: https://hub.docker.com/r/bitnami/postgrest/tags/ ## @param rest.image.registry [default: REGISTRY_NAME] PostgREST image registry ## @param rest.image.repository [default: REPOSITORY_NAME/postgrest] PostgREST image repository ## @skip rest.image.tag PostgREST image tag (immutable tags are recommended) ## @param rest.image.digest PostgREST image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) ## @param rest.image.pullPolicy PostgREST image pull policy ## @param rest.image.pullSecrets PostgREST image pull secrets ## image: registry: docker.io repository: bitnami/postgrest tag: 11.2.2-debian-12-r12 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param rest.containerPorts.http Supabase rest HTTP container port ## containerPorts: http: 3000 ## Configure extra options for Supabase rest containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param rest.livenessProbe.enabled Enable livenessProbe on Supabase rest containers ## @param rest.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param rest.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param rest.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param rest.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param rest.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param rest.readinessProbe.enabled Enable readinessProbe on Supabase rest containers ## @param rest.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param rest.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param rest.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param rest.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param rest.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param rest.startupProbe.enabled Enable startupProbe on Supabase rest containers ## @param rest.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param rest.startupProbe.periodSeconds Period seconds for startupProbe ## @param rest.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param rest.startupProbe.failureThreshold Failure threshold for startupProbe ## @param rest.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param rest.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param rest.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param rest.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## Supabase rest resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param rest.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if rest.resources is set (rest.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "none" ## @param rest.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param rest.podSecurityContext.enabled Enabled Supabase rest pods' Security Context ## @param rest.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy ## @param rest.podSecurityContext.sysctls Set kernel settings using the sysctl interface ## @param rest.podSecurityContext.supplementalGroups Set filesystem extra groups ## @param rest.podSecurityContext.fsGroup Set Supabase rest pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroupChangePolicy: Always sysctls: [] supplementalGroups: [] fsGroup: 1001 ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param rest.containerSecurityContext.enabled Enabled containers' Security Context ## @param rest.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param rest.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param rest.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup ## @param rest.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param rest.containerSecurityContext.privileged Set container's Security Context privileged ## @param rest.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem ## @param rest.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation ## @param rest.containerSecurityContext.capabilities.drop List of capabilities to be dropped ## @param rest.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## containerSecurityContext: enabled: true seLinuxOptions: null runAsUser: 1001 runAsGroup: 0 runAsNonRoot: true privileged: false readOnlyRootFilesystem: false allowPrivilegeEscalation: false capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## @param rest.command Override default container command (useful when using custom images) ## command: [] ## @param rest.args Override default container args (useful when using custom images) ## args: [] ## @param rest.automountServiceAccountToken Mount Service Account token in pod ## automountServiceAccountToken: false ## @param rest.hostAliases Supabase rest pods host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param rest.podLabels Extra labels for Supabase rest pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param rest.podAnnotations Annotations for Supabase rest pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param rest.podAffinityPreset Pod affinity preset. Ignored if `rest.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param rest.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `rest.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node rest.affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param rest.nodeAffinityPreset.type Node affinity preset type. Ignored if `rest.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param rest.nodeAffinityPreset.key Node label key to match. Ignored if `rest.affinity` is set ## key: "" ## @param rest.nodeAffinityPreset.values Node label values to match. Ignored if `rest.affinity` is set ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param rest.affinity Affinity for Supabase rest pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: `rest.podAffinityPreset`, `rest.podAntiAffinityPreset`, and `rest.nodeAffinityPreset` will be ignored when it's set ## affinity: {} ## @param rest.nodeSelector Node labels for Supabase rest pods assignment ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} ## @param rest.tolerations Tolerations for Supabase rest pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param rest.updateStrategy.type Supabase rest statefulset strategy type ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies ## updateStrategy: ## StrategyType ## Can be set to RollingUpdate or OnDelete ## type: RollingUpdate ## @param rest.priorityClassName Supabase rest pods' priorityClassName ## priorityClassName: "" ## @param rest.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param rest.schedulerName Name of the k8s scheduler (other than default) for Supabase rest pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param rest.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## terminationGracePeriodSeconds: "" ## @param rest.lifecycleHooks for the Supabase rest container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param rest.extraEnvVars Array with extra environment variables to add to Supabase rest nodes ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param rest.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Supabase rest nodes ## extraEnvVarsCM: "" ## @param rest.extraEnvVarsSecret Name of existing Secret containing extra env vars for Supabase rest nodes ## extraEnvVarsSecret: "" ## @param rest.extraVolumes Optionally specify extra list of additional volumes for the Supabase rest pod(s) ## extraVolumes: [] ## @param rest.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Supabase rest container(s) ## extraVolumeMounts: [] ## @param rest.sidecars Add additional sidecar containers to the Supabase rest pod(s) ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param rest.initContainers Add additional init containers to the Supabase rest pod(s) ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] ## @section Supabase Rest Traffic Exposure Parameters ## service: ## @param rest.service.type Supabase rest service type ## type: ClusterIP ## @param rest.service.ports.http Supabase rest service HTTP port ## ports: http: 80 ## Node ports to expose ## @param rest.service.nodePorts.http Node port for HTTP ## NOTE: choose port between <30000-32767> ## nodePorts: http: "" ## @param rest.service.clusterIP Supabase rest service Cluster IP ## e.g.: ## clusterIP: None ## clusterIP: "" ## @param rest.service.loadBalancerIP Supabase rest service Load Balancer IP ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer ## loadBalancerIP: "" ## @param rest.service.loadBalancerSourceRanges Supabase rest service Load Balancer sources ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param rest.service.externalTrafficPolicy Supabase rest service external traffic policy ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-rest-source-ip ## externalTrafficPolicy: Cluster ## @param rest.service.annotations Additional custom annotations for Supabase rest service ## annotations: {} ## @param rest.service.extraPorts Extra ports to expose in Supabase rest service (normally used with the `sidecars` value) ## extraPorts: [] ## @param rest.service.sessionAffinity Control where rest requests go, to the same pod or round-robin ## Values: RestIP or None ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ ## sessionAffinity: None ## @param rest.service.sessionAffinityConfig Additional settings for the sessionAffinity ## sessionAffinityConfig: ## restIP: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} ## Network Policies ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## networkPolicy: ## @param rest.networkPolicy.enabled Specifies whether a NetworkPolicy should be created ## enabled: true ## @param rest.networkPolicy.allowExternal Don't require client label for connections ## The Policy model to apply. When set to false, only pods with the correct ## client label will have network access to the ports the application is listening ## on. When true, the app will accept connections from any source ## (with the correct destination port). ## allowExternal: true ## @param rest.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. ## allowExternalEgress: true ## @param rest.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice ## e.g: ## extraIngress: ## - ports: ## - port: 1234 ## from: ## - podSelector: ## - matchLabels: ## - role: frontend ## - podSelector: ## - matchExpressions: ## - key: role ## operator: In ## values: ## - frontend extraIngress: [] ## @param rest.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy ## e.g: ## extraEgress: ## - ports: ## - port: 1234 ## to: ## - podSelector: ## - matchLabels: ## - role: frontend ## - podSelector: ## - matchExpressions: ## - key: role ## operator: In ## values: ## - frontend ## extraEgress: [] ## @param rest.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces ## @param rest.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} ## @section Supabase Storage Parameters ## ## storage: ## @param storage.enabled Enable Supabase storage ## enabled: true ## @param storage.replicaCount Number of Supabase storage replicas to deploy ## replicaCount: 1 ## @param storage.defaultConfig [string] Default configuration for Supabase storage ## defaultConfig: | POSTGREST_URL: "http://{{ include "supabase.rest.fullname" . }}:{{ .Values.rest.service.ports.http }}" PGOPTIONS: "-c search_path=storage,public" FILE_SIZE_LIMIT: "52428800" STORAGE_BACKEND: "file" FILE_STORAGE_BACKEND_PATH: {{ .Values.storage.persistence.mountPath | quote }} TENANT_ID: "stub" REGION: "stub" GLOBAL_S3_BUCKET: "stub" DB_INSTALL_ROLES: "false" PORT: {{ .Values.storage.containerPorts.http | quote }} ## @param storage.extraConfig Extra configuration for Supabase storage ## extraConfig: {} ## @param storage.existingConfigmap The name of an existing ConfigMap with the default configuration ## existingConfigmap: "" ## @param storage.extraConfigExistingConfigmap The name of an existing ConfigMap with extra configuration ## extraConfigExistingConfigmap: "" ## Bitnami Storage image ## ref: https://hub.docker.com/r/bitnami/supabase-storage/tags/ ## @param storage.image.registry [default: REGISTRY_NAME] Storage image registry ## @param storage.image.repository [default: REPOSITORY_NAME/supabase-storage] Storage image repository ## @skip storage.image.tag Storage image tag (immutable tags are recommended) ## @param storage.image.digest Storage image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) ## @param storage.image.pullPolicy Storage image pull policy ## @param storage.image.pullSecrets Storage image pull secrets ## image: registry: docker.io repository: bitnami/supabase-storage tag: 0.47.0-debian-12-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param storage.containerPorts.http Supabase storage HTTP container port ## containerPorts: http: 5000 ## Configure extra options for Supabase storage containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param storage.livenessProbe.enabled Enable livenessProbe on Supabase storage containers ## @param storage.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param storage.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param storage.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param storage.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param storage.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param storage.readinessProbe.enabled Enable readinessProbe on Supabase storage containers ## @param storage.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param storage.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param storage.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param storage.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param storage.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param storage.startupProbe.enabled Enable startupProbe on Supabase storage containers ## @param storage.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param storage.startupProbe.periodSeconds Period seconds for startupProbe ## @param storage.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param storage.startupProbe.failureThreshold Failure threshold for startupProbe ## @param storage.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param storage.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param storage.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param storage.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## Supabase storage resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param storage.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if storage.resources is set (storage.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "none" ## @param storage.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param storage.podSecurityContext.enabled Enabled Supabase storage pods' Security Context ## @param storage.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy ## @param storage.podSecurityContext.sysctls Set kernel settings using the sysctl interface ## @param storage.podSecurityContext.supplementalGroups Set filesystem extra groups ## @param storage.podSecurityContext.fsGroup Set Supabase storage pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroupChangePolicy: Always sysctls: [] supplementalGroups: [] fsGroup: 1001 ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param storage.containerSecurityContext.enabled Enabled containers' Security Context ## @param storage.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param storage.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param storage.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup ## @param storage.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param storage.containerSecurityContext.privileged Set container's Security Context privileged ## @param storage.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem ## @param storage.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation ## @param storage.containerSecurityContext.capabilities.drop List of capabilities to be dropped ## @param storage.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## containerSecurityContext: enabled: true seLinuxOptions: null runAsUser: 1001 runAsGroup: 0 runAsNonRoot: true privileged: false readOnlyRootFilesystem: false allowPrivilegeEscalation: false capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## @param storage.command Override default container command (useful when using custom images) ## command: [] ## @param storage.args Override default container args (useful when using custom images) ## args: [] ## @param storage.automountServiceAccountToken Mount Service Account token in pod ## automountServiceAccountToken: false ## @param storage.hostAliases Supabase storage pods host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param storage.podLabels Extra labels for Supabase storage pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param storage.podAnnotations Annotations for Supabase storage pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param storage.podAffinityPreset Pod affinity preset. Ignored if `storage.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param storage.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `storage.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node storage.affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param storage.nodeAffinityPreset.type Node affinity preset type. Ignored if `storage.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param storage.nodeAffinityPreset.key Node label key to match. Ignored if `storage.affinity` is set ## key: "" ## @param storage.nodeAffinityPreset.values Node label values to match. Ignored if `storage.affinity` is set ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param storage.affinity Affinity for Supabase storage pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: `storage.podAffinityPreset`, `storage.podAntiAffinityPreset`, and `storage.nodeAffinityPreset` will be ignored when it's set ## affinity: {} ## @param storage.nodeSelector Node labels for Supabase storage pods assignment ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} ## @param storage.tolerations Tolerations for Supabase storage pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param storage.updateStrategy.type Supabase storage statefulset strategy type ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies ## updateStrategy: ## StrategyType ## Can be set to RollingUpdate or OnDelete ## type: RollingUpdate ## @param storage.priorityClassName Supabase storage pods' priorityClassName ## priorityClassName: "" ## @param storage.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param storage.schedulerName Name of the k8s scheduler (other than default) for Supabase storage pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param storage.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## terminationGracePeriodSeconds: "" ## @param storage.lifecycleHooks for the Supabase storage container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param storage.extraEnvVars Array with extra environment variables to add to Supabase storage nodes ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param storage.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Supabase storage nodes ## extraEnvVarsCM: "" ## @param storage.extraEnvVarsSecret Name of existing Secret containing extra env vars for Supabase storage nodes ## extraEnvVarsSecret: "" ## @param storage.extraVolumes Optionally specify extra list of additional volumes for the Supabase storage pod(s) ## extraVolumes: [] ## @param storage.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Supabase storage container(s) ## extraVolumeMounts: [] ## @param storage.sidecars Add additional sidecar containers to the Supabase storage pod(s) ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param storage.initContainers Add additional init containers to the Supabase storage pod(s) ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] ## @section Supabase Storage Traffic Exposure Parameters ## service: ## @param storage.service.type Supabase storage service type ## type: ClusterIP ## @param storage.service.ports.http Supabase storage service HTTP port ## ports: http: 80 ## Node ports to expose ## @param storage.service.nodePorts.http Node port for HTTP ## NOTE: choose port between <30000-32767> ## nodePorts: http: "" ## @param storage.service.clusterIP Supabase storage service Cluster IP ## e.g.: ## clusterIP: None ## clusterIP: "" ## @param storage.service.loadBalancerIP Supabase storage service Load Balancer IP ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer ## loadBalancerIP: "" ## @param storage.service.loadBalancerSourceRanges Supabase storage service Load Balancer sources ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param storage.service.externalTrafficPolicy Supabase storage service external traffic policy ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-storage-source-ip ## externalTrafficPolicy: Cluster ## @param storage.service.annotations Additional custom annotations for Supabase storage service ## annotations: {} ## @param storage.service.extraPorts Extra ports to expose in Supabase storage service (normally used with the `sidecars` value) ## extraPorts: [] ## @param storage.service.sessionAffinity Control where storage requests go, to the same pod or round-robin ## Values: StorageIP or None ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ ## sessionAffinity: None ## @param storage.service.sessionAffinityConfig Additional settings for the sessionAffinity ## sessionAffinityConfig: ## storageIP: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} ## Network Policies ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## networkPolicy: ## @param storage.networkPolicy.enabled Specifies whether a NetworkPolicy should be created ## enabled: true ## @param storage.networkPolicy.allowExternal Don't require client label for connections ## The Policy model to apply. When set to false, only pods with the correct ## client label will have network access to the ports the application is listening ## on. When true, the app will accept connections from any source ## (with the correct destination port). ## allowExternal: true ## @param storage.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. ## allowExternalEgress: true ## @param storage.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice ## e.g: ## extraIngress: ## - ports: ## - port: 1234 ## from: ## - podSelector: ## - matchLabels: ## - role: frontend ## - podSelector: ## - matchExpressions: ## - key: role ## operator: In ## values: ## - frontend extraIngress: [] ## @param storage.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy ## e.g: ## extraEgress: ## - ports: ## - port: 1234 ## to: ## - podSelector: ## - matchLabels: ## - role: frontend ## - podSelector: ## - matchExpressions: ## - key: role ## operator: In ## values: ## - frontend ## extraEgress: [] ## @param storage.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces ## @param storage.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} ## @section Storage Persistence Parameters ## ## Enable persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ ## persistence: ## @param storage.persistence.enabled Enable persistence using Persistent Volume Claims ## enabled: true ## @param storage.persistence.mountPath Path to mount the volume at. ## mountPath: /bitnami/supabase-storage ## @param storage.persistence.subPath The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services ## subPath: "" ## @param storage.persistence.storageClass Storage class of backing PVC ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## storageClass: "" ## @param storage.persistence.annotations Persistent Volume Claim annotations ## annotations: {} ## @param storage.persistence.accessModes Persistent Volume Access Modes ## accessModes: - ReadWriteOnce ## @param storage.persistence.size Size of data volume ## size: 8Gi ## @param storage.persistence.existingClaim The name of an existing PVC to use for persistence ## existingClaim: "" ## @param storage.persistence.selector Selector to match an existing Persistent Volume for WordPress data PVC ## If set, the PVC can't have a PV dynamically provisioned for it ## E.g. ## selector: ## matchLabels: ## app: my-app ## selector: {} ## @param storage.persistence.dataSource Custom PVC data source ## dataSource: {} ## @section Supabase Studio Parameters ## ## studio: ## @param studio.enabled Enable Supabase studio ## enabled: true ## @param studio.publicURL Supabase studio public URL ## publicURL: "" ## @param studio.replicaCount Number of Supabase studio replicas to deploy ## replicaCount: 1 ## @param studio.defaultConfig [string] Supabase studio default configuration ## defaultConfig: | SUPABASE_URL: "http://{{ include "supabase.kong.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}:{{ .Values.kong.service.ports.proxyHttp }}" STUDIO_PG_META_URL: "http://{{ include "supabase.kong.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}:{{ .Values.kong.service.ports.proxyHttp }}/pg" SUPABASE_PUBLIC_URL: {{ include "supabase.api.publicURL" . | quote }} PORT: {{ .Values.studio.containerPorts.http | quote }} ## @param studio.extraConfig Supabase studio extra configuration ## extraConfig: {} ## @param studio.existingConfigmap The name of an existing ConfigMap with the default configuration ## existingConfigmap: "" ## @param studio.extraConfigExistingConfigmap The name of an existing ConfigMap with extra configuration ## extraConfigExistingConfigmap: "" ## Bitnami Studio image ## ref: https://hub.docker.com/r/bitnami/supabase-studio/tags/ ## @param studio.image.registry [default: REGISTRY_NAME] Studio image registry ## @param studio.image.repository [default: REPOSITORY_NAME/supabase-studio] Studio image repository ## @skip studio.image.tag Studio image tag (immutable tags are recommended) ## @param studio.image.digest Studio image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) ## @param studio.image.pullPolicy Studio image pull policy ## @param studio.image.pullSecrets Studio image pull secrets ## image: registry: docker.io repository: bitnami/supabase-studio tag: 0.23.11-debian-12-r8 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## @param studio.containerPorts.http Supabase studio HTTP container port ## containerPorts: http: 3000 ## Configure extra options for Supabase studio containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param studio.livenessProbe.enabled Enable livenessProbe on Supabase studio containers ## @param studio.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param studio.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param studio.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param studio.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param studio.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param studio.readinessProbe.enabled Enable readinessProbe on Supabase studio containers ## @param studio.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param studio.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param studio.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param studio.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param studio.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param studio.startupProbe.enabled Enable startupProbe on Supabase studio containers ## @param studio.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param studio.startupProbe.periodSeconds Period seconds for startupProbe ## @param studio.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param studio.startupProbe.failureThreshold Failure threshold for startupProbe ## @param studio.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param studio.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param studio.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param studio.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## Supabase studio resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param studio.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if studio.resources is set (studio.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "none" ## @param studio.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param studio.podSecurityContext.enabled Enabled Supabase studio pods' Security Context ## @param studio.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy ## @param studio.podSecurityContext.sysctls Set kernel settings using the sysctl interface ## @param studio.podSecurityContext.supplementalGroups Set filesystem extra groups ## @param studio.podSecurityContext.fsGroup Set Supabase studio pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroupChangePolicy: Always sysctls: [] supplementalGroups: [] fsGroup: 1001 ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param studio.containerSecurityContext.enabled Enabled containers' Security Context ## @param studio.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param studio.containerSecurityContext.runAsUser Set containers' Security Context runAsUser ## @param studio.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup ## @param studio.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param studio.containerSecurityContext.privileged Set container's Security Context privileged ## @param studio.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem ## @param studio.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation ## @param studio.containerSecurityContext.capabilities.drop List of capabilities to be dropped ## @param studio.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## containerSecurityContext: enabled: true seLinuxOptions: null runAsUser: 1001 runAsGroup: 0 runAsNonRoot: true privileged: false readOnlyRootFilesystem: false allowPrivilegeEscalation: false capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" ## @param studio.command Override default container command (useful when using custom images) ## command: [] ## @param studio.args Override default container args (useful when using custom images) ## args: [] ## @param studio.automountServiceAccountToken Mount Service Account token in pod ## automountServiceAccountToken: false ## @param studio.hostAliases Supabase studio pods host aliases ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ ## hostAliases: [] ## @param studio.podLabels Extra labels for Supabase studio pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param studio.podAnnotations Annotations for Supabase studio pods ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param studio.podAffinityPreset Pod affinity preset. Ignored if `studio.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param studio.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `studio.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node studio.affinity preset ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param studio.nodeAffinityPreset.type Node affinity preset type. Ignored if `studio.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param studio.nodeAffinityPreset.key Node label key to match. Ignored if `studio.affinity` is set ## key: "" ## @param studio.nodeAffinityPreset.values Node label values to match. Ignored if `studio.affinity` is set ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param studio.affinity Affinity for Supabase studio pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## NOTE: `studio.podAffinityPreset`, `studio.podAntiAffinityPreset`, and `studio.nodeAffinityPreset` will be ignored when it's set ## affinity: {} ## @param studio.nodeSelector Node labels for Supabase studio pods assignment ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ ## nodeSelector: {} ## @param studio.tolerations Tolerations for Supabase studio pods assignment ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param studio.updateStrategy.type Supabase studio statefulset strategy type ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies ## updateStrategy: ## StrategyType ## Can be set to RollingUpdate or OnDelete ## type: RollingUpdate ## @param studio.priorityClassName Supabase studio pods' priorityClassName ## priorityClassName: "" ## @param studio.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param studio.schedulerName Name of the k8s scheduler (other than default) for Supabase studio pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param studio.terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## terminationGracePeriodSeconds: "" ## @param studio.lifecycleHooks for the Supabase studio container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param studio.extraEnvVars Array with extra environment variables to add to Supabase studio nodes ## e.g: ## extraEnvVars: ## - name: FOO ## value: "bar" ## extraEnvVars: [] ## @param studio.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Supabase studio nodes ## extraEnvVarsCM: "" ## @param studio.extraEnvVarsSecret Name of existing Secret containing extra env vars for Supabase studio nodes ## extraEnvVarsSecret: "" ## @param studio.extraVolumes Optionally specify extra list of additional volumes for the Supabase studio pod(s) ## extraVolumes: [] ## @param studio.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Supabase studio container(s) ## extraVolumeMounts: [] ## @param studio.sidecars Add additional sidecar containers to the Supabase studio pod(s) ## e.g: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param studio.initContainers Add additional init containers to the Supabase studio pod(s) ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] ## @section Supabase Studio Traffic Exposure Parameters ## service: ## @param studio.service.type Supabase studio service type ## type: ClusterIP ## @param studio.service.ports.http Supabase studio service HTTP port ## ports: http: 80 ## Node ports to expose ## @param studio.service.nodePorts.http Node port for HTTP ## NOTE: choose port between <30000-32767> ## nodePorts: http: "" ## @param studio.service.clusterIP Supabase studio service Cluster IP ## e.g.: ## clusterIP: None ## clusterIP: "" ## @param studio.service.loadBalancerIP Supabase studio service Load Balancer IP ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer ## loadBalancerIP: "" ## @param studio.service.loadBalancerSourceRanges Supabase studio service Load Balancer sources ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param studio.service.externalTrafficPolicy Supabase studio service external traffic policy ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-studio-source-ip ## externalTrafficPolicy: Cluster ## @param studio.service.annotations Additional custom annotations for Supabase studio service ## annotations: {} ## @param studio.service.extraPorts Extra ports to expose in Supabase studio service (normally used with the `sidecars` value) ## extraPorts: [] ## @param studio.service.sessionAffinity Control where studio requests go, to the same pod or round-robin ## Values: StudioIP or None ## ref: https://kubernetes.io/docs/concepts/services-networking/service/ ## sessionAffinity: None ## @param studio.service.sessionAffinityConfig Additional settings for the sessionAffinity ## sessionAffinityConfig: ## studioIP: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} ## Network Policies ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## networkPolicy: ## @param studio.networkPolicy.enabled Specifies whether a NetworkPolicy should be created ## enabled: true ## @param studio.networkPolicy.allowExternal Don't require client label for connections ## The Policy model to apply. When set to false, only pods with the correct ## client label will have network access to the ports the application is listening ## on. When true, the app will accept connections from any source ## (with the correct destination port). ## allowExternal: true ## @param studio.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. ## allowExternalEgress: true ## @param studio.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice ## e.g: ## extraIngress: ## - ports: ## - port: 1234 ## from: ## - podSelector: ## - matchLabels: ## - role: frontend ## - podSelector: ## - matchExpressions: ## - key: role ## operator: In ## values: ## - frontend extraIngress: [] ## @param studio.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy ## e.g: ## extraEgress: ## - ports: ## - port: 1234 ## to: ## - podSelector: ## - matchLabels: ## - role: frontend ## - podSelector: ## - matchExpressions: ## - key: role ## operator: In ## values: ## - frontend ## extraEgress: [] ## @param studio.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces ## @param studio.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} ## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/ ## ingress: ## @param studio.ingress.enabled Enable ingress record generation for Supabase ## enabled: false ## @param studio.ingress.pathType Ingress path type ## pathType: ImplementationSpecific ## @param studio.ingress.hostname Default host for the ingress record ## hostname: supabase-studio.local ## @param studio.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ ## ingressClassName: "" ## @param studio.ingress.path Default path for the ingress record ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers ## path: / ## @param studio.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations ## e.g: ## annotations: ## kubernetes.io/ingress.class: nginx ## cert-manager.io/cluster-issuer: cluster-issuer-name ## annotations: {} ## @param studio.ingress.tls Enable TLS configuration for the host defined at `studio.ingress.hostname` parameter ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` ## You can: ## - Use the `studio.ingress.secrets` parameter to create this TLS secret ## - Rely on cert-manager to create it by setting the corresponding annotations ## - Rely on Helm to create self-signed certificates by setting `studio.ingress.selfSigned=true` ## tls: false ## @param studio.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm ## selfSigned: false ## @param studio.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record ## e.g: ## extraHosts: ## - name: supabase.local ## path: / ## extraHosts: [] ## @param studio.ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host ## e.g: ## extraPaths: ## - path: /* ## auth: ## serviceName: ssl-redirect ## servicePort: use-annotation ## extraPaths: [] ## @param studio.ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## e.g: ## extraTls: ## - hosts: ## - supabase.local ## secretName: supabase.local-tls ## extraTls: [] ## @param studio.ingress.secrets Custom TLS certificates as secrets ## NOTE: 'key' and 'certificate' are expected in PEM format ## NOTE: 'name' should line up with a 'secretName' set further up ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information ## e.g: ## secrets: ## - name: supabase.local-tls ## key: |- ## -----BEGIN RSA PRIVATE KEY----- ## ... ## -----END RSA PRIVATE KEY----- ## certificate: |- ## -----BEGIN CERTIFICATE----- ## ... ## -----END CERTIFICATE----- ## secrets: [] ## @param studio.ingress.extraRules Additional rules to be covered with this ingress record ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules ## e.g: ## extraRules: ## - host: example.local ## http: ## path: / ## auth: ## service: ## name: example-svc ## port: ## name: http ## extraRules: [] ## @section Init Container Parameters ## ## 'volumePermissions' init container parameters ## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values ## based on the *podSecurityContext/*containerSecurityContext parameters ## volumePermissions: ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` ## enabled: false ## OS Shell + Utility image ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/ ## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository ## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended) ## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy ## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets ## image: registry: docker.io repository: bitnami/os-shell tag: 12-debian-12-r16 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Init container's resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## resourcesPreset: "none" ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## Example: ## resources: ## requests: ## cpu: 2 ## memory: 512Mi ## limits: ## cpu: 3 ## memory: 1024Mi ## resources: {} ## Init container Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) ## containerSecurityContext: seLinuxOptions: null runAsUser: 0 ## Bitnami PostgreSQL image ## ref: https://hub.docker.com/r/bitnami/supabase-postgres/tags/ ## @param psqlImage.registry [default: REGISTRY_NAME] PostgreSQL client image registry ## @param psqlImage.repository [default: REPOSITORY_NAME/supabase-postgres] PostgreSQL client image repository ## @param psqlImage.digest PostgreSQL client image digest (overrides image tag) ## @skip psqlImage.tag PostgreSQL client image tag (immutable tags are recommended) ## @param psqlImage.pullPolicy PostgreSQL client image pull policy ## @param psqlImage.pullSecrets PostgreSQL client image pull secrets ## @param psqlImage.debug Enable PostgreSQL client image debug mode ## psqlImage: registry: docker.io repository: bitnami/supabase-postgres tag: 15.1.1-debian-12-r13 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## Example: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Set to true if you would like to see extra information on logs ## debug: false ## @section Other Parameters ## ## @param rbac.create Specifies whether RBAC resources should be created ## rbac: create: true ## ServiceAccount configuration ## serviceAccount: ## @param serviceAccount.create Specifies whether a ServiceAccount should be created ## create: true ## @param serviceAccount.name The name of the ServiceAccount to use. ## If not set and create is true, a name is generated using the common.names.fullname template ## name: "" ## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template) ## annotations: {} ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account ## automountServiceAccountToken: false ## @section Kong sub-chart parameters ## kong: ## @param kong.enabled Enable Kong ## enabled: true ## @param kong.database Database to use # We will use declarative configuration so we don't need the database database: "off" ## @param kong.initContainers [string] Add additional init containers to the Kong pods ## initContainers: | - name: render-kong-declarative-conf image: '{{ include "kong.image" . }}' command: - /bin/bash args: - -ec - | #!/bin/bash . /opt/bitnami/scripts/liblog.sh # We need to generate it in the tmp folder to ensure that we have write permissions info "Rendering Supabase declarative config template" render-template /bitnami/kong/declarative-template/kong.yml.tpl > "/bitnami/kong/declarative-conf/kong.yml" volumeMounts: - name: declarative-conf-template mountPath: /bitnami/kong/declarative-template/ - name: rendered-declarative-conf mountPath: /bitnami/kong/declarative-conf/ {{- if .Values.containerSecurityContext.enabled }} securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 6 }} {{- end }} env: - name: SUPABASE_ANON_KEY valueFrom: secretKeyRef: name: '{{ include "supabase.jwt.secretName" . }}' key: '{{ include "supabase.jwt.anonSecretKey" . }}' - name: SUPABASE_SERVICE_KEY valueFrom: secretKeyRef: name: '{{ include "supabase.jwt.secretName" . }}' key: '{{ include "supabase.jwt.serviceSecretKey" . }}' ## @param kong.ingressController.enabled Enable Kong Ingress Controller ## ingressController: enabled: false ## @param kong.kong.extraVolumeMounts [array] Additional volumeMounts to the Kong container ## @param kong.kong.extraEnvVars [array] Additional environment variables to set ## kong: extraVolumeMounts: - name: rendered-declarative-conf mountPath: /bitnami/kong/declarative-conf/ extraEnvVars: - name: KONG_DECLARATIVE_CONFIG value: "/bitnami/kong/declarative-conf/kong.yml" - name: KONG_DNS_ORDER value: LAST,A,CNAME - name: KONG_PLUGINS value: request-transformer,cors,key-auth,acl ## @param kong.extraVolumes [array] Additional volumes to the Kong pods ## extraVolumes: - name: declarative-conf-template configMap: name: "{{ .Release.Name }}-kong-declarative-config" - name: rendered-declarative-conf emptyDir: {} ## @param kong.ingress.enabled Enable Ingress rule ## @param kong.ingress.hostname Kong Ingress hostname ## @param kong.ingress.tls Enable TLS for Kong Ingress ## ingress: enabled: false hostname: "supabase.local" tls: false ## @param kong.service.loadBalancerIP Kubernetes service LoadBalancer IP ## @param kong.service.type Kubernetes service type ## @param kong.service.ports.proxyHttp Kong service port ## service: loadBalancerIP: "" type: LoadBalancer ports: proxyHttp: 80 ## @param kong.postgresql.enabled Switch to enable or disable the PostgreSQL helm chart inside the Kong subchart ## postgresql: enabled: false ## @section PostgreSQL sub-chart parameters ## ## PostgreSQL chart configuration ## ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml ## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart ## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials ## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`) ## @param postgresql.service.ports.postgresql PostgreSQL service port ## postgresql: enabled: true ## Bitnami PostgreSQL image version ## ref: https://hub.docker.com/r/bitnami/supabase-postgres/tags/ ## @param postgresql.image.registry [default: REGISTRY_NAME] PostgreSQL image registry ## @param postgresql.image.repository [default: REPOSITORY_NAME/supabase-postgres] PostgreSQL image repository ## @skip postgresql.image.tag PostgreSQL image tag (immutable tags are recommended) ## @param postgresql.image.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param postgresql.image.pullPolicy PostgreSQL image pull policy ## @param postgresql.image.pullSecrets Specify image pull secrets ## @param postgresql.image.debug Specify if debug values should be set ## image: registry: docker.io repository: bitnami/supabase-postgres tag: 15.1.1-debian-12-r13 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## Example: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Set to true if you would like to see extra information on logs ## debug: false ## @param postgresql.postgresqlSharedPreloadLibraries Set the shared_preload_libraries parameter in postgresql.conf ## Setting an empty value in order to force the default extensions of supabase-postgres ## postgresqlSharedPreloadLibraries: "pg_stat_statements, pg_stat_monitor, pgaudit, plpgsql, plpgsql_check, pg_cron, pg_net, pgsodium, timescaledb, auto_explain" ## @param postgresql.auth.postgresPassword PostgreSQL admin password ## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials ## supabase-postgres creates its own hardcoded user supabase_admin so we cannot allow modifications ## auth: postgresPassword: "" existingSecret: "" ## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`) ## architecture: standalone ## @param postgresql.service.ports.postgresql PostgreSQL service port ## service: ports: postgresql: 5432 ## External PostgreSQL configuration ## All of these values are only used when postgresql.enabled is set to false ## @param externalDatabase.host Database host ## @param externalDatabase.port Database port number ## @param externalDatabase.user Non-root username for PostgreSQL ## @param externalDatabase.password Password for the non-root username for PostgreSQL ## @param externalDatabase.database PostgreSQL database name ## @param externalDatabase.existingSecret Name of an existing secret resource containing the database credentials ## @param externalDatabase.existingSecretPasswordKey Name of an existing secret key containing the database credentials ## externalDatabase: host: "" port: 5432 user: supabase_admin database: postgres password: "" existingSecret: "" existingSecretPasswordKey: ""