| `metadata`_[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
| `metadata`_[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
APIGatewaySpec defines the desired state of APIGateway.
_Appears in:_
- [APIGateway](#apigateway)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `envoy`_[EnvoySpec](#envoyspec)_ | Envoy - configure the envoy instance and most importantly the control-plane | | |
| `jwks`_[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | JWKSSelector - selector where the JWKS can be retrieved from to enable the API gateway to validate JWTs | | |
| `serviceSelector`_[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#labelselector-v1-meta)_ | ServiceSelector - selector to match all Supabase services (or in fact EndpointSlices) that should be considered for this APIGateway | \{ matchExpressions:[map[key:app.kubernetes.io/part-of operator:In values:[supabase]] map[key:supabase.k8s.icb4dc0.de/api-gateway-target operator:Exists]] \} | |
| `componentTypeLabel`_string_ | ComponentTypeLabel - Label to identify which Supabase component a Service represents (e.g. auth, postgrest, ...) | app.kubernetes.io/name | |
| `metadata`_[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
| `metadata`_[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
| `externalUrl`_string_ | APIExternalURL is referring to the URL where Supabase API will be available<br/>Typically this is the ingress of the API gateway | | |
| `siteUrl`_string_ | SiteURL is referring to the URL of the (frontend) application<br/>In most Kubernetes scenarios this is the same as the APIExternalURL with a different path handler in the ingress | | |
| `metadata`_[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
| `spec`_[DashboardSpec](#dashboardspec)_ | | | |
#### DashboardDbSpec
_Appears in:_
- [DashboardSpec](#dashboardspec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `host`_string_ | | | |
| `port`_integer_ | Port - Database port, typically 5432 | 5432 | |
| `dbCredentialsRef`_[DbCredentialsReference](#dbcredentialsreference)_ | DBCredentialsRef - reference to a Secret key where the DB credentials can be retrieved from<br/>Credentials need to be stored in basic auth form | | |
| `metadata`_[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
| `items`_[Dashboard](#dashboard) array_ | | | |
#### DashboardSpec
DashboardSpec defines the desired state of Dashboard.
| `selfManaged`_boolean_ | SelfManaged - whether the database roles are managed externally<br/>when enabled the operator does not attempt to create secrets, generate passwords or whatsoever for all database roles<br/>i.e. all secrets need to be provided or the instance won't work | | |
| `secrets`_[DatabaseRolesSecrets](#databaserolessecrets)_ | Secrets - typed 'map' of secrets for each database role that Supabase needs | | |
| `nodeName`_string_ | NodeName - identifies the Envoy cluster within the current namespace<br/>if not set, the name of the APIGateway resource will be used<br/>The primary use case is to make the assignment of multiple supabase instances in a single namespace explicit. | | |
| `controlPlane`_[ControlPlaneSpec](#controlplanespec)_ | ControlPlane - configure the control plane where Envoy will retrieve its configuration from | | |
| `schemas`_string array_ | Schemas - schema where PostgREST is looking for objects (tables, views, functions, ...) | [public graphql_public] | |
| `extraSearchPath`_string array_ | ExtraSearchPath - Extra schemas to add to the search_path of every request.<br/>These schemas tables, views and functions don’t get API endpoints, they can only be referred from the database objects inside your db-schemas. | [public extensions] | |
| `region`_string_ | Region - S3 region of the backend | | |
| `endpoint`_string_ | Endpoint - hostname and port **with** http/https | | |
| `forcePathStyle`_boolean_ | ForcePathStyle - whether to use path style (e.g. for MinIO) or domain style<br/>for bucket addressing | | |
| `bucket`_string_ | Bucket - bucke to use, if file backend is used, default value is sufficient | stub | |
| `credentialsSecretRef`_[S3CredentialsRef](#s3credentialsref)_ | CredentialsSecretRef - reference to the Secret where access key id and access secret key are stored | | |
| `credentialsSecretRef`_[S3CredentialsRef](#s3credentialsref)_ | CredentialsSecretRef - reference to the Secret where access key id and access secret key are stored | | |
| `metadata`_[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
| `port`_integer_ | Port - Database port, typically 5432 | 5432 | |
| `dbName`_string_ | | | |
| `dbCredentialsRef`_[DbCredentialsReference](#dbcredentialsreference)_ | DBCredentialsRef - reference to a Secret key where the DB credentials can be retrieved from<br/>Credentials need to be stored in basic auth form | | |
| `fileBackend`_[FileBackendSpec](#filebackendspec)_ | FileBackend - configure the file backend<br/>either S3 or file backend **MUST** be configured | | |
| `fileSizeLimit`_integer_ | FileSizeLimit - maximum file upload size in bytes | 52428800 | |
| `jwtAuth`_[JwtSpec](#jwtspec)_ | JwtAuth - Configure the JWT authentication parameters.<br/>This includes where to retrieve anon and service key from as well as JWT secret and JWKS references<br/>needed to validate JWTs send to the API | | |
| `db`_[StorageApiDbSpec](#storageapidbspec)_ | DBSpec - Configure access to the Postgres database<br/>In most cases this will reference the supabase-storage-admin credentials secret provided by the Core resource | | |
| `s3`_[S3ProtocolSpec](#s3protocolspec)_ | S3Protocol - Configure S3 access to the Storage API allowing clients to use any S3 client | | |
| `uploadTemp`_[UploadTempSpec](#uploadtempspec)_ | UploadTemp - configure the emptyDir for storing intermediate files during uploads | | |
| `workloadTemplate`_[WorkloadTemplate](#workloadtemplate)_ | WorkloadTemplate - customize the Storage API workload | | |
| `metadata`_[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
| `api`_[StorageApiSpec](#storageapispec)_ | Api - configure the Storage API | | |
| `imageProxy`_[ImageProxySpec](#imageproxyspec)_ | ImageProxy - optionally enable and configure the image proxy<br/>the image proxy scale images to lower resolutions on demand to reduce traffic for instance for mobile devices | | |
| `gatewayServiceSelector`_object (keys:string, values:string)_ | GatewayServiceSelector - selector to find the service for the API gateway<br/>Required to configure the API URL in the studio deployment<br/>If you don't run multiple APIGateway instances in the same namespaces, the default will be fine | \{ app.kubernetes.io/component:api-gateway app.kubernetes.io/name:envoy \} | |
| `externalUrl`_string_ | APIExternalURL is referring to the URL where Supabase API will be available<br/>Typically this is the ingress of the API gateway | | |
| `medium`_[StorageMedium](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#storagemedium-v1-core)_ | Medium of the empty dir to cache uploads | | |
