| `metadata`_[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
| `metadata`_[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
APIGatewaySpec defines the desired state of APIGateway.
_Appears in:_
- [APIGateway](#apigateway)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `envoy`_[EnvoySpec](#envoyspec)_ | Envoy - configure the envoy instance and most importantly the control-plane | | |
| `jwks`_[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | JWKSSelector - selector where the JWKS can be retrieved from to enable the API gateway to validate JWTs | | |
#### AuthProviderMeta
_Appears in:_
- [AzureAuthProvider](#azureauthprovider)
- [EmailAuthProvider](#emailauthprovider)
- [GithubAuthProvider](#githubauthprovider)
- [PhoneAuthProvider](#phoneauthprovider)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `enabled`_boolean_ | Enabled - whether the authentication provider is enabled or not | | |
| `metadata`_[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
| `secret`_string_ | Secret - JWT HMAC secret in plain text<br/>This is WRITE-ONLY and will be copied to the SecretRef by the defaulter | | |
| `secretRef`_[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core)_ | SecretRef - object reference to the Secret where JWT values are stored | | |
| `secretKey`_string_ | SecretKey - key in secret where to read the JWT HMAC secret from | secret | |
| `jwksKey`_string_ | JwksKey - key in secret where to read the JWKS from | jwks.json | |
| `anonKey`_string_ | AnonKey - key in secret where to read the anon JWT from | anon_key | |
| `serviceKey`_string_ | ServiceKey - key in secret where to read the service JWT from | service_key | |
| `expiry`_integer_ | Expiry - expiration time in seconds for JWTs | 3600 | |
| `metadata`_[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
| `externalUrl`_string_ | APIExternalURL is referring to the URL where Supabase API will be available<br/>Typically this is the ingress of the API gateway | | |
| `siteUrl`_string_ | SiteURL is referring to the URL of the (frontend) application<br/>In most Kubernetes scenarios this is the same as the APIExternalURL with a different path handler in the ingress | | |
| `metadata`_[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
| `spec`_[DashboardSpec](#dashboardspec)_ | | | |
#### DashboardDbSpec
_Appears in:_
- [DashboardSpec](#dashboardspec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `host`_string_ | | | |
| `port`_integer_ | Port - Database port, typically 5432 | 5432 | |
| `dbName`_string_ | | | |
| `dbCredentialsRef`_[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core)_ | DBCredentialsRef - reference to a Secret key where the DB credentials can be retrieved from<br/>Credentials need to be stored in basic auth form | | |
| `secretRef`_[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core)_ | SecretRef - object reference to the Secret where JWT values are stored | | |
| `secretKey`_string_ | SecretKey - key in secret where to read the JWT HMAC secret from | secret | |
| `anonKey`_string_ | AnonKey - key in secret where to read the anon JWT from | anon_key | |
| `serviceKey`_string_ | ServiceKey - key in secret where to read the service JWT from | service_key | |
| `metadata`_[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
| `items`_[Dashboard](#dashboard) array_ | | | |
#### DashboardSpec
DashboardSpec defines the desired state of Dashboard.
| `selfManaged`_boolean_ | SelfManaged - whether the database roles are managed externally<br/>when enabled the operator does not attempt to create secrets, generate passwords or whatsoever for all database roles<br/>i.e. all secrets need to be provided or the instance won't work | | |
| `secrets`_[DatabaseRolesSecrets](#databaserolessecrets)_ | Secrets - typed 'map' of secrets for each database role that Supabase needs | | |
| `controlPlane`_[ControlPlaneSpec](#controlplanespec)_ | ControlPlane - configure the control plane where Envoy will retrieve its configuration from | | |
| `schemas`_string array_ | Schemas - schema where PostgREST is looking for objects (tables, views, functions, ...) | [public graphql_public] | |
| `extraSearchPath`_string array_ | ExtraSearchPath - Extra schemas to add to the search_path of every request.<br/>These schemas tables, views and functions don’t get API endpoints, they can only be referred from the database objects inside your db-schemas. | [public extensions] | |
| `gatewayServiceSelector`_object (keys:string, values:string)_ | GatewayServiceSelector - selector to find the service for the API gateway<br/>Required to configure the API URL in the studio deployment<br/>If you don't run multiple APIGateway instances in the same namespaces, the default will be fine | \{ app.kubernetes.io/component:api-gateway app.kubernetes.io/name:envoy \} | |
| `externalUrl`_string_ | APIExternalURL is referring to the URL where Supabase API will be available<br/>Typically this is the ingress of the API gateway | | |
