prskr/supabase-operator
1
0
Fork 0
Code Issues6 Pull requests Projects Releases7 Packages2 Wiki Activity Actions

refactor: don't mount service account token into workloads

Browse source 
closes
This commit is contained in:
Peter 2025-02-13 20:17:18 +01:00
parent 101bf971a7
commit 8b2425d16d
Signed by: prskr
GPG key ID: F56BED6903BC5E37
6 changed files with 12 additions and 6 deletions

3
internal/controller/core_gotrue_controller.go
View file

@ -160,7 +160,8 @@ func (r *CoreAuthReconciler) reconcileAuthDeployment(
Labels: objectLabels(core, "auth", "core", supabase.Images.Gotrue.Tag),
},
Spec: corev1.PodSpec{
ImagePullSecrets: authSpec.WorkloadTemplate.PullSecrets(),
ImagePullSecrets: authSpec.WorkloadTemplate.PullSecrets(),
AutomountServiceAccountToken: ptrOf(false),
InitContainers: []corev1.Container{{
Name: "supabase-auth-migrations",
Image: authSpec.WorkloadTemplate.Image(supabase.Images.Gotrue.String()),

3
internal/controller/core_postgrest_controller.go
View file

@ -165,7 +165,8 @@ func (r *CorePostgrestReconiler) reconilePostgrestDeployment(
Labels: objectLabels(core, serviceCfg.Name, "core", supabase.Images.Postgrest.Tag),
},
Spec: corev1.PodSpec{
ImagePullSecrets: postgrestSpec.WorkloadSpec.PullSecrets(),
ImagePullSecrets: postgrestSpec.WorkloadSpec.PullSecrets(),
AutomountServiceAccountToken: ptrOf(false),
Containers: []corev1.Container{
{
Name: "supabase-rest",

3
internal/controller/dashboard_pg-meta_controller.go
View file

@ -126,7 +126,8 @@ func (r *DashboardPGMetaReconciler) reconcilePGMetaDeployment(
Labels: objectLabels(dashboard, serviceCfg.Name, "dashboard", supabase.Images.PostgresMeta.Tag),
},
Spec: corev1.PodSpec{
ImagePullSecrets: pgMetaSpec.WorkloadSpec.PullSecrets(),
ImagePullSecrets: pgMetaSpec.WorkloadSpec.PullSecrets(),
AutomountServiceAccountToken: ptrOf(false),
Containers: []corev1.Container{{
Name: "supabase-meta",
Image: pgMetaSpec.WorkloadSpec.Image(supabase.Images.PostgresMeta.String()),

3
internal/controller/dashboard_studio_controller.go
View file

@ -137,7 +137,8 @@ func (r *DashboardStudioReconciler) reconcileStudioDeployment(
Labels: objectLabels(dashboard, serviceCfg.Name, "dashboard", supabase.Images.Studio.Tag),
},
Spec: corev1.PodSpec{
ImagePullSecrets: studioSpec.WorkloadSpec.PullSecrets(),
ImagePullSecrets: studioSpec.WorkloadSpec.PullSecrets(),
AutomountServiceAccountToken: ptrOf(false),
Containers: []corev1.Container{{
Name: "supabase-studio",
Image: studioSpec.WorkloadSpec.Image(supabase.Images.Studio.String()),

3
internal/controller/storage_api_controller.go
View file

@ -199,7 +199,8 @@ func (r *StorageApiReconciler) reconcileStorageApiDeployment(
Labels: objectLabels(storage, serviceCfg.Name, "storage", supabase.Images.Storage.Tag),
},
Spec: corev1.PodSpec{
ImagePullSecrets: apiSpec.WorkloadSpec.PullSecrets(),
ImagePullSecrets: apiSpec.WorkloadSpec.PullSecrets(),
AutomountServiceAccountToken: ptrOf(false),
Containers: []corev1.Container{{
Name: "supabase-storage",
Image: apiSpec.WorkloadSpec.Image(supabase.Images.Storage.String()),

3
internal/controller/storage_imgproxy_controller.go
View file

@ -126,7 +126,8 @@ func (r *StorageImgProxyReconciler) reconcileImgProxyDeployment(
Labels: objectLabels(storage, serviceCfg.Name, "storage", supabase.Images.ImgProxy.Tag),
},
Spec: corev1.PodSpec{
ImagePullSecrets: imgProxySpec.WorkloadSpec.PullSecrets(),
ImagePullSecrets: imgProxySpec.WorkloadSpec.PullSecrets(),
AutomountServiceAccountToken: ptrOf(false),
Containers: []corev1.Container{{
Name: "supabase-imgproxy",
Image: imgProxySpec.WorkloadSpec.Image(supabase.Images.ImgProxy.String()),