apiVersion: apps/v1
kind: Deployment
metadata:
name: control-plane
namespace: supabase-system
labels:
app.kubernetes.io/name: control-plane
app.kubernetes.io/managed-by: kustomize
spec:
selector:
matchLabels:
app.kubernetes.io/name: control-plane
replicas: 1
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: control-plane
labels:
app.kubernetes.io/name: control-plane
spec:
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- args:
- control-plane
image: supabase-operator:latest
name: control-plane
env:
- name: CONTROL_PLANE_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CONTROL_PLANE_SERVICE_NAME
value: control-plane
- name: TLS_CA_CERT
value: /etc/supabase/control-plane/certs/tls.crt
- name: TLS_CA_KEY
value: /etc/supabase/control-plane/certs/tls.key
ports:
- containerPort: 18000
name: grpc
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 150m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
volumeMounts:
- name: tls-certs
mountPath: /etc/supabase/control-plane/certs
volumes:
- name: tls-certs
secret:
secretName: control-plane-ca-cert-tls
serviceAccountName: control-plane
terminationGracePeriodSeconds: 10