# API Reference
## Packages
- [supabase.k8s.icb4dc0.de/v1alpha1](#supabasek8sicb4dc0dev1alpha1)
## supabase.k8s.icb4dc0.de/v1alpha1
Package v1alpha1 contains API Schema definitions for the supabase v1alpha1 API group.
### Resource Types
- [APIGateway](#apigateway)
- [APIGatewayList](#apigatewaylist)
- [Core](#core)
- [CoreList](#corelist)
- [Dashboard](#dashboard)
- [DashboardList](#dashboardlist)
- [Storage](#storage)
- [StorageList](#storagelist)
#### APIGateway
APIGateway is the Schema for the apigateways API.
_Appears in:_
- [APIGatewayList](#apigatewaylist)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `apiVersion` _string_ | `supabase.k8s.icb4dc0.de/v1alpha1` | | |
| `kind` _string_ | `APIGateway` | | |
| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
| `spec` _[APIGatewaySpec](#apigatewayspec)_ | | | |
#### APIGatewayList
APIGatewayList contains a list of APIGateway.
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `apiVersion` _string_ | `supabase.k8s.icb4dc0.de/v1alpha1` | | |
| `kind` _string_ | `APIGatewayList` | | |
| `metadata` _[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
| `items` _[APIGateway](#apigateway) array_ | | | |
#### APIGatewaySpec
APIGatewaySpec defines the desired state of APIGateway.
_Appears in:_
- [APIGateway](#apigateway)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `envoy` _[EnvoySpec](#envoyspec)_ | Envoy - configure the envoy instance and most importantly the control-plane | | |
| `apiEndpoint` _[ApiEndpointSpec](#apiendpointspec)_ | ApiEndpoint - Configure the endpoint for all API routes
this includes the JWT configuration | | |
| `dashboardEndpoint` _[DashboardEndpointSpec](#dashboardendpointspec)_ | DashboardEndpoint - Configure the endpoint for the Supabase dashboard (studio)
this includes optional authentication (basic or Oauth2) for the dashboard | | |
| `serviceSelector` _[LabelSelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#labelselector-v1-meta)_ | ServiceSelector - selector to match all Supabase services (or in fact EndpointSlices) that should be considered for this APIGateway | \{ matchExpressions:[map[key:app.kubernetes.io/part-of operator:In values:[supabase]] map[key:supabase.k8s.icb4dc0.de/api-gateway-target operator:Exists]] \} | |
| `componentTypeLabel` _string_ | ComponentTypeLabel - Label to identify which Supabase component a Service represents (e.g. auth, postgrest, ...) | app.kubernetes.io/name | |
#### ApiEndpointSpec
_Appears in:_
- [APIGatewaySpec](#apigatewayspec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `jwks` _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | JWKSSelector - selector where the JWKS can be retrieved from to enable the API gateway to validate JWTs | | |
#### AuthProviderMeta
_Appears in:_
- [AzureAuthProvider](#azureauthprovider)
- [EmailAuthProvider](#emailauthprovider)
- [GithubAuthProvider](#githubauthprovider)
- [PhoneAuthProvider](#phoneauthprovider)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `enabled` _boolean_ | Enabled - whether the authentication provider is enabled or not | | |
#### AuthProviders
_Appears in:_
- [AuthSpec](#authspec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `email` _[EmailAuthProvider](#emailauthprovider)_ | | | |
| `azure` _[AzureAuthProvider](#azureauthprovider)_ | | | |
| `github` _[GithubAuthProvider](#githubauthprovider)_ | | | |
| `phone` _[PhoneAuthProvider](#phoneauthprovider)_ | | | |
#### AuthSpec
_Appears in:_
- [CoreSpec](#corespec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `additionalRedirectUrls` _string array_ | | | |
| `disableSignup` _boolean_ | | | |
| `anonymousUsersEnabled` _boolean_ | | | |
| `providers` _[AuthProviders](#authproviders)_ | | | |
| `workloadTemplate` _[WorkloadTemplate](#workloadtemplate)_ | | | |
| `emailSignupDisabled` _boolean_ | | | |
#### AzureAuthProvider
_Appears in:_
- [AuthProviders](#authproviders)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `enabled` _boolean_ | Enabled - whether the authentication provider is enabled or not | | |
| `clientID` _string_ | | | |
| `clientSecretRef` _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | | | |
| `url` _string_ | | | |
#### ContainerTemplate
_Appears in:_
- [WorkloadTemplate](#workloadtemplate)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `image` _string_ | | | |
| `pullPolicy` _[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#pullpolicy-v1-core)_ | | | |
| `imagePullSecrets` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core) array_ | | | |
| `securityContext` _[SecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#securitycontext-v1-core)_ | SecurityContext - override the container SecurityContext
use with caution, by default the operator already uses sane defaults | | |
| `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ | | | |
| `volumeMounts` _[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volumemount-v1-core) array_ | | | |
| `additionalEnv` _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#envvar-v1-core) array_ | | | |
#### ControlPlaneSpec
_Appears in:_
- [EnvoySpec](#envoyspec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `host` _string_ | Host is the hostname of the envoy control plane endpoint | | |
| `port` _integer_ | Port is the port number of the envoy control plane endpoint - typically this is 18000 | 18000 | Maximum: 65535
|
#### Core
Core is the Schema for the cores API.
_Appears in:_
- [CoreList](#corelist)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `apiVersion` _string_ | `supabase.k8s.icb4dc0.de/v1alpha1` | | |
| `kind` _string_ | `Core` | | |
| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
| `spec` _[CoreSpec](#corespec)_ | | | |
#### CoreJwtSpec
_Appears in:_
- [CoreSpec](#corespec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `secretName` _string_ | SecretRef - object reference to the Secret where JWT values are stored | | |
| `secretKey` _string_ | SecretKey - key in secret where to read the JWT HMAC secret from | secret | |
| `jwksKey` _string_ | JwksKey - key in secret where to read the JWKS from | jwks.json | |
| `anonKey` _string_ | AnonKey - key in secret where to read the anon JWT from | anon_key | |
| `serviceKey` _string_ | ServiceKey - key in secret where to read the service JWT from | service_key | |
| `secret` _string_ | Secret - JWT HMAC secret in plain text
This is WRITE-ONLY and will be copied to the SecretRef by the defaulter | | |
| `expiry` _integer_ | Expiry - expiration time in seconds for JWTs | 3600 | |
#### CoreList
CoreList contains a list of Core.
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `apiVersion` _string_ | `supabase.k8s.icb4dc0.de/v1alpha1` | | |
| `kind` _string_ | `CoreList` | | |
| `metadata` _[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
| `items` _[Core](#core) array_ | | | |
#### CoreSpec
CoreSpec defines the desired state of Core.
_Appears in:_
- [Core](#core)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `externalUrl` _string_ | APIExternalURL is referring to the URL where Supabase API will be available
Typically this is the ingress of the API gateway | | |
| `siteUrl` _string_ | SiteURL is referring to the URL of the (frontend) application
In most Kubernetes scenarios this is the same as the APIExternalURL with a different path handler in the ingress | | |
| `jwt` _[CoreJwtSpec](#corejwtspec)_ | | | |
| `database` _[Database](#database)_ | | | |
| `postgrest` _[PostgrestSpec](#postgrestspec)_ | | | |
| `auth` _[AuthSpec](#authspec)_ | | | |
#### Dashboard
Dashboard is the Schema for the dashboards API.
_Appears in:_
- [DashboardList](#dashboardlist)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `apiVersion` _string_ | `supabase.k8s.icb4dc0.de/v1alpha1` | | |
| `kind` _string_ | `Dashboard` | | |
| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
| `spec` _[DashboardSpec](#dashboardspec)_ | | | |
#### DashboardDbSpec
_Appears in:_
- [DashboardSpec](#dashboardspec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `host` _string_ | | | |
| `port` _integer_ | Port - Database port, typically 5432 | 5432 | |
| `dbName` _string_ | | | |
| `dbCredentialsRef` _[DbCredentialsReference](#dbcredentialsreference)_ | DBCredentialsRef - reference to a Secret key where the DB credentials can be retrieved from
Credentials need to be stored in basic auth form | | |
#### DashboardEndpointSpec
_Appears in:_
- [APIGatewaySpec](#apigatewayspec)
#### DashboardList
DashboardList contains a list of Dashboard.
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `apiVersion` _string_ | `supabase.k8s.icb4dc0.de/v1alpha1` | | |
| `kind` _string_ | `DashboardList` | | |
| `metadata` _[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
| `items` _[Dashboard](#dashboard) array_ | | | |
#### DashboardSpec
DashboardSpec defines the desired state of Dashboard.
_Appears in:_
- [Dashboard](#dashboard)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `db` _[DashboardDbSpec](#dashboarddbspec)_ | | | |
| `pgMeta` _[PGMetaSpec](#pgmetaspec)_ | PGMeta | | |
| `studio` _[StudioSpec](#studiospec)_ | Studio | | |
#### Database
_Appears in:_
- [CoreSpec](#corespec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `dsn` _string_ | | | |
| `dsnSecretRef` _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | | | |
| `roles` _[DatabaseRoles](#databaseroles)_ | | | |
#### DatabaseRoles
_Appears in:_
- [Database](#database)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `selfManaged` _boolean_ | SelfManaged - whether the database roles are managed externally
when enabled the operator does not attempt to create secrets, generate passwords or whatsoever for all database roles
i.e. all secrets need to be provided or the instance won't work | | |
| `secrets` _[DatabaseRolesSecrets](#databaserolessecrets)_ | Secrets - typed 'map' of secrets for each database role that Supabase needs | | |
#### DatabaseRolesSecrets
_Appears in:_
- [DatabaseRoles](#databaseroles)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `supabaseAdmin` _string_ | | | |
| `authenticator` _string_ | | | |
| `supabaseAuthAdmin` _string_ | | | |
| `supabaseFunctionsAdmin` _string_ | | | |
| `supabaseStorageAdmin` _string_ | | | |
#### DatabaseStatus
_Appears in:_
- [CoreStatus](#corestatus)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `appliedMigrations` _[MigrationStatus](#migrationstatus)_ | | | |
| `roles` _object (keys:string, values:integer array)_ | | | |
#### DbCredentialsReference
_Appears in:_
- [DashboardDbSpec](#dashboarddbspec)
- [StorageApiDbSpec](#storageapidbspec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `secretName` _string_ | | | |
| `usernameKey` _string_ | UsernameKey | username | |
| `passwordKey` _string_ | PasswordKey | password | |
#### EmailAuthProvider
_Appears in:_
- [AuthProviders](#authproviders)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `enabled` _boolean_ | Enabled - whether the authentication provider is enabled or not | | |
| `adminEmail` _string_ | | | |
| `senderName` _string_ | | | |
| `autoconfirmEmail` _boolean_ | | | |
| `subjectsInvite` _string_ | | | |
| `subjectsConfirmation` _string_ | | | |
| `smtpSpec` _[EmailAuthSmtpSpec](#emailauthsmtpspec)_ | | | |
#### EmailAuthSmtpSpec
_Appears in:_
- [EmailAuthProvider](#emailauthprovider)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `host` _string_ | | | |
| `port` _integer_ | | | |
| `maxFrequency` _integer_ | | | |
| `credentialsRef` _[SmtpCredentialsReference](#smtpcredentialsreference)_ | | | |
#### EnvoySpec
_Appears in:_
- [APIGatewaySpec](#apigatewayspec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `nodeName` _string_ | NodeName - identifies the Envoy cluster within the current namespace
if not set, the name of the APIGateway resource will be used
The primary use case is to make the assignment of multiple supabase instances in a single namespace explicit. | | |
| `controlPlane` _[ControlPlaneSpec](#controlplanespec)_ | ControlPlane - configure the control plane where Envoy will retrieve its configuration from | | |
| `workloadTemplate` _[WorkloadTemplate](#workloadtemplate)_ | WorkloadTemplate - customize the Envoy deployment | | |
#### EnvoyStatus
_Appears in:_
- [APIGatewayStatus](#apigatewaystatus)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `configVersion` _string_ | | | |
| `resourceHash` _integer array_ | | | |
#### FileBackendSpec
_Appears in:_
- [StorageApiSpec](#storageapispec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `path` _string_ | Path - path to where files will be stored | | |
#### GithubAuthProvider
_Appears in:_
- [AuthProviders](#authproviders)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `enabled` _boolean_ | Enabled - whether the authentication provider is enabled or not | | |
| `clientID` _string_ | | | |
| `clientSecretRef` _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | | | |
| `url` _string_ | | | |
#### ImageProxySpec
_Appears in:_
- [StorageSpec](#storagespec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `enable` _boolean_ | Enable - whether to deploy the image proxy or not | | |
| `enableWebPDetection` _boolean_ | | | |
| `workloadTemplate` _[WorkloadTemplate](#workloadtemplate)_ | WorkloadTemplate - customize the image proxy workload | | |
#### ImageSpec
_Appears in:_
- [ContainerTemplate](#containertemplate)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `image` _string_ | | | |
| `pullPolicy` _[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#pullpolicy-v1-core)_ | | | |
#### JwtSpec
_Appears in:_
- [CoreJwtSpec](#corejwtspec)
- [StorageApiSpec](#storageapispec)
- [StudioSpec](#studiospec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `secretName` _string_ | SecretRef - object reference to the Secret where JWT values are stored | | |
| `secretKey` _string_ | SecretKey - key in secret where to read the JWT HMAC secret from | secret | |
| `jwksKey` _string_ | JwksKey - key in secret where to read the JWKS from | jwks.json | |
| `anonKey` _string_ | AnonKey - key in secret where to read the anon JWT from | anon_key | |
| `serviceKey` _string_ | ServiceKey - key in secret where to read the service JWT from | service_key | |
#### MigrationStatus
_Underlying type:_ _[Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#time-v1-meta)_
_Appears in:_
- [DatabaseStatus](#databasestatus)
#### OAuthProvider
_Appears in:_
- [AzureAuthProvider](#azureauthprovider)
- [GithubAuthProvider](#githubauthprovider)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `clientID` _string_ | | | |
| `clientSecretRef` _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | | | |
| `url` _string_ | | | |
#### PGMetaSpec
_Appears in:_
- [DashboardSpec](#dashboardspec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `workloadTemplate` _[WorkloadTemplate](#workloadtemplate)_ | WorkloadTemplate - customize the pg-meta deployment | | |
#### PhoneAuthProvider
_Appears in:_
- [AuthProviders](#authproviders)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `enabled` _boolean_ | Enabled - whether the authentication provider is enabled or not | | |
#### PostgrestSpec
_Appears in:_
- [CoreSpec](#corespec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `schemas` _string array_ | Schemas - schema where PostgREST is looking for objects (tables, views, functions, ...) | [public graphql_public] | |
| `extraSearchPath` _string array_ | ExtraSearchPath - Extra schemas to add to the search_path of every request.
These schemas tables, views and functions don’t get API endpoints, they can only be referred from the database objects inside your db-schemas. | [public extensions] | |
| `anonRole` _string_ | AnonRole - name of the anon role | anon | |
| `maxRows` _integer_ | MaxRows - maximum number of rows PostgREST will load at a time | 1000 | |
| `workloadTemplate` _[WorkloadTemplate](#workloadtemplate)_ | WorkloadTemplate - customize the PostgREST workload | | |
#### S3BackendSpec
_Appears in:_
- [StorageApiSpec](#storageapispec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `region` _string_ | Region - S3 region of the backend | | |
| `endpoint` _string_ | Endpoint - hostname and port **with** http/https | | |
| `forcePathStyle` _boolean_ | ForcePathStyle - whether to use path style (e.g. for MinIO) or domain style
for bucket addressing | | |
| `bucket` _string_ | Bucket - bucke to use, if file backend is used, default value is sufficient | stub | |
| `credentialsSecretRef` _[S3CredentialsRef](#s3credentialsref)_ | CredentialsSecretRef - reference to the Secret where access key id and access secret key are stored | | |
#### S3CredentialsRef
_Appears in:_
- [S3BackendSpec](#s3backendspec)
- [S3ProtocolSpec](#s3protocolspec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `secretName` _string_ | | | |
| `accessKeyIdKey` _string_ | AccessKeyIdKey - key in Secret where access key id will be referenced from | accessKeyId | |
| `accessSecretKeyKey` _string_ | AccessSecretKeyKey - key in Secret where access secret key will be referenced from | secretAccessKey | |
#### S3ProtocolSpec
_Appears in:_
- [StorageApiSpec](#storageapispec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `allowForwardedHeader` _boolean_ | AllowForwardedHeader | true | |
| `credentialsSecretRef` _[S3CredentialsRef](#s3credentialsref)_ | CredentialsSecretRef - reference to the Secret where access key id and access secret key are stored | | |
#### SmtpCredentialsReference
_Appears in:_
- [EmailAuthSmtpSpec](#emailauthsmtpspec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `secretName` _string_ | | | |
| `usernameKey` _string_ | UsernameKey | username | |
| `passwordKey` _string_ | PasswordKey | password | |
#### Storage
Storage is the Schema for the storages API.
_Appears in:_
- [StorageList](#storagelist)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `apiVersion` _string_ | `supabase.k8s.icb4dc0.de/v1alpha1` | | |
| `kind` _string_ | `Storage` | | |
| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
| `spec` _[StorageSpec](#storagespec)_ | | | |
#### StorageApiDbSpec
_Appears in:_
- [StorageApiSpec](#storageapispec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `host` _string_ | | | |
| `port` _integer_ | Port - Database port, typically 5432 | 5432 | |
| `dbName` _string_ | | | |
| `dbCredentialsRef` _[DbCredentialsReference](#dbcredentialsreference)_ | DBCredentialsRef - reference to a Secret key where the DB credentials can be retrieved from
Credentials need to be stored in basic auth form | | |
#### StorageApiSpec
_Appears in:_
- [StorageSpec](#storagespec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `s3Backend` _[S3BackendSpec](#s3backendspec)_ | | | |
| `fileBackend` _[FileBackendSpec](#filebackendspec)_ | FileBackend - configure the file backend
either S3 or file backend **MUST** be configured | | |
| `fileSizeLimit` _integer_ | FileSizeLimit - maximum file upload size in bytes | 52428800 | |
| `jwtAuth` _[JwtSpec](#jwtspec)_ | JwtAuth - Configure the JWT authentication parameters.
This includes where to retrieve anon and service key from as well as JWT secret and JWKS references
needed to validate JWTs send to the API | | |
| `db` _[StorageApiDbSpec](#storageapidbspec)_ | DBSpec - Configure access to the Postgres database
In most cases this will reference the supabase-storage-admin credentials secret provided by the Core resource | | |
| `s3` _[S3ProtocolSpec](#s3protocolspec)_ | S3Protocol - Configure S3 access to the Storage API allowing clients to use any S3 client | | |
| `uploadTemp` _[UploadTempSpec](#uploadtempspec)_ | UploadTemp - configure the emptyDir for storing intermediate files during uploads | | |
| `workloadTemplate` _[WorkloadTemplate](#workloadtemplate)_ | WorkloadTemplate - customize the Storage API workload | | |
#### StorageList
StorageList contains a list of Storage.
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `apiVersion` _string_ | `supabase.k8s.icb4dc0.de/v1alpha1` | | |
| `kind` _string_ | `StorageList` | | |
| `metadata` _[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. | | |
| `items` _[Storage](#storage) array_ | | | |
#### StorageSpec
StorageSpec defines the desired state of Storage.
_Appears in:_
- [Storage](#storage)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `api` _[StorageApiSpec](#storageapispec)_ | Api - configure the Storage API | | |
| `imageProxy` _[ImageProxySpec](#imageproxyspec)_ | ImageProxy - optionally enable and configure the image proxy
the image proxy scale images to lower resolutions on demand to reduce traffic for instance for mobile devices | | |
#### StudioSpec
_Appears in:_
- [DashboardSpec](#dashboardspec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `jwt` _[JwtSpec](#jwtspec)_ | | | |
| `workloadTemplate` _[WorkloadTemplate](#workloadtemplate)_ | WorkloadTemplate - customize the studio deployment | | |
| `gatewayServiceSelector` _object (keys:string, values:string)_ | GatewayServiceSelector - selector to find the service for the API gateway
Required to configure the API URL in the studio deployment
If you don't run multiple APIGateway instances in the same namespaces, the default will be fine | \{ app.kubernetes.io/component:api-gateway app.kubernetes.io/name:envoy \} | |
| `externalUrl` _string_ | APIExternalURL is referring to the URL where Supabase API will be available
Typically this is the ingress of the API gateway | | |
#### UploadTempSpec
_Appears in:_
- [StorageApiSpec](#storageapispec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `medium` _[StorageMedium](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#storagemedium-v1-core)_ | Medium of the empty dir to cache uploads | | |
| `sizeLimit` _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#quantity-resource-api)_ | | | |
#### WorkloadTemplate
_Appears in:_
- [AuthSpec](#authspec)
- [EnvoySpec](#envoyspec)
- [ImageProxySpec](#imageproxyspec)
- [PGMetaSpec](#pgmetaspec)
- [PostgrestSpec](#postgrestspec)
- [StorageApiSpec](#storageapispec)
- [StudioSpec](#studiospec)
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `replicas` _integer_ | | | |
| `securityContext` _[PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#podsecuritycontext-v1-core)_ | | | |
| `additionalLabels` _object (keys:string, values:string)_ | | | |
| `workload` _[ContainerTemplate](#containertemplate)_ | Workload - customize the container template of the workload | | |
| `additionalVolumes` _[Volume](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volume-v1-core) array_ | | | |