# API Reference

## Packages
- [supabase.k8s.icb4dc0.de/v1alpha1](#supabasek8sicb4dc0dev1alpha1)


## supabase.k8s.icb4dc0.de/v1alpha1

Package v1alpha1 contains API Schema definitions for the supabase v1alpha1 API group.

### Resource Types
- [APIGateway](#apigateway)
- [APIGatewayList](#apigatewaylist)
- [Core](#core)
- [CoreList](#corelist)
- [Dashboard](#dashboard)
- [DashboardList](#dashboardlist)



#### APIGateway



APIGateway is the Schema for the apigateways API.



_Appears in:_
- [APIGatewayList](#apigatewaylist)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `apiVersion` _string_ | `supabase.k8s.icb4dc0.de/v1alpha1` | | |
| `kind` _string_ | `APIGateway` | | |
| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. |  |  |
| `spec` _[APIGatewaySpec](#apigatewayspec)_ |  |  |  |


#### APIGatewayList



APIGatewayList contains a list of APIGateway.





| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `apiVersion` _string_ | `supabase.k8s.icb4dc0.de/v1alpha1` | | |
| `kind` _string_ | `APIGatewayList` | | |
| `metadata` _[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. |  |  |
| `items` _[APIGateway](#apigateway) array_ |  |  |  |


#### APIGatewaySpec



APIGatewaySpec defines the desired state of APIGateway.



_Appears in:_
- [APIGateway](#apigateway)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `envoy` _[EnvoySpec](#envoyspec)_ | Envoy - configure the envoy instance and most importantly the control-plane |  |  |
| `jwks` _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ | JWKSSelector - selector where the JWKS can be retrieved from to enable the API gateway to validate JWTs |  |  |




#### AuthProviderMeta







_Appears in:_
- [AzureAuthProvider](#azureauthprovider)
- [EmailAuthProvider](#emailauthprovider)
- [GithubAuthProvider](#githubauthprovider)
- [PhoneAuthProvider](#phoneauthprovider)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `enabled` _boolean_ | Enabled - whether the authentication provider is enabled or not |  |  |


#### AuthProviders







_Appears in:_
- [AuthSpec](#authspec)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `email` _[EmailAuthProvider](#emailauthprovider)_ |  |  |  |
| `azure` _[AzureAuthProvider](#azureauthprovider)_ |  |  |  |
| `github` _[GithubAuthProvider](#githubauthprovider)_ |  |  |  |
| `phone` _[PhoneAuthProvider](#phoneauthprovider)_ |  |  |  |


#### AuthSpec







_Appears in:_
- [CoreSpec](#corespec)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `additionalRedirectUrls` _string array_ |  |  |  |
| `disableSignup` _boolean_ |  |  |  |
| `anonymousUsersEnabled` _boolean_ |  |  |  |
| `providers` _[AuthProviders](#authproviders)_ |  |  |  |
| `workloadTemplate` _[WorkloadTemplate](#workloadtemplate)_ |  |  |  |
| `emailSignupDisabled` _boolean_ |  |  |  |


#### AzureAuthProvider







_Appears in:_
- [AuthProviders](#authproviders)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `enabled` _boolean_ | Enabled - whether the authentication provider is enabled or not |  |  |
| `clientID` _string_ |  |  |  |
| `clientSecretRef` _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ |  |  |  |
| `url` _string_ |  |  |  |


#### ContainerTemplate







_Appears in:_
- [WorkloadTemplate](#workloadtemplate)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `image` _string_ |  |  |  |
| `pullPolicy` _[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#pullpolicy-v1-core)_ |  |  |  |
| `imagePullSecrets` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core) array_ |  |  |  |
| `securityContext` _[SecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#securitycontext-v1-core)_ | SecurityContext - |  |  |
| `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ |  |  |  |
| `volumeMounts` _[VolumeMount](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#volumemount-v1-core) array_ |  |  |  |
| `additionalEnv` _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#envvar-v1-core) array_ |  |  |  |


#### ControlPlaneSpec







_Appears in:_
- [EnvoySpec](#envoyspec)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `host` _string_ | Host is the hostname of the envoy control plane endpoint |  |  |
| `port` _integer_ | Port is the port number of the envoy control plane endpoint - typically this is 18000 | 18000 | Maximum: 65535 <br /> |


#### Core



Core is the Schema for the cores API.



_Appears in:_
- [CoreList](#corelist)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `apiVersion` _string_ | `supabase.k8s.icb4dc0.de/v1alpha1` | | |
| `kind` _string_ | `Core` | | |
| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. |  |  |
| `spec` _[CoreSpec](#corespec)_ |  |  |  |




#### CoreJwtSpec







_Appears in:_
- [CoreSpec](#corespec)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `secret` _string_ | Secret - JWT HMAC secret in plain text<br />This is WRITE-ONLY and will be copied to the SecretRef by the defaulter |  |  |
| `secretRef` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core)_ | SecretRef - object reference to the Secret where JWT values are stored |  |  |
| `secretKey` _string_ | SecretKey - key in secret where to read the JWT HMAC secret from | secret |  |
| `jwksKey` _string_ | JwksKey - key in secret where to read the JWKS from | jwks.json |  |
| `anonKey` _string_ | AnonKey - key in secret where to read the anon JWT from | anon_key |  |
| `serviceKey` _string_ | ServiceKey - key in secret where to read the service JWT from | service_key |  |
| `expiry` _integer_ | Expiry - expiration time in seconds for JWTs | 3600 |  |


#### CoreList



CoreList contains a list of Core.





| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `apiVersion` _string_ | `supabase.k8s.icb4dc0.de/v1alpha1` | | |
| `kind` _string_ | `CoreList` | | |
| `metadata` _[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. |  |  |
| `items` _[Core](#core) array_ |  |  |  |


#### CoreSpec



CoreSpec defines the desired state of Core.



_Appears in:_
- [Core](#core)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `externalUrl` _string_ | APIExternalURL is referring to the URL where Supabase API will be available<br />Typically this is the ingress of the API gateway |  |  |
| `siteUrl` _string_ | SiteURL is referring to the URL of the (frontend) application<br />In most Kubernetes scenarios this is the same as the APIExternalURL with a different path handler in the ingress |  |  |
| `jwt` _[CoreJwtSpec](#corejwtspec)_ |  |  |  |
| `database` _[Database](#database)_ |  |  |  |
| `postgrest` _[PostgrestSpec](#postgrestspec)_ |  |  |  |
| `auth` _[AuthSpec](#authspec)_ |  |  |  |




#### Dashboard



Dashboard is the Schema for the dashboards API.



_Appears in:_
- [DashboardList](#dashboardlist)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `apiVersion` _string_ | `supabase.k8s.icb4dc0.de/v1alpha1` | | |
| `kind` _string_ | `Dashboard` | | |
| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. |  |  |
| `spec` _[DashboardSpec](#dashboardspec)_ |  |  |  |


#### DashboardDbSpec







_Appears in:_
- [DashboardSpec](#dashboardspec)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `host` _string_ |  |  |  |
| `port` _integer_ | Port - Database port, typically 5432 | 5432 |  |
| `dbName` _string_ |  |  |  |
| `dbCredentialsRef` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core)_ | DBCredentialsRef - reference to a Secret key where the DB credentials can be retrieved from<br />Credentials need to be stored in basic auth form |  |  |


#### DashboardJwtSpec







_Appears in:_
- [StudioSpec](#studiospec)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `secretRef` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core)_ | SecretRef - object reference to the Secret where JWT values are stored |  |  |
| `secretKey` _string_ | SecretKey - key in secret where to read the JWT HMAC secret from | secret |  |
| `anonKey` _string_ | AnonKey - key in secret where to read the anon JWT from | anon_key |  |
| `serviceKey` _string_ | ServiceKey - key in secret where to read the service JWT from | service_key |  |


#### DashboardList



DashboardList contains a list of Dashboard.





| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `apiVersion` _string_ | `supabase.k8s.icb4dc0.de/v1alpha1` | | |
| `kind` _string_ | `DashboardList` | | |
| `metadata` _[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. |  |  |
| `items` _[Dashboard](#dashboard) array_ |  |  |  |


#### DashboardSpec



DashboardSpec defines the desired state of Dashboard.



_Appears in:_
- [Dashboard](#dashboard)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `db` _[DashboardDbSpec](#dashboarddbspec)_ |  |  |  |
| `pgMeta` _[PGMetaSpec](#pgmetaspec)_ | PGMeta |  |  |
| `studio` _[StudioSpec](#studiospec)_ | Studio |  |  |




#### Database







_Appears in:_
- [CoreSpec](#corespec)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `dsn` _string_ |  |  |  |
| `dsnFrom` _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ |  |  |  |
| `roles` _[DatabaseRoles](#databaseroles)_ |  |  |  |


#### DatabaseRoles







_Appears in:_
- [Database](#database)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `selfManaged` _boolean_ | SelfManaged - whether the database roles are managed externally<br />when enabled the operator does not attempt to create secrets, generate passwords or whatsoever for all database roles<br />i.e. all secrets need to be provided or the instance won't work |  |  |
| `secrets` _[DatabaseRolesSecrets](#databaserolessecrets)_ | Secrets - typed 'map' of secrets for each database role that Supabase needs |  |  |


#### DatabaseRolesSecrets







_Appears in:_
- [DatabaseRoles](#databaseroles)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `supabaseAdmin` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core)_ |  |  |  |
| `authenticator` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core)_ |  |  |  |
| `supabaseAuthAdmin` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core)_ |  |  |  |
| `supabaseFunctionsAdmin` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core)_ |  |  |  |
| `supabaseStorageAdmin` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core)_ |  |  |  |


#### DatabaseStatus







_Appears in:_
- [CoreStatus](#corestatus)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `appliedMigrations` _[MigrationStatus](#migrationstatus)_ |  |  |  |
| `roles` _object (keys:string, values:integer array)_ |  |  |  |


#### EmailAuthProvider







_Appears in:_
- [AuthProviders](#authproviders)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `enabled` _boolean_ | Enabled - whether the authentication provider is enabled or not |  |  |
| `adminEmail` _string_ |  |  |  |
| `senderName` _string_ |  |  |  |
| `autoconfirmEmail` _boolean_ |  |  |  |
| `subjectsInvite` _string_ |  |  |  |
| `subjectsConfirmation` _string_ |  |  |  |
| `smtpSpec` _[EmailAuthSmtpSpec](#emailauthsmtpspec)_ |  |  |  |


#### EmailAuthSmtpSpec







_Appears in:_
- [EmailAuthProvider](#emailauthprovider)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `host` _string_ |  |  |  |
| `port` _integer_ |  |  |  |
| `maxFrequency` _integer_ |  |  |  |
| `credentialsFrom` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#localobjectreference-v1-core)_ |  |  |  |


#### EnvoySpec







_Appears in:_
- [APIGatewaySpec](#apigatewayspec)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `controlPlane` _[ControlPlaneSpec](#controlplanespec)_ | ControlPlane - configure the control plane where Envoy will retrieve its configuration from |  |  |
| `workloadTemplate` _[WorkloadTemplate](#workloadtemplate)_ | WorkloadTemplate - customize the Envoy deployment |  |  |


#### GithubAuthProvider







_Appears in:_
- [AuthProviders](#authproviders)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `enabled` _boolean_ | Enabled - whether the authentication provider is enabled or not |  |  |
| `clientID` _string_ |  |  |  |
| `clientSecretRef` _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ |  |  |  |
| `url` _string_ |  |  |  |


#### ImageSpec







_Appears in:_
- [ContainerTemplate](#containertemplate)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `image` _string_ |  |  |  |
| `pullPolicy` _[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#pullpolicy-v1-core)_ |  |  |  |


#### MigrationStatus

_Underlying type:_ _[Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#time-v1-meta)_





_Appears in:_
- [DatabaseStatus](#databasestatus)



#### OAuthProvider







_Appears in:_
- [AzureAuthProvider](#azureauthprovider)
- [GithubAuthProvider](#githubauthprovider)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `clientID` _string_ |  |  |  |
| `clientSecretRef` _[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#secretkeyselector-v1-core)_ |  |  |  |
| `url` _string_ |  |  |  |


#### PGMetaSpec







_Appears in:_
- [DashboardSpec](#dashboardspec)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `workloadTemplate` _[WorkloadTemplate](#workloadtemplate)_ | WorkloadTemplate - customize the pg-meta deployment |  |  |


#### PhoneAuthProvider







_Appears in:_
- [AuthProviders](#authproviders)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `enabled` _boolean_ | Enabled - whether the authentication provider is enabled or not |  |  |


#### PostgrestSpec







_Appears in:_
- [CoreSpec](#corespec)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `schemas` _string array_ | Schemas - schema where PostgREST is looking for objects (tables, views, functions, ...) | [public graphql_public] |  |
| `extraSearchPath` _string array_ | ExtraSearchPath - Extra schemas to add to the search_path of every request.<br />These schemas tables, views and functions don’t get API endpoints, they can only be referred from the database objects inside your db-schemas. | [public extensions] |  |
| `anonRole` _string_ | AnonRole - name of the anon role | anon |  |
| `maxRows` _integer_ | MaxRows - maximum number of rows PostgREST will load at a time | 1000 |  |
| `workloadTemplate` _[WorkloadTemplate](#workloadtemplate)_ | WorkloadTemplate - customize the PostgREST workload |  |  |


#### StudioSpec







_Appears in:_
- [DashboardSpec](#dashboardspec)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `jwt` _[DashboardJwtSpec](#dashboardjwtspec)_ |  |  |  |
| `workloadTemplate` _[WorkloadTemplate](#workloadtemplate)_ | WorkloadTemplate - customize the studio deployment |  |  |
| `gatewayServiceSelector` _object (keys:string, values:string)_ | GatewayServiceSelector - selector to find the service for the API gateway<br />Required to configure the API URL in the studio deployment<br />If you don't run multiple APIGateway instances in the same namespaces, the default will be fine | \{ app.kubernetes.io/component:api-gateway app.kubernetes.io/name:envoy \} |  |
| `externalUrl` _string_ | APIExternalURL is referring to the URL where Supabase API will be available<br />Typically this is the ingress of the API gateway |  |  |


#### WorkloadTemplate







_Appears in:_
- [AuthSpec](#authspec)
- [EnvoySpec](#envoyspec)
- [PGMetaSpec](#pgmetaspec)
- [PostgrestSpec](#postgrestspec)
- [StudioSpec](#studiospec)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `replicas` _integer_ |  |  |  |
| `securityContext` _[PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#podsecuritycontext-v1-core)_ |  |  |  |
| `additionalLabels` _object (keys:string, values:string)_ |  |  |  |
| `workload` _[ContainerTemplate](#containertemplate)_ | Workload - customize the container template of the workload |  |  |