prskr/supabase-operator
1
0
Fork 0
Code Issues 8 Pull requests Projects Releases 3 Packages 1 Wiki Activity Actions
supabase-operator/docs/api/supabase.k8s.icb4dc0.de.md
Peter Kurfer 0014927ca9
Some checks failed
E2E Tests / Run on Ubuntu (push) Has been cancelled
Details
Tests / Run on Ubuntu (push) Has been cancelled
Details
Lint / Run on Ubuntu (push) Has been cancelled
Details
Docs / deploy (push) Successful in 1m51s
Details
release / release (push) Successful in 6m36s
Details
feat(storage): finish initial basic implementation 
- support both s3 & file storage backends
- support imgproxy to scale images
- manually tested with MinIO & local storage
- fixed service discovery issue in APIGatey reconciler not detecting
  service changes
- refactored defaults and env variable code to make it manageable again
- add repo link to docs
2025-01-23 18:00:05 +01:00

25 KiB
Raw Blame History

API Reference

Packages

supabase.k8s.icb4dc0.de/v1alpha1

Package v1alpha1 contains API Schema definitions for the supabase v1alpha1 API group.

Resource Types

APIGateway

APIGateway is the Schema for the apigateways API.

Appears in:

Field Description Default Validation
apiVersion string supabase.k8s.icb4dc0.de/v1alpha1
kind string APIGateway
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec APIGatewaySpec

APIGatewayList

APIGatewayList contains a list of APIGateway.

Field Description Default Validation
apiVersion string supabase.k8s.icb4dc0.de/v1alpha1
kind string APIGatewayList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items APIGateway array

APIGatewaySpec

APIGatewaySpec defines the desired state of APIGateway.

Appears in:

Field Description Default Validation
envoy EnvoySpec Envoy - configure the envoy instance and most importantly the control-plane
jwks SecretKeySelector JWKSSelector - selector where the JWKS can be retrieved from to enable the API gateway to validate JWTs
serviceSelector LabelSelector ServiceSelector - selector to match all Supabase services (or in fact EndpointSlices) that should be considered for this APIGateway { matchExpressions:[map[key:app.kubernetes.io/part-of operator:In values:[supabase]] map[key:supabase.k8s.icb4dc0.de/api-gateway-target operator:Exists]] }
componentTypeLabel string ComponentTypeLabel - Label to identify which Supabase component a Service represents (e.g. auth, postgrest, ...) app.kubernetes.io/name

AuthProviderMeta

Appears in:

Field Description Default Validation
enabled boolean Enabled - whether the authentication provider is enabled or not

AuthProviders

Appears in:

Field Description Default Validation
email EmailAuthProvider
azure AzureAuthProvider
github GithubAuthProvider
phone PhoneAuthProvider

AuthSpec

Appears in:

Field Description Default Validation
additionalRedirectUrls string array
disableSignup boolean
anonymousUsersEnabled boolean
providers AuthProviders
workloadTemplate WorkloadTemplate
emailSignupDisabled boolean

AzureAuthProvider

Appears in:

Field Description Default Validation
enabled boolean Enabled - whether the authentication provider is enabled or not
clientID string
clientSecretRef SecretKeySelector
url string

ContainerTemplate

Appears in:

Field Description Default Validation
image string
pullPolicy PullPolicy
imagePullSecrets LocalObjectReference array
securityContext SecurityContext SecurityContext - override the container SecurityContext
use with caution, by default the operator already uses sane defaults
resources ResourceRequirements
volumeMounts VolumeMount array
additionalEnv EnvVar array

ControlPlaneSpec

Appears in:

Field Description Default Validation
host string Host is the hostname of the envoy control plane endpoint
port integer Port is the port number of the envoy control plane endpoint - typically this is 18000 18000 Maximum: 65535

Core

Core is the Schema for the cores API.

Appears in:

Field Description Default Validation
apiVersion string supabase.k8s.icb4dc0.de/v1alpha1
kind string Core
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec CoreSpec

CoreJwtSpec

Appears in:

Field Description Default Validation
secretName string SecretRef - object reference to the Secret where JWT values are stored
secretKey string SecretKey - key in secret where to read the JWT HMAC secret from secret
jwksKey string JwksKey - key in secret where to read the JWKS from jwks.json
anonKey string AnonKey - key in secret where to read the anon JWT from anon_key
serviceKey string ServiceKey - key in secret where to read the service JWT from service_key
secret string Secret - JWT HMAC secret in plain text
This is WRITE-ONLY and will be copied to the SecretRef by the defaulter
expiry integer Expiry - expiration time in seconds for JWTs 3600

CoreList

CoreList contains a list of Core.

Field Description Default Validation
apiVersion string supabase.k8s.icb4dc0.de/v1alpha1
kind string CoreList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items Core array

CoreSpec

CoreSpec defines the desired state of Core.

Appears in:

Field Description Default Validation
externalUrl string APIExternalURL is referring to the URL where Supabase API will be available
Typically this is the ingress of the API gateway
siteUrl string SiteURL is referring to the URL of the (frontend) application
In most Kubernetes scenarios this is the same as the APIExternalURL with a different path handler in the ingress
jwt CoreJwtSpec
database Database
postgrest PostgrestSpec
auth AuthSpec

Dashboard

Dashboard is the Schema for the dashboards API.

Appears in:

Field Description Default Validation
apiVersion string supabase.k8s.icb4dc0.de/v1alpha1
kind string Dashboard
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec DashboardSpec

DashboardDbSpec

Appears in:

Field Description Default Validation
host string
port integer Port - Database port, typically 5432 5432
dbName string
dbCredentialsRef DbCredentialsReference DBCredentialsRef - reference to a Secret key where the DB credentials can be retrieved from
Credentials need to be stored in basic auth form

DashboardList

DashboardList contains a list of Dashboard.

Field Description Default Validation
apiVersion string supabase.k8s.icb4dc0.de/v1alpha1
kind string DashboardList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items Dashboard array

DashboardSpec

DashboardSpec defines the desired state of Dashboard.

Appears in:

Field Description Default Validation
db DashboardDbSpec
pgMeta PGMetaSpec PGMeta
studio StudioSpec Studio

Database

Appears in:

Field Description Default Validation
dsn string
dsnSecretRef SecretKeySelector
roles DatabaseRoles

DatabaseRoles

Appears in:

Field Description Default Validation
selfManaged boolean SelfManaged - whether the database roles are managed externally
when enabled the operator does not attempt to create secrets, generate passwords or whatsoever for all database roles
i.e. all secrets need to be provided or the instance won't work
secrets DatabaseRolesSecrets Secrets - typed 'map' of secrets for each database role that Supabase needs

DatabaseRolesSecrets

Appears in:

Field Description Default Validation
supabaseAdmin string
authenticator string
supabaseAuthAdmin string
supabaseFunctionsAdmin string
supabaseStorageAdmin string

DatabaseStatus

Appears in:

Field Description Default Validation
appliedMigrations MigrationStatus
roles object (keys:string, values:integer array)

DbCredentialsReference

Appears in:

Field Description Default Validation
secretName string
usernameKey string UsernameKey username
passwordKey string PasswordKey password

EmailAuthProvider

Appears in:

Field Description Default Validation
enabled boolean Enabled - whether the authentication provider is enabled or not
adminEmail string
senderName string
autoconfirmEmail boolean
subjectsInvite string
subjectsConfirmation string
smtpSpec EmailAuthSmtpSpec

EmailAuthSmtpSpec

Appears in:

Field Description Default Validation
host string
port integer
maxFrequency integer
credentialsRef SmtpCredentialsReference

EnvoySpec

Appears in:

Field Description Default Validation
nodeName string NodeName - identifies the Envoy cluster within the current namespace
if not set, the name of the APIGateway resource will be used
The primary use case is to make the assignment of multiple supabase instances in a single namespace explicit.
controlPlane ControlPlaneSpec ControlPlane - configure the control plane where Envoy will retrieve its configuration from
workloadTemplate WorkloadTemplate WorkloadTemplate - customize the Envoy deployment

EnvoyStatus

Appears in:

Field Description Default Validation
configVersion string
resourceHash integer array

FileBackendSpec

Appears in:

Field Description Default Validation
path string Path - path to where files will be stored

GithubAuthProvider

Appears in:

Field Description Default Validation
enabled boolean Enabled - whether the authentication provider is enabled or not
clientID string
clientSecretRef SecretKeySelector
url string

ImageProxySpec

Appears in:

Field Description Default Validation
enable boolean Enable - whether to deploy the image proxy or not
enableWebPDetection boolean
workloadTemplate WorkloadTemplate WorkloadTemplate - customize the image proxy workload

ImageSpec

Appears in:

Field Description Default Validation
image string
pullPolicy PullPolicy

JwtSpec

Appears in:

Field Description Default Validation
secretName string SecretRef - object reference to the Secret where JWT values are stored
secretKey string SecretKey - key in secret where to read the JWT HMAC secret from secret
jwksKey string JwksKey - key in secret where to read the JWKS from jwks.json
anonKey string AnonKey - key in secret where to read the anon JWT from anon_key
serviceKey string ServiceKey - key in secret where to read the service JWT from service_key

MigrationStatus

Underlying type: Time

Appears in:

OAuthProvider

Appears in:

Field Description Default Validation
clientID string
clientSecretRef SecretKeySelector
url string

PGMetaSpec

Appears in:

Field Description Default Validation
workloadTemplate WorkloadTemplate WorkloadTemplate - customize the pg-meta deployment

PhoneAuthProvider

Appears in:

Field Description Default Validation
enabled boolean Enabled - whether the authentication provider is enabled or not

PostgrestSpec

Appears in:

Field Description Default Validation
schemas string array Schemas - schema where PostgREST is looking for objects (tables, views, functions, ...) [public graphql_public]
extraSearchPath string array ExtraSearchPath - Extra schemas to add to the search_path of every request.
These schemas tables, views and functions dont get API endpoints, they can only be referred from the database objects inside your db-schemas.		 [public extensions]
anonRole string AnonRole - name of the anon role anon
maxRows integer MaxRows - maximum number of rows PostgREST will load at a time 1000
workloadTemplate WorkloadTemplate WorkloadTemplate - customize the PostgREST workload

S3BackendSpec

Appears in:

Field Description Default Validation
region string Region - S3 region of the backend
endpoint string Endpoint - hostname and port with http/https
forcePathStyle boolean ForcePathStyle - whether to use path style (e.g. for MinIO) or domain style
for bucket addressing
bucket string Bucket - bucke to use, if file backend is used, default value is sufficient stub
credentialsSecretRef S3CredentialsRef CredentialsSecretRef - reference to the Secret where access key id and access secret key are stored

S3CredentialsRef

Appears in:

Field Description Default Validation
secretName string
accessKeyIdKey string AccessKeyIdKey - key in Secret where access key id will be referenced from accessKeyId
accessSecretKeyKey string AccessSecretKeyKey - key in Secret where access secret key will be referenced from secretAccessKey

S3ProtocolSpec

Appears in:

Field Description Default Validation
allowForwardedHeader boolean AllowForwardedHeader true
credentialsSecretRef S3CredentialsRef CredentialsSecretRef - reference to the Secret where access key id and access secret key are stored

SmtpCredentialsReference

Appears in:

Field Description Default Validation
secretName string
usernameKey string UsernameKey username
passwordKey string PasswordKey password

Storage

Storage is the Schema for the storages API.

Appears in:

Field Description Default Validation
apiVersion string supabase.k8s.icb4dc0.de/v1alpha1
kind string Storage
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec StorageSpec

StorageApiDbSpec

Appears in:

Field Description Default Validation
host string
port integer Port - Database port, typically 5432 5432
dbName string
dbCredentialsRef DbCredentialsReference DBCredentialsRef - reference to a Secret key where the DB credentials can be retrieved from
Credentials need to be stored in basic auth form

StorageApiSpec

Appears in:

Field Description Default Validation
s3Backend S3BackendSpec
fileBackend FileBackendSpec FileBackend - configure the file backend
either S3 or file backend MUST be configured
fileSizeLimit integer FileSizeLimit - maximum file upload size in bytes 52428800
jwtAuth JwtSpec JwtAuth - Configure the JWT authentication parameters.
This includes where to retrieve anon and service key from as well as JWT secret and JWKS references
needed to validate JWTs send to the API
db StorageApiDbSpec DBSpec - Configure access to the Postgres database
In most cases this will reference the supabase-storage-admin credentials secret provided by the Core resource
s3 S3ProtocolSpec S3Protocol - Configure S3 access to the Storage API allowing clients to use any S3 client
uploadTemp UploadTempSpec UploadTemp - configure the emptyDir for storing intermediate files during uploads
workloadTemplate WorkloadTemplate WorkloadTemplate - customize the Storage API workload

StorageList

StorageList contains a list of Storage.

Field Description Default Validation
apiVersion string supabase.k8s.icb4dc0.de/v1alpha1
kind string StorageList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items Storage array

StorageSpec

StorageSpec defines the desired state of Storage.

Appears in:

Field Description Default Validation
api StorageApiSpec Api - configure the Storage API
imageProxy ImageProxySpec ImageProxy - optionally enable and configure the image proxy
the image proxy scale images to lower resolutions on demand to reduce traffic for instance for mobile devices

StudioSpec

Appears in:

Field Description Default Validation
jwt JwtSpec
workloadTemplate WorkloadTemplate WorkloadTemplate - customize the studio deployment
gatewayServiceSelector object (keys:string, values:string) GatewayServiceSelector - selector to find the service for the API gateway
Required to configure the API URL in the studio deployment
If you don't run multiple APIGateway instances in the same namespaces, the default will be fine		 { app.kubernetes.io/component:api-gateway app.kubernetes.io/name:envoy }
externalUrl string APIExternalURL is referring to the URL where Supabase API will be available
Typically this is the ingress of the API gateway

UploadTempSpec

Appears in:

Field Description Default Validation
medium StorageMedium Medium of the empty dir to cache uploads
sizeLimit Quantity

WorkloadTemplate

Appears in:

Field Description Default Validation
replicas integer
securityContext PodSecurityContext
additionalLabels object (keys:string, values:string)
workload ContainerTemplate Workload - customize the container template of the workload
additionalVolumes Volume array