prskr/supabase-operator
1
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions
supabase-operator/docs/api/supabase.k8s.icb4dc0.de.md
Peter Kurfer 647f602c79
Some checks failed
Lint / Run on Ubuntu (push) Failing after 2m58s
Details
E2E Tests / Run on Ubuntu (push) Failing after 4m18s
Details
Tests / Run on Ubuntu (push) Failing after 2m39s
Details
feat: basic functionality implemented 
- added Core CRD to manage DB migrations & configuration, PostgREST and
  GoTrue (auth)
- added APIGateway CRD to manage Envoy proxy
- added Dashboard CRD to manage (so far) pg-meta and (soon) studio
  deployments
- implemented basic Envoy control plane based on K8s watcher
2025-01-04 17:07:49 +01:00

14 KiB
Raw Blame History

API Reference

Packages

supabase.k8s.icb4dc0.de/v1alpha1

Package v1alpha1 contains API Schema definitions for the supabase v1alpha1 API group.

Resource Types

APIGateway

APIGateway is the Schema for the apigateways API.

Appears in:

Field Description Default Validation
apiVersion string supabase.k8s.icb4dc0.de/v1alpha1
kind string APIGateway
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec APIGatewaySpec

APIGatewayList

APIGatewayList contains a list of APIGateway.

Field Description Default Validation
apiVersion string supabase.k8s.icb4dc0.de/v1alpha1
kind string APIGatewayList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items APIGateway array

APIGatewaySpec

APIGatewaySpec defines the desired state of APIGateway.

Appears in:

Field Description Default Validation
envoy EnvoySpec Envoy - configure the envoy instance and most importantly the control-plane
jwks SecretKeySelector JWKSSelector - selector where the JWKS can be retrieved from to enable the API gateway to validate JWTs

AuthProviderMeta

Appears in:

Field Description Default Validation
enabled boolean Enabled - whether the authentication provider is enabled or not

AuthProviders

Appears in:

Field Description Default Validation
email EmailAuthProvider
azure AzureAuthProvider
github GithubAuthProvider
phone PhoneAuthProvider

AuthSpec

Appears in:

Field Description Default Validation
externalUrl string APIExternalURL is referring to the URL where Supabase API will be available
Typically this is the ingress of the API gateway
siteUrl string SiteURL is referring to the URL of the (frontend) application
In most Kubernetes scenarios this is the same as the APIExternalURL with a different path handler in the ingress
additionalRedirectUrls string array
disableSignup boolean
anonymousUsersEnabled boolean
providers AuthProviders
workloadTemplate WorkloadTemplate
emailSignupDisabled boolean

AzureAuthProvider

Appears in:

Field Description Default Validation
enabled boolean Enabled - whether the authentication provider is enabled or not
clientID string
clientSecretRef SecretKeySelector
url string

ContainerTemplate

Appears in:

Field Description Default Validation
image string
pullPolicy PullPolicy
imagePullSecrets LocalObjectReference array
securityContext SecurityContext
resources ResourceRequirements
volumeMounts VolumeMount array
additionalEnv EnvVar array

ControlPlaneSpec

Appears in:

Field Description Default Validation
host string Host is the hostname of the envoy control plane endpoint
port integer Port is the port number of the envoy control plane endpoint - typically this is 18000 18000 Maximum: 65535

Core

Core is the Schema for the cores API.

Appears in:

Field Description Default Validation
apiVersion string supabase.k8s.icb4dc0.de/v1alpha1
kind string Core
metadata ObjectMeta Refer to Kubernetes API documentation for fields of metadata.
spec CoreSpec

CoreCondition

Appears in:

Field Description Default Validation
type CoreConditionType
lastProbeTime Time
lastTransitionTime Time
reason string
message string

CoreConditionType

Underlying type: string

Appears in:

CoreList

CoreList contains a list of Core.

Field Description Default Validation
apiVersion string supabase.k8s.icb4dc0.de/v1alpha1
kind string CoreList
metadata ListMeta Refer to Kubernetes API documentation for fields of metadata.
items Core array

CoreSpec

CoreSpec defines the desired state of Core.

Appears in:

Field Description Default Validation
jwt JwtSpec
database Database
postgrest PostgrestSpec
auth AuthSpec

Database

Appears in:

Field Description Default Validation
dsn string
dsnFrom SecretKeySelector
roles DatabaseRoles

DatabaseRoles

Appears in:

Field Description Default Validation
selfManaged boolean SelfManaged - whether the database roles are managed externally
when enabled the operator does not attempt to create secrets, generate passwords or whatsoever for all database roles
i.e. all secrets need to be provided or the instance won't work
secrets DatabaseRolesSecrets Secrets - typed 'map' of secrets for each database role that Supabase needs

DatabaseRolesSecrets

Appears in:

Field Description Default Validation
authenticator SecretReference
supabaseAuthAdmin SecretReference
supabaseFunctionsAdmin SecretReference
supabaseStorageAdmin SecretReference

DatabaseStatus

Appears in:

Field Description Default Validation
appliedMigrations MigrationStatus
roles object (keys:string, values:integer array)

EmailAuthProvider

Appears in:

Field Description Default Validation
enabled boolean Enabled - whether the authentication provider is enabled or not
adminEmail string
senderName string
autoconfirmEmail boolean
subjectsInvite string
subjectsConfirmation string
smtpSpec EmailAuthSmtpSpec

EmailAuthSmtpSpec

Appears in:

Field Description Default Validation
host string
port integer
maxFrequency integer
credentialsFrom LocalObjectReference

EnvoySpec

Appears in:

Field Description Default Validation
controlPlane ControlPlaneSpec ControlPlane - configure the control plane where Envoy will retrieve its configuration from
workloadTemplate WorkloadTemplate WorkloadTemplate - customize the Envoy deployment

GithubAuthProvider

Appears in:

Field Description Default Validation
enabled boolean Enabled - whether the authentication provider is enabled or not
clientID string
clientSecretRef SecretKeySelector
url string

ImageSpec

Appears in:

Field Description Default Validation
image string
pullPolicy PullPolicy

JwtSpec

Appears in:

Field Description Default Validation
secret string Secret - JWT HMAC secret in plain text
This is WRITE-ONLY and will be copied to the SecretRef by the defaulter
secretRef LocalObjectReference SecretRef - object reference to the Secret where JWT values are stored
secretKey string SecretKey - key in secret where to read the JWT HMAC secret from secret
jwksKey string JwksKey - key in secret where to read the JWKS from jwks.json
anonKey string AnonKey - key in secret where to read the anon JWT from anon_key
serviceKey string ServiceKey - key in secret where to read the service JWT from service_key
expiry integer Expiry - expiration time in seconds for JWTs 3600

MigrationStatus

Underlying type: object

Appears in:

OAuthProvider

Appears in:

Field Description Default Validation
clientID string
clientSecretRef SecretKeySelector
url string

PhoneAuthProvider

Appears in:

Field Description Default Validation
enabled boolean Enabled - whether the authentication provider is enabled or not

PostgrestSpec

Appears in:

Field Description Default Validation
schemas string array Schemas - schema where PostgREST is looking for objects (tables, views, functions, ...) [public graphql_public] UniqueItems: true
extraSearchPath string array ExtraSearchPath - Extra schemas to add to the search_path of every request.
These schemas tables, views and functions dont get API endpoints, they can only be referred from the database objects inside your db-schemas.		 [public extensions] UniqueItems: true
anonRole string AnonRole - name of the anon role anon
maxRows integer MaxRows - maximum number of rows PostgREST will load at a time 1000
workloadTemplate WorkloadTemplate WorkloadTemplate - customize the PostgREST workload

WorkloadTemplate

Appears in:

Field Description Default Validation
replicas integer
securityContext PodSecurityContext
additionalLabels object (keys:string, values:string)
workload ContainerTemplate