From 138e6f9991c09e702128042fc64fdbef259b6bed Mon Sep 17 00:00:00 2001 From: drpsyko101 Date: Wed, 21 Feb 2024 22:44:55 +0800 Subject: [PATCH 1/8] Enable reference to existing secrets * referenced secrets take precedence over supplied values in `value.yaml` * test existing secrets by setting `debug.secretRef` to `true` * this is a temporary solution as `ct install` doesn't have pre-install step --- .../templates/analytics/deployment.yaml | 21 +++++ .../supabase/templates/auth/deployment.yaml | 29 +++++++ charts/supabase/templates/db/deployment.yaml | 20 +++++ .../templates/functions/deployment.yaml | 25 ++++++ .../supabase/templates/kong/deployment.yaml | 16 ++++ .../supabase/templates/meta/deployment.yaml | 8 ++ .../templates/realtime/deployment.yaml | 20 +++++ .../supabase/templates/rest/deployment.yaml | 21 +++++ .../templates/storage/deployment.yaml | 29 +++++++ .../supabase/templates/studio/deployment.yaml | 8 ++ charts/supabase/templates/test/db.yaml | 4 + .../supabase/templates/test/secretrefs.yaml | 80 +++++++++++++++++++ .../supabase/templates/vector/deployment.yaml | 4 + charts/supabase/values.yaml | 14 ++++ 14 files changed, 299 insertions(+) create mode 100644 charts/supabase/templates/test/secretrefs.yaml diff --git a/charts/supabase/templates/analytics/deployment.yaml b/charts/supabase/templates/analytics/deployment.yaml index b41743c..93c5e99 100644 --- a/charts/supabase/templates/analytics/deployment.yaml +++ b/charts/supabase/templates/analytics/deployment.yaml @@ -42,7 +42,11 @@ spec: - name: DB_USER valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: username - name: DB_PORT value: {{ .Values.analytics.environment.DB_PORT | quote }} @@ -72,22 +76,39 @@ spec: - name: DB_PASSWORD valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: password - name: DB_PASSWORD_ENC valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + key: password + {{- else }} name: {{ include "supabase.secret.db" . }} key: password_encoded + {{- end }} - name: DB_DATABASE valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: database - name: LOGFLARE_API_KEY valueFrom: secretKeyRef: + {{- if .Values.secret.analytics.secretRef }} + name: {{ .Values.secret.analytics.secretRef }} + {{- else }} name: {{ include "supabase.secret.analytics" . }} + {{- end }} key: apiKey {{- if .Values.analytics.bigQuery.enabled }} - name: GOOGLE_PROJECT_ID diff --git a/charts/supabase/templates/auth/deployment.yaml b/charts/supabase/templates/auth/deployment.yaml index b2ee0b4..3fa161e 100644 --- a/charts/supabase/templates/auth/deployment.yaml +++ b/charts/supabase/templates/auth/deployment.yaml @@ -42,7 +42,11 @@ spec: - name: DB_USER valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: username - name: DB_PORT value: {{ .Values.auth.environment.DB_PORT | quote }} @@ -72,17 +76,30 @@ spec: - name: DB_PASSWORD valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: password - name: DB_PASSWORD_ENC valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + key: password + {{- else }} name: {{ include "supabase.secret.db" . }} key: password_encoded + {{- end }} - name: DB_NAME valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: database - name: GOTRUE_DB_DATABASE_URL value: $(DB_DRIVER)://$(DB_USER):$(DB_PASSWORD_ENC)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?search_path=auth&sslmode=$(DB_SSL) @@ -91,17 +108,29 @@ spec: - name: GOTRUE_JWT_SECRET valueFrom: secretKeyRef: + {{- if .Values.secret.jwt.secretRef }} + name: {{ .Values.secret.jwt.secretRef }} + {{- else }} name: {{ include "supabase.secret.jwt" . }} + {{- end }} key: secret - name: GOTRUE_SMTP_USER valueFrom: secretKeyRef: + {{- if .Values.secret.smtp.secretRef }} + name: {{ .Values.secret.smtp.secretRef }} + {{- else }} name: {{ include "supabase.secret.smtp" . }} + {{- end }} key: username - name: GOTRUE_SMTP_PASS valueFrom: secretKeyRef: + {{- if .Values.secret.smtp.secretRef }} + name: {{ .Values.secret.smtp.secretRef }} + {{- else }} name: {{ include "supabase.secret.smtp" . }} + {{- end }} key: password {{- with .Values.auth.livenessProbe }} livenessProbe: diff --git a/charts/supabase/templates/db/deployment.yaml b/charts/supabase/templates/db/deployment.yaml index 13da44b..fb4e988 100644 --- a/charts/supabase/templates/db/deployment.yaml +++ b/charts/supabase/templates/db/deployment.yaml @@ -66,27 +66,47 @@ spec: - name: POSTGRES_USER valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: username - name: PGPASSWORD valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: password - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: password - name: PGDATABASE valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: database - name: POSTGRES_DB valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: database {{- with .Values.db.livenessProbe }} livenessProbe: diff --git a/charts/supabase/templates/functions/deployment.yaml b/charts/supabase/templates/functions/deployment.yaml index 3bf7a7d..a3c5328 100644 --- a/charts/supabase/templates/functions/deployment.yaml +++ b/charts/supabase/templates/functions/deployment.yaml @@ -52,32 +52,57 @@ spec: - name: DB_PASSWORD valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: password - name: DB_PASSWORD_ENC valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + key: password + {{- else }} name: {{ include "supabase.secret.db" . }} key: password_encoded + {{- end }} - name: DB_DATABASE valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: database - name: JWT_SECRET valueFrom: secretKeyRef: + {{- if .Values.secret.jwt.secretRef }} + name: {{ .Values.secret.jwt.secretRef }} + {{- else }} name: {{ include "supabase.secret.jwt" . }} + {{- end }} key: secret - name: SUPABASE_ANON_KEY valueFrom: secretKeyRef: + {{- if .Values.secret.jwt.secretRef }} + name: {{ .Values.secret.jwt.secretRef }} + {{- else }} name: {{ include "supabase.secret.jwt" . }} + {{- end }} key: anonKey - name: SUPABASE_SERVICE_ROLE_KEY valueFrom: secretKeyRef: + {{- if .Values.secret.jwt.secretRef }} + name: {{ .Values.secret.jwt.secretRef }} + {{- else }} name: {{ include "supabase.secret.jwt" . }} + {{- end }} key: serviceKey - name: POSTGRES_BACKEND_URL value: $(DB_DRIVER)://$(DB_USERNAME):$(DB_PASSWORD_ENC)@$(DB_HOSTNAME):$(DB_PORT)/$(DB_DATABASE)?search_path=auth&sslmode=$(DB_SSL) diff --git a/charts/supabase/templates/kong/deployment.yaml b/charts/supabase/templates/kong/deployment.yaml index 173c470..4ecc159 100644 --- a/charts/supabase/templates/kong/deployment.yaml +++ b/charts/supabase/templates/kong/deployment.yaml @@ -44,23 +44,39 @@ spec: - name: SUPABASE_ANON_KEY valueFrom: secretKeyRef: + {{- if .Values.secret.jwt.secretRef }} + name: {{ .Values.secret.jwt.secretRef }} + {{- else }} name: {{ include "supabase.secret.jwt" . }} + {{- end }} key: anonKey - name: SUPABASE_SERVICE_KEY valueFrom: secretKeyRef: + {{- if .Values.secret.jwt.secretRef }} + name: {{ .Values.secret.jwt.secretRef }} + {{- else }} name: {{ include "supabase.secret.jwt" . }} + {{- end }} key: serviceKey {{- if .Values.secret.dashboard }} - name: DASHBOARD_USERNAME valueFrom: secretKeyRef: + {{- if .Values.secret.dashboard.secretRef }} + name: {{ .Values.secret.dashboard.secretRef }} + {{- else }} name: {{ include "supabase.secret.dashboard" . }} + {{- end }} key: username - name: DASHBOARD_PASSWORD valueFrom: secretKeyRef: + {{- if .Values.secret.dashboard.secretRef }} + name: {{ .Values.secret.dashboard.secretRef }} + {{- else }} name: {{ include "supabase.secret.dashboard" . }} + {{- end }} key: password {{- end }} {{- with .Values.kong.livenessProbe }} diff --git a/charts/supabase/templates/meta/deployment.yaml b/charts/supabase/templates/meta/deployment.yaml index 254371a..80f4ce1 100644 --- a/charts/supabase/templates/meta/deployment.yaml +++ b/charts/supabase/templates/meta/deployment.yaml @@ -46,12 +46,20 @@ spec: - name: DB_PASSWORD valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: password - name: DB_NAME valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: database - name: PG_META_DB_HOST value: $(DB_HOST) diff --git a/charts/supabase/templates/realtime/deployment.yaml b/charts/supabase/templates/realtime/deployment.yaml index dcc0c04..06ddb30 100644 --- a/charts/supabase/templates/realtime/deployment.yaml +++ b/charts/supabase/templates/realtime/deployment.yaml @@ -42,7 +42,11 @@ spec: - name: DB_USER valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: username - name: DB_PORT value: {{ .Values.analytics.environment.DB_PORT | quote }} @@ -74,22 +78,38 @@ spec: - name: DB_PASSWORD valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: password - name: DB_NAME valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: database - name: JWT_SECRET valueFrom: secretKeyRef: + {{- if .Values.secret.jwt.secretRef }} + name: {{ .Values.secret.jwt.secretRef }} + {{- else }} name: {{ include "supabase.secret.jwt" . }} + {{- end }} key: secret - name: API_JWT_SECRET valueFrom: secretKeyRef: + {{- if .Values.secret.jwt.secretRef }} + name: {{ .Values.secret.jwt.secretRef }} + {{- else }} name: {{ include "supabase.secret.jwt" . }} + {{- end }} key: secret {{- with .Values.realtime.livenessProbe }} livenessProbe: diff --git a/charts/supabase/templates/rest/deployment.yaml b/charts/supabase/templates/rest/deployment.yaml index 226527b..538d9d7 100644 --- a/charts/supabase/templates/rest/deployment.yaml +++ b/charts/supabase/templates/rest/deployment.yaml @@ -46,29 +46,50 @@ spec: - name: DB_PASSWORD valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: password - name: DB_PASSWORD_ENC valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + key: password + {{- else }} name: {{ include "supabase.secret.db" . }} key: password_encoded + {{- end }} - name: DB_NAME valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: database - name: PGRST_DB_URI value: $(DB_DRIVER)://$(DB_USER):$(DB_PASSWORD_ENC)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=$(DB_SSL) - name: PGRST_JWT_SECRET valueFrom: secretKeyRef: + {{- if .Values.secret.jwt.secretRef }} + name: {{ .Values.secret.jwt.secretRef }} + {{- else }} name: {{ include "supabase.secret.jwt" . }} + {{- end }} key: secret - name: JWT_EXPIRY valueFrom: secretKeyRef: + {{- if .Values.secret.jwt.secretRef }} + name: {{ .Values.secret.jwt.secretRef }} + {{- else }} name: {{ include "supabase.secret.jwt" . }} + {{- end }} key: expiry {{- with .Values.rest.livenessProbe }} livenessProbe: diff --git a/charts/supabase/templates/storage/deployment.yaml b/charts/supabase/templates/storage/deployment.yaml index 6c5a805..05465a5 100644 --- a/charts/supabase/templates/storage/deployment.yaml +++ b/charts/supabase/templates/storage/deployment.yaml @@ -43,7 +43,11 @@ spec: - name: DB_USER valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: username - name: DB_PORT value: {{ .Values.analytics.environment.DB_PORT | quote }} @@ -102,34 +106,59 @@ spec: - name: DB_PASSWORD valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: password - name: DB_PASSWORD_ENC valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + key: password + {{- else }} name: {{ include "supabase.secret.db" . }} key: password_encoded + {{- end }} - name: DB_NAME valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: database - name: DATABASE_URL value: $(DB_DRIVER)://$(DB_USER):$(DB_PASSWORD_ENC)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?search_path=auth&sslmode=$(DB_SSL) - name: PGRST_JWT_SECRET valueFrom: secretKeyRef: + {{- if .Values.secret.jwt.secretRef }} + name: {{ .Values.secret.jwt.secretRef }} + {{- else }} name: {{ include "supabase.secret.jwt" . }} + {{- end }} key: secret - name: ANON_KEY valueFrom: secretKeyRef: + {{- if .Values.secret.jwt.secretRef }} + name: {{ .Values.secret.jwt.secretRef }} + {{- else }} name: {{ include "supabase.secret.jwt" . }} + {{- end }} key: anonKey - name: SERVICE_KEY valueFrom: secretKeyRef: + {{- if .Values.secret.jwt.secretRef }} + name: {{ .Values.secret.jwt.secretRef }} + {{- else }} name: {{ include "supabase.secret.jwt" . }} + {{- end }} key: serviceKey {{- if .Values.imgproxy.enabled }} - name: IMGPROXY_URL diff --git a/charts/supabase/templates/studio/deployment.yaml b/charts/supabase/templates/studio/deployment.yaml index 2eaf87e..9fba8da 100644 --- a/charts/supabase/templates/studio/deployment.yaml +++ b/charts/supabase/templates/studio/deployment.yaml @@ -50,12 +50,20 @@ spec: - name: SUPABASE_ANON_KEY valueFrom: secretKeyRef: + {{- if .Values.secret.jwt.secretRef }} + name: {{ .Values.secret.jwt.secretRef }} + {{- else }} name: {{ include "supabase.secret.jwt" . }} + {{- end }} key: anonKey - name: SUPABASE_SERVICE_KEY valueFrom: secretKeyRef: + {{- if .Values.secret.jwt.secretRef }} + name: {{ .Values.secret.jwt.secretRef }} + {{- else }} name: {{ include "supabase.secret.jwt" . }} + {{- end }} key: serviceKey {{- with .Values.studio.livenessProbe }} livenessProbe: diff --git a/charts/supabase/templates/test/db.yaml b/charts/supabase/templates/test/db.yaml index 4863f7a..43a7be7 100644 --- a/charts/supabase/templates/test/db.yaml +++ b/charts/supabase/templates/test/db.yaml @@ -28,7 +28,11 @@ spec: - name: DB_USER valueFrom: secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + {{- else }} name: {{ include "supabase.secret.db" . }} + {{- end }} key: username - name: DB_PORT value: {{ .Values.auth.environment.DB_PORT | quote }} diff --git a/charts/supabase/templates/test/secretrefs.yaml b/charts/supabase/templates/test/secretrefs.yaml new file mode 100644 index 0000000..7a1be7e --- /dev/null +++ b/charts/supabase/templates/test/secretrefs.yaml @@ -0,0 +1,80 @@ +{{- if .Values.debug }} +{{- if .Values.debug.secretRef }} +{{- if .Values.secret.jwt.secretRef }} +piVersion: v1 +kind: Secret +metadata: + name: "{{ include "supabase.fullname" . }}-{{ .Values.secret.jwt.secretRef }}" + labels: + {{- include "supabase.labels" . | nindent 4 }} + annotations: + helm.sh/hook: pre-install +type: Opaque +data: + anonKey: ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5QWdDaUFnSUNBaWNtOXNaU0k2SUNKaGJtOXVJaXdLSUNBZ0lDSnBjM01pT2lBaWMzVndZV0poYzJVdFpHVnRieUlzQ2lBZ0lDQWlhV0YwSWpvZ01UWTBNVGMyT1RJd01Dd0tJQ0FnSUNKbGVIQWlPaUF4TnprNU5UTTFOakF3Q24wLmRjX1g1aVJfVlBfcVQwenNpeWpfSV9PWjJUOUZ0UlUyQkJOV044QnU0R0U= + serviceKey: ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5QWdDaUFnSUNBaWNtOXNaU0k2SUNKelpYSjJhV05sWDNKdmJHVWlMQW9nSUNBZ0ltbHpjeUk2SUNKemRYQmhZbUZ6WlMxa1pXMXZJaXdLSUNBZ0lDSnBZWFFpT2lBeE5qUXhOelk1TWpBd0xBb2dJQ0FnSW1WNGNDSTZJREUzT1RrMU16VTJNREFLZlEuRGFZbE5Fb1VyckVuMklnN3RxaWJTLVBISzV2Z3VzYmNibzdYMzZYVnQ0UQ== + secret: eW91ci1zdXBlci1zZWNyZXQtand0LXRva2VuLXdpdGgtYXQtbGVhc3QtMzItY2hhcmFjdGVycy1sb25n + expiry: MzYwMA== +{{- end }} +{{- if .Values.secret.smtp.secretRef }} +--- +piVersion: v1 +kind: Secret +metadata: + name: "{{ include "supabase.fullname" . }}-{{ .Values.secret.smtp.secretRef }}" + labels: + {{- include "supabase.labels" . | nindent 4 }} + annotations: + helm.sh/hook: pre-install +type: Opaque +data: + username: eW91ci1tYWlsQGV4YW1wbGUuY29t + password: ZXhhbXBsZTEyMzQ1Ng== +{{- end }} +{{- if .Values.secret.dashboard.secretRef }} +--- +piVersion: v1 +kind: Secret +metadata: + name: "{{ include "supabase.fullname" . }}-{{ .Values.secret.dashboard.secretRef }}" + labels: + {{- include "supabase.labels" . | nindent 4 }} + annotations: + helm.sh/hook: pre-install +type: Opaque +data: + username: c3VwYWJhc2U= + password: dGhpc19wYXNzd29yZF9pc19pbnNlY3VyZV9hbmRfc2hvdWxkX2JlX3VwZGF0ZWQ= +{{- end }} +{{- if .Values.secret.db.secretRef }} +--- +piVersion: v1 +kind: Secret +metadata: + name: "{{ include "supabase.fullname" . }}-{{ .Values.secret.db.secretRef }}" + labels: + {{- include "supabase.labels" . | nindent 4 }} + annotations: + helm.sh/hook: pre-install +type: Opaque +data: + username: cG9zdGdyZXM= + password: ZXhhbXBsZTEyMzQ1Ng== + database: cG9zdGdyZXM= +{{- end }} +{{- if .Values.secret.analytics.secretRef }} +--- +piVersion: v1 +kind: Secret +metadata: + name: "{{ include "supabase.fullname" . }}-{{ .Values.secret.analytics.secretRef }}" + labels: + {{- include "supabase.labels" . | nindent 4 }} + annotations: + helm.sh/hook: pre-install +type: Opaque +data: + apiKey: eW91ci1zdXBlci1zZWNyZXQtYW5kLWxvbmctbG9nZmxhcmUta2V5 +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/supabase/templates/vector/deployment.yaml b/charts/supabase/templates/vector/deployment.yaml index d68484b..4c65fb5 100644 --- a/charts/supabase/templates/vector/deployment.yaml +++ b/charts/supabase/templates/vector/deployment.yaml @@ -47,7 +47,11 @@ spec: - name: LOGFLARE_API_KEY valueFrom: secretKeyRef: + {{- if .Values.secret.analytics.secretRef }} + name: {{ .Values.secret.analytics.secretRef }} + {{- else }} name: {{ include "supabase.secret.analytics" . }} + {{- end }} key: apiKey {{- end }} {{- with .Values.vector.livenessProbe }} diff --git a/charts/supabase/values.yaml b/charts/supabase/values.yaml index c1ae390..9a3a3d5 100644 --- a/charts/supabase/values.yaml +++ b/charts/supabase/values.yaml @@ -22,28 +22,40 @@ secret: serviceKey: "" secret: "" expiry: 3600 + # specify existing secret, which takes precedence over variables above + secretRef: "" # database credentials # these fields must be provided even if using external database db: username: "" password: "" database: "" + # specify existing secret, which takes precedence over variables above + secretRef: "" # analytics Logflare API key analytics: apiKey: "" + # specify existing secret, which takes precedence over variable above + secretRef: "" # smtp will be used to reference secret including smtp credentials smtp: # username: "" # password: "" + # specify existing secret, which takes precedence over variables above + # secretRef: "" # secret used to access the studio dashboard # leave it empty to disable dashboard authentication dashboard: # username: "" # password: "" + # specify existing secret, which takes precedence over variables above + # secretRef: "" # S3 credentials for storage object bucket s3: # keyId: "" # accessKey: "" + # specify existing secret, which takes precedence over variables above + # secretRef: "" # Optional: Postgres Database # A standalone Postgres database configured to work with Supabase services. @@ -174,6 +186,8 @@ studio: STUDIO_PORT: "3000" SUPABASE_PUBLIC_URL: http://example.com NEXT_PUBLIC_ENABLE_LOGS: "true" + # Set value to bigquery to use Big Query backend for analytics + NEXT_ANALYTICS_BACKEND_PROVIDER: postgres # postgres, bigquery # volumeMounts: # - name: volume_name # mountPath: /path/to/my/secret From ddb58f6128b3cf4cfe43eb0735dddb30c706cf55 Mon Sep 17 00:00:00 2001 From: drpsyko101 Date: Sat, 30 Mar 2024 19:03:59 +0800 Subject: [PATCH 2/8] Fix ref test typos --- .../supabase/templates/test/secretrefs.yaml | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/charts/supabase/templates/test/secretrefs.yaml b/charts/supabase/templates/test/secretrefs.yaml index 7a1be7e..50a0558 100644 --- a/charts/supabase/templates/test/secretrefs.yaml +++ b/charts/supabase/templates/test/secretrefs.yaml @@ -1,10 +1,10 @@ {{- if .Values.debug }} {{- if .Values.debug.secretRef }} {{- if .Values.secret.jwt.secretRef }} -piVersion: v1 +apiVersion: v1 kind: Secret metadata: - name: "{{ include "supabase.fullname" . }}-{{ .Values.secret.jwt.secretRef }}" + name: {{ .Values.secret.jwt.secretRef }} labels: {{- include "supabase.labels" . | nindent 4 }} annotations: @@ -18,10 +18,10 @@ data: {{- end }} {{- if .Values.secret.smtp.secretRef }} --- -piVersion: v1 +apiVersion: v1 kind: Secret metadata: - name: "{{ include "supabase.fullname" . }}-{{ .Values.secret.smtp.secretRef }}" + name: {{ .Values.secret.smtp.secretRef }} labels: {{- include "supabase.labels" . | nindent 4 }} annotations: @@ -33,10 +33,10 @@ data: {{- end }} {{- if .Values.secret.dashboard.secretRef }} --- -piVersion: v1 +apiVersion: v1 kind: Secret metadata: - name: "{{ include "supabase.fullname" . }}-{{ .Values.secret.dashboard.secretRef }}" + name: {{ .Values.secret.dashboard.secretRef }} labels: {{- include "supabase.labels" . | nindent 4 }} annotations: @@ -48,10 +48,10 @@ data: {{- end }} {{- if .Values.secret.db.secretRef }} --- -piVersion: v1 +apiVersion: v1 kind: Secret metadata: - name: "{{ include "supabase.fullname" . }}-{{ .Values.secret.db.secretRef }}" + name: {{ .Values.secret.db.secretRef }} labels: {{- include "supabase.labels" . | nindent 4 }} annotations: @@ -64,10 +64,10 @@ data: {{- end }} {{- if .Values.secret.analytics.secretRef }} --- -piVersion: v1 +apiVersion: v1 kind: Secret metadata: - name: "{{ include "supabase.fullname" . }}-{{ .Values.secret.analytics.secretRef }}" + name: {{ .Values.secret.analytics.secretRef }} labels: {{- include "supabase.labels" . | nindent 4 }} annotations: From a5d5e021898118ae894f974bb000fc58b2ed3d1f Mon Sep 17 00:00:00 2001 From: drpsyko101 Date: Sun, 7 Apr 2024 13:59:09 +0800 Subject: [PATCH 3/8] Add support for custom secretRef keys --- .../templates/analytics/deployment.yaml | 14 ++++++---- .../supabase/templates/auth/deployment.yaml | 20 +++++++++----- charts/supabase/templates/db/deployment.yaml | 15 +++++++---- .../templates/functions/deployment.yaml | 17 +++++++----- .../supabase/templates/kong/deployment.yaml | 12 ++++++--- .../supabase/templates/meta/deployment.yaml | 6 +++-- .../templates/realtime/deployment.yaml | 15 +++++++---- .../supabase/templates/rest/deployment.yaml | 14 ++++++---- .../supabase/templates/secrets/analytics.yaml | 2 +- .../supabase/templates/secrets/dashboard.yaml | 2 ++ charts/supabase/templates/secrets/db.yaml | 2 ++ charts/supabase/templates/secrets/jwt.yaml | 2 ++ charts/supabase/templates/secrets/s3.yaml | 2 ++ charts/supabase/templates/secrets/smtp.yaml | 2 ++ .../templates/storage/deployment.yaml | 20 +++++++++----- .../supabase/templates/studio/deployment.yaml | 6 +++-- charts/supabase/templates/test/db.yaml | 3 ++- .../supabase/templates/vector/deployment.yaml | 3 ++- charts/supabase/values.yaml | 26 +++++++++++++++++++ 19 files changed, 132 insertions(+), 51 deletions(-) diff --git a/charts/supabase/templates/analytics/deployment.yaml b/charts/supabase/templates/analytics/deployment.yaml index 2b4b800..3c4f585 100644 --- a/charts/supabase/templates/analytics/deployment.yaml +++ b/charts/supabase/templates/analytics/deployment.yaml @@ -44,10 +44,11 @@ spec: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.username | default "username" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: username + {{- end }} - name: DB_PORT value: {{ .Values.analytics.environment.DB_PORT | quote }} command: ["/bin/sh", "-c"] @@ -78,16 +79,17 @@ spec: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.password | default "password" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: password + {{- end }} - name: DB_PASSWORD_ENC valueFrom: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} - key: password + key: {{ .Values.secret.db.secretRefKey.password | default "password" }} {{- else }} name: {{ include "supabase.secret.db" . }} key: password_encoded @@ -97,19 +99,21 @@ spec: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.database | default "database" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: database + {{- end }} - name: LOGFLARE_API_KEY valueFrom: secretKeyRef: {{- if .Values.secret.analytics.secretRef }} name: {{ .Values.secret.analytics.secretRef }} + key: {{ .Values.secret.analytics.secretRefKey.apiKey | default "apiKey" }} {{- else }} name: {{ include "supabase.secret.analytics" . }} - {{- end }} key: apiKey + {{- end }} {{- if .Values.analytics.bigQuery.enabled }} - name: GOOGLE_PROJECT_ID value: {{ .Values.analytics.bigQuery.projectId | quote }} diff --git a/charts/supabase/templates/auth/deployment.yaml b/charts/supabase/templates/auth/deployment.yaml index 3fa161e..f383045 100644 --- a/charts/supabase/templates/auth/deployment.yaml +++ b/charts/supabase/templates/auth/deployment.yaml @@ -44,10 +44,11 @@ spec: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.username | default "username" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: username + {{- end }} - name: DB_PORT value: {{ .Values.auth.environment.DB_PORT | quote }} command: ["/bin/sh", "-c"] @@ -78,16 +79,17 @@ spec: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.password | default "password" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: password + {{- end }} - name: DB_PASSWORD_ENC valueFrom: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} - key: password + key: {{ .Values.secret.db.secretRefKey.password | default "password" }} {{- else }} name: {{ include "supabase.secret.db" . }} key: password_encoded @@ -97,10 +99,11 @@ spec: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.database | default "database" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: database + {{- end }} - name: GOTRUE_DB_DATABASE_URL value: $(DB_DRIVER)://$(DB_USER):$(DB_PASSWORD_ENC)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?search_path=auth&sslmode=$(DB_SSL) - name: GOTRUE_DB_DRIVER @@ -110,28 +113,31 @@ spec: secretKeyRef: {{- if .Values.secret.jwt.secretRef }} name: {{ .Values.secret.jwt.secretRef }} + key: {{ .Values.secret.jwt.secretRefKey.secret | default "secret" }} {{- else }} name: {{ include "supabase.secret.jwt" . }} - {{- end }} key: secret + {{- end }} - name: GOTRUE_SMTP_USER valueFrom: secretKeyRef: {{- if .Values.secret.smtp.secretRef }} name: {{ .Values.secret.smtp.secretRef }} + key: {{ .Values.secret.smtp.secretRefKey.username | default "username" }} {{- else }} name: {{ include "supabase.secret.smtp" . }} - {{- end }} key: username + {{- end }} - name: GOTRUE_SMTP_PASS valueFrom: secretKeyRef: {{- if .Values.secret.smtp.secretRef }} name: {{ .Values.secret.smtp.secretRef }} + key: {{ .Values.secret.smtp.secretRefKey.password | default "password" }} {{- else }} name: {{ include "supabase.secret.smtp" . }} - {{- end }} key: password + {{- end }} {{- with .Values.auth.livenessProbe }} livenessProbe: {{- toYaml . | nindent 12 }} diff --git a/charts/supabase/templates/db/deployment.yaml b/charts/supabase/templates/db/deployment.yaml index fb4e988..75f3c8e 100644 --- a/charts/supabase/templates/db/deployment.yaml +++ b/charts/supabase/templates/db/deployment.yaml @@ -68,46 +68,51 @@ spec: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.username | default "username" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: username + {{- end }} - name: PGPASSWORD valueFrom: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.password | default "password" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: password + {{- end }} - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.password | default "password" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: password + {{- end }} - name: PGDATABASE valueFrom: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.database | default "database" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: database + {{- end }} - name: POSTGRES_DB valueFrom: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.database | default "database" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: database + {{- end }} {{- with .Values.db.livenessProbe }} livenessProbe: {{- toYaml . | nindent 12 }} diff --git a/charts/supabase/templates/functions/deployment.yaml b/charts/supabase/templates/functions/deployment.yaml index a3c5328..2272689 100644 --- a/charts/supabase/templates/functions/deployment.yaml +++ b/charts/supabase/templates/functions/deployment.yaml @@ -54,16 +54,17 @@ spec: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.password | default "password" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: password + {{- end }} - name: DB_PASSWORD_ENC valueFrom: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} - key: password + key: {{ .Values.secret.db.secretRefKey.password | default "password" }} {{- else }} name: {{ include "supabase.secret.db" . }} key: password_encoded @@ -73,37 +74,41 @@ spec: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.database | default "database" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: database + {{- end }} - name: JWT_SECRET valueFrom: secretKeyRef: {{- if .Values.secret.jwt.secretRef }} name: {{ .Values.secret.jwt.secretRef }} + key: {{ .Values.secret.jwt.secretRefKey.secret | default "secret" }} {{- else }} name: {{ include "supabase.secret.jwt" . }} - {{- end }} key: secret + {{- end }} - name: SUPABASE_ANON_KEY valueFrom: secretKeyRef: {{- if .Values.secret.jwt.secretRef }} name: {{ .Values.secret.jwt.secretRef }} + key: {{ .Values.secret.jwt.secretRefKey.anonKey | default "anonKey" }} {{- else }} name: {{ include "supabase.secret.jwt" . }} - {{- end }} key: anonKey + {{- end }} - name: SUPABASE_SERVICE_ROLE_KEY valueFrom: secretKeyRef: {{- if .Values.secret.jwt.secretRef }} name: {{ .Values.secret.jwt.secretRef }} + key: {{ .Values.secret.jwt.secretRefKey.serviceKey | default "serviceKey" }} {{- else }} name: {{ include "supabase.secret.jwt" . }} - {{- end }} key: serviceKey + {{- end }} - name: POSTGRES_BACKEND_URL value: $(DB_DRIVER)://$(DB_USERNAME):$(DB_PASSWORD_ENC)@$(DB_HOSTNAME):$(DB_PORT)/$(DB_DATABASE)?search_path=auth&sslmode=$(DB_SSL) {{- with .Values.functions.livenessProbe }} diff --git a/charts/supabase/templates/kong/deployment.yaml b/charts/supabase/templates/kong/deployment.yaml index 4ecc159..fcedfbb 100644 --- a/charts/supabase/templates/kong/deployment.yaml +++ b/charts/supabase/templates/kong/deployment.yaml @@ -46,38 +46,42 @@ spec: secretKeyRef: {{- if .Values.secret.jwt.secretRef }} name: {{ .Values.secret.jwt.secretRef }} + key: {{ .Values.secret.jwt.secretRefKey.anonKey | default "anonKey" }} {{- else }} name: {{ include "supabase.secret.jwt" . }} - {{- end }} key: anonKey + {{- end }} - name: SUPABASE_SERVICE_KEY valueFrom: secretKeyRef: {{- if .Values.secret.jwt.secretRef }} name: {{ .Values.secret.jwt.secretRef }} + key: {{ .Values.secret.jwt.secretRefKey.serviceKey | default "serviceKey" }} {{- else }} name: {{ include "supabase.secret.jwt" . }} - {{- end }} key: serviceKey + {{- end }} {{- if .Values.secret.dashboard }} - name: DASHBOARD_USERNAME valueFrom: secretKeyRef: {{- if .Values.secret.dashboard.secretRef }} name: {{ .Values.secret.dashboard.secretRef }} + key: {{ .Values.secret.dashboard.secretRefKey.username | default "username" }} {{- else }} name: {{ include "supabase.secret.dashboard" . }} - {{- end }} key: username + {{- end }} - name: DASHBOARD_PASSWORD valueFrom: secretKeyRef: {{- if .Values.secret.dashboard.secretRef }} name: {{ .Values.secret.dashboard.secretRef }} + key: {{ .Values.secret.dashboard.secretRefKey.password | default "password" }} {{- else }} name: {{ include "supabase.secret.dashboard" . }} - {{- end }} key: password + {{- end }} {{- end }} {{- with .Values.kong.livenessProbe }} livenessProbe: diff --git a/charts/supabase/templates/meta/deployment.yaml b/charts/supabase/templates/meta/deployment.yaml index 80f4ce1..2dac17b 100644 --- a/charts/supabase/templates/meta/deployment.yaml +++ b/charts/supabase/templates/meta/deployment.yaml @@ -48,19 +48,21 @@ spec: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.password | default "password" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: password + {{- end }} - name: DB_NAME valueFrom: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.database | default "database" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: database + {{- end }} - name: PG_META_DB_HOST value: $(DB_HOST) - name: PG_META_DB_PORT diff --git a/charts/supabase/templates/realtime/deployment.yaml b/charts/supabase/templates/realtime/deployment.yaml index 06ddb30..4083a46 100644 --- a/charts/supabase/templates/realtime/deployment.yaml +++ b/charts/supabase/templates/realtime/deployment.yaml @@ -44,10 +44,11 @@ spec: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.username | default "username" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: username + {{- end }} - name: DB_PORT value: {{ .Values.analytics.environment.DB_PORT | quote }} command: ["/bin/sh", "-c"] @@ -80,37 +81,41 @@ spec: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.password | default "password" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: password + {{- end }} - name: DB_NAME valueFrom: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.database | default "database" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: database + {{- end }} - name: JWT_SECRET valueFrom: secretKeyRef: {{- if .Values.secret.jwt.secretRef }} name: {{ .Values.secret.jwt.secretRef }} + key: {{ .Values.secret.jwt.secretRefKey.secret | default "secret" }} {{- else }} name: {{ include "supabase.secret.jwt" . }} - {{- end }} key: secret + {{- end }} - name: API_JWT_SECRET valueFrom: secretKeyRef: {{- if .Values.secret.jwt.secretRef }} name: {{ .Values.secret.jwt.secretRef }} + key: {{ .Values.secret.jwt.secretRefKey.secret | default "secret" }} {{- else }} name: {{ include "supabase.secret.jwt" . }} - {{- end }} key: secret + {{- end }} {{- with .Values.realtime.livenessProbe }} livenessProbe: {{- toYaml . | nindent 12 }} diff --git a/charts/supabase/templates/rest/deployment.yaml b/charts/supabase/templates/rest/deployment.yaml index 538d9d7..8fc7fd6 100644 --- a/charts/supabase/templates/rest/deployment.yaml +++ b/charts/supabase/templates/rest/deployment.yaml @@ -48,16 +48,17 @@ spec: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.password | default "password" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: password + {{- end }} - name: DB_PASSWORD_ENC valueFrom: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} - key: password + key: {{ .Values.secret.db.secretRefKey.password | default "password" }} {{- else }} name: {{ include "supabase.secret.db" . }} key: password_encoded @@ -67,10 +68,11 @@ spec: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.database | default "database" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: database + {{- end }} - name: PGRST_DB_URI value: $(DB_DRIVER)://$(DB_USER):$(DB_PASSWORD_ENC)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=$(DB_SSL) - name: PGRST_JWT_SECRET @@ -78,19 +80,21 @@ spec: secretKeyRef: {{- if .Values.secret.jwt.secretRef }} name: {{ .Values.secret.jwt.secretRef }} + key: {{ .Values.secret.jwt.secretRefKey.secret | default "secret" }} {{- else }} name: {{ include "supabase.secret.jwt" . }} - {{- end }} key: secret + {{- end }} - name: JWT_EXPIRY valueFrom: secretKeyRef: {{- if .Values.secret.jwt.secretRef }} name: {{ .Values.secret.jwt.secretRef }} + key: {{ .Values.secret.jwt.secretRefKey.expiry | default "expiry" }} {{- else }} name: {{ include "supabase.secret.jwt" . }} - {{- end }} key: expiry + {{- end }} {{- with .Values.rest.livenessProbe }} livenessProbe: {{- toYaml . | nindent 12 }} diff --git a/charts/supabase/templates/secrets/analytics.yaml b/charts/supabase/templates/secrets/analytics.yaml index 83e7b42..8710542 100644 --- a/charts/supabase/templates/secrets/analytics.yaml +++ b/charts/supabase/templates/secrets/analytics.yaml @@ -1,4 +1,4 @@ -{{- if .Values.secret.analytics }} +{{- if not .Values.secret.analytics.secretRef }} apiVersion: v1 kind: Secret metadata: diff --git a/charts/supabase/templates/secrets/dashboard.yaml b/charts/supabase/templates/secrets/dashboard.yaml index f81ef57..d0db4c7 100644 --- a/charts/supabase/templates/secrets/dashboard.yaml +++ b/charts/supabase/templates/secrets/dashboard.yaml @@ -1,4 +1,5 @@ {{- if .Values.secret.dashboard }} +{{- if not .Values.secret.dashboard.secretRef }} apiVersion: v1 kind: Secret metadata: @@ -11,3 +12,4 @@ data: {{ $key }}: {{ $value | b64enc }} {{- end }} {{- end }} +{{- end }} diff --git a/charts/supabase/templates/secrets/db.yaml b/charts/supabase/templates/secrets/db.yaml index 1a6a26e..21f5735 100644 --- a/charts/supabase/templates/secrets/db.yaml +++ b/charts/supabase/templates/secrets/db.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.secret.db }} apiVersion: v1 kind: Secret metadata: @@ -10,3 +11,4 @@ data: {{ $key }}: {{ $value | b64enc }} {{- end }} password_encoded: {{ .Values.secret.db.password | urlquery | b64enc }} +{{- end }} diff --git a/charts/supabase/templates/secrets/jwt.yaml b/charts/supabase/templates/secrets/jwt.yaml index 5622d23..b8d4296 100644 --- a/charts/supabase/templates/secrets/jwt.yaml +++ b/charts/supabase/templates/secrets/jwt.yaml @@ -1,4 +1,5 @@ {{- if .Values.secret.jwt }} +{{- if not .Values.secret.jwt.secretRef }} apiVersion: v1 kind: Secret metadata: @@ -11,3 +12,4 @@ data: {{ $key }}: {{ $value | toString | b64enc }} {{- end }} {{- end }} +{{- end }} diff --git a/charts/supabase/templates/secrets/s3.yaml b/charts/supabase/templates/secrets/s3.yaml index 1752e65..510610b 100644 --- a/charts/supabase/templates/secrets/s3.yaml +++ b/charts/supabase/templates/secrets/s3.yaml @@ -1,4 +1,5 @@ {{- if .Values.secret.s3 }} +{{- if not .Values.secret.s3.secretRef }} apiVersion: v1 kind: Secret metadata: @@ -11,3 +12,4 @@ data: {{ $key }}: {{ $value | toString | b64enc }} {{- end }} {{- end }} +{{- end }} diff --git a/charts/supabase/templates/secrets/smtp.yaml b/charts/supabase/templates/secrets/smtp.yaml index 38b70b7..4dd4a93 100644 --- a/charts/supabase/templates/secrets/smtp.yaml +++ b/charts/supabase/templates/secrets/smtp.yaml @@ -1,4 +1,5 @@ {{- if .Values.secret.smtp }} +{{- if not .Values.secret.smtp.secretRef }} apiVersion: v1 kind: Secret metadata: @@ -11,3 +12,4 @@ data: {{ $key }}: {{ $value | b64enc }} {{- end }} {{- end }} +{{- end }} diff --git a/charts/supabase/templates/storage/deployment.yaml b/charts/supabase/templates/storage/deployment.yaml index 6132783..4b93977 100644 --- a/charts/supabase/templates/storage/deployment.yaml +++ b/charts/supabase/templates/storage/deployment.yaml @@ -45,10 +45,11 @@ spec: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.username | default "username" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: username + {{- end }} - name: DB_PORT value: {{ .Values.analytics.environment.DB_PORT | quote }} command: ["/bin/sh", "-c"] @@ -108,16 +109,17 @@ spec: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.password | default "password" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: password + {{- end }} - name: DB_PASSWORD_ENC valueFrom: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} - key: password + key: {{ .Values.secret.db.secretRefKey.password | default "password" }} {{- else }} name: {{ include "supabase.secret.db" . }} key: password_encoded @@ -127,10 +129,11 @@ spec: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.database | default "database" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: database + {{- end }} - name: DATABASE_URL value: $(DB_DRIVER)://$(DB_USER):$(DB_PASSWORD_ENC)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?search_path=auth&sslmode=$(DB_SSL) - name: PGRST_JWT_SECRET @@ -138,28 +141,31 @@ spec: secretKeyRef: {{- if .Values.secret.jwt.secretRef }} name: {{ .Values.secret.jwt.secretRef }} + key: {{ .Values.secret.jwt.secretRefKey.secret | default "secret" }} {{- else }} name: {{ include "supabase.secret.jwt" . }} - {{- end }} key: secret + {{- end }} - name: ANON_KEY valueFrom: secretKeyRef: {{- if .Values.secret.jwt.secretRef }} name: {{ .Values.secret.jwt.secretRef }} + key: {{ .Values.secret.jwt.secretRefKey.anonKey | default "anonKey" }} {{- else }} name: {{ include "supabase.secret.jwt" . }} - {{- end }} key: anonKey + {{- end }} - name: SERVICE_KEY valueFrom: secretKeyRef: {{- if .Values.secret.jwt.secretRef }} name: {{ .Values.secret.jwt.secretRef }} + key: {{ .Values.secret.jwt.secretRefKey.serviceKey | default "serviceKey" }} {{- else }} name: {{ include "supabase.secret.jwt" . }} - {{- end }} key: serviceKey + {{- end }} {{- if .Values.imgproxy.enabled }} - name: IMGPROXY_URL value: http://{{ include "supabase.imgproxy.fullname" . }}:{{ .Values.imgproxy.service.port | int }} diff --git a/charts/supabase/templates/studio/deployment.yaml b/charts/supabase/templates/studio/deployment.yaml index 90e9e16..dc4d9f8 100644 --- a/charts/supabase/templates/studio/deployment.yaml +++ b/charts/supabase/templates/studio/deployment.yaml @@ -52,19 +52,21 @@ spec: secretKeyRef: {{- if .Values.secret.jwt.secretRef }} name: {{ .Values.secret.jwt.secretRef }} + key: {{ .Values.secret.jwt.secretRefKey.anonKey | default "anonKey" }} {{- else }} name: {{ include "supabase.secret.jwt" . }} - {{- end }} key: anonKey + {{- end }} - name: SUPABASE_SERVICE_KEY valueFrom: secretKeyRef: {{- if .Values.secret.jwt.secretRef }} name: {{ .Values.secret.jwt.secretRef }} + key: {{ .Values.secret.jwt.secretRefKey.serviceKey | default "serviceKey" }} {{- else }} name: {{ include "supabase.secret.jwt" . }} - {{- end }} key: serviceKey + {{- end }} {{- if .Values.analytics.enabled }} - name: LOGFLARE_URL value: http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }} diff --git a/charts/supabase/templates/test/db.yaml b/charts/supabase/templates/test/db.yaml index 43a7be7..296bcc3 100644 --- a/charts/supabase/templates/test/db.yaml +++ b/charts/supabase/templates/test/db.yaml @@ -30,10 +30,11 @@ spec: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.username | default "username" }} {{- else }} name: {{ include "supabase.secret.db" . }} - {{- end }} key: username + {{- end }} - name: DB_PORT value: {{ .Values.auth.environment.DB_PORT | quote }} image: postgres:15-alpine diff --git a/charts/supabase/templates/vector/deployment.yaml b/charts/supabase/templates/vector/deployment.yaml index 890efcb..911ff08 100644 --- a/charts/supabase/templates/vector/deployment.yaml +++ b/charts/supabase/templates/vector/deployment.yaml @@ -54,10 +54,11 @@ spec: secretKeyRef: {{- if .Values.secret.analytics.secretRef }} name: {{ .Values.secret.analytics.secretRef }} + key: {{ .Values.secret.analytics.secretRefKey.apiKey | default "apiKey" }} {{- else }} name: {{ include "supabase.secret.analytics" . }} - {{- end }} key: apiKey + {{- end }} {{- end }} {{- with .Values.vector.livenessProbe }} livenessProbe: diff --git a/charts/supabase/values.yaml b/charts/supabase/values.yaml index 640120d..9f8e379 100644 --- a/charts/supabase/values.yaml +++ b/charts/supabase/values.yaml @@ -24,6 +24,12 @@ secret: expiry: 3600 # specify existing secret, which takes precedence over variables above secretRef: "" + # override secret keys for existing secret refs + secretRefKey: + anonKey: anonKey + serviceKey: serviceKey + secret: secret + expiry: expiry # database credentials # these fields must be provided even if using external database db: @@ -32,17 +38,29 @@ secret: database: "" # specify existing secret, which takes precedence over variables above secretRef: "" + # override secret keys for existing secret refs + secretRefKey: + username: username + password: password + database: database # analytics Logflare API key analytics: apiKey: "" # specify existing secret, which takes precedence over variable above secretRef: "" + # override secret keys for existing secret refs + secretRefKey: + apiKey: apiKey # smtp will be used to reference secret including smtp credentials smtp: # username: "" # password: "" # specify existing secret, which takes precedence over variables above # secretRef: "" + # override secret keys for existing secret refs + secretRefKey: + username: username + password: password # secret used to access the studio dashboard # leave it empty to disable dashboard authentication dashboard: @@ -50,12 +68,20 @@ secret: # password: "" # specify existing secret, which takes precedence over variables above # secretRef: "" + # override secret keys for existing secret refs + secretRefKey: + username: username + password: password # S3 credentials for storage object bucket s3: # keyId: "" # accessKey: "" # specify existing secret, which takes precedence over variables above # secretRef: "" + # override secret keys for existing secret refs + secretRefKey: + keyId: keyId + accessKey: accessKey # Optional: Postgres Database # A standalone Postgres database configured to work with Supabase services. From f6cbcdb1629a918ccf11a6680472d82ff77a25ec Mon Sep 17 00:00:00 2001 From: drpsyko101 Date: Sat, 13 Apr 2024 20:33:09 +0800 Subject: [PATCH 4/8] Bump chart version --- charts/supabase/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/supabase/Chart.yaml b/charts/supabase/Chart.yaml index d7b9a1f..b83d342 100644 --- a/charts/supabase/Chart.yaml +++ b/charts/supabase/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From ff3a02474d7387baa54a65f981aa96307e18ea40 Mon Sep 17 00:00:00 2001 From: drpsyko101 Date: Sat, 13 Apr 2024 20:50:35 +0800 Subject: [PATCH 5/8] Fix secretRefKey included in secret * exclude empty secret from being encoded --- charts/supabase/templates/secrets/analytics.yaml | 4 ++++ charts/supabase/templates/secrets/dashboard.yaml | 4 ++++ charts/supabase/templates/secrets/db.yaml | 4 ++++ charts/supabase/templates/secrets/jwt.yaml | 4 ++++ charts/supabase/templates/secrets/s3.yaml | 4 ++++ charts/supabase/templates/secrets/smtp.yaml | 4 ++++ 6 files changed, 24 insertions(+) diff --git a/charts/supabase/templates/secrets/analytics.yaml b/charts/supabase/templates/secrets/analytics.yaml index 8710542..b80f4f7 100644 --- a/charts/supabase/templates/secrets/analytics.yaml +++ b/charts/supabase/templates/secrets/analytics.yaml @@ -8,6 +8,10 @@ metadata: type: Opaque data: {{- range $key, $value := .Values.secret.analytics }} +{{- if $value }} +{{- if eq (typeOf $value) "string" }} {{ $key }}: {{ $value | b64enc }} {{- end }} {{- end }} +{{- end }} +{{- end }} diff --git a/charts/supabase/templates/secrets/dashboard.yaml b/charts/supabase/templates/secrets/dashboard.yaml index d0db4c7..cd99197 100644 --- a/charts/supabase/templates/secrets/dashboard.yaml +++ b/charts/supabase/templates/secrets/dashboard.yaml @@ -9,7 +9,11 @@ metadata: type: Opaque data: {{- range $key, $value := .Values.secret.dashboard }} +{{- if $value }} +{{- if eq (typeOf $value) "string" }} {{ $key }}: {{ $value | b64enc }} {{- end }} {{- end }} {{- end }} +{{- end }} +{{- end }} diff --git a/charts/supabase/templates/secrets/db.yaml b/charts/supabase/templates/secrets/db.yaml index 21f5735..aa3544f 100644 --- a/charts/supabase/templates/secrets/db.yaml +++ b/charts/supabase/templates/secrets/db.yaml @@ -8,7 +8,11 @@ metadata: type: Opaque data: {{- range $key, $value := .Values.secret.db }} +{{- if $value }} +{{- if eq (typeOf $value) "string" }} {{ $key }}: {{ $value | b64enc }} +{{- end }} +{{- end }} {{- end }} password_encoded: {{ .Values.secret.db.password | urlquery | b64enc }} {{- end }} diff --git a/charts/supabase/templates/secrets/jwt.yaml b/charts/supabase/templates/secrets/jwt.yaml index b8d4296..0b190a1 100644 --- a/charts/supabase/templates/secrets/jwt.yaml +++ b/charts/supabase/templates/secrets/jwt.yaml @@ -9,7 +9,11 @@ metadata: type: Opaque data: {{- range $key, $value := .Values.secret.jwt }} +{{- if $value }} +{{- if eq (typeOf $value) "string" }} {{ $key }}: {{ $value | toString | b64enc }} {{- end }} {{- end }} {{- end }} +{{- end }} +{{- end }} diff --git a/charts/supabase/templates/secrets/s3.yaml b/charts/supabase/templates/secrets/s3.yaml index 510610b..7421da4 100644 --- a/charts/supabase/templates/secrets/s3.yaml +++ b/charts/supabase/templates/secrets/s3.yaml @@ -9,7 +9,11 @@ metadata: type: Opaque data: {{- range $key, $value := .Values.secret.s3 }} +{{- if $value }} +{{- if eq (typeOf $value) "string" }} {{ $key }}: {{ $value | toString | b64enc }} {{- end }} {{- end }} {{- end }} +{{- end }} +{{- end }} diff --git a/charts/supabase/templates/secrets/smtp.yaml b/charts/supabase/templates/secrets/smtp.yaml index 4dd4a93..05c3579 100644 --- a/charts/supabase/templates/secrets/smtp.yaml +++ b/charts/supabase/templates/secrets/smtp.yaml @@ -9,7 +9,11 @@ metadata: type: Opaque data: {{- range $key, $value := .Values.secret.smtp }} +{{- if $value }} +{{- if eq (typeOf $value) "string" }} {{ $key }}: {{ $value | b64enc }} {{- end }} {{- end }} {{- end }} +{{- end }} +{{- end }} From 23ef62dd83967ad96745cd3edefb19d2f6411796 Mon Sep 17 00:00:00 2001 From: drpsyko101 Date: Sat, 13 Apr 2024 21:07:08 +0800 Subject: [PATCH 6/8] Fix db secret not created by default --- charts/supabase/templates/secrets/db.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/supabase/templates/secrets/db.yaml b/charts/supabase/templates/secrets/db.yaml index aa3544f..5128699 100644 --- a/charts/supabase/templates/secrets/db.yaml +++ b/charts/supabase/templates/secrets/db.yaml @@ -1,4 +1,4 @@ -{{- if not .Values.secret.db }} +{{- if not .Values.secret.db.secretRef }} apiVersion: v1 kind: Secret metadata: From e0ee868c64cab5c74d04560046feebf087b9f1fb Mon Sep 17 00:00:00 2001 From: drpsyko101 Date: Sat, 13 Apr 2024 21:50:30 +0800 Subject: [PATCH 7/8] Fix JWT expiry value not being parsed --- charts/supabase/templates/rest/deployment.yaml | 6 +++--- charts/supabase/templates/secrets/db.yaml | 2 +- charts/supabase/templates/test/secretrefs.yaml | 1 - charts/supabase/values.yaml | 4 ++-- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/charts/supabase/templates/rest/deployment.yaml b/charts/supabase/templates/rest/deployment.yaml index 8fc7fd6..e877fa6 100644 --- a/charts/supabase/templates/rest/deployment.yaml +++ b/charts/supabase/templates/rest/deployment.yaml @@ -85,15 +85,15 @@ spec: name: {{ include "supabase.secret.jwt" . }} key: secret {{- end }} - - name: JWT_EXPIRY + - name: PGRST_APP_SETTINGS_JWT_SECRET valueFrom: secretKeyRef: {{- if .Values.secret.jwt.secretRef }} name: {{ .Values.secret.jwt.secretRef }} - key: {{ .Values.secret.jwt.secretRefKey.expiry | default "expiry" }} + key: {{ .Values.secret.jwt.secretRefKey.secret | default "secret" }} {{- else }} name: {{ include "supabase.secret.jwt" . }} - key: expiry + key: secret {{- end }} {{- with .Values.rest.livenessProbe }} livenessProbe: diff --git a/charts/supabase/templates/secrets/db.yaml b/charts/supabase/templates/secrets/db.yaml index 5128699..8cd9791 100644 --- a/charts/supabase/templates/secrets/db.yaml +++ b/charts/supabase/templates/secrets/db.yaml @@ -9,7 +9,7 @@ type: Opaque data: {{- range $key, $value := .Values.secret.db }} {{- if $value }} -{{- if eq (typeOf $value) "string" }} +{{- if or (eq (typeOf $value) "string") (eq (typeOf $value) "numeric") }} {{ $key }}: {{ $value | b64enc }} {{- end }} {{- end }} diff --git a/charts/supabase/templates/test/secretrefs.yaml b/charts/supabase/templates/test/secretrefs.yaml index 50a0558..51245ac 100644 --- a/charts/supabase/templates/test/secretrefs.yaml +++ b/charts/supabase/templates/test/secretrefs.yaml @@ -14,7 +14,6 @@ data: anonKey: ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5QWdDaUFnSUNBaWNtOXNaU0k2SUNKaGJtOXVJaXdLSUNBZ0lDSnBjM01pT2lBaWMzVndZV0poYzJVdFpHVnRieUlzQ2lBZ0lDQWlhV0YwSWpvZ01UWTBNVGMyT1RJd01Dd0tJQ0FnSUNKbGVIQWlPaUF4TnprNU5UTTFOakF3Q24wLmRjX1g1aVJfVlBfcVQwenNpeWpfSV9PWjJUOUZ0UlUyQkJOV044QnU0R0U= serviceKey: ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5QWdDaUFnSUNBaWNtOXNaU0k2SUNKelpYSjJhV05sWDNKdmJHVWlMQW9nSUNBZ0ltbHpjeUk2SUNKemRYQmhZbUZ6WlMxa1pXMXZJaXdLSUNBZ0lDSnBZWFFpT2lBeE5qUXhOelk1TWpBd0xBb2dJQ0FnSW1WNGNDSTZJREUzT1RrMU16VTJNREFLZlEuRGFZbE5Fb1VyckVuMklnN3RxaWJTLVBISzV2Z3VzYmNibzdYMzZYVnQ0UQ== secret: eW91ci1zdXBlci1zZWNyZXQtand0LXRva2VuLXdpdGgtYXQtbGVhc3QtMzItY2hhcmFjdGVycy1sb25n - expiry: MzYwMA== {{- end }} {{- if .Values.secret.smtp.secretRef }} --- diff --git a/charts/supabase/values.yaml b/charts/supabase/values.yaml index 9f8e379..62dbe13 100644 --- a/charts/supabase/values.yaml +++ b/charts/supabase/values.yaml @@ -21,7 +21,6 @@ secret: anonKey: "" serviceKey: "" secret: "" - expiry: 3600 # specify existing secret, which takes precedence over variables above secretRef: "" # override secret keys for existing secret refs @@ -29,7 +28,6 @@ secret: anonKey: anonKey serviceKey: serviceKey secret: secret - expiry: expiry # database credentials # these fields must be provided even if using external database db: @@ -125,6 +123,7 @@ db: POSTGRES_HOST: /var/run/postgresql PGPORT: "5432" POSTGRES_PORT: "5432" + JWT_EXP: 3600 # POSTGRES_HOST_AUTH_METHOD: md5 # Enable SSL for postgres by specifying paths for mounted certificate key pair # POSTGRES_SSL_CERT: /path/to/ssl/server.crt @@ -388,6 +387,7 @@ rest: PGRST_DB_SCHEMAS: public,storage,graphql_public PGRST_DB_ANON_ROLE: anon PGRST_DB_USE_LEGACY_GUCS: false + PGRST_APP_SETTINGS_JWT_EXP: 3600 # volumeMounts: # - name: volume_name # mountPath: /path/to/my/secret From 1614614837b16f20bb631ae9dee152d0ea3eb8ed Mon Sep 17 00:00:00 2001 From: drpsyko101 Date: Sat, 13 Apr 2024 23:20:58 +0800 Subject: [PATCH 8/8] Fix minio secret handling * Add note to vector volume mount --- charts/supabase/templates/secrets/_helpers.tpl | 16 ++++++++++++++++ .../supabase/templates/storage/deployment.yaml | 12 +++++++++++- charts/supabase/values.example.yaml | 3 +++ 3 files changed, 30 insertions(+), 1 deletion(-) diff --git a/charts/supabase/templates/secrets/_helpers.tpl b/charts/supabase/templates/secrets/_helpers.tpl index 1b167a8..61d74ec 100644 --- a/charts/supabase/templates/secrets/_helpers.tpl +++ b/charts/supabase/templates/secrets/_helpers.tpl @@ -39,3 +39,19 @@ Expand the name of the s3 secret. {{- define "supabase.secret.s3" -}} {{- printf "%s-s3" (include "supabase.fullname" .) }} {{- end -}} + +{{/* +Check if both s3 keys are valid +*/}} +{{- define "supabase.secret.s3.isValid" -}} +{{- $isValid := "false" -}} +{{- if .Values.secret.s3.keyId -}} +{{- if .Values.secret.s3.accessKey -}} +{{- printf "true" -}} +{{- else -}} +{{- printf "false" -}} +{{- end -}} +{{- else -}} +{{- printf "false" -}} +{{- end -}} +{{- end -}} diff --git a/charts/supabase/templates/storage/deployment.yaml b/charts/supabase/templates/storage/deployment.yaml index 4b93977..b045429 100644 --- a/charts/supabase/templates/storage/deployment.yaml +++ b/charts/supabase/templates/storage/deployment.yaml @@ -170,17 +170,27 @@ spec: - name: IMGPROXY_URL value: http://{{ include "supabase.imgproxy.fullname" . }}:{{ .Values.imgproxy.service.port | int }} {{- end }} - {{- if .Values.secret.s3 }} + {{- if eq (include "supabase.secret.s3.isValid" .) "true" }} - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: + {{- if .Values.secret.s3.secretRef }} + name: {{ .Values.secret.s3.secretRef }} + key: {{ .Values.secret.s3.secretRefKey.keyId | default "keyId" }} + {{- else }} name: {{ include "supabase.secret.s3" . }} key: keyId + {{- end }} - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: + {{- if .Values.secret.s3.secretRef }} + name: {{ .Values.secret.s3.secretRef }} + key: {{ .Values.secret.s3.secretRefKey.keyId | default "accessKey" }} + {{- else }} name: {{ include "supabase.secret.s3" . }} key: accessKey + {{- end }} {{- end }} {{- if .Values.minio.enabled }} - name: GLOBAL_S3_ENDPOINT diff --git a/charts/supabase/values.example.yaml b/charts/supabase/values.example.yaml index 835c8b1..c8f46e0 100644 --- a/charts/supabase/values.example.yaml +++ b/charts/supabase/values.example.yaml @@ -138,6 +138,9 @@ vector: path: /health port: 9001 initialDelaySeconds: 3 + ## Vector requires logs from the control plane to function. + ## This is normally stored in /var/log/pods + ## Modify these values according to your environment. volumeMounts: - name: pod-logs mountPath: /var/log/pods