Skip to content
Snippets Groups Projects
Commit 768670e4 authored by Remi  PLANEL's avatar Remi PLANEL
Browse files

update to match docker-compose version

parent a9f60740
Branches
No related tags found
No related merge requests found
Pipeline #154541 passed
......@@ -37,20 +37,18 @@ spec:
command: ["/bin/sh", "-c"]
args:
- |
echo "Creating new PGDATA directory in PVC (for subpath)..."
mkdir -p /var/lib/postgresql/data/postgres-data
echo "Copying init scripts into existing image script directory..."
cp -r /docker-entrypoint-initdb.d/* /initdb.d/
# init-scripts
cp /custom-init-scripts/98-webhooks.sql /initdb.d/init-scripts/
cp /custom-init-scripts/99-roles.sql /initdb.d/init-scripts/
cp /custom-init-scripts/99-jwt.sql /initdb.d/init-scripts/
# migrations
cp /custom-init-scripts/99-realtime.sql /initdb.d/migrations/
cp /custom-init-scripts/97-_supabase.sql /initdb.d/migrations/
cp /custom-init-scripts/99-logs.sql /initdb.d/migrations/
cp /custom-init-scripts/99-pooler.sql /initdb.d/migrations/
cp /custom-init-scripts/99-realtime.sql /initdb.d/migrations/99-realtime.sql
cp /custom-init-scripts/98-webhooks.sql /initdb.d/init-scripts/98-webhooks.sql
cp /custom-init-scripts/99-roles.sql /initdb.d/init-scripts/99-roles.sql
# Initialize the database settings with JWT_SECRET and JWT_EXP
cp /custom-init-scripts/99-jwt.sql /initdb.d/init-scripts/99-jwt.sql
cp /custom-init-scripts/97-_supabase.sql /initdb.d/migrations/97-_supabase.sql
cp /custom-init-scripts/99-logs.sql /initdb.d/migrations/99-logs.sql
cp /custom-init-scripts/99-pooler.sql /initdb.d/migrations/99-pooler.sql
echo "Copying user-defined migration scripts..."
cp /custom-migrations/* /initdb.d/migrations/ || echo "Skip migrations"
......
......@@ -10,26 +10,31 @@ data:
\set jwt_secret `echo "$JWT_SECRET"`
\set jwt_exp `echo "$JWT_EXP"`
ALTER DATABASE postgres SET "app.settings.jwt_secret" TO :jwt_secret;
ALTER DATABASE postgres SET "app.settings.jwt_exp" TO :jwt_exp;
ALTER DATABASE postgres SET "app.settings.jwt_secret" TO :'jwt_secret';
ALTER DATABASE postgres SET "app.settings.jwt_exp" TO :'jwt_exp';
99-logs.sql: |
\set pguser `echo "$POSTGRES_USER"`
\c _supabase
create schema if not exists _analytics;
alter schema _analytics owner to :pguser;
\c postgres
\c postgres
99-realtime.sql: |
\set pguser `echo "$POSTGRES_USER"`
create schema if not exists _realtime;
alter schema _realtime owner to :pguser;
99-pooler.sql: |
\set pguser `echo "$POSTGRES_USER"`
\c _supabase
create schema if not exists _supavisor;
alter schema _supavisor owner to :pguser;
\c postgres
99-roles.sql: |
-- NOTE: change to your own passwords for production environments
\set pgpass `echo "$POSTGRES_PASSWORD"`
......@@ -38,8 +43,8 @@ data:
ALTER USER pgbouncer WITH PASSWORD :'pgpass';
ALTER USER supabase_auth_admin WITH PASSWORD :'pgpass';
ALTER USER supabase_functions_admin WITH PASSWORD :'pgpass';
ALTER USER supabase_storage_admin WITH PASSWORD :'pgpass';
ALTER USER supabase_storage_admin WITH PASSWORD :'pgpass';
98-webhooks.sql: |
BEGIN;
-- Create pg_net extension
......@@ -84,29 +89,29 @@ data:
IF url IS NULL OR url = 'null' THEN
RAISE EXCEPTION 'url argument is missing';
END IF;
IF method IS NULL OR method = 'null' THEN
RAISE EXCEPTION 'method argument is missing';
END IF;
IF TG_ARGV[2] IS NULL OR TG_ARGV[2] = 'null' THEN
headers = '{"Content-Type": "application/json"}'::jsonb;
ELSE
headers = TG_ARGV[2]::jsonb;
END IF;
IF TG_ARGV[3] IS NULL OR TG_ARGV[3] = 'null' THEN
params = '{}'::jsonb;
ELSE
params = TG_ARGV[3]::jsonb;
END IF;
IF TG_ARGV[4] IS NULL OR TG_ARGV[4] = 'null' THEN
timeout_ms = 1000;
ELSE
timeout_ms = TG_ARGV[4]::integer;
END IF;
CASE
WHEN method = 'GET' THEN
SELECT http_get INTO request_id FROM net.http_get(
......@@ -123,7 +128,7 @@ data:
'table', TG_TABLE_NAME,
'schema', TG_TABLE_SCHEMA
);
SELECT http_post INTO request_id FROM net.http_post(
url,
payload,
......@@ -134,12 +139,12 @@ data:
ELSE
RAISE EXCEPTION 'method argument % is invalid', method;
END CASE;
INSERT INTO supabase_functions.hooks
(hook_table_id, hook_name, request_id)
VALUES
(TG_RELID, TG_NAME, request_id);
RETURN NEW;
END
$function$;
......@@ -252,6 +257,7 @@ data:
97-_supabase.sql: |
\set pguser `echo "$POSTGRES_USER"`
CREATE DATABASE _supabase WITH OWNER :pguser;
......
......@@ -142,11 +142,12 @@ data:
- anon
{{- end }}
{{- if .Values.realtime.enabled }}
- name: realtime-v1
- name: realtime-v1-ws
_comment: "Realtime: /realtime/v1/* -> ws://{{ include "supabase.realtime.fullname" . }}:{{ .Values.realtime.service.port }}/socket/*"
url: http://{{ include "supabase.realtime.fullname" . }}:{{ .Values.realtime.service.port }}/socket
protocol: ws
routes:
- name: realtime-v1-all
- name: realtime-v1-ws
strip_path: true
paths:
- /realtime/v1/
......@@ -161,6 +162,26 @@ data:
allow:
- admin
- anon
- name: realtime-v1-rest
_comment: 'Realtime: /realtime/v1/* -> ws://ws://{{ include "supabase.realtime.fullname" . }}:{{ .Values.realtime.service.port }}/socket/*'
url: http://{{ include "supabase.realtime.fullname" . }}:{{ .Values.realtime.service.port }}/api
protocol: http
routes:
- name: realtime-v1-rest
strip_path: true
paths:
- /realtime/v1/api
plugins:
- name: cors
- name: key-auth
config:
hide_credentials: false
- name: acl
config:
hide_groups_header: true
allow:
- admin
- anon
{{- end }}
{{- if .Values.storage.enabled }}
- name: storage-v1
......
......@@ -186,7 +186,8 @@ data:
method: 'post'
request:
retry_max_duration_secs: 10
uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=gotrue.logs.prod&api_key=SECRET[credentials.logflare_api_key]'
encoding:
uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=gotrue.logs.prod&api_key={{ required "LOGFLARE_API_KEY is required" .Values.analytics.apiKey }}'
logflare_realtime:
type: 'http'
inputs:
......@@ -196,7 +197,7 @@ data:
method: 'post'
request:
retry_max_duration_secs: 10
uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=realtime.logs.prod&api_key=SECRET[credentials.logflare_api_key]'
uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=realtime.logs.prod&api_key={{ required "LOGFLARE_API_KEY is required" .Values.analytics.apiKey }}'
logflare_rest:
type: 'http'
inputs:
......@@ -206,7 +207,7 @@ data:
method: 'post'
request:
retry_max_duration_secs: 10
uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=postgREST.logs.prod&api_key=SECRET[credentials.logflare_api_key]'
uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=postgREST.logs.prod&api_key={{ required "LOGFLARE_API_KEY is required" .Values.analytics.apiKey }}'
logflare_db:
type: 'http'
inputs:
......@@ -219,7 +220,7 @@ data:
# We must route the sink through kong because ingesting logs before logflare is fully initialised will
# lead to broken queries from studio. This works by the assumption that containers are started in the
# following order: vector > db > logflare > kong
uri: 'http://{{ include "supabase.kong.fullname" . }}:{{ .Values.kong.service.port }}/analytics/v1/api/logs?source_name=postgres.logs&api_key=SECRET[credentials.logflare_api_key]'
uri: 'http://{{ include "supabase.kong.fullname" . }}:{{ .Values.kong.service.port }}/analytics/v1/api/logs?source_name=postgres.logs&api_key={{ required "LOGFLARE_API_KEY is required" .Values.analytics.apiKey }}'
logflare_functions:
type: 'http'
inputs:
......@@ -229,7 +230,7 @@ data:
method: 'post'
request:
retry_max_duration_secs: 10
uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=deno-relay-logs&api_key=SECRET[credentials.logflare_api_key]'
uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=deno-relay-logs&api_key={{ required "LOGFLARE_API_KEY is required" .Values.analytics.apiKey }}'
logflare_storage:
type: 'http'
inputs:
......@@ -239,7 +240,7 @@ data:
method: 'post'
request:
retry_max_duration_secs: 10
uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=storage.logs.prod.2&api_key=SECRET[credentials.logflare_api_key]'
uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=storage.logs.prod.2&api_key={{ required "LOGFLARE_API_KEY is required" .Values.analytics.apiKey }}'
logflare_kong:
type: 'http'
inputs:
......@@ -250,6 +251,6 @@ data:
method: 'post'
request:
retry_max_duration_secs: 10
uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=cloudflare.logs.prod&api_key=SECRET[credentials.logflare_api_key]'
uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=cloudflare.logs.prod&api_key={{ required "LOGFLARE_API_KEY is required" .Values.analytics.apiKey }}'
{{- end }}
{{- end }}
\ No newline at end of file
......@@ -91,7 +91,7 @@ db:
image:
repository: supabase/postgres
pullPolicy: IfNotPresent
tag: "latest"
tag: 15.8.1.060
imagePullSecrets: []
replicaCount: 1
nameOverride: ""
......@@ -179,7 +179,7 @@ studio:
image:
repository: supabase/studio
pullPolicy: IfNotPresent
tag: "latest"
tag: 20250317-6955350
imagePullSecrets: []
replicaCount: 1
nameOverride: ""
......@@ -255,7 +255,7 @@ auth:
image:
repository: supabase/gotrue
pullPolicy: IfNotPresent
tag: "latest"
tag: "v2.170.0"
imagePullSecrets: []
replicaCount: 1
nameOverride: ""
......@@ -357,7 +357,7 @@ rest:
image:
repository: postgrest/postgrest
pullPolicy: IfNotPresent
tag: "latest"
tag: "v12.2.8"
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
......@@ -449,16 +449,16 @@ realtime:
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext:
runAsUser: 65534
podSecurityContext: {}
# runAsUser: 65534
# fsGroup: 2000
securityContext:
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65534
# runAsNonRoot: true
# runAsUser: 65534
service:
type: ClusterIP
port: 4000
......@@ -516,7 +516,7 @@ meta:
image:
repository: supabase/postgres-meta
pullPolicy: IfNotPresent
tag: "latest"
tag: "v0.87.1"
imagePullSecrets: []
replicaCount: 1
nameOverride: ""
......@@ -592,7 +592,7 @@ storage:
image:
repository: supabase/storage-api
pullPolicy: IfNotPresent
tag: "latest"
tag: "v1.19.3"
imagePullSecrets: []
replicaCount: 1
nameOverride: ""
......@@ -616,7 +616,7 @@ storage:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
runAsNonRoot: true
runAsUser: 1000
service:
type: ClusterIP
......@@ -688,7 +688,7 @@ imgproxy:
image:
repository: darthsim/imgproxy
pullPolicy: IfNotPresent
tag: "latest"
tag: "v3.8.0"
imagePullSecrets: []
replicaCount: 1
nameOverride: ""
......@@ -768,7 +768,7 @@ kong:
image:
repository: kong
pullPolicy: IfNotPresent
tag: "latest"
tag: "2.8.1"
imagePullSecrets: []
replicaCount: 1
nameOverride: ""
......@@ -864,7 +864,7 @@ analytics:
image:
repository: supabase/logflare
pullPolicy: IfNotPresent
tag: "latest"
tag: "1.12.0"
imagePullSecrets: []
replicaCount: 1
nameOverride: ""
......@@ -904,6 +904,7 @@ analytics:
LOGFLARE_SINGLE_TENANT: "true"
LOGFLARE_SUPABASE_MODE: "true"
FEATURE_FLAG_OVERRIDE: multibackend=true
LOGFLARE_MIN_CLUSTER_SIZE: 1
# Enable Big Query backend for analytics
bigQuery:
enabled: false
......@@ -949,12 +950,16 @@ vector:
image:
repository: timberio/vector
pullPolicy: IfNotPresent
tag: "latest"
tag: "0.28.1-alpine"
imagePullSecrets: []
replicaCount: 1
nameOverride: ""
fullnameOverride: ""
livenessProbe: {}
livenessProbe:
httpGet:
path: /health
port: 9001
initialDelaySeconds: 3
readinessProbe: {}
serviceAccount:
# Specifies whether a service account should be created
......@@ -1017,7 +1022,7 @@ functions:
image:
repository: supabase/edge-runtime
pullPolicy: IfNotPresent
tag: "latest"
tag: "v1.67.4"
imagePullSecrets: []
replicaCount: 1
nameOverride: ""
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment