From a5d5e021898118ae894f974bb000fc58b2ed3d1f Mon Sep 17 00:00:00 2001
From: drpsyko101 <drpsyko101@gmail.com>
Date: Sun, 7 Apr 2024 13:59:09 +0800
Subject: [PATCH] Add support for custom secretRef keys
---
.../templates/analytics/deployment.yaml | 14 ++++++----
.../supabase/templates/auth/deployment.yaml | 20 +++++++++-----
charts/supabase/templates/db/deployment.yaml | 15 +++++++----
.../templates/functions/deployment.yaml | 17 +++++++-----
.../supabase/templates/kong/deployment.yaml | 12 ++++++---
.../supabase/templates/meta/deployment.yaml | 6 +++--
.../templates/realtime/deployment.yaml | 15 +++++++----
.../supabase/templates/rest/deployment.yaml | 14 ++++++----
.../supabase/templates/secrets/analytics.yaml | 2 +-
.../supabase/templates/secrets/dashboard.yaml | 2 ++
charts/supabase/templates/secrets/db.yaml | 2 ++
charts/supabase/templates/secrets/jwt.yaml | 2 ++
charts/supabase/templates/secrets/s3.yaml | 2 ++
charts/supabase/templates/secrets/smtp.yaml | 2 ++
.../templates/storage/deployment.yaml | 20 +++++++++-----
.../supabase/templates/studio/deployment.yaml | 6 +++--
charts/supabase/templates/test/db.yaml | 3 ++-
.../supabase/templates/vector/deployment.yaml | 3 ++-
charts/supabase/values.yaml | 26 +++++++++++++++++++
19 files changed, 132 insertions(+), 51 deletions(-)
diff --git a/charts/supabase/templates/analytics/deployment.yaml b/charts/supabase/templates/analytics/deployment.yaml
index 2b4b800..3c4f585 100644
--- a/charts/supabase/templates/analytics/deployment.yaml
+++ b/charts/supabase/templates/analytics/deployment.yaml
@@ -44,10 +44,11 @@ spec:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.username | default "username" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: username
+ {{- end }}
- name: DB_PORT
value: {{ .Values.analytics.environment.DB_PORT | quote }}
command: ["/bin/sh", "-c"]
@@ -78,16 +79,17 @@ spec:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.password | default "password" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: password
+ {{- end }}
- name: DB_PASSWORD_ENC
valueFrom:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
- key: password
+ key: {{ .Values.secret.db.secretRefKey.password | default "password" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
key: password_encoded
@@ -97,19 +99,21 @@ spec:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.database | default "database" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: database
+ {{- end }}
- name: LOGFLARE_API_KEY
valueFrom:
secretKeyRef:
{{- if .Values.secret.analytics.secretRef }}
name: {{ .Values.secret.analytics.secretRef }}
+ key: {{ .Values.secret.analytics.secretRefKey.apiKey | default "apiKey" }}
{{- else }}
name: {{ include "supabase.secret.analytics" . }}
- {{- end }}
key: apiKey
+ {{- end }}
{{- if .Values.analytics.bigQuery.enabled }}
- name: GOOGLE_PROJECT_ID
value: {{ .Values.analytics.bigQuery.projectId | quote }}
diff --git a/charts/supabase/templates/auth/deployment.yaml b/charts/supabase/templates/auth/deployment.yaml
index 3fa161e..f383045 100644
--- a/charts/supabase/templates/auth/deployment.yaml
+++ b/charts/supabase/templates/auth/deployment.yaml
@@ -44,10 +44,11 @@ spec:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.username | default "username" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: username
+ {{- end }}
- name: DB_PORT
value: {{ .Values.auth.environment.DB_PORT | quote }}
command: ["/bin/sh", "-c"]
@@ -78,16 +79,17 @@ spec:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.password | default "password" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: password
+ {{- end }}
- name: DB_PASSWORD_ENC
valueFrom:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
- key: password
+ key: {{ .Values.secret.db.secretRefKey.password | default "password" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
key: password_encoded
@@ -97,10 +99,11 @@ spec:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.database | default "database" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: database
+ {{- end }}
- name: GOTRUE_DB_DATABASE_URL
value: $(DB_DRIVER)://$(DB_USER):$(DB_PASSWORD_ENC)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?search_path=auth&sslmode=$(DB_SSL)
- name: GOTRUE_DB_DRIVER
@@ -110,28 +113,31 @@ spec:
secretKeyRef:
{{- if .Values.secret.jwt.secretRef }}
name: {{ .Values.secret.jwt.secretRef }}
+ key: {{ .Values.secret.jwt.secretRefKey.secret | default "secret" }}
{{- else }}
name: {{ include "supabase.secret.jwt" . }}
- {{- end }}
key: secret
+ {{- end }}
- name: GOTRUE_SMTP_USER
valueFrom:
secretKeyRef:
{{- if .Values.secret.smtp.secretRef }}
name: {{ .Values.secret.smtp.secretRef }}
+ key: {{ .Values.secret.smtp.secretRefKey.username | default "username" }}
{{- else }}
name: {{ include "supabase.secret.smtp" . }}
- {{- end }}
key: username
+ {{- end }}
- name: GOTRUE_SMTP_PASS
valueFrom:
secretKeyRef:
{{- if .Values.secret.smtp.secretRef }}
name: {{ .Values.secret.smtp.secretRef }}
+ key: {{ .Values.secret.smtp.secretRefKey.password | default "password" }}
{{- else }}
name: {{ include "supabase.secret.smtp" . }}
- {{- end }}
key: password
+ {{- end }}
{{- with .Values.auth.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
diff --git a/charts/supabase/templates/db/deployment.yaml b/charts/supabase/templates/db/deployment.yaml
index fb4e988..75f3c8e 100644
--- a/charts/supabase/templates/db/deployment.yaml
+++ b/charts/supabase/templates/db/deployment.yaml
@@ -68,46 +68,51 @@ spec:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.username | default "username" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: username
+ {{- end }}
- name: PGPASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.password | default "password" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: password
+ {{- end }}
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.password | default "password" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: password
+ {{- end }}
- name: PGDATABASE
valueFrom:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.database | default "database" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: database
+ {{- end }}
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.database | default "database" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: database
+ {{- end }}
{{- with .Values.db.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
diff --git a/charts/supabase/templates/functions/deployment.yaml b/charts/supabase/templates/functions/deployment.yaml
index a3c5328..2272689 100644
--- a/charts/supabase/templates/functions/deployment.yaml
+++ b/charts/supabase/templates/functions/deployment.yaml
@@ -54,16 +54,17 @@ spec:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.password | default "password" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: password
+ {{- end }}
- name: DB_PASSWORD_ENC
valueFrom:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
- key: password
+ key: {{ .Values.secret.db.secretRefKey.password | default "password" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
key: password_encoded
@@ -73,37 +74,41 @@ spec:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.database | default "database" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: database
+ {{- end }}
- name: JWT_SECRET
valueFrom:
secretKeyRef:
{{- if .Values.secret.jwt.secretRef }}
name: {{ .Values.secret.jwt.secretRef }}
+ key: {{ .Values.secret.jwt.secretRefKey.secret | default "secret" }}
{{- else }}
name: {{ include "supabase.secret.jwt" . }}
- {{- end }}
key: secret
+ {{- end }}
- name: SUPABASE_ANON_KEY
valueFrom:
secretKeyRef:
{{- if .Values.secret.jwt.secretRef }}
name: {{ .Values.secret.jwt.secretRef }}
+ key: {{ .Values.secret.jwt.secretRefKey.anonKey | default "anonKey" }}
{{- else }}
name: {{ include "supabase.secret.jwt" . }}
- {{- end }}
key: anonKey
+ {{- end }}
- name: SUPABASE_SERVICE_ROLE_KEY
valueFrom:
secretKeyRef:
{{- if .Values.secret.jwt.secretRef }}
name: {{ .Values.secret.jwt.secretRef }}
+ key: {{ .Values.secret.jwt.secretRefKey.serviceKey | default "serviceKey" }}
{{- else }}
name: {{ include "supabase.secret.jwt" . }}
- {{- end }}
key: serviceKey
+ {{- end }}
- name: POSTGRES_BACKEND_URL
value: $(DB_DRIVER)://$(DB_USERNAME):$(DB_PASSWORD_ENC)@$(DB_HOSTNAME):$(DB_PORT)/$(DB_DATABASE)?search_path=auth&sslmode=$(DB_SSL)
{{- with .Values.functions.livenessProbe }}
diff --git a/charts/supabase/templates/kong/deployment.yaml b/charts/supabase/templates/kong/deployment.yaml
index 4ecc159..fcedfbb 100644
--- a/charts/supabase/templates/kong/deployment.yaml
+++ b/charts/supabase/templates/kong/deployment.yaml
@@ -46,38 +46,42 @@ spec:
secretKeyRef:
{{- if .Values.secret.jwt.secretRef }}
name: {{ .Values.secret.jwt.secretRef }}
+ key: {{ .Values.secret.jwt.secretRefKey.anonKey | default "anonKey" }}
{{- else }}
name: {{ include "supabase.secret.jwt" . }}
- {{- end }}
key: anonKey
+ {{- end }}
- name: SUPABASE_SERVICE_KEY
valueFrom:
secretKeyRef:
{{- if .Values.secret.jwt.secretRef }}
name: {{ .Values.secret.jwt.secretRef }}
+ key: {{ .Values.secret.jwt.secretRefKey.serviceKey | default "serviceKey" }}
{{- else }}
name: {{ include "supabase.secret.jwt" . }}
- {{- end }}
key: serviceKey
+ {{- end }}
{{- if .Values.secret.dashboard }}
- name: DASHBOARD_USERNAME
valueFrom:
secretKeyRef:
{{- if .Values.secret.dashboard.secretRef }}
name: {{ .Values.secret.dashboard.secretRef }}
+ key: {{ .Values.secret.dashboard.secretRefKey.username | default "username" }}
{{- else }}
name: {{ include "supabase.secret.dashboard" . }}
- {{- end }}
key: username
+ {{- end }}
- name: DASHBOARD_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.secret.dashboard.secretRef }}
name: {{ .Values.secret.dashboard.secretRef }}
+ key: {{ .Values.secret.dashboard.secretRefKey.password | default "password" }}
{{- else }}
name: {{ include "supabase.secret.dashboard" . }}
- {{- end }}
key: password
+ {{- end }}
{{- end }}
{{- with .Values.kong.livenessProbe }}
livenessProbe:
diff --git a/charts/supabase/templates/meta/deployment.yaml b/charts/supabase/templates/meta/deployment.yaml
index 80f4ce1..2dac17b 100644
--- a/charts/supabase/templates/meta/deployment.yaml
+++ b/charts/supabase/templates/meta/deployment.yaml
@@ -48,19 +48,21 @@ spec:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.password | default "password" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: password
+ {{- end }}
- name: DB_NAME
valueFrom:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.database | default "database" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: database
+ {{- end }}
- name: PG_META_DB_HOST
value: $(DB_HOST)
- name: PG_META_DB_PORT
diff --git a/charts/supabase/templates/realtime/deployment.yaml b/charts/supabase/templates/realtime/deployment.yaml
index 06ddb30..4083a46 100644
--- a/charts/supabase/templates/realtime/deployment.yaml
+++ b/charts/supabase/templates/realtime/deployment.yaml
@@ -44,10 +44,11 @@ spec:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.username | default "username" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: username
+ {{- end }}
- name: DB_PORT
value: {{ .Values.analytics.environment.DB_PORT | quote }}
command: ["/bin/sh", "-c"]
@@ -80,37 +81,41 @@ spec:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.password | default "password" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: password
+ {{- end }}
- name: DB_NAME
valueFrom:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.database | default "database" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: database
+ {{- end }}
- name: JWT_SECRET
valueFrom:
secretKeyRef:
{{- if .Values.secret.jwt.secretRef }}
name: {{ .Values.secret.jwt.secretRef }}
+ key: {{ .Values.secret.jwt.secretRefKey.secret | default "secret" }}
{{- else }}
name: {{ include "supabase.secret.jwt" . }}
- {{- end }}
key: secret
+ {{- end }}
- name: API_JWT_SECRET
valueFrom:
secretKeyRef:
{{- if .Values.secret.jwt.secretRef }}
name: {{ .Values.secret.jwt.secretRef }}
+ key: {{ .Values.secret.jwt.secretRefKey.secret | default "secret" }}
{{- else }}
name: {{ include "supabase.secret.jwt" . }}
- {{- end }}
key: secret
+ {{- end }}
{{- with .Values.realtime.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
diff --git a/charts/supabase/templates/rest/deployment.yaml b/charts/supabase/templates/rest/deployment.yaml
index 538d9d7..8fc7fd6 100644
--- a/charts/supabase/templates/rest/deployment.yaml
+++ b/charts/supabase/templates/rest/deployment.yaml
@@ -48,16 +48,17 @@ spec:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.password | default "password" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: password
+ {{- end }}
- name: DB_PASSWORD_ENC
valueFrom:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
- key: password
+ key: {{ .Values.secret.db.secretRefKey.password | default "password" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
key: password_encoded
@@ -67,10 +68,11 @@ spec:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.database | default "database" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: database
+ {{- end }}
- name: PGRST_DB_URI
value: $(DB_DRIVER)://$(DB_USER):$(DB_PASSWORD_ENC)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?sslmode=$(DB_SSL)
- name: PGRST_JWT_SECRET
@@ -78,19 +80,21 @@ spec:
secretKeyRef:
{{- if .Values.secret.jwt.secretRef }}
name: {{ .Values.secret.jwt.secretRef }}
+ key: {{ .Values.secret.jwt.secretRefKey.secret | default "secret" }}
{{- else }}
name: {{ include "supabase.secret.jwt" . }}
- {{- end }}
key: secret
+ {{- end }}
- name: JWT_EXPIRY
valueFrom:
secretKeyRef:
{{- if .Values.secret.jwt.secretRef }}
name: {{ .Values.secret.jwt.secretRef }}
+ key: {{ .Values.secret.jwt.secretRefKey.expiry | default "expiry" }}
{{- else }}
name: {{ include "supabase.secret.jwt" . }}
- {{- end }}
key: expiry
+ {{- end }}
{{- with .Values.rest.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
diff --git a/charts/supabase/templates/secrets/analytics.yaml b/charts/supabase/templates/secrets/analytics.yaml
index 83e7b42..8710542 100644
--- a/charts/supabase/templates/secrets/analytics.yaml
+++ b/charts/supabase/templates/secrets/analytics.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.secret.analytics }}
+{{- if not .Values.secret.analytics.secretRef }}
apiVersion: v1
kind: Secret
metadata:
diff --git a/charts/supabase/templates/secrets/dashboard.yaml b/charts/supabase/templates/secrets/dashboard.yaml
index f81ef57..d0db4c7 100644
--- a/charts/supabase/templates/secrets/dashboard.yaml
+++ b/charts/supabase/templates/secrets/dashboard.yaml
@@ -1,4 +1,5 @@
{{- if .Values.secret.dashboard }}
+{{- if not .Values.secret.dashboard.secretRef }}
apiVersion: v1
kind: Secret
metadata:
@@ -11,3 +12,4 @@ data:
{{ $key }}: {{ $value | b64enc }}
{{- end }}
{{- end }}
+{{- end }}
diff --git a/charts/supabase/templates/secrets/db.yaml b/charts/supabase/templates/secrets/db.yaml
index 1a6a26e..21f5735 100644
--- a/charts/supabase/templates/secrets/db.yaml
+++ b/charts/supabase/templates/secrets/db.yaml
@@ -1,3 +1,4 @@
+{{- if not .Values.secret.db }}
apiVersion: v1
kind: Secret
metadata:
@@ -10,3 +11,4 @@ data:
{{ $key }}: {{ $value | b64enc }}
{{- end }}
password_encoded: {{ .Values.secret.db.password | urlquery | b64enc }}
+{{- end }}
diff --git a/charts/supabase/templates/secrets/jwt.yaml b/charts/supabase/templates/secrets/jwt.yaml
index 5622d23..b8d4296 100644
--- a/charts/supabase/templates/secrets/jwt.yaml
+++ b/charts/supabase/templates/secrets/jwt.yaml
@@ -1,4 +1,5 @@
{{- if .Values.secret.jwt }}
+{{- if not .Values.secret.jwt.secretRef }}
apiVersion: v1
kind: Secret
metadata:
@@ -11,3 +12,4 @@ data:
{{ $key }}: {{ $value | toString | b64enc }}
{{- end }}
{{- end }}
+{{- end }}
diff --git a/charts/supabase/templates/secrets/s3.yaml b/charts/supabase/templates/secrets/s3.yaml
index 1752e65..510610b 100644
--- a/charts/supabase/templates/secrets/s3.yaml
+++ b/charts/supabase/templates/secrets/s3.yaml
@@ -1,4 +1,5 @@
{{- if .Values.secret.s3 }}
+{{- if not .Values.secret.s3.secretRef }}
apiVersion: v1
kind: Secret
metadata:
@@ -11,3 +12,4 @@ data:
{{ $key }}: {{ $value | toString | b64enc }}
{{- end }}
{{- end }}
+{{- end }}
diff --git a/charts/supabase/templates/secrets/smtp.yaml b/charts/supabase/templates/secrets/smtp.yaml
index 38b70b7..4dd4a93 100644
--- a/charts/supabase/templates/secrets/smtp.yaml
+++ b/charts/supabase/templates/secrets/smtp.yaml
@@ -1,4 +1,5 @@
{{- if .Values.secret.smtp }}
+{{- if not .Values.secret.smtp.secretRef }}
apiVersion: v1
kind: Secret
metadata:
@@ -11,3 +12,4 @@ data:
{{ $key }}: {{ $value | b64enc }}
{{- end }}
{{- end }}
+{{- end }}
diff --git a/charts/supabase/templates/storage/deployment.yaml b/charts/supabase/templates/storage/deployment.yaml
index 6132783..4b93977 100644
--- a/charts/supabase/templates/storage/deployment.yaml
+++ b/charts/supabase/templates/storage/deployment.yaml
@@ -45,10 +45,11 @@ spec:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.username | default "username" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: username
+ {{- end }}
- name: DB_PORT
value: {{ .Values.analytics.environment.DB_PORT | quote }}
command: ["/bin/sh", "-c"]
@@ -108,16 +109,17 @@ spec:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.password | default "password" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: password
+ {{- end }}
- name: DB_PASSWORD_ENC
valueFrom:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
- key: password
+ key: {{ .Values.secret.db.secretRefKey.password | default "password" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
key: password_encoded
@@ -127,10 +129,11 @@ spec:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.database | default "database" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: database
+ {{- end }}
- name: DATABASE_URL
value: $(DB_DRIVER)://$(DB_USER):$(DB_PASSWORD_ENC)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?search_path=auth&sslmode=$(DB_SSL)
- name: PGRST_JWT_SECRET
@@ -138,28 +141,31 @@ spec:
secretKeyRef:
{{- if .Values.secret.jwt.secretRef }}
name: {{ .Values.secret.jwt.secretRef }}
+ key: {{ .Values.secret.jwt.secretRefKey.secret | default "secret" }}
{{- else }}
name: {{ include "supabase.secret.jwt" . }}
- {{- end }}
key: secret
+ {{- end }}
- name: ANON_KEY
valueFrom:
secretKeyRef:
{{- if .Values.secret.jwt.secretRef }}
name: {{ .Values.secret.jwt.secretRef }}
+ key: {{ .Values.secret.jwt.secretRefKey.anonKey | default "anonKey" }}
{{- else }}
name: {{ include "supabase.secret.jwt" . }}
- {{- end }}
key: anonKey
+ {{- end }}
- name: SERVICE_KEY
valueFrom:
secretKeyRef:
{{- if .Values.secret.jwt.secretRef }}
name: {{ .Values.secret.jwt.secretRef }}
+ key: {{ .Values.secret.jwt.secretRefKey.serviceKey | default "serviceKey" }}
{{- else }}
name: {{ include "supabase.secret.jwt" . }}
- {{- end }}
key: serviceKey
+ {{- end }}
{{- if .Values.imgproxy.enabled }}
- name: IMGPROXY_URL
value: http://{{ include "supabase.imgproxy.fullname" . }}:{{ .Values.imgproxy.service.port | int }}
diff --git a/charts/supabase/templates/studio/deployment.yaml b/charts/supabase/templates/studio/deployment.yaml
index 90e9e16..dc4d9f8 100644
--- a/charts/supabase/templates/studio/deployment.yaml
+++ b/charts/supabase/templates/studio/deployment.yaml
@@ -52,19 +52,21 @@ spec:
secretKeyRef:
{{- if .Values.secret.jwt.secretRef }}
name: {{ .Values.secret.jwt.secretRef }}
+ key: {{ .Values.secret.jwt.secretRefKey.anonKey | default "anonKey" }}
{{- else }}
name: {{ include "supabase.secret.jwt" . }}
- {{- end }}
key: anonKey
+ {{- end }}
- name: SUPABASE_SERVICE_KEY
valueFrom:
secretKeyRef:
{{- if .Values.secret.jwt.secretRef }}
name: {{ .Values.secret.jwt.secretRef }}
+ key: {{ .Values.secret.jwt.secretRefKey.serviceKey | default "serviceKey" }}
{{- else }}
name: {{ include "supabase.secret.jwt" . }}
- {{- end }}
key: serviceKey
+ {{- end }}
{{- if .Values.analytics.enabled }}
- name: LOGFLARE_URL
value: http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}
diff --git a/charts/supabase/templates/test/db.yaml b/charts/supabase/templates/test/db.yaml
index 43a7be7..296bcc3 100644
--- a/charts/supabase/templates/test/db.yaml
+++ b/charts/supabase/templates/test/db.yaml
@@ -30,10 +30,11 @@ spec:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
+ key: {{ .Values.secret.db.secretRefKey.username | default "username" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
- {{- end }}
key: username
+ {{- end }}
- name: DB_PORT
value: {{ .Values.auth.environment.DB_PORT | quote }}
image: postgres:15-alpine
diff --git a/charts/supabase/templates/vector/deployment.yaml b/charts/supabase/templates/vector/deployment.yaml
index 890efcb..911ff08 100644
--- a/charts/supabase/templates/vector/deployment.yaml
+++ b/charts/supabase/templates/vector/deployment.yaml
@@ -54,10 +54,11 @@ spec:
secretKeyRef:
{{- if .Values.secret.analytics.secretRef }}
name: {{ .Values.secret.analytics.secretRef }}
+ key: {{ .Values.secret.analytics.secretRefKey.apiKey | default "apiKey" }}
{{- else }}
name: {{ include "supabase.secret.analytics" . }}
- {{- end }}
key: apiKey
+ {{- end }}
{{- end }}
{{- with .Values.vector.livenessProbe }}
livenessProbe:
diff --git a/charts/supabase/values.yaml b/charts/supabase/values.yaml
index 640120d..9f8e379 100644
--- a/charts/supabase/values.yaml
+++ b/charts/supabase/values.yaml
@@ -24,6 +24,12 @@ secret:
expiry: 3600
# specify existing secret, which takes precedence over variables above
secretRef: ""
+ # override secret keys for existing secret refs
+ secretRefKey:
+ anonKey: anonKey
+ serviceKey: serviceKey
+ secret: secret
+ expiry: expiry
# database credentials
# these fields must be provided even if using external database
db:
@@ -32,17 +38,29 @@ secret:
database: ""
# specify existing secret, which takes precedence over variables above
secretRef: ""
+ # override secret keys for existing secret refs
+ secretRefKey:
+ username: username
+ password: password
+ database: database
# analytics Logflare API key
analytics:
apiKey: ""
# specify existing secret, which takes precedence over variable above
secretRef: ""
+ # override secret keys for existing secret refs
+ secretRefKey:
+ apiKey: apiKey
# smtp will be used to reference secret including smtp credentials
smtp:
# username: ""
# password: ""
# specify existing secret, which takes precedence over variables above
# secretRef: ""
+ # override secret keys for existing secret refs
+ secretRefKey:
+ username: username
+ password: password
# secret used to access the studio dashboard
# leave it empty to disable dashboard authentication
dashboard:
@@ -50,12 +68,20 @@ secret:
# password: ""
# specify existing secret, which takes precedence over variables above
# secretRef: ""
+ # override secret keys for existing secret refs
+ secretRefKey:
+ username: username
+ password: password
# S3 credentials for storage object bucket
s3:
# keyId: ""
# accessKey: ""
# specify existing secret, which takes precedence over variables above
# secretRef: ""
+ # override secret keys for existing secret refs
+ secretRefKey:
+ keyId: keyId
+ accessKey: accessKey
# Optional: Postgres Database
# A standalone Postgres database configured to work with Supabase services.
--
GitLab