Update image tags

* add minio service (disabled by default) * set tests to use existing images to speed up testing * remove `db.image.repository` redundant example value * remove `studio.image.repository` redundant example value

Update image tags
c6d3f1d5 · drpsyko101 · 0e8e4c28 · c6d3f1d5 · c6d3f1d5 · c6d3f1d5
Commit c6d3f1d5 authored 1 year ago by drpsyko101
--- a/charts/supabase/README.md
+++ b/charts/supabase/README.md
@@ -143,6 +143,34 @@ secret:
    apiKey: your-super-secret-with-at-least-32-characters-long-logflare-key
 ```

+### S3 secret
+
+Supabase storage supports the use of S3 object-storage. To enable S3 for Supabase storage:
+
+1. Set S3 key ID and access key:
+  ```yaml
+   secret:
+    s3:
+      keyId: your-s3-key-id
+      accessKey: your-s3-access-key
+  ```
+2. Set storage S3 environment variables:
+  ```yaml
+  storage:
+    environment:
+      # Set S3 endpoint if using external object-storage
+      # GLOBAL_S3_ENDPOINT: http://minio:9000
+      STORAGE_BACKEND: s3
+      GLOBAL_S3_PROTOCOL: http
+      GLOBAL_S3_FORCE_PATH_STYLE: true
+      AWS_DEFAULT_REGION: stub
+  ```
+3. (Optional) Enable internal minio deployment
+  ```yaml
+  minio:
+    enabled: true
+  ```
+
 ## How to use in Production

 We didn't provide a complete configuration to go production because of the multiple possibility.

--- a/charts/supabase/templates/minio/_helpers.tpl
+++ b/charts/supabase/templates/minio/_helpers.tpl
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "supabase.minio.name" -}}
+{{- default (print .Chart.Name "-minio") .Values.minio.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "supabase.minio.fullname" -}}
+{{- if .Values.minio.fullnameOverride }}
+{{- .Values.minio.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default (print .Chart.Name "-minio") .Values.minio.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "supabase.minio.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "supabase.minio.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "supabase.minio.serviceAccountName" -}}
+{{- if .Values.minio.serviceAccount.create }}
+{{- default (include "supabase.minio.fullname" .) .Values.minio.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.minio.serviceAccount.name }}
+{{- end }}
+{{- end }}
--- a/charts/supabase/templates/minio/deployment.yaml
+++ b/charts/supabase/templates/minio/deployment.yaml
+{{- if .Values.minio.enabled -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "supabase.minio.fullname" . }}
+  labels:
+    {{- include "supabase.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.minio.autoscaling.enabled }}
+  replicas: {{ .Values.minio.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "supabase.minio.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.minio.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "supabase.minio.selectorLabels" . | nindent 8 }}
+    spec:
+      restartPolicy: Always
+      {{- with .Values.minio.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "supabase.minio.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.minio.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ include "supabase.minio.name" $ }}
+          securityContext:
+            {{- toYaml .Values.minio.securityContext | nindent 12 }}
+          image: "{{ .Values.minio.image.repository }}:{{ .Values.minio.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.minio.image.pullPolicy }}
+          args:
+            - server
+            - --console-address
+            - ":9001"
+            - /data
+          env:
+            - name: MINIO_ROOT_USER
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "supabase.secret.s3" . }}
+                  key: keyId
+            - name: MINIO_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "supabase.secret.s3" . }}
+                  key: accessKey
+          {{- with .Values.minio.livenessProbe }}
+          livenessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.minio.readinessProbe }}
+          readinessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          ports:
+            - name: http
+              containerPort: 9000
+              protocol: TCP
+          {{- with .Values.minio.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+          {{- with .Values.minio.volumeMounts }}
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+            - mountPath: /data
+              name: minio-data
+      {{- with .Values.minio.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.minio.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.minio.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: minio-data
+          {{- if .Values.minio.persistence.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ include "supabase.minio.fullname" . }}-pvc
+          {{- else }}
+          emptyDir:
+            medium: ""
+          {{- end }}
+        {{- with .Values.minio.volumes }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+{{- end }}
\ No newline at end of file
--- a/charts/supabase/templates/minio/service.yaml
+++ b/charts/supabase/templates/minio/service.yaml
+{{- if .Values.minio.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "supabase.minio.fullname" . }}
+  labels:
+    {{- include "supabase.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.minio.service.type }}
+  ports:
+    - port: {{ .Values.minio.service.port }}
+      targetPort: 9000
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "supabase.minio.selectorLabels" . | nindent 4 }}
+{{- end }}
\ No newline at end of file
--- a/charts/supabase/templates/minio/serviceaccount.yaml
+++ b/charts/supabase/templates/minio/serviceaccount.yaml
+{{- if .Values.minio.enabled -}}
+{{- if .Values.minio.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "supabase.minio.serviceAccountName" . }}
+  labels:
+    {{- include "supabase.labels" . | nindent 4 }}
+  {{- with .Values.minio.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
--- a/charts/supabase/templates/minio/volume.yaml
+++ b/charts/supabase/templates/minio/volume.yaml
+{{- if .Values.minio.enabled -}}
+{{- if .Values.minio.persistence.enabled -}}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "supabase.minio.fullname" . }}-pvc
+  labels:
+    {{- include "supabase.labels" . | nindent 4 }}
+  {{- with .Values.minio.persistence.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.minio.persistence.minioClassName }}
+  minioClassName: {{ .Values.minio.persistence.minioClassName }}
+  {{- end }}
+  accessModes:
+  {{- range .Values.minio.persistence.accessModes }}
+    - {{ . | quote }}
+  {{- end }}
+  resources:
+    requests:
+      minio: {{ .Values.minio.persistence.size | quote }}
+{{- end }}
+{{- end }}
\ No newline at end of file
--- a/charts/supabase/templates/secrets/_helpers.tpl
+++ b/charts/supabase/templates/secrets/_helpers.tpl
@@ -32,3 +32,10 @@ Expand the name of the analytics secret.
 {{- define "supabase.secret.analytics" -}}
 {{- printf "%s-analytics" (include "supabase.fullname" .) }}
 {{- end -}}
+
+{{/*
+Expand the name of the s3 secret.
+*/}}
+{{- define "supabase.secret.s3" -}}
+{{- printf "%s-s3" (include "supabase.fullname" .) }}
+{{- end -}}
--- a/charts/supabase/templates/secrets/s3.yaml
+++ b/charts/supabase/templates/secrets/s3.yaml
+{{- if .Values.secret.s3 }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "supabase.secret.s3" . }}
+  labels:
+    {{- include "supabase.labels" . | nindent 4 }}
+type: Opaque
+data:
+{{- range $key, $value := .Values.secret.s3 }}
+  {{ $key }}: {{ $value | toString | b64enc }}
+{{- end }}
+{{- end }}
--- a/charts/supabase/templates/storage/deployment.yaml
+++ b/charts/supabase/templates/storage/deployment.yaml
@@ -55,6 +55,31 @@ spec:
              sleep 2
              done
            - echo "Database is ready"
+        {{- if .Values.minio.enabled }}
+        - env:
+            - name: MINIO_ROOT_USER
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "supabase.secret.s3" . }}
+                  key: keyId
+            - name: MINIO_ROOT_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "supabase.secret.s3" . }}
+                  key: accessKey
+          name: init-bucket
+          image: minio/mc
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/sh
+            - -c
+            - |
+              until /usr/bin/mc alias set supa-minio http://{{ include "supabase.minio.fullname" . }}:{{ .Values.minio.service.port }} $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD; do
+                echo "Waiting for minio to start..."
+                sleep 2
+              done
+              /usr/bin/mc mb supa-minio/stub
+        {{- end }}
      containers:
        - name: {{ include "supabase.storage.name" $ }}
          securityContext:
@@ -110,6 +135,22 @@ spec:
            - name: IMGPROXY_URL
              value: http://{{ include "supabase.imgproxy.fullname" . }}:{{ .Values.imgproxy.service.port | int }}
            {{- end }}
+            {{- if .Values.secret.s3 }}
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "supabase.secret.s3" . }}
+                  key: keyId
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "supabase.secret.s3" . }}
+                  key: accessKey
+            {{- end }}
+            {{- if .Values.minio.enabled }}
+            - name: GLOBAL_S3_ENDPOINT
+              value: http://{{ include "supabase.minio.fullname" . }}:{{ default 9000 .Values.minio.service.port }}
+            {{- end }}
          {{- with .Values.storage.livenessProbe }}
          livenessProbe:
            {{- toYaml . | nindent 12 }}

--- a/charts/supabase/templates/test/analytics.yaml
+++ b/charts/supabase/templates/test/analytics.yaml
@@ -14,6 +14,7 @@ spec:
      containers:
        - name: test-analytics
          image: kdevup/curljq
+          imagePullPolicy: IfNotPresent
          command:
            - /bin/bash
            - -c

--- a/charts/supabase/templates/test/auth.yaml
+++ b/charts/supabase/templates/test/auth.yaml
@@ -14,6 +14,7 @@ spec:
      containers:
        - name: test-auth
          image: kdevup/curljq
+          imagePullPolicy: IfNotPresent
          command:
            - /bin/bash
            - -c

--- a/charts/supabase/templates/test/imgproxy.yaml
+++ b/charts/supabase/templates/test/imgproxy.yaml
@@ -14,6 +14,7 @@ spec:
      containers:
        - name: test-imgproxy
          image: kdevup/curljq
+          imagePullPolicy: IfNotPresent
          command:
            - /bin/bash
            - -c

--- a/charts/supabase/templates/test/kong.yaml
+++ b/charts/supabase/templates/test/kong.yaml
@@ -25,6 +25,7 @@ spec:
                  name: {{ include "supabase.fullname" . }}-dashboard
          name: test-kong
          image: kdevup/curljq
+          imagePullPolicy: IfNotPresent
          command:
            - /bin/bash
            - -c

--- a/charts/supabase/templates/test/meta.yaml
+++ b/charts/supabase/templates/test/meta.yaml
@@ -14,6 +14,7 @@ spec:
      containers:
        - name: test-meta
          image: kdevup/curljq
+          imagePullPolicy: IfNotPresent
          command:
            - /bin/bash
            - -c

--- a/charts/supabase/templates/test/minio.yaml
+++ b/charts/supabase/templates/test/minio.yaml
+{{- if .Values.minio.enabled -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "supabase.fullname" . }}-test-minio
+  labels:
+    {{- include "supabase.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  ttlSecondsAfterFinished: 100
+  template:
+    spec:
+      containers:
+        - name: test-minio
+          image: kdevup/curljq
+          command:
+            - /bin/bash
+            - -c
+            - |
+              curl -sfo /dev/null \
+                http://{{ include "supabase.minio.fullname" . }}:{{ .Values.minio.service.port }}/minio/health/live
+              echo "Sevice {{ include "supabase.minio.fullname" . }} is healthy."
+      restartPolicy: Never
+{{- end }}
--- a/charts/supabase/templates/test/realtime.yaml
+++ b/charts/supabase/templates/test/realtime.yaml
@@ -14,6 +14,7 @@ spec:
      containers:
        - name: test-realtime
          image: kdevup/curljq
+          imagePullPolicy: IfNotPresent
          command:
            - /bin/bash
            - -c

--- a/charts/supabase/templates/test/rest.yaml
+++ b/charts/supabase/templates/test/rest.yaml
@@ -14,6 +14,7 @@ spec:
      containers:
        - name: test-rest
          image: kdevup/curljq
+          imagePullPolicy: IfNotPresent
          command:
            - /bin/bash
            - -c

--- a/charts/supabase/templates/test/storage.yaml
+++ b/charts/supabase/templates/test/storage.yaml
@@ -14,6 +14,7 @@ spec:
      containers:
        - name: test-storage
          image: kdevup/curljq
+          imagePullPolicy: IfNotPresent
          command:
            - /bin/bash
            - -c

--- a/charts/supabase/templates/test/studio.yaml
+++ b/charts/supabase/templates/test/studio.yaml
@@ -14,6 +14,7 @@ spec:
      containers:
        - name: test-studio
          image: kdevup/curljq
+          imagePullPolicy: IfNotPresent
          command:
            - /bin/bash
            - -c

--- a/charts/supabase/values.example.yaml
+++ b/charts/supabase/values.example.yaml
@@ -19,7 +19,6 @@ secret:
 db:
  enabled: true
  image:
-    repository: supabase/postgres
    tag: 15.1.0.147
  livenessProbe:
    exec:
@@ -33,8 +32,7 @@ db:

 studio:
  image:
-    repository: supabase/studio
-    tag: 20231023-7e2cd92
+    tag: 20240101-8e4a094
  environment:
    STUDIO_DEFAULT_ORGANIZATION: "My Organization"
    STUDIO_DEFAULT_PROJECT: "My Project"
@@ -48,7 +46,7 @@ studio:

 auth:
  image:
-    tag: v2.125.1
+    tag: v2.132.3
  environment:
    API_EXTERNAL_URL: http://example.com
    GOTRUE_SITE_URL: http://example.com
@@ -65,7 +63,7 @@ rest:

 realtime:
  image:
-    tag: v2.10.1
+    tag: v2.25.50
  livenessProbe:
    httpGet:
      path: /
@@ -143,4 +141,4 @@ vector:

 functions:
  image:
-    tag: v1.29.1
+    tag: v1.32.0