From 95199e5faed7a043426a45b4415e2c908387415f Mon Sep 17 00:00:00 2001 From: Luiz Felipe Machado Date: Sat, 22 Nov 2025 15:06:07 -0300 Subject: [PATCH 1/5] refactor: migrate project to Supabase 2025 updates --- charts/supabase/Chart.yaml | 2 +- .../templates/analytics/deployment.yaml | 44 +++----- .../supabase/templates/auth/deployment.yaml | 14 +-- .../supabase/templates/db/initdb.config.yaml | 36 ++++-- .../templates/db/migration.config.yaml | 2 +- charts/supabase/templates/db/service.yaml | 2 +- .../supabase/templates/db/serviceaccount.yaml | 2 +- .../db/{deployment.yaml => statefulset.yaml} | 34 +++--- .../templates/functions/deployment.yaml | 14 ++- .../templates/functions/functions.config.yaml | 104 +++++++++--------- charts/supabase/templates/kong/config.yaml | 2 +- .../supabase/templates/meta/deployment.yaml | 14 ++- .../templates/realtime/deployment.yaml | 26 +++-- .../supabase/templates/rest/deployment.yaml | 2 +- .../supabase/templates/secrets/_helpers.tpl | 14 +++ charts/supabase/templates/secrets/meta.yaml | 17 +++ .../supabase/templates/secrets/realtime.yaml | 19 ++++ .../templates/storage/deployment.yaml | 16 +-- .../supabase/templates/studio/deployment.yaml | 85 +++++++++++++- charts/supabase/templates/vector/config.yaml | 46 ++++---- .../supabase/templates/vector/deployment.yaml | 15 +-- charts/supabase/values.example.yaml | 37 ++++--- charts/supabase/values.yaml | 73 +++++++++--- 23 files changed, 401 insertions(+), 219 deletions(-) rename charts/supabase/templates/db/{deployment.yaml => statefulset.yaml} (89%) create mode 100644 charts/supabase/templates/secrets/meta.yaml create mode 100644 charts/supabase/templates/secrets/realtime.yaml diff --git a/charts/supabase/Chart.yaml b/charts/supabase/Chart.yaml index 92a3b4de..f373aa28 100644 --- a/charts/supabase/Chart.yaml +++ b/charts/supabase/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.3 +version: 0.2.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/supabase/templates/analytics/deployment.yaml b/charts/supabase/templates/analytics/deployment.yaml index 3c4f585c..22d6bbd1 100644 --- a/charts/supabase/templates/analytics/deployment.yaml +++ b/charts/supabase/templates/analytics/deployment.yaml @@ -40,21 +40,13 @@ spec: value: {{ .Values.analytics.environment.DB_HOST | quote }} {{- end }} - name: DB_USER - valueFrom: - secretKeyRef: - {{- if .Values.secret.db.secretRef }} - name: {{ .Values.secret.db.secretRef }} - key: {{ .Values.secret.db.secretRefKey.username | default "username" }} - {{- else }} - name: {{ include "supabase.secret.db" . }} - key: username - {{- end }} + value: $(DB_USERNAME) - name: DB_PORT value: {{ .Values.analytics.environment.DB_PORT | quote }} command: ["/bin/sh", "-c"] args: - | - until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U $(DB_USER); do + until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres; do echo "Waiting for database to start..." sleep 2 done @@ -70,10 +62,12 @@ spec: - name: {{ $key }} value: {{ $value | quote }} {{- end }} - {{- if .Values.db.enabled }} - name: DB_HOSTNAME - value: {{ include "supabase.db.fullname" . }} - {{- end }} + {{- if .Values.db.enabled }} + value: {{ include "supabase.db.fullname" . | quote }} + {{- else }} + value: {{ .Values.auth.environment.DB_HOST | quote }} + {{- end }} - name: DB_PASSWORD valueFrom: secretKeyRef: @@ -94,25 +88,25 @@ spec: name: {{ include "supabase.secret.db" . }} key: password_encoded {{- end }} - - name: DB_DATABASE + - name: LOGFLARE_PUBLIC_ACCESS_TOKEN valueFrom: secretKeyRef: - {{- if .Values.secret.db.secretRef }} - name: {{ .Values.secret.db.secretRef }} - key: {{ .Values.secret.db.secretRefKey.database | default "database" }} + {{- if .Values.secret.analytics.secretRef }} + name: {{ .Values.secret.analytics.secretRef }} + key: {{ .Values.secret.analytics.secretRefKey.publicAccessToken | default "apiKey" }} {{- else }} - name: {{ include "supabase.secret.db" . }} - key: database + name: {{ include "supabase.secret.analytics" . }} + key: publicAccessToken {{- end }} - - name: LOGFLARE_API_KEY + - name: LOGFLARE_PRIVATE_ACCESS_TOKEN valueFrom: secretKeyRef: {{- if .Values.secret.analytics.secretRef }} name: {{ .Values.secret.analytics.secretRef }} - key: {{ .Values.secret.analytics.secretRefKey.apiKey | default "apiKey" }} + key: {{ .Values.secret.analytics.secretRefKey.privateAccessToken | default "apiKey" }} {{- else }} name: {{ include "supabase.secret.analytics" . }} - key: apiKey + key: privateAccessToken {{- end }} {{- if .Values.analytics.bigQuery.enabled }} - name: GOOGLE_PROJECT_ID @@ -122,10 +116,6 @@ spec: {{- else }} - name: POSTGRES_BACKEND_URL value: $(DB_DRIVER)://$(DB_USERNAME):$(DB_PASSWORD_ENC)@$(DB_HOSTNAME):$(DB_PORT)/$(DB_DATABASE) - - name: POSTGRES_BACKEND_SCHEMA - value: $(DB_SCHEMA) - - name: LOGFLARE_FEATURE_FLAG_OVERRIDE - value: $(FEATURE_FLAG_OVERRIDE) {{- end }} {{- with .Values.analytics.livenessProbe }} livenessProbe: @@ -176,4 +166,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/supabase/templates/auth/deployment.yaml b/charts/supabase/templates/auth/deployment.yaml index 8f3bba38..cc8eafcd 100644 --- a/charts/supabase/templates/auth/deployment.yaml +++ b/charts/supabase/templates/auth/deployment.yaml @@ -39,22 +39,12 @@ spec: {{- else }} value: {{ .Values.auth.environment.DB_HOST | quote }} {{- end }} - - name: DB_USER - valueFrom: - secretKeyRef: - {{- if .Values.secret.db.secretRef }} - name: {{ .Values.secret.db.secretRef }} - key: {{ .Values.secret.db.secretRefKey.username | default "username" }} - {{- else }} - name: {{ include "supabase.secret.db" . }} - key: username - {{- end }} - name: DB_PORT value: {{ .Values.auth.environment.DB_PORT | quote }} command: ["/bin/sh", "-c"] args: - | - until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U $(DB_USER); do + until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres; do echo "Waiting for database to start..." sleep 2 done @@ -178,4 +168,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/supabase/templates/db/initdb.config.yaml b/charts/supabase/templates/db/initdb.config.yaml index 25f61ad2..7375dc8c 100644 --- a/charts/supabase/templates/db/initdb.config.yaml +++ b/charts/supabase/templates/db/initdb.config.yaml @@ -10,13 +10,21 @@ data: \set jwt_secret `echo "$JWT_SECRET"` \set jwt_exp `echo "$JWT_EXP"` - ALTER DATABASE postgres SET "app.settings.jwt_secret" TO :jwt_secret; - ALTER DATABASE postgres SET "app.settings.jwt_exp" TO :jwt_exp; - 99-logs.sql: | + ALTER DATABASE postgres SET "app.settings.jwt_secret" TO :'jwt_secret'; + ALTER DATABASE postgres SET "app.settings.jwt_exp" TO :'jwt_exp'; + 99-pooler.sql: | \set pguser `echo "$POSTGRES_USER"` + \c _supabase + create schema if not exists _supavisor; + alter schema _supavisor owner to :pguser; + \c postgres + 99-logs.sql: | + \set pguser `echo "$POSTGRES_USER"` + \c _supabase create schema if not exists _analytics; alter schema _analytics owner to :pguser; + \c postgres 99-realtime.sql: | \set pguser `echo "$POSTGRES_USER"` @@ -31,6 +39,10 @@ data: ALTER USER supabase_auth_admin WITH PASSWORD :'pgpass'; ALTER USER supabase_functions_admin WITH PASSWORD :'pgpass'; ALTER USER supabase_storage_admin WITH PASSWORD :'pgpass'; + 97-_supabase.sql: | + \set pguser `echo "$POSTGRES_USER"` + + CREATE DATABASE _supabase WITH OWNER :pguser; 98-webhooks.sql: | BEGIN; -- Create pg_net extension @@ -75,29 +87,29 @@ data: IF url IS NULL OR url = 'null' THEN RAISE EXCEPTION 'url argument is missing'; END IF; - + IF method IS NULL OR method = 'null' THEN RAISE EXCEPTION 'method argument is missing'; END IF; - + IF TG_ARGV[2] IS NULL OR TG_ARGV[2] = 'null' THEN headers = '{"Content-Type": "application/json"}'::jsonb; ELSE headers = TG_ARGV[2]::jsonb; END IF; - + IF TG_ARGV[3] IS NULL OR TG_ARGV[3] = 'null' THEN params = '{}'::jsonb; ELSE params = TG_ARGV[3]::jsonb; END IF; - + IF TG_ARGV[4] IS NULL OR TG_ARGV[4] = 'null' THEN timeout_ms = 1000; ELSE timeout_ms = TG_ARGV[4]::integer; END IF; - + CASE WHEN method = 'GET' THEN SELECT http_get INTO request_id FROM net.http_get( @@ -114,7 +126,7 @@ data: 'table', TG_TABLE_NAME, 'schema', TG_TABLE_SCHEMA ); - + SELECT http_post INTO request_id FROM net.http_post( url, payload, @@ -125,12 +137,12 @@ data: ELSE RAISE EXCEPTION 'method argument % is invalid', method; END CASE; - + INSERT INTO supabase_functions.hooks (hook_table_id, hook_name, request_id) VALUES (TG_RELID, TG_NAME, request_id); - + RETURN NEW; END $function$; @@ -240,4 +252,4 @@ data: REVOKE ALL ON FUNCTION supabase_functions.http_request() FROM PUBLIC; GRANT EXECUTE ON FUNCTION supabase_functions.http_request() TO postgres, anon, authenticated, service_role; COMMIT; -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/supabase/templates/db/migration.config.yaml b/charts/supabase/templates/db/migration.config.yaml index 77acec56..ebaab261 100644 --- a/charts/supabase/templates/db/migration.config.yaml +++ b/charts/supabase/templates/db/migration.config.yaml @@ -7,4 +7,4 @@ metadata: {{- include "supabase.labels" . | nindent 4 }} data: {{- toYaml .Values.db.config | nindent 2 }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/supabase/templates/db/service.yaml b/charts/supabase/templates/db/service.yaml index c8dc9fac..0c98226b 100644 --- a/charts/supabase/templates/db/service.yaml +++ b/charts/supabase/templates/db/service.yaml @@ -14,4 +14,4 @@ spec: name: http selector: {{- include "supabase.db.selectorLabels" . | nindent 4 }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/supabase/templates/db/serviceaccount.yaml b/charts/supabase/templates/db/serviceaccount.yaml index 204e3277..69fc6175 100644 --- a/charts/supabase/templates/db/serviceaccount.yaml +++ b/charts/supabase/templates/db/serviceaccount.yaml @@ -11,4 +11,4 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/supabase/templates/db/deployment.yaml b/charts/supabase/templates/db/statefulset.yaml similarity index 89% rename from charts/supabase/templates/db/deployment.yaml rename to charts/supabase/templates/db/statefulset.yaml index 314842ed..c87723a5 100644 --- a/charts/supabase/templates/db/deployment.yaml +++ b/charts/supabase/templates/db/statefulset.yaml @@ -1,6 +1,6 @@ {{- if .Values.db.enabled -}} apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: {{ include "supabase.db.fullname" . }} labels: @@ -39,8 +39,12 @@ spec: cp -r /docker-entrypoint-initdb.d/* /initdb.d/ cp /custom-init-scripts/98-webhooks.sql /initdb.d/init-scripts/ cp /custom-init-scripts/99-roles.sql /initdb.d/init-scripts/ + cp /custom-init-scripts/99-jwt.sql /initdb.d/init-scripts/ + cp /custom-init-scripts/99-logs.sql /initdb.d/migrations/ cp /custom-init-scripts/99-realtime.sql /initdb.d/migrations/ + cp /custom-init-scripts/97-_supabase.sql /initdb.d/migrations/ + cp /custom-init-scripts/99-pooler.sql /initdb.d/migrations/ echo "Copying user-defined migration scripts..." cp /custom-migrations/* /initdb.d/migrations/ || echo "Skip migrations" @@ -58,21 +62,15 @@ spec: {{- toYaml .Values.db.securityContext | nindent 12 }} image: "{{ .Values.db.image.repository }}:{{ .Values.db.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.db.image.pullPolicy }} + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "pg_ctl -D /var/lib/postgres/data -w -t 60 -m fast stop"] env: {{- range $key, $value := .Values.db.environment }} - name: {{ $key }} value: {{ $value | quote }} {{- end }} - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - {{- if .Values.secret.db.secretRef }} - name: {{ .Values.secret.db.secretRef }} - key: {{ .Values.secret.db.secretRefKey.username | default "username" }} - {{- else }} - name: {{ include "supabase.secret.db" . }} - key: username - {{- end }} - name: PGPASSWORD valueFrom: secretKeyRef: @@ -113,6 +111,16 @@ spec: name: {{ include "supabase.secret.db" . }} key: database {{- end }} + - name: JWT_SECRET + valueFrom: + secretKeyRef: + {{- if .Values.secret.jwt.secretRef }} + name: {{ .Values.secret.jwt.secretRef }} + key: {{ .Values.secret.jwt.secretRefKey.secret | default "database" }} + {{- else }} + name: {{ include "supabase.secret.jwt" . }} + key: secret + {{- end }} {{- with .Values.db.livenessProbe }} livenessProbe: {{- toYaml . | nindent 12 }} @@ -123,7 +131,7 @@ spec: {{- end }} ports: - name: http - containerPort: 9999 + containerPort: 5432 protocol: TCP volumeMounts: - mountPath: /docker-entrypoint-initdb.d @@ -170,4 +178,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/supabase/templates/functions/deployment.yaml b/charts/supabase/templates/functions/deployment.yaml index 22726897..3a8eb97b 100644 --- a/charts/supabase/templates/functions/deployment.yaml +++ b/charts/supabase/templates/functions/deployment.yaml @@ -38,11 +38,21 @@ spec: {{- toYaml .Values.functions.securityContext | nindent 12 }} image: "{{ .Values.functions.image.repository }}:{{ .Values.functions.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.functions.image.pullPolicy }} + {{- if .Values.functions.envFrom }} + envFrom: + {{- toYaml .Values.functions.envFrom | nindent 12 }} + {{- end }} env: {{- range $key, $value := .Values.functions.environment }} - name: {{ $key }} value: {{ $value | quote }} {{- end }} + + {{- if .Values.kong.enabled }} + - name: SUPABASE_URL + value: http://{{ include "supabase.kong.fullname" . }}:{{ .Values.kong.service.port }} + {{- end }} + - name: DB_HOSTNAME {{- if .Values.db.enabled }} value: {{ include "supabase.db.fullname" . }} @@ -109,7 +119,7 @@ spec: name: {{ include "supabase.secret.jwt" . }} key: serviceKey {{- end }} - - name: POSTGRES_BACKEND_URL + - name: SUPABASE_DB_URL value: $(DB_DRIVER)://$(DB_USERNAME):$(DB_PASSWORD_ENC)@$(DB_HOSTNAME):$(DB_PORT)/$(DB_DATABASE)?search_path=auth&sslmode=$(DB_SSL) {{- with .Values.functions.livenessProbe }} livenessProbe: @@ -148,4 +158,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/supabase/templates/functions/functions.config.yaml b/charts/supabase/templates/functions/functions.config.yaml index 8aed927d..6a24bad9 100644 --- a/charts/supabase/templates/functions/functions.config.yaml +++ b/charts/supabase/templates/functions/functions.config.yaml @@ -16,89 +16,89 @@ data: const VERIFY_JWT = Deno.env.get('VERIFY_JWT') === 'true' function getAuthToken(req: Request) { - const authHeader = req.headers.get('authorization') - if (!authHeader) { + const authHeader = req.headers.get('authorization') + if (!authHeader) { throw new Error('Missing authorization header') - } - const [bearer, token] = authHeader.split(' ') - if (bearer !== 'Bearer') { + } + const [bearer, token] = authHeader.split(' ') + if (bearer !== 'Bearer') { throw new Error(`Auth header is not 'Bearer {token}'`) - } - return token + } + return token } async function verifyJWT(jwt: string): Promise { - const encoder = new TextEncoder() - const secretKey = encoder.encode(JWT_SECRET) - try { + const encoder = new TextEncoder() + const secretKey = encoder.encode(JWT_SECRET) + try { await jose.jwtVerify(jwt, secretKey) - } catch (err) { + } catch (err) { console.error(err) return false - } - return true + } + return true } serve(async (req: Request) => { - if (req.method !== 'OPTIONS' && VERIFY_JWT) { + if (req.method !== 'OPTIONS' && VERIFY_JWT) { try { - const token = getAuthToken(req) - const isValidJWT = await verifyJWT(token) + const token = getAuthToken(req) + const isValidJWT = await verifyJWT(token) - if (!isValidJWT) { + if (!isValidJWT) { return new Response(JSON.stringify({ msg: 'Invalid JWT' }), { - status: 401, - headers: { 'Content-Type': 'application/json' }, + status: 401, + headers: { 'Content-Type': 'application/json' }, }) - } + } } catch (e) { - console.error(e) - return new Response(JSON.stringify({ msg: e.toString() }), { + console.error(e) + return new Response(JSON.stringify({ msg: e.toString() }), { status: 401, headers: { 'Content-Type': 'application/json' }, - }) + }) } - } + } - const url = new URL(req.url) - const { pathname } = url - const path_parts = pathname.split('/') - const service_name = path_parts[1] + const url = new URL(req.url) + const { pathname } = url + const path_parts = pathname.split('/') + const service_name = path_parts[1] - if (!service_name || service_name === '') { + if (!service_name || service_name === '') { const error = { msg: 'missing function name in request' } return new Response(JSON.stringify(error), { - status: 400, - headers: { 'Content-Type': 'application/json' }, + status: 400, + headers: { 'Content-Type': 'application/json' }, }) - } + } - const servicePath = `/home/deno/functions/${service_name}` - console.error(`serving the request with ${servicePath}`) + const servicePath = `/home/deno/functions/${service_name}` + console.error(`serving the request with ${servicePath}`) - const memoryLimitMb = 150 - const workerTimeoutMs = 1 * 60 * 1000 - const noModuleCache = false - const importMapPath = null - const envVarsObj = Deno.env.toObject() - const envVars = Object.keys(envVarsObj).map((k) => [k, envVarsObj[k]]) + const memoryLimitMb = 150 + const workerTimeoutMs = 1 * 60 * 1000 + const noModuleCache = false + const importMapPath = null + const envVarsObj = Deno.env.toObject() + const envVars = Object.keys(envVarsObj).map((k) => [k, envVarsObj[k]]) - try { + try { const worker = await EdgeRuntime.userWorkers.create({ - servicePath, - memoryLimitMb, - workerTimeoutMs, - noModuleCache, - importMapPath, - envVars, + servicePath, + memoryLimitMb, + workerTimeoutMs, + noModuleCache, + importMapPath, + envVars, }) return await worker.fetch(req) - } catch (e) { + } catch (e) { const error = { msg: e.toString() } return new Response(JSON.stringify(error), { - status: 500, - headers: { 'Content-Type': 'application/json' }, + status: 500, + headers: { 'Content-Type': 'application/json' }, }) - } + } }) -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/supabase/templates/kong/config.yaml b/charts/supabase/templates/kong/config.yaml index 2edd25af..84eeb8b5 100644 --- a/charts/supabase/templates/kong/config.yaml +++ b/charts/supabase/templates/kong/config.yaml @@ -177,7 +177,7 @@ data: {{- if .Values.functions.enabled }} - name: functions-v1 _comment: 'Edge Functions: /functions/v1/* -> http://{{ include "supabase.functions.fullname" . }}:{{ .Values.functions.service.port }}/*' - url: http://functions:{{ .Values.functions.service.port }}/ + url: http://{{ include "supabase.functions.fullname" . }}:{{ .Values.functions.service.port }}/ routes: - name: functions-v1-all strip_path: true diff --git a/charts/supabase/templates/meta/deployment.yaml b/charts/supabase/templates/meta/deployment.yaml index 2dac17b5..79336191 100644 --- a/charts/supabase/templates/meta/deployment.yaml +++ b/charts/supabase/templates/meta/deployment.yaml @@ -75,6 +75,18 @@ spec: value: $(DB_PASSWORD) - name: PG_META_DB_SSL_MODE value: $(DB_SSL) + - name: CRYPTO_KEY + valueFrom: + secretKeyRef: + {{- if .Values.secret.meta.secretRef }} + name: {{ .Values.secret.meta.secretRef }} + key: {{ .Values.secret.meta.secretRefKey.cryptoKey }} + {{- else }} + name: {{ include "supabase.secret.meta" . }} + key: cryptoKey + {{- end }} + + {{- with .Values.meta.livenessProbe }} livenessProbe: {{- toYaml . | nindent 12 }} @@ -111,4 +123,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/supabase/templates/realtime/deployment.yaml b/charts/supabase/templates/realtime/deployment.yaml index 4083a46f..f68b055f 100644 --- a/charts/supabase/templates/realtime/deployment.yaml +++ b/charts/supabase/templates/realtime/deployment.yaml @@ -39,22 +39,12 @@ spec: {{- else }} value: {{ .Values.auth.environment.DB_HOST | quote }} {{- end }} - - name: DB_USER - valueFrom: - secretKeyRef: - {{- if .Values.secret.db.secretRef }} - name: {{ .Values.secret.db.secretRef }} - key: {{ .Values.secret.db.secretRefKey.username | default "username" }} - {{- else }} - name: {{ include "supabase.secret.db" . }} - key: username - {{- end }} - name: DB_PORT value: {{ .Values.analytics.environment.DB_PORT | quote }} command: ["/bin/sh", "-c"] args: - | - until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U $(DB_USER); do + until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres; do echo "Waiting for database to start..." sleep 2 done @@ -116,6 +106,18 @@ spec: name: {{ include "supabase.secret.jwt" . }} key: secret {{- end }} + + - name: SECRET_KEY_BASE + valueFrom: + secretKeyRef: + {{- if .Values.secret.realtime.secretRef }} + name: {{ .Values.secret.realtime.secretRef }} + key: {{ .Values.secret.realtime.secretRefKey.secretKeyBase | default "secretKeyBase" }} + {{- else }} + name: {{ include "supabase.secret.realtime" . }} + key: secretKeyBase + {{- end }} + {{- with .Values.realtime.livenessProbe }} livenessProbe: {{- toYaml . | nindent 12 }} @@ -152,4 +154,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/supabase/templates/rest/deployment.yaml b/charts/supabase/templates/rest/deployment.yaml index e877fa6f..33be4e69 100644 --- a/charts/supabase/templates/rest/deployment.yaml +++ b/charts/supabase/templates/rest/deployment.yaml @@ -131,4 +131,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/supabase/templates/secrets/_helpers.tpl b/charts/supabase/templates/secrets/_helpers.tpl index 61d74ecc..a7241a30 100644 --- a/charts/supabase/templates/secrets/_helpers.tpl +++ b/charts/supabase/templates/secrets/_helpers.tpl @@ -33,6 +33,20 @@ Expand the name of the analytics secret. {{- printf "%s-analytics" (include "supabase.fullname" .) }} {{- end -}} +{{/* +Expand the name of the meta secret. +*/}} +{{- define "supabase.secret.meta" -}} +{{- printf "%s-meta" (include "supabase.fullname" .) }} +{{- end -}} + +{{/* +Expand the name of the realtime secret. +*/}} +{{- define "supabase.secret.realtime" -}} +{{- printf "%s-realtime" (include "supabase.fullname" .) }} +{{- end -}} + {{/* Expand the name of the s3 secret. */}} diff --git a/charts/supabase/templates/secrets/meta.yaml b/charts/supabase/templates/secrets/meta.yaml new file mode 100644 index 00000000..a62b5b84 --- /dev/null +++ b/charts/supabase/templates/secrets/meta.yaml @@ -0,0 +1,17 @@ +{{- if not .Values.secret.meta.secretRef }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "supabase.secret.meta" . }} + labels: + {{- include "supabase.labels" . | nindent 4 }} +type: Opaque +data: +{{- range $key, $value := .Values.secret.meta }} +{{- if $value }} +{{- if eq (typeOf $value) "string" }} + {{ $key }}: {{ $value | b64enc }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/supabase/templates/secrets/realtime.yaml b/charts/supabase/templates/secrets/realtime.yaml new file mode 100644 index 00000000..ca09eaef --- /dev/null +++ b/charts/supabase/templates/secrets/realtime.yaml @@ -0,0 +1,19 @@ +{{- if .Values.secret.realtime }} +{{- if not .Values.secret.realtime.secretRef }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "supabase.secret.realtime" . }} + labels: + {{- include "supabase.labels" . | nindent 4 }} +type: Opaque +data: +{{- range $key, $value := .Values.secret.realtime }} +{{- if $value }} +{{- if eq (typeOf $value) "string" }} + {{ $key }}: {{ $value | b64enc }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/supabase/templates/storage/deployment.yaml b/charts/supabase/templates/storage/deployment.yaml index b0454297..50a02cd7 100644 --- a/charts/supabase/templates/storage/deployment.yaml +++ b/charts/supabase/templates/storage/deployment.yaml @@ -40,22 +40,12 @@ spec: {{- else }} value: {{ .Values.auth.environment.DB_HOST | quote }} {{- end }} - - name: DB_USER - valueFrom: - secretKeyRef: - {{- if .Values.secret.db.secretRef }} - name: {{ .Values.secret.db.secretRef }} - key: {{ .Values.secret.db.secretRefKey.username | default "username" }} - {{- else }} - name: {{ include "supabase.secret.db" . }} - key: username - {{- end }} - name: DB_PORT value: {{ .Values.analytics.environment.DB_PORT | quote }} command: ["/bin/sh", "-c"] args: - | - until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U $(DB_USER); do + until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres; do echo "Waiting for database to start..." sleep 2 done @@ -186,7 +176,7 @@ spec: secretKeyRef: {{- if .Values.secret.s3.secretRef }} name: {{ .Values.secret.s3.secretRef }} - key: {{ .Values.secret.s3.secretRefKey.keyId | default "accessKey" }} + key: {{ .Values.secret.s3.secretRefKey.accessKey | default "accessKey" }} {{- else }} name: {{ include "supabase.secret.s3" . }} key: accessKey @@ -242,4 +232,4 @@ spec: {{- with .Values.storage.volumes }} {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/supabase/templates/studio/deployment.yaml b/charts/supabase/templates/studio/deployment.yaml index dc4d9f84..9c0b5bee 100644 --- a/charts/supabase/templates/studio/deployment.yaml +++ b/charts/supabase/templates/studio/deployment.yaml @@ -47,6 +47,57 @@ spec: - name: STUDIO_PG_META_URL value: http://{{ include "supabase.meta.fullname" . }}:{{ .Values.meta.service.port }} {{- end }} + + {{- if .Values.db.enabled }} + - name: POSTGRES_HOST + value: {{ include "supabase.db.fullname" . }} + {{- end }} + + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.database | default "database" }} + {{- else }} + name: {{ include "supabase.secret.db" . }} + key: database + {{- end }} + + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.secret.db.secretRef }} + name: {{ .Values.secret.db.secretRef }} + key: {{ .Values.secret.db.secretRefKey.password | default "password" }} + {{- else }} + name: {{ include "supabase.secret.db" . }} + key: password + {{- end }} + + - name: PG_META_CRYPTO_KEY + valueFrom: + secretKeyRef: + {{- if .Values.secret.meta.secretRef }} + name: {{ .Values.secret.meta.secretRef }} + key: {{ .Values.secret.meta.secretRefKey.cryptoKey | default "cryptoKey" }} + {{- else }} + name: {{ include "supabase.secret.meta" . }} + key: cryptoKey + {{- end }} + + + - name: OPENAI_API_KEY + valueFrom: + secretKeyRef: + {{- if .Values.secret.dashboard.secretRef }} + name: {{ .Values.secret.dashboard.secretRef }} + key: {{ .Values.secret.dashboard.secretRefKey.openAiApiKey | default "openAiApiKey" }} + {{- else }} + name: {{ include "supabase.secret.dashboard" . }} + key: openAiApiKey + {{- end }} + - name: SUPABASE_ANON_KEY valueFrom: secretKeyRef: @@ -57,6 +108,7 @@ spec: name: {{ include "supabase.secret.jwt" . }} key: anonKey {{- end }} + - name: SUPABASE_SERVICE_KEY valueFrom: secretKeyRef: @@ -67,14 +119,41 @@ spec: name: {{ include "supabase.secret.jwt" . }} key: serviceKey {{- end }} + + - name: AUTH_JWT_SECRET + valueFrom: + secretKeyRef: + {{- if .Values.secret.jwt.secretRef }} + name: {{ .Values.secret.jwt.secretRef }} + key: {{ .Values.secret.jwt.secretRefKey.secret | default "secret" }} + {{- else }} + name: {{ include "supabase.secret.jwt" . }} + key: secret + {{- end }} + {{- if .Values.analytics.enabled }} - name: LOGFLARE_URL value: http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }} - - name: LOGFLARE_API_KEY + - name: LOGFLARE_PUBLIC_ACCESS_TOKEN valueFrom: secretKeyRef: + {{- if .Values.secret.analytics.secretRef }} + name: {{ .Values.secret.analytics.secretRef }} + key: {{ .Values.secret.analytics.secretRefKey.publicAccessToken | default "apiKey" }} + {{- else }} name: {{ include "supabase.secret.analytics" . }} - key: apiKey + key: publicAccessToken + {{- end }} + - name: LOGFLARE_PRIVATE_ACCESS_TOKEN + valueFrom: + secretKeyRef: + {{- if .Values.secret.analytics.secretRef }} + name: {{ .Values.secret.analytics.secretRef }} + key: {{ .Values.secret.analytics.secretRefKey.privateAccessToken | default "apiKey" }} + {{- else }} + name: {{ include "supabase.secret.analytics" . }} + key: privateAccessToken + {{- end }} {{- end }} {{- with .Values.studio.livenessProbe }} livenessProbe: @@ -112,4 +191,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/supabase/templates/vector/config.yaml b/charts/supabase/templates/vector/config.yaml index df2e8973..e8fcf2b1 100644 --- a/charts/supabase/templates/vector/config.yaml +++ b/charts/supabase/templates/vector/config.yaml @@ -6,23 +6,7 @@ metadata: labels: {{- include "supabase.labels" . | nindent 4 }} data: - secret.sh: | - #!/bin/sh - cat << EOF - { - "logflare_api_key": { - "value": "$LOGFLARE_API_KEY", - "error": null - } - } - EOF vector.yml: | - secret: - credentials: - type: exec - command: - - /etc/vector/secret.sh - api: enabled: true address: 0.0.0.0:{{ .Values.vector.service.port }} @@ -186,7 +170,9 @@ data: method: 'post' request: retry_max_duration_secs: 10 - uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=gotrue.logs.prod&api_key=SECRET[credentials.logflare_api_key]' + headers: + x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required} + uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=gotrue.logs.prod' logflare_realtime: type: 'http' inputs: @@ -196,7 +182,9 @@ data: method: 'post' request: retry_max_duration_secs: 10 - uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=realtime.logs.prod&api_key=SECRET[credentials.logflare_api_key]' + headers: + x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required} + uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=realtime.logs.prod' logflare_rest: type: 'http' inputs: @@ -206,7 +194,9 @@ data: method: 'post' request: retry_max_duration_secs: 10 - uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=postgREST.logs.prod&api_key=SECRET[credentials.logflare_api_key]' + headers: + x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required} + uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=postgREST.logs.prod' logflare_db: type: 'http' inputs: @@ -216,10 +206,12 @@ data: method: 'post' request: retry_max_duration_secs: 10 + headers: + x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required} # We must route the sink through kong because ingesting logs before logflare is fully initialised will # lead to broken queries from studio. This works by the assumption that containers are started in the # following order: vector > db > logflare > kong - uri: 'http://{{ include "supabase.kong.fullname" . }}:{{ .Values.kong.service.port }}/analytics/v1/api/logs?source_name=postgres.logs&api_key=SECRET[credentials.logflare_api_key]' + uri: 'http://{{ include "supabase.kong.fullname" . }}:{{ .Values.kong.service.port }}/analytics/v1/api/logs?source_name=postgres.logs' logflare_functions: type: 'http' inputs: @@ -229,7 +221,9 @@ data: method: 'post' request: retry_max_duration_secs: 10 - uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=deno-relay-logs&api_key=SECRET[credentials.logflare_api_key]' + headers: + x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required} + uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=deno-relay-logs' logflare_storage: type: 'http' inputs: @@ -239,7 +233,9 @@ data: method: 'post' request: retry_max_duration_secs: 10 - uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=storage.logs.prod.2&api_key=SECRET[credentials.logflare_api_key]' + headers: + x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required} + uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=storage.logs.prod.2' logflare_kong: type: 'http' inputs: @@ -250,6 +246,8 @@ data: method: 'post' request: retry_max_duration_secs: 10 - uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=cloudflare.logs.prod&api_key=SECRET[credentials.logflare_api_key]' + headers: + x-api-key: ${LOGFLARE_PUBLIC_ACCESS_TOKEN?LOGFLARE_PUBLIC_ACCESS_TOKEN is required} + uri: 'http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/api/logs?source_name=cloudflare.logs.prod' {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/supabase/templates/vector/deployment.yaml b/charts/supabase/templates/vector/deployment.yaml index 911ff08d..2098c995 100644 --- a/charts/supabase/templates/vector/deployment.yaml +++ b/charts/supabase/templates/vector/deployment.yaml @@ -48,18 +48,18 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - {{- if .Values.analytics.enabled }} - - name: LOGFLARE_API_KEY + {{- if .Values.analytics.enabled }} + - name: LOGFLARE_PUBLIC_ACCESS_TOKEN valueFrom: secretKeyRef: {{- if .Values.secret.analytics.secretRef }} name: {{ .Values.secret.analytics.secretRef }} - key: {{ .Values.secret.analytics.secretRefKey.apiKey | default "apiKey" }} + key: {{ .Values.secret.analytics.secretRefKey.publicAccessToken | default "apiKey" }} {{- else }} name: {{ include "supabase.secret.analytics" . }} - key: apiKey + key: publicAccessToken {{- end }} - {{- end }} + {{- end }} {{- with .Values.vector.livenessProbe }} livenessProbe: {{- toYaml . | nindent 12 }} @@ -78,9 +78,6 @@ spec: - mountPath: /etc/vector/vector.yml name: vector-config subPath: vector.yml - - mountPath: /etc/vector/secret.sh - name: vector-config - subPath: secret.sh {{- with .Values.vector.resources }} resources: {{- toYaml . | nindent 12 }} @@ -105,4 +102,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/supabase/values.example.yaml b/charts/supabase/values.example.yaml index c8f46e05..24e5b04f 100644 --- a/charts/supabase/values.example.yaml +++ b/charts/supabase/values.example.yaml @@ -9,17 +9,22 @@ secret: dashboard: username: supabase password: this_password_is_insecure_and_should_be_updated + openAiApiKey: api-key db: - username: postgres password: example123456 database: postgres analytics: - apiKey: your-super-secret-and-long-logflare-key + publicAccessToken: your-super-secret-and-long-logflare-key-public + privateAccessToken: your-super-secret-and-long-logflare-key-private + realtime: + secretKeyBase: UpNVntn3cDxHJpq99YMc1T1AQgQpc8kfYTuRgBiYa15BLrx8etQoXz3gZv1/u2oq + meta: + cryptoKey: "your-super-secret-and-long-crypto-key" db: enabled: true image: - tag: 15.1.0.147 + tag: 15.8.1.085 livenessProbe: exec: command: @@ -32,12 +37,12 @@ db: studio: image: - tag: 20240326-5e5586d + tag: 2025.11.10-sha-5291fe3 environment: - STUDIO_DEFAULT_ORGANIZATION: "My Organization" - STUDIO_DEFAULT_PROJECT: "My Project" - SUPABASE_PUBLIC_URL: http://example.com/ - NEXT_PUBLIC_ENABLE_LOGS: "true" + DEFAULT_ORGANIZATION_NAME: Default Organization + DEFAULT_PROJECT_NAME: Default Project + SUPABASE_PUBLIC_URL: http://example.com + NEXT_PUBLIC_ENABLE_LOGS: true livenessProbe: httpGet: path: /api/profile @@ -46,7 +51,7 @@ studio: auth: image: - tag: v2.143.0 + tag: v2.182.1 environment: API_EXTERNAL_URL: http://example.com GOTRUE_SITE_URL: http://example.com @@ -59,11 +64,11 @@ auth: rest: image: - tag: v12.0.1 + tag: v13.0.7 realtime: image: - tag: v2.27.5 + tag: v2.63.0 livenessProbe: httpGet: path: / @@ -72,11 +77,11 @@ realtime: meta: image: - tag: v0.80.0 + tag: v0.93.1 storage: image: - tag: v0.46.4 + tag: v1.29.0 livenessProbe: httpGet: path: /status @@ -123,7 +128,7 @@ kong: analytics: image: - tag: 1.4.0 + tag: 1.22.6 livenessProbe: httpGet: path: /health @@ -132,7 +137,7 @@ analytics: vector: image: - tag: 0.34.0-alpine + tag: 0.28.1-alpine livenessProbe: httpGet: path: /health @@ -151,4 +156,4 @@ vector: functions: image: - tag: v1.41.2 + tag: v1.68.4 diff --git a/charts/supabase/values.yaml b/charts/supabase/values.yaml index 038c17a4..c948c5f1 100644 --- a/charts/supabase/values.yaml +++ b/charts/supabase/values.yaml @@ -31,24 +31,24 @@ secret: # database credentials # these fields must be provided even if using external database db: - username: "" password: "" database: "" # specify existing secret, which takes precedence over variables above secretRef: "" # override secret keys for existing secret refs secretRefKey: - username: username password: password database: database - # analytics Logflare API key + # analytics Logflare Public/Private access token analytics: - apiKey: "" + publicAccessToken: your-super-secret-and-long-logflare-key-public + privateAccessToken: your-super-secret-and-long-logflare-key-private # specify existing secret, which takes precedence over variable above secretRef: "" # override secret keys for existing secret refs secretRefKey: - apiKey: apiKey + publicAccessToken: publicAccessToken + privateAccessToken: privateAccessToken # smtp will be used to reference secret including smtp credentials smtp: # username: "" @@ -64,12 +64,14 @@ secret: dashboard: # username: "" # password: "" + # openAiApiKey: api-key # specify existing secret, which takes precedence over variables above # secretRef: "" # override secret keys for existing secret refs secretRefKey: username: username password: password + openAiApiKey: openAiApiKey # S3 credentials for storage object bucket s3: # keyId: "" @@ -80,6 +82,18 @@ secret: secretRefKey: keyId: keyId accessKey: accessKey + # Realtime environment + realtime: + secretKeyBase: UpNVntn3cDxHJpq99YMc1T1AQgQpc8kfYTuRgBiYa15BLrx8etQoXz3gZv1/u2oq + # secretRef: "" + secretRefKey: + secretKeyBase: secretKeyBase + # Meta environment + meta: + cryptoKey: "your-super-secret-and-long-crypto-key" + # secretRef: "" + secretRefKey: + cryptoKey: cryptoKey # Optional: Postgres Database # A standalone Postgres database configured to work with Supabase services. @@ -206,11 +220,13 @@ studio: type: ClusterIP port: 3000 environment: - STUDIO_DEFAULT_ORGANIZATION: Default Organization - STUDIO_DEFAULT_PROJECT: Default Project + HOSTNAME: "::" STUDIO_PORT: "3000" + POSTGRES_PORT: 5432 + DEFAULT_ORGANIZATION_NAME: Default Organization + DEFAULT_PROJECT_NAME: Default Project SUPABASE_PUBLIC_URL: http://example.com - NEXT_PUBLIC_ENABLE_LOGS: "true" + NEXT_PUBLIC_ENABLE_LOGS: true # Set value to bigquery to use Big Query backend for analytics NEXT_ANALYTICS_BACKEND_PROVIDER: postgres # postgres, bigquery # volumeMounts: @@ -299,18 +315,33 @@ auth: GOTRUE_JWT_EXP: "3600" GOTRUE_EXTERNAL_EMAIL_ENABLED: "true" GOTRUE_MAILER_AUTOCONFIRM: "true" + GOTRUE_EXTERNAL_ANONYMOUS_USERS_ENABLED: "false" # GOTRUE_MAILER_SECURE_EMAIL_CHANGE_ENABLED: true # GOTRUE_SMTP_MAX_FREQUENCY: 1s GOTRUE_SMTP_ADMIN_EMAIL: "SMTP_ADMIN_MAIL" GOTRUE_SMTP_HOST: "SMTP_HOST" - GOTRUE_SMTP_PORT: "SMTP_PORT" - GOTRUE_SMTP_SENDER_NAME: "SMTP_SENDER_NAME" + GOTRUE_SMTP_PORT: "123" GOTRUE_EXTERNAL_PHONE_ENABLED: "false" GOTRUE_SMS_AUTOCONFIRM: "false" + GOTRUE_SMTP_SENDER_NAME: "SMTP_SENDER_NAME" GOTRUE_MAILER_URLPATHS_INVITE: "/auth/v1/verify" GOTRUE_MAILER_URLPATHS_CONFIRMATION: "/auth/v1/verify" GOTRUE_MAILER_URLPATHS_RECOVERY: "/auth/v1/verify" GOTRUE_MAILER_URLPATHS_EMAIL_CHANGE: "/auth/v1/verify" + # Uncomment to enable custom access token hook. Please see: https://supabase.com/docs/guides/auth/auth-hooks for full list of hooks and additional details about custom_access_token_hook + # GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_ENABLED: "true" + # GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_URI: "pg-functions://postgres/public/custom_access_token_hook" + # GOTRUE_HOOK_CUSTOM_ACCESS_TOKEN_SECRETS: "" + # GOTRUE_HOOK_MFA_VERIFICATION_ATTEMPT_ENABLED: "true" + # GOTRUE_HOOK_MFA_VERIFICATION_ATTEMPT_URI: "pg-functions://postgres/public/mfa_verification_attempt" + # GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_ENABLED: "true" + # GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_URI: "pg-functions://postgres/public/password_verification_attempt" + # GOTRUE_HOOK_SEND_SMS_ENABLED: "false" + # GOTRUE_HOOK_SEND_SMS_URI: "pg-functions://postgres/public/custom_access_token_hook" + # GOTRUE_HOOK_SEND_SMS_SECRETS: "v1,whsec_VGhpcyBpcyBhbiBleGFtcGxlIG9mIGEgc2hvcnRlciBCYXNlNjQgc3RyaW5n" + # GOTRUE_HOOK_SEND_EMAIL_ENABLED: "false" + # GOTRUE_HOOK_SEND_EMAIL_URI: "http://host.docker.internal:54321/functions/v1/email_sender" + # GOTRUE_HOOK_SEND_EMAIL_SECRETS: "v1,whsec_VGhpcyBpcyBhbiBleGFtcGxlIG9mIGEgc2hvcnRlciBCYXNlNjQgc3RyaW5n" envFrom: [] # - secretRef: # name: env-secret @@ -463,15 +494,18 @@ realtime: DB_USER: supabase_admin DB_PORT: 5432 DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full - DB_AFTER_CONNECT_QUERY: "SET search_path TO _realtime" - DB_ENC_KEY: supabaserealtime PORT: "4000" FLY_ALLOC_ID: fly123 FLY_APP_NAME: realtime - SECRET_KEY_BASE: UpNVntn3cDxHJpq99YMc1T1AQgQpc8kfYTuRgBiYa15BLrx8etQoXz3gZv1/u2oq - ERL_AFLAGS: -proto_dist inet_tcp ENABLE_TAILSCALE: "false" + DB_AFTER_CONNECT_QUERY: "SET search_path TO _realtime" + DB_ENC_KEY: supabaserealtime + ERL_AFLAGS: -proto_dist inet_tcp DNS_NODES: "''" + RLIMIT_NOFILE: "10000" + APP_NAME: realtime + SEED_SELF_HOST: true + RUN_JANITOR: true # volumeMounts: # - name: volume_name # mountPath: /path/to/my/secret @@ -621,13 +655,15 @@ storage: DB_PORT: 5432 DB_DRIVER: postgres DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + REQUEST_ALLOW_X_FORWARDED_PATH: "true" PGOPTIONS: -c search_path=storage,public FILE_SIZE_LIMIT: "52428800" - STORAGE_BACKEND: file # file, s3 + STORAGE_BACKEND: file # file, s3 FILE_STORAGE_BACKEND_PATH: /var/lib/storage TENANT_ID: stub REGION: stub GLOBAL_S3_BUCKET: stub + ENABLE_IMAGE_TRANSFORMATION: "true" # Set variables below and secret.s3 above to enable S3 storage bucket # If using this chart's minio, skip the endpoint and protocol below # GLOBAL_S3_ENDPOINT: http://minio:9000 @@ -889,12 +925,14 @@ analytics: # Override the database hostname if using external database # DB_HOST: DATABASE.NAMESPACE.svc.cluster.local DB_USERNAME: supabase_admin + DB_DATABASE: _supabase DB_PORT: 5432 DB_DRIVER: postgresql DB_SCHEMA: _analytics + POSTGRES_BACKEND_SCHEMA: _analytics LOGFLARE_SINGLE_TENANT: "true" LOGFLARE_SUPABASE_MODE: "true" - FEATURE_FLAG_OVERRIDE: multibackend=true + LOGFLARE_FEATURE_FLAG_OVERRIDE: multibackend=true # Enable Big Query backend for analytics bigQuery: enabled: false @@ -1038,10 +1076,11 @@ functions: environment: # Override the database hostname if using external database # DB_HOST: DATABASE.NAMESPACE.svc.cluster.local - DB_USERNAME: supabase_functions_admin + DB_USERNAME: postgres DB_PORT: 5432 DB_DRIVER: postgresql DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + VERIFY_JWT: false # Mount user functions # volumeMounts: # - name: my_functions From a58aad17b88d69633a96b4e34752565dac53a16b Mon Sep 17 00:00:00 2001 From: Luiz Felipe Machado Date: Sat, 22 Nov 2025 15:33:16 -0300 Subject: [PATCH 2/5] fix: broken ssl on realtime and probe on studio --- charts/supabase/values.example.yaml | 4 ---- charts/supabase/values.yaml | 18 +++++++++--------- 2 files changed, 9 insertions(+), 13 deletions(-) diff --git a/charts/supabase/values.example.yaml b/charts/supabase/values.example.yaml index 24e5b04f..c5b739b0 100644 --- a/charts/supabase/values.example.yaml +++ b/charts/supabase/values.example.yaml @@ -43,10 +43,6 @@ studio: DEFAULT_PROJECT_NAME: Default Project SUPABASE_PUBLIC_URL: http://example.com NEXT_PUBLIC_ENABLE_LOGS: true - livenessProbe: - httpGet: - path: /api/profile - port: 3000 initialDelaySeconds: 3 auth: diff --git a/charts/supabase/values.yaml b/charts/supabase/values.yaml index c948c5f1..15b0488a 100644 --- a/charts/supabase/values.yaml +++ b/charts/supabase/values.yaml @@ -82,13 +82,13 @@ secret: secretRefKey: keyId: keyId accessKey: accessKey - # Realtime environment + # Realtime environment realtime: secretKeyBase: UpNVntn3cDxHJpq99YMc1T1AQgQpc8kfYTuRgBiYa15BLrx8etQoXz3gZv1/u2oq # secretRef: "" secretRefKey: secretKeyBase: secretKeyBase - # Meta environment + # Meta environment meta: cryptoKey: "your-super-secret-and-long-crypto-key" # secretRef: "" @@ -228,7 +228,7 @@ studio: SUPABASE_PUBLIC_URL: http://example.com NEXT_PUBLIC_ENABLE_LOGS: true # Set value to bigquery to use Big Query backend for analytics - NEXT_ANALYTICS_BACKEND_PROVIDER: postgres # postgres, bigquery + NEXT_ANALYTICS_BACKEND_PROVIDER: postgres # postgres, bigquery # volumeMounts: # - name: volume_name # mountPath: /path/to/my/secret @@ -302,7 +302,7 @@ auth: DB_USER: supabase_auth_admin DB_PORT: 5432 DB_DRIVER: postgres - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full API_EXTERNAL_URL: http://example.com GOTRUE_API_HOST: "0.0.0.0" GOTRUE_API_PORT: "9999" @@ -417,7 +417,7 @@ rest: DB_USER: authenticator DB_PORT: 5432 DB_DRIVER: postgres - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full PGRST_DB_SCHEMAS: public,storage,graphql_public PGRST_DB_ANON_ROLE: anon PGRST_DB_USE_LEGACY_GUCS: false @@ -493,7 +493,7 @@ realtime: # DB_HOST: DATABASE.NAMESPACE.svc.cluster.local DB_USER: supabase_admin DB_PORT: 5432 - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: false # true PORT: "4000" FLY_ALLOC_ID: fly123 FLY_APP_NAME: realtime @@ -579,7 +579,7 @@ meta: DB_USER: supabase_admin DB_PORT: 5432 DB_DRIVER: postgres - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full PG_META_PORT: "8080" # volumeMounts: # - name: volume_name @@ -654,7 +654,7 @@ storage: DB_USER: supabase_storage_admin DB_PORT: 5432 DB_DRIVER: postgres - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full REQUEST_ALLOW_X_FORWARDED_PATH: "true" PGOPTIONS: -c search_path=storage,public FILE_SIZE_LIMIT: "52428800" @@ -1079,7 +1079,7 @@ functions: DB_USERNAME: postgres DB_PORT: 5432 DB_DRIVER: postgresql - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full VERIFY_JWT: false # Mount user functions # volumeMounts: From 688d09b39adc75848e720f359adeb0fecdd7e57d Mon Sep 17 00:00:00 2001 From: Luiz Felipe Machado Date: Mon, 24 Nov 2025 10:31:14 -0300 Subject: [PATCH 3/5] build --- build/supabase-0.2.0.tgz | Bin 0 -> 31214 bytes charts/supabase/values.example.yaml | 1 - index.yaml | 15 ++++++++------- 3 files changed, 8 insertions(+), 8 deletions(-) create mode 100644 build/supabase-0.2.0.tgz diff --git a/build/supabase-0.2.0.tgz b/build/supabase-0.2.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..126813a3ea8547675213abc22e668402e4bd8e40 GIT binary patch literal 31214 zcmV*LKxDrkiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ}U)wnHIKDsgSLm|61NKdxd1$jA?k<3#X+uJj0HwS8%{jJ6 zTpZiAWFXu2fB(KD%g>KVoIt64uiFw^8jWT&qmeW-LWahVcm&JG6JE!q89$YO$@-~O zDwX}+UHWgOQt|&=sqNQ)sqR&))ym#MrC$G~Qmq{vRDS`L%rOah41{_8m&(#@`8)T6 zJiI1dK^;k|(g63h4G|(imo!X&4<-<(8dLyM4PAiXRMH_CD}a|V)D<2}_pr1f38d@< zV+}RRW&WPWypBp^2~UiXfuJs^3Wf?U3F@?Ll=pUb_um}6+5ZnZti7)M>;7_YVtIF}Sj-Pk}-&>?PY z0PrjL{D8rOB+Fm~fq|e1unKf|3w5Xn5SS%_q=2a*V@V^lgZjNBKx9^LDyjnh1^VVo za0h1%My4IBcRMEfr1ZP%0qC2JJDu2}WZa?D+p&peSKj~xN75PqyrL@aNfU(v{mpRk zzB0kHpT7d6K|#8m0r)5(EGc7FVh21-Bw+$De+LoJbSOZPc3HiLI=JU`i66-j0e+<3 zLl@*8ymbL5g>^}^33Uf&2;8c=zcoTqVB7pZ$0n#ln5WyEd(#cM?p=|&lj!aB7 z9-#+S7i|JqWqvGjJKeDUVjrCDxH|tU;H{Ag+UodL=5+`zjFBt}O~X7BCm)=SyjeGnYB^8gR`Pp)r4ZUwHO$) zZWb(B4~K#j3%s(5hL9!rj`9&rv6e>H39=zlOi6jKERk0Y)>UHdnZ}&m`+$ICC=b7` zkls#LtiR$!#lpmDzLmlUWI(?^G23`vI~0n)k!NZkQb{tf~}mIy?_ ziJytpbaFI&+wBj?s8Mw?MaWc{X{w}P@&{3Xx-_0(rx}J`X~VRkeg&Mu6dx-<%`mdw zm#B>l>1VM4ux=2RN@P7?QdozYiX^P+GiUpttg((ULqnD?R9O;c4bZynsQ5yM$Q%U# zV1C>H1)0YX;erME!jNUtAV&@G$6s`?)18Q8)lhH)R5t)1DyYk3kqv-bLzY8c%hEkm zAVL?qI)V-G^}8uNqU3+csL~V!+6)_JeX36+h`_@HQnv9{NlJ1T$m^-rgI50IVf5j@_}Rv3%fK!k-!*CAniR_C5F@_01X67taR%ZC@KaB zV!$gR!wE=;VzmQ!6O@F&7%EUFxHFTRfVL_frOB|JM; z6$~G-3;SDirmKe50JTb`LWv$#Qs6ayB*_w%AhMVNfT*jQ^Q#D&?Kb;Gc-mFuSx;3l zSx=)G!f@&#ziuc^)KL{uB>3SHLA?R07G9L9W>e;N*s*LN4E5H9IjmJ3H^AO*y+#GZ zR&HjEi*A2#*5mqAG#j9N&+BE~P;ANgBAdm|F1o!z0~83Hg12Vi%e(8rko$Pi0QG%} zB0=2K&ainocso4j25-A34KNk=SRp3e{eGLyR2B|kG_z()!f=hp6LTt?l5qq@AV3{U zx5W6NYiOYHlJ0M}-)|3(If7}K04QU%jF4O=&s;sQIJm0inFvsNl#?u`hx1cSG{A>(tED3ybH-Sx>V z+@Zjxv!Sa+^N}!|A~&p}xgBAbE#XIZc|iHlpy&xxsKss*eva~Mw~1b75^G8G{~QVnE@<3uG|hKvuQ z8i*NK0s~rHMk-mL=#WPc0b#-`g88qG5fLq*DsBlu=42^L7|XT*TIlQmWC#<2!nveK zcg6^ohz^^n1`t*7z$>2KxT+b7*<);KE>)J*2XpqK#y-*ZJJytmCvZxdP#`h1czw1* zsi4EDN@)OrVCeD;jC7t-=oUjAY&s<0EZJbE5_V}PK{KcZnc8ora7yRKYVGy8WOw$9 z0nvQ*G^is9VPdkH)%(t4QEwNf}2WG?kQ|IdLO%(gtA4Ke}EqHHLY84Ds>B2HeZ z1=IzoU}9&0*Os<33!YQb#FbT45%!@>Hy>G#u_}}4&7=XfDfru4Ns;i375Ei2MNu-1 zLNJxaW?^6+#UN_IjUW*pNr57mK%Ml_Gz2MxjbGUoBWSvgP0W?2$H-!f(IrhR6H0Di z41Sn?43^YoNItWqhYGK{^0VY)wS#r->k>UM@E%o8?CcJ(o@FfHS$bJ6R*R(!W(!*=(q@1bBHV)IaljK7gI{$fCV#>OHz zlE&ZzeKF#NJ2LH)dD`CbbsA}Qn(doG>$pEWY97DmIwzzjSFIDS*Kq8@U+q74?3Qw~ zEH}$?vn){WWm!QRztU4r>)>>QH}J$`yO0;lS}tSNCQWX+46+YS4$>{sir9l#Uiz5_IRdbwlmU+;i> zs7trAqQKjKlF>t$lE2mlq9CxaDO8Jw@JK4~CYZc-HG)UNAG! zb(+ZZfU83DwV9!L(f|cA z+C3%7cdj>VUJkm)-Og#NcOF*ChS%(LJ2&Uu%RU`seHUaGZGQCu?{mkOJ&xgW{I=OS zDQK~k7(#U2GiTKvcig?=dN*@cb2B@t>aXC^F&R~6T>!yASe<%YTEIkA?@Hi8 zhUSqLbR1wUEl2%bMO8rMu_1{NnGKTv6iH=sx0~o9AWI07S<`$?rbFJ@4H6;dC7GTL z8%=P=jLH9k^2^G8KT9>_60~EAz@z!#n zYn1K7gtF;|QjWqbZ6kf|xW^6p4N&-h=JBU476}>mciD05zr!G%pEieAT(5Q7IyRTk z&B1^>zZj(GX=K$@-JRa@LppNUX4{a*#2CS0EnPJG{p)V;WKm4x>!(83@{dT3GZB8O zJ>vDLw`}GE#fI#Rj{EA)!vsNLcy%_>gxL}K|70W`$?)tH3uljV>+H?6b;gZ_+T>nP zda@uL9p8NH$eqt0#zMU}kgg?3?5}G5JnRz7z98 zcVc=FVS6V=hX{LiVl0)87u=4q>)Vq9&TLC2-+;+CV4lGSOw`fQlWxGc7VfJ4q+2f+ zXTAPlNMIhn<<6UZ%bR_N`4Q}lbzYl%k%umKf4dG@^3%-hB>u629D#-ZW}q)%Vm$8EI7G^ zlUq11$->!vjuwt{#1wzJL`@lL84zV-QG@Nb@7mrwr|lbh9CJKuoixC$Jge5~&W8)@ zY{etu%!g*sY_^?UD2=clx8Ioxj47y-w z!L_S$onzB~+3Kga9<3dBP!XeN|Sf7t1saQy}-Y;Ky6 zd+pYFYcT9|Pg@jUG7uOAB0AaUxRYU@Yo9Vs*(B^;c82eooz|e+v)|@MRc=(}M%4>9 zs%V^@Wl&iWcD6A^USt*6RV2VNv!-$vp4`5AmiE=_%IhE3zFNx`((s%cG%Y6yLast? zY~;p9Zfv}KV}m6^vh5AFYwQbkGRrI->qNm6c}>b~j@;&W**3@Cv)xk>LMV)&;aYMQz z(*T9N+HURjYil>AKj`+FXPgy3)c|CMC&N%89YJ*$5N}C_7fl5qOCw9G(eeYX)9eiB z4j014h;{IcI%e80&f49hW_#GL505U7-*W@kC${0$Iw$Q7dd*J%wCi|wx}Dn0FfuFK z%?Qfs0~KRt%%HlN0mtQf*{|Dr+)l~E^nfMT60;UI5t+m!bqAn3Nu%QwDx#T*gfv1o z!~|6~+huT^ZgHKHi*BnkusyUXu*RE;o$kOXd(rC-y2oAS%^moB+U*^4l;Xqw;HJ%a zb>?;7_RscFIX7K%(=|6;*O7XlTFG+{*v7Op9cwhZs`ZD*jJ94bXh(~@jweW(mhDz@ zBRV&tU%C-p4Kt!!=Vuqa?#G+qQHz*vg$5~D@P2A{kDKiwvEceQ{Q-AA>~*_?1}J+= zUG}*lH)x)D%q#mVv&XKvql@7QH{gzamRN3P0X5?nZn#~NF^88LUyJMRduRObA9i~*e^0yFAM7-DjyuhB z&M9!wzC3Gn`VC7b7qQMO=vLLIP~Q<$9qrt~S&=vJWQP~zoe_^Df&O$rbk16xk3-Y4 zVdm52=_%Kv+hh$;-LKpw7w$K}{;scVyL&clb5~ru0Umf=A*w+c>ky$Rbt||uzcQAT z$DsOWx}AP4F>oa^%jycm5S1jgtiuPQ^NXggwM;uY9HEYjQ(oc6P$wnXmS~X@UMETn zVgwbMNw|nGKbDkn!LIFX1GktJLx3hK0oWn`BEbQ9ZV-LGtN_UC8t6e`l6 zjX)vGzO)OPg-w&Q?0RPw8&ILY(BZB0nA_#KU7p+JFaPA)xv0ovNFhMupGLSNH@V?kC8@f}hXCV08MmfLH&z4pTGHFk;Qy;;kxoXl4XnrT=fdPP#p zCY0Pr%Z;>`ZKS<14@L7iGoLf_IrD|jna(}SP98w_%xS+}c8>#!V_4J;CDZf@`4pN@ zq0e;+eQwVA<}QZc(SEK?itL>7X?E0`;k)aBvjOlcpq2)m(;U5%XoyT_LvLZfB{ET` zuq;AFb!GLO@{&UT6K9o#LSDC7g66YIP;QjuM#+zEl+bXF4Kt`?BV?;E!q%V_%vg}z z!pJR*pU%Rt?kCKr(R>=sr_l`kik%~>+_89xnf;giS?;knQ>|E4BUoU#ff6YPGU=P^s5{sZ@7&5B7fnm8=kmdklnm{g=wpZTUO* zgFMAzabqyyl{>1e$vhz`2=g-058&%pP&y_PLWw9Q@csKgHokrZ(k&=m@v;F?iTV&* zj;>6RfbZWot|TOxDxKX+Eb?eFQh8kjJhmdNzkUT&S79|Y*vuSG!S z#_ze^fI=%DD#5S6;)?(G6u1o9s_XaGYMSf31a2eTfUQy&5hv_-$;AoS<1XAjmG_ocT z6Hm{}Ig!(JNx`?E@K03yCo1@0nT@6&U*UgxMxBeDL`Lq3MXxG^m6WAye3+$Vegx$> zw$fq_PyKyyliB?HiZ%C*?i%p|1cm=AfWojazYwX@sj8SLq8Jp-0w#_VC{IghQl@A( zh&doBf^3K(T`HN4h7>@|pl>t4CD&+Sy=-cl)zRmXNDt<2p$Z$j zeuW;syB6Ci_by^5N+EfRmDs+VZ(7(2cG=N#rR^wSio1_4Jz#+?us;f^00dJ$r9%D)_Yep_R9A2W8ncl!~h_bY);g{RzWpubZn#%l$s*v6g36r8y z*mzvpI7tU;eP&AR{4YXHR%cVF;L?nrE^GqC&;QlETFp2A*DBRYKL4-fi4-MkH`i1y z(v`IY<24PH@2eYkk|H+1i9JH-r4J%+Ui^?s_qarj3~|6zpm{1q@d{Ly?KR{#ph$`c z6%2MsWir>2imW?|ibJ~OI{I>NR@)vK$W(NJdTxgevw}-90kG6@gPoLNVbXT>B&sjb z`rO^SeX|WqI$0YoQdIUZ(~VnE!Bb!#cwzaIkvAPh}4dubpb1j+00B^mMtt z+U;1}Oz4~6zsA8T;CZu57lX4<;?NG8xJqt_UO$mg?7~>-b43a7fTT$H*z!AYb=`8F zAm5AP$bN4*KiTe?jp|;Jmo-U&{xTPF?oZ|em3w#k3#VD;W$O863#`>!apaXu_j6B* zM37z_dDMw(ODNc!HBm=F57ULV8$^k9BcTZ;fWM0jmwm1m-ukO8muKyERQ-!?&rilV zuqU;{u@}_olqXvKk3xAQDP=S%?0`a1DE#Fr#Oq_^XYe;4Him*F8EE67gmlP@GfU zzPF<48PPP)3k82-fs_#Syqa0?gcvbOWm&)SQaDoZL6Y#JNXf6(ylpUHE`*K+`myAA zID+rr8!-hjKL+3Y#{iz)+CrR)h=J@lQhKous1HIFoma*Xyt;$49q@_{b+W9C9qCcx z_w_4<6DR+yg$Myp7H=}h?L1iCiqBQk8F-SllDla3``6vxNm%2jx;kz6K3Fb!@8PTm zZ-ZY01Y~Y_;)wm#gSSCE0dN_kbJwIEfAJOH!&yn=5qeN{(IqMc>s=unax`~57>Avv zFcdrnMF455`KYE-v2Mt9j&t@sCHsa@5mXT_z(yzY#>M4PyLCKl9v^f4{&3KJ&vjPK zRL``v2yasZh+uI@eadNi)kc##O%BvMsJL0qYtnl-TM@&ZUCwyE`w^U<@ebd6t*hpM z%Nb7?uS@qlhR>Pv0Swc#K5`GoN{#~lxbtx!qg?i`)f(oC#x-+p|JPpf zxJ!^Vk6G7>w%ks(FJm@AJP|?OTHaux$hAhyT4G*gyrD?mYQ8X~%+S$P9S2sV_QLH# zWu7aM8}KCpASjvEeL)Q{IKJ@VAl(902V2Pkw;fi9#k6dD+w=$0q@uUGQn-~ zEAA*CRl{Xo)5a{SIW zsI8zI-*~nHOEMYCs~A_V=&6)L2?eo?-z^O#=RyOgn1<_4jF z&%*D+l>FFb9w}nB=UOoqS?Ys17Kmmr^MyP2G>BL)n&e=Y#CqLCmhqF=%}^<&k$>j7 zx3C&WlK=f`!2j!@zL(4YI-XSWKc~NClFDGk=hqxDZZ%8jkl3Y;uZO(fmnz^#6|v&k z4LFX4{<(JkhsnQzCz%ETC&hp4)&2ATe!X^(%l|r_<>EgKJee!>!@v`_o4-{(5BQiP z;DZn?KGwrsA~MV)w9slIJd(KnlgD)sdMqE(;fUfhi{>!9moAVaSayyW4zFO8wqwCA z5V?^A<;myrMV_enKcmnO`Xt1E?Cw{p{`G%lFVFw6mM2UCR~Gu=lhDjo|6x%dq^&sv zK1h`n#d?J4_zc242-s&5;gQtCl))VY%(IK@h?>F{4e4NP%cD7dbRXwbffykT=P?*A z%rlR{a7^K4!!Jz1UncUx)@Lz67fzWB<1HMZS%zBp#&VQwtSZVPwSI|LQ*-E^xuZYw zxQFN9I3Lw?9{2D=uy66Whm)gWNbJ>1WS>0;yVz&Fdm{FE?v)8?I+|@~-9hh?8@jxr z=l8>o_rVVOUsJE_{~*Zg!eprNcydUlw|^ldPgM~f(lY&iJ3I{6g)qe=8Pzy2@2&^K zK6l*XLT9Qh2kz$wyy(bHQ8i-ddTNrfYyNPLT=UI}#_i_^96xaF^#7qPCl1^G`QRcl zsyj>Wp()lDWnY@Q5&ZL3B@8qW)Y)#i%|h$likL`{i07h(z;b*f`s1hJ;}h5b$$XsG zhzs9Eg33K%Szyf*jjwOgiCLCzzL8IY{4eYJ zOP?h9-#ZBS{~uKI^Z&IxN%EiGLnmvm--JWgj2(VM`t{;`eZ!s*`4>kSUjdZl|GRtO zzyE9RU_YP#*YYgo|0|B>@%|M@E-z44HTV2Y@A>OFnGDg*uJ2J^zhOmI;`1BJ>z~`- zm!9J+>FsL^-t+SHrCm$q=^H4S-p|*2K))RWa(*A*1Q^e4@t(mGKL1OKgvC)wP?cM0 zy!0MG{QO_r+pF#c{D13t{LfmRXpb5qwWa}oOozcauleo!l%{;ZrKV_(ujQ0K-v%wyY!A2|uui3I zH#yMf2B1JRFM=3L${3ZL77Jj|1&vMT#pdq|z=DsO3lMzND3mvEikhm*P!IH28`JyQ zt$x^v%`W>~&+5&e0vKAPr7xJ;MZyG5dCQ3!K1v89v*f*mRNX|Mmoe0>qRvO4J}6Kp zvqQr~;diSktAi%mvN}fdB0WFOcIajp&i2Q&IO~v?u{4DX5jz%73vw8m*0)eB30A5M zJ)|raL8m+58uS|XF?GwFsRreYeVT@-=ccBsqCqdt_gwDo?ii^M?3m?N;gt*0T|gGk zP{ESG69eeFHFyiG(x9^)g?1k;3V_|$ zo?QLSL2>9Del9S6j(c2lz&ZNDhGw?fz3y;5&&YUPe1M~gs@{19#}Rkd>io{ODT_tG ztUYZ!R3I6T7%D`gvjVJ9?&E;#^jqByXq}R=1-Or`{-AHw>L0)5&YMnU6oen7I2+&I zh8U!f(#^}k+itJ*sW~8MILs$>x0*ZaH9G@v*>9e4pxcQ7Ht5=ty#shfRd(FN7K%HT zwL2ujWr1f3n>%e@wg=#%*Sc!8xihX0T5)ZeNHyDSg3_RQ)aLq6*Z%2c=a>-i2~p^C zA1=Ah@xoLn7DJjSO{KAQGDjC85)KSvO8bPmTlNW_b+s$?^1kS`&YQg(@SeNbu}eq_ zf;xuckjH@NXN38whX1DW(Yb85Z8CMb*ISmu*S4!0ErKO4hf&N%iIr}3`dn`STAe{R zsRs=4ZE)3WUvho0wJDkHY;MPskgAILsb^Mm2q%ePB#jZ&N!LONM`{c)u`7p?2qXo= zG1P6c`O48H7iB`QfH|e6WPnpmhhGec@X*9mvO`>K`mipyIw#!6u(^VEdFX%{O5!7M zYb8H*F8i&{85m(5La^o3o3p`*O|;>J(q+DOJ!Ic;sOwibq%^v4*4e^bQ-`&nE{7hDP5qw6fGID<~ zblDuEjYBXv8#a4qSASIgYBb0@ceyFV6IBcpt%ekxKwgA8GTX98^5)m?n~g@GeT~=o zY09!hQd9#Er^psPt46g_sW?TcrQoXAI;H(=^-baG_UO+;u&Efbya@(xeHq1j%~qe7 z4#(UD!-f=G9LzLWXwYSzOeQ-?Rmy}@g;17p?LHR)(?KDuUTk0Lp?#^x z^@WYI!>F+pK-8|_fS()B-B3Jtt2L?CUc(ooz832*FU73xgc>DG)>wdRbn_vEZPKCk|L>jNlCdzCI_S=g)03g zQKph|&&v{FlKI&$HAGCjA|7wkQd_};Nu&j{;WDdjqX-!q)B#ukVfrvY}%C^g84+5S!eMZCY^4p^Oozi2CR6m+vY&Kd)DfJ zPPfNhv|Gn?#qOaX)t~`-zVa^P$#T)Pz)V`tM`4%*l)Pc9^4K-(l1(_P-ep@!vyIi~ z2EY}{1P+}obf;{=3z5oIXgT-t(%fcBjb;o`b0sk+JnLfwNY7#+J#3S4k<@hUQ@BLE z2dC;i1cpKn?(NFvmKdu^#52A4uS)dYD5a459@p&mTW1|gzY}nD6VW+0VLjxe-R*TR z5>Q{9nJG+BETi`KT}Smzatz{3P8&fX-Ms(9H9R>dLzW~##__=qhonYgB4 zOZes{>1WIc-&tgb4Ftu_V}@F*-5t-mbH}@6-Ek}qNtPu91yvF4CFeHibH|sx*5HOL zK3g5Gm!@%QI61A4RB>iCwq{H+B!gd5D-b^=EfUb_aaY~0b;l|k6k;H z&e2wh&MNloL~m%bHzuuZNk|$RdN(H{wkDhX?B*MHt3y$ghb(^(+S(@VzgpXKveKA+|DSw5ewY(D!vFrm4Q>r&2B z^xW>uToti5SY>mdeF(CWeX6ht(KUtK+tY`HkO93|yXKOJEh_Gc&|%PPot<$#5CVeG z$Tc4hp(2{Q*@Na8Xm!BWrr*(J)4h*qji`%W_n14mG$*}Sdte^JWT~_LTBTO4yso^d zzOL`q>O(^lc?^f<%GWvY_bJ`PbJoZ?WC1{a1stsN`$nuTOl~AZokgpHWN?f4r4V6k z4SxT@-ND2CzwHs2i3@mA{Ac|j;Qzgs-~Y6p=V|=E9SxU_4|quKPCI<=mOKkWMRzwaIF)pPk@#}hCAS!90*OQ^bv+z(FdR_e?Tt}4-aANF?ZRubb( z@;-#b|HWi|ShbFdmH$k#KcvY2u)iC)|FNFW|7&^TZM=QGcC1J8(?AjM`^h_>&N$6d=D__LXv%Byme*OV-UiV_MYqgiX6ug5u z;l>HO#FF<-L|ht^*&QZkaOAP7%_L<^I}ebcOB$vd@v0e1OFt3J*f$_bIvtX;kV{Df z4HR`y7FFR6>P4tveWt0Bf>}g*Ni6>c%J$#E%4NYoSe?@1MTSe+7kB9b;3<|Cnk&9{ zc~C4gJ`zxRNLKi^3zV~sGf(GSA=S&l^2OIKiZqi0p-?>=f{`#IN_in#C4ezfo^l4+KeoBNs}I|t8_mkgQrIxK$0(E8MU7|5v0 zg=Fa#3Nu0WC6?B7*vG2o&y)@y9RtC6BIl7EP|(Ih0n4Cx0?PNiUY4a%**d`~6Rv{d z11Ms!UjfA_xaAQB2&T z%Es{%aPCFjFl39~$x+U_AB%PQ?MN$TUB>q#g>CUXgBwxkCf^TsAByYn(S{dsA4=MF zT=d?@oGYeiGDly6G6yl|xCB%q>lcKfBEaYiLESX)FB!hbgu(5pE9(KmRpHOGfTrN&X+z+J43F|FvJs@BdiKGq3+gnBIx>{es%!-Z~c3($q+pH$&67rS4DH$clJ4>sNj^h z6i|_3;N7tFwBfT-m~XwU;uw~(9g+U_?1(OJUMq3gb{N_HLM9v8XFzVoI*$rkFW~!_R$h zj6;;AuaEJ|?en@t#@*3Wm&rs`NPnkHm=u-5#^cgA%%lUgK9}Lx`Co*Ztj?xz$q;}9 z|KHu3|Nh5XrCQ79|Ft}kqLj`J_{1I|X_s}OqP9wBV5hx8eASYeDZ}4=YnS5r=!Sh56eO)rWoWip41}DMi);-^cPqox-vR z71cFMkn*l_bJ!hAdd|7&y@UguZ$L%+(fJEz=T7H`9OYFPqpj~xb#>}3&0fwyM+?lH zN1O|I(s|lkr$b%bQR1EIpBaL<^e-={|IhHU*AB;Kg0a>pmqR6hw&0!k+#`&B4i8C< z?}&xn$tfCy!GA8q*l2dTo#A`#=I3A^uc*p< zICJxly?QDJvgViIV4v$qw@tMDU)wHrm+1Be+h$#B=H32}E4SVuZ{W$l5R#{=2oGtw ze!so#Tdqayo;(AOT=y2+`W^=642-+Pro{j_KXHy&YX!-)nMubXxoYd>`{C;r!3x=2B@u6a0VnD-~b)){>v-lq|Fe(&oUEWrp8Q$LGlM*!exdcmzJH2u1>WER)awz27ZWcT2lv z3!zPOyH-#Yq{^@)tK+Rr(rs5_Wz6dsiksU`N$gs;gF|pa8iC4vX$&tgdnVSAR&6X z%<6%!w8`(A|8rxdLu}}Zi4A*A|KZV05gbzALtVO^y}KT4eSW|VfUqtp*WdvR;3MYDH(TyuV6Pd$p;e<~{=4N29J2z}XRf~U54?ow z5GRYMD~cgOZ^r@2dI|&{3lp#fbq_DCAr2|&$VdAVBg-u>vpp;?wR8iziA5!F%Osg^ zARbyIAz@6$H25^}C&tIT8rvzk(?mH^64gylRsugiY{$d&dU} zVICW(0d^}@?>(SQDjVP{*mU1Syx9Po{+oz5!FO-v?@s3(tJ>jv4A%oZPtiwM!fKzs z+}d7C7X#hZ_{OH&D-kH8_Q?p0i0A5{Gg>I3uMkaKzwHTVteSHN%dMrv0{MLkzV zLx#t^FdFV_1ojcNAQ)`FZkhCM@}nY|1I^=tYWF(1q=*AQ{2 z>u}mbSm(8mqRs~o0iD+#x;d{|pF%~S4Rf;-W_zVuh=qxx{i9W0K*GFAEE`$c%T|`y zk9;AWKS}HVjIIGl%Kv>(sR#0Z=lOrv^DMsppYs}k)%yJgZUYGTVy3cQXu$Oe6oxUIUOM|NGSgzyJTi-hM9s>v&Sh|D5qQ8Q%tw%B?!vsPM=h zuKI3(wevqj{-x)N_mbjh(s{4EuGnafztk^wz+VvA8Z8ED?(9WpQ*Q zuCH8nfw(@vQE|8n1iZR5>l0ld5iL;9z!lu3aDT8A&95u3E4~s@DVo{*r0QTRDCfb% zirXQ@n1l58!mjK-NNY;c9M{cwCwMDWGfN=oLz87LX3)b@G)E4%%^Mi@^?(!H97g)4X)hB|EX6;FaL>K|7Udk zpM3sz5Lo}$_VWB+YkB5f|1Wy{ztVMo;Pl_WB1?VvAE+38_Pp!=D7t8s&q;Ho?6rY!0mpi3xl22Di+4TNg{?xkLv0&%-<4T0` zLnf$+n*Wzd_~Luw=l|+K^&l|+S9AaG^*mt`n0@M(khIs?Bz$?$c};_Q2~Dh&FTehy zJd%|1h({AEj|2uqXsAGwG^AM!Vf4=$}NZ9$k9Qv{lS<%W9>96Z~AE}^a{DL-h(ItXc4k$*?hj#2*+3L#ffm(T=|f`EOoE+}xfU@>}l ztLjr85AUtvxmhb!&1^kGtn&&Y-y3FH5&Bk86=Y0p2dS^&nTL5a8L7PPI{z$^8BS+8 zkS(%ogdUZ;i}H%kcE%-5N*t{R%>ox5l#ZdMg>%JSr;r2dFUk`UD^cdK5;kjJ4`s36$oti;&fa`vbX zV>Ihx_&_4q27MbW&j#|fcwa558gvM1=yLqE0TgERwE^_A@5HKXrlqml&{YF_Jyl{+ zGIwHhNu!BI8%}l}hirI){OM?mpiH2Z@2mdiHQ5+TN@)9ns-qYx6$M_FN4#*iT5<(i zNk_0Cc1u$(0C5T0SqZe@YKa$YCMETP6_+Mo5adGivkMOebvlI#Zh*p>I?xT+aN7C} z6#tz$F@Gzplv#7Ih-X=6GU3ad>~O!ngEKl(yl!692=zBOkwoa3D_psCe4P~JwD9Qc zg@$JCm5{Cjz{|4w5KPWpbj^6a_txa;n_7I6i4GBto=nKsh@pC+B0TPK{XqkiNwHL; zm9`c=n&{_cM(ZN*Qw&!|hHQqbMXaY9u0BMc*=ThT8tc3^`67o8zfJe>VrtR@48p1J+vd7o}@v%~!8vCRrZ4DG(<3t)wRq?$ymMx%$CRbm-qX7N^1 zjAVx_*$iYC`Q{qO@!Sn&3kvYpxqKnqP~gNd1gBP^25@DcO2g`?tYYEUb_UozhrO^| zODS0Hrc^de_mDC}w(|-v&#)xKu-z^a!S<&0oh+uUztgR#?Z#u4y>^*pIKEsdMMh`CnKLvA0y=<7GjZ+EV zi!c&GPDD&Z?4A8EZP3StD5(vQW@;xTW9M92U>Uhzw2c&l%BDg#BP-P6iaf_!#B!zQ zFBvQtbKlHo`b7DEWR?5pmt_BsT4mqw|8Y>+&GUb*<(bF-W7*t4nR|i6E*9cMF7xdoB|F*W-{ ziGcF^rC;#<(mxFoU((gmbFATji}^vfwpFvqz(pVl(%7)8NIp-1~ZJ?dK`C(%AP286y*1WOZ+&%W?yV|4v)p(|HHmpW5ZwW714klmJ%Sv_P<>Z-3!EU3+#}2PFP*o@QN6Ykzgmd*-}&twh)}& zL;YBtYP=3X;opbVQuTGQQUIl6UgJlSEMW}G;DnNxTLVs}hb zzDbQ~aGl3=d2ll-N{e_OnyEExC&!qMpl;T;rjgJ!X82|h!>W@42kYK)D`jj#a|tQu zlhVknYyOY2|FX*c{7ahruY0v%{;%BsV=d1@`9J2&{k$^2k3imMkJXqq=X221baqu- z`JP{AeAjcL$3*72p2MC5`CmHs^DimnfA1i0|NB8D&;PfUXOZ>aTJk<8Io+&ak?}L+ zd-gve@=qA_+-U6~;5>UsXp^!Y!1;VvOM+EXGb|7Uoi zmE`|S-*~wyh@q!(|C98UMlhy+r(n!_MgV4_BG&;y+wKGrYr@X~!oE z+wduCaTI-pE^{G18ourJ2a#9=M~^rPYUo6~T+OY`Re7|qk8)zoDCgwS(|aY4vUW#y zv2HE#15eL3GNTfjy4hyEdm^@3&Ck!ai?iW5H)sxH1^v|)`@Ee5(L`2%Sdm0n{eF9R-aU!ySHIs52XoxJxfpcU5tn7n*Ncc( znz|7J=B-LZOweZcMf`CrGgoc|9Q zDRVghkqT~K5F0@50yKvU5T#nY50Ixwq!UnhsnvJ^CA0n~_XDB?S>6%IC6mw06Nq&% zohwjC;W>PPd=gUfkGti)ffB*|7#jqU^M8g8Kne5zer<2xZ~xco)qMV6#}g`cD{}zy zi{(l^fM{cLx&YBSEAjyf)$bWN0a3Wm#0w~~kD+crI;0o)j25^|Xd%eo1%t}o*!9} z2w)F>ibm1(IReqOpYfXZ*SZdQX=_iD8ZW>B5OmRD(>a-*5Qd5nawQ&l>;m|TwstJ@ zl20uP zAo=|NAh7>mt>k6B1yCE^8^()!ad&rjDDDo$t+*72;!bfZP+STr?(Qzdo#O891Pzc} zzW>#kJ98$J%Nx<-h!X$Om4?}&%tifg#h`xOxez;_ z-#{vtSR^66n{RKyY%>;j6fFrcso=OezA5e!Sfi;bskcosqpvk{C;X>5mM(kh*PWQ1 zbjTsL%{Euwxs?U&$?wFYWkga)rLord5yjwp-u?B=xm^O-4(vGUbBm{yY06U<_2>hj zcE0%ihs5eR`eEB2m^AK7e(Mc=>BXpMe{apRWrA=x6ix2K*etrW!}#_cB$%C&^*as> zfkNSxWZT1J35;Xp_0N9YxW7iM@*1r1O)}KXOnjbPoYF?Oz&f0NjgCN4XR@MYzhp{B z`IjOTH#7w?Xb&0sz(heNQ@s#>SBcN<8ql{ic_8K)$q$)fN-MX#;Lv=7GbSjGQ|iORPc(Zief?59i$h5}&>4TWt$b zg%EN8E)#ckY^QldhOIt!Qm?1x=PpkO-qAPB73hcp%&y^$sMY@;ZQ0f^98z#J4uOfy zc+7kui>|=H#ieIvGzMbRPy8{`X>DA`BuN7KrYjYP*5W5qEl5l~>1yMh{M~^2A86_6 zlZ}V}5O%*hsN5md!P}3$m1H7IaEW=!l98)kgyFhIa!+$L!+~O@o$jkzSX}Z?p8+4# z3x>b&)(wN&0&=fh7+e}vV!-7`w;0#*dHT=8_Ir#NKbiz(yreMr#?9IKCbx==k@!qI z`hQW}`p+x)pHD4f+$a6_>sttc_1D-6tS;aJ?Icfdn}KbQ0oJ~l_>RwX*5T2y5wL)7 z()a1jmtb5Z#qRIZ#?(#Os%iVQhfzXY9jDVfk{Cke=g9yJTX`{^vzI#RrL_@QrsoMx z#i^r{?g(4V{oOTxQ2&64R|XQ$^#L@74OtZwvAYwez^_z;I;jd-CZ*hSoT_1x8+7JW zNBAc0b}ViX0YwXfP{8d&SlS_wk3ZO%VEj+e`ls#clqh|@Gyq{tN)0Yyd^3T4{Sa*i zx~wSJq9jPMG!*t>ui?`x+I zC??RWw$`00miwat`0VZnSJ*^`>V+jf4aX>cKrgZIG5fxXS0es+f&BTNRQrKSg)8oy z1&DWJcNq4nhaW$_$oPCjcTfq7p_;0P1AYQ*r7-3}KGbh$@1JQ(>LLO^tA5P9jerSk z{k5E*kN!;R{BgN%CXQZNtfDK9e~7jqV@;M<#Oa-p-4e^3ah}pO?!OzanN|hDWB&A$6yX zw`=}3RZOqjj<^ndGIQ^J{9fzp#&zKyCRypeG-L20UC$lhcF#(>a3b}B=&n}Darj%# z|1CVh4oSROEBj~v8QH&47_ZCeZ%DOsSf6%n_rmd;A+HNhy;nz1;vcPqEyUYxyB6>A zHS#%7=(DH$b3i+@?5qDG&(o9A3RhsotLf$)MEj|ieBnDJ@qa8DIGo?TxAs}}sVcB1 z^xf|l*aXZV1D?`B8J~t{l?0!sZAyRvN}@B6#&m{h$ob|&2%Et^Y4S$gw#DpJWDkbh z@{Nyu+d;uM|35Nji{cc~+;O9LJG)cP zcK+LoTWL*(?@09g3lDJC1I0bN)+y9!_&z>qscXG77BCEh-LW;<+L2S+AUKl{Mo!*?NJ)NxnQ!^aQwG$a5-5{PwftA4^%yQ8cV%mpq zSL6`5jsPF-sYpanb(nW}zwdcNba^c$t8gd`hU@vub?1@;s7!~1DN%x3O(vFu9eku`;c)B-uyBIlwi2IR5SAjsW(ou`K=VE%6s* z27_o2{FclNkzWi38&w|MeTb3&0$GBNFa+(aOUX7&wAG8qyEbQ>^G56e`2K55+rYt5 zar1S*H}MMSm)hlu|1jMce7A8h-dJ1v!+VpIn)fXrkq;vCvG?H57~>VdU^2KXh)5av z!BcPbAu<4R8CIlELn(6n&C8HF3Hm;UR~Csc&(O%KM9|`ZVsW_%yuH1RS_L`(pD=m` z$8B==B~XVu@l2iVGOwri+d3oz?ge1sB>D&mnuYj_KS7KqaHt?!RdnB=xCM2KVaptr za2%jH;7uk2u7d{-w!3otoxp(R9T4PCG5}J2{88^ykT3y@psYUnhn)?HJDHGE9B4z2 zxGDG(4%{?!&V~&oZkQ5MIB{)r$u( z@&C>zN@1HQ#S`O0>_9}>xEfLS>G~{{Mp{8Twv6R7GiD)_0Sm&wU!>{|iuf@koGh}aP*kb5Dj zdJ-S&i&$kG`olps7R~0@UuYgY^@$Gg^91>S{a5=%AuW^&T*byuSxh??8*#_kDGpy1c4ZF;Vp_ZpD7z>y%d>{UwFOATb(lP1Y+-ridgh z8?sxmz#dZjE$%-Y!AAKqj`J2SGJ>58-O!37IN$py&e3E4SDep%ABHvhR4w#aA6JNopfPDI**@y~Ji-&A|Mmh)5Y@fPTXxQnW{RaLXUt#ia> zUBU!^iUXHaPm#Q-vQ#rae%5Za#R929i)V~p51K?G1j#>~y$pHDtC^xkc^O?OvyZsG#DOk@3SE$9`QJKkBRTpdMDfTrqE4JgOB#eOc>T36n@YGVB@0=kb3k~~TT>eA>RDl(bKEPFX@z1~1 z?Cb-}n%DOV89rA}vu}DEnXHt}Eib9^`|nV5KDVrs`*%TgZCx5({2Yibz|12G$`T>x zn1ks6{7y}K?-{lAsjbinz0#}`9l$H`#Yr(BA~9_Ce|99tp}9{T*X`34BNl@{H@Qen za3u!Y(8|?6d4A~KQYn7%Xdh-IpQE2T#L)dL!_xlP5}ZK?9j1r~d$P5ji=?hX`^fvA zr+FhcLhfQA=6*}1pWur+LuaTNf8{#9nQ_HD6kA{$0G9ER2_qyu4$QSN_xF4T_jl~Y zFtIXJSpmLFb&pB1z&aNvthlCjJb2cc8C6Qqn|R|*E$)-}CBi$z{^jMvm+~?VA;5qb zuC@m&+-JOccqQy`s5hUi)cPIOo5qwLRwBO_eDt*(6yP*!aOG7Zq~h`r-0R?*d>Bmb z(luGwn@q~qkN`$HUyu9w4x%##bIG(_RGlngLOkmLGZ6KATIa48S-(L`^Sx)N9xZvh z;#Gnk*+_#qXBPtl^ieBwm_s{c)o~o1ZWdlByJ;@sx{avNis&-mxcneyChTm9dguxd z=O^Lq_OADF14Nj-7c6kyVGwsFPusY~?d};&&&+!bjoAynM4N z{sm-8YF+%EvLB3L?;rGT`uT(SGnv4-%;_?`RKL!Bb@L2v(Niq$wV7&XgbH{?FmcNA zyH|gfKYa4@^cz=hAo|T(77GLKILsuy-q@xM1pyI+Bw`~hUTUO~x+fY2m72b(lC5r` zJvnaHe1h}DCv>7XG`h|kyo3TpkipvM&%pK)SD*w`gMZ*9Hi?P>GvUS{+2D*-O;eh+wWO+R)R2t=rChN(IV`exKemtO;Z_UNB5LS+wN8rpLhh^7a6?(V6l zf=lyr&Q~Fom*fkuufZ=b*M50zNxO?@LH`yos-Ft=q^H2^h0cxMQW0 zWRz*MQ5Q5yDN=M9=V1=QHqw)Rd8gWr)BdU|!xY^NM3t-zGP?*1gWajjjr{Ivx8rSC8~Po{yN&=0RaJsCN;20&bNU!YN_o;k=OXmLlQ0OOxFL%z;WAU=_L!Th;3$~5_%-}E_~Anqo50Di zxBOVAF9%7_Kx$$lABK2RM0#UvUih|Qh&1uPo=5Pe)dCxWsUO6u6LC(Y9H0hUvY0n|=A>i%G12BbyZvbf9=GCtRs;SYnFg?sPqB)EYHmmPqDMH9E>2@>MDkmLgApG*+{ zrM}!y5A@pwwau>52q~MiXhr%De}htulJ#RrV0FnXr|Tew426*3=dsRN!3KaBdyi+f zy1UEA2;Pbxug(e|uin0^p9f!bk&IQJsTKok+!@XXP7grRvYQU-wU1)PaSU&V<^Osw zNN<y9oA-99tvLi@EW6;!35)nu21aI7y)}6Q&4pihJKmat*#P2qI+yz|BkDn# z!5w0v#YK@DTNx9HDeS4&6=4pS3RNQHKkW+?JI>EMkE`7OQ3Uuc@3TY5wf#Xa)}9di zo0|E3wRM2i^hs`R5V4zoY2n$TN?RxQ^tDy7*0t!}@-@O`WuY$Qx^k@)w74xWpTG+; z>Joyy&QGP?<$r(Kouwrsy7~lFyR8jh4r+bARiK9ibzDt~1-^y&%2qXrKVH48rOkmE z?e|s*w*%fnvHM#rUu_d!+)%Ns zAkssO^~xQfUNPRK#`=Eu!v5)~1H>uZ$?I(I5>00#RGvg7k`*sTp05t;>;-;`vbPQJ z$yAw%ZW=ehyj;eExQVT8eA2rL8fFb3F{ev>FSbM!YB=^bP(1JzQOcKp4>dVkClN z3lPhrpik5{i-LKvr^n`_mbJof`Z+1~(u5fuwnAQWwo=AMk>V1o&q(JS08h`*OMa=Ng zSb2h!_PTAmvx&M0ILX}yaQPT?r2RqiQ7t56aWekDgB?=-zrhaMzg&{{|H~_ds+Fev z0Kjr2<$b8B>iDw1Xy$r=imHm@PmAimu6^5t+3Zr^h8sA-u+m%%U@*U-9OEXGG@}e< zfDw_+GtW`*l_!g|I(tZ~ADd93$5Z|bzkK*y`{DYFBD&c=jaB8v@hi90TnM*$_zV25 zR>hR?e?>cRafsBJFxgQJU*2b0F7%-EH(4bcoX;RSXImJaPLuzpQ)C;_Hzwa@{V{vy z0jq+wQe#Z$`4?`gmSIH%L%+h6niL__u7hy$oK!U7FOS-5ni?&cak{kG{fh+46}S^2 z&RxCgMc$lTaK;0X(+^CbeW*K5i};^C@gr3M@lO0&2l(9EEVA2hG(L~l(H^WaGAvYE z{1przkyHgUMb)waGi(35nKNhnQ_I0F-u;S@s1b#O*IqLtfPrTWu=c#T@b8ze0!pt{<_9XnMK8@pQK9%T1c*J4n2*1N zP=|S%NVZmpHTxHxp4omRLDcqs7XE!V?WvkvK(wVC7aQcavaQm<*VkH5=@Ziok4{#6 z21dKi4~^1_#uSeXS;4>4jd}MN@yPi2jMvif+^~jBS}_!%z3B{-S><3ka?gIK+XzI4 z6ZgC5N4+ihRaYWJ`h|oXII%)+9<++j+FyP5uHbeKQ7zq%+6|SLz6dJ^@_+sFk>>g@ zq(EqPPx9B0H?hXT2nTZN>0K^5sXIm@;@D%-yhKw=&OY=OajcoMNHLThff^KZ!aoTd zc`mac`0DzCGpqLkW(gwYahi~hnlmIyMXWM-fx>elvScAZaR#L&e7trVeLg2E7lRAI z0(=Qls)(JS)I$h*?*%4WKh>-cSwGcKR#V5}BJ}4!lx6e3iX`fH(#21gs)CSCf|m5Q z!J0Ag=pSZ31aw8qX_sJ02Qik@n>b0iQ@A_og)fRxtr}6nl`}!bHBOXe7%yB|%_>m$ z*9(gg>r@l!R80H%Ru581#k?9NnCjZU7P*3Hm*#v#%=tzEV~49c3c6&EJSF7H^X7So zpWt=EtDJYjPyCbSAV}7{;+meMnq2HZCb+VJDEIUsFGe;wc{EqkCh;M5M!wI`RRX;5ln<>JiWvpQ*zWiJ}T-m-`wS|QVb zf)Dn~f}^IZTbVr+XAUl|_*;~^P*zg4JIYk916&5>Rd3{$5AGpYf&Sb@{4d8jA4!Zx zhpLy(`oq^GgH8W|DdVZ6kE9MGMJJ=fv(6~(jP~t7hki!lGkZYZs1U}~hX1cC&rD-rO^DN0w7J%2=P}^%P>}m2*PQVCGLv1TtN zvPRWJ&c|Bt$-R158QnNL!__Zo`w^|SuuCY`G5s~Yu!A9*o^O!}9eS$R1srSyX@3re zdkxMAT6c!JbBG;27^$4{UD-1Yi$3_c>}`hR zW`_LPcK|`3|XCC zgYs^Ld?o#`oAo%*yb-yvpwYhQoc+=La}#U8poX50FC*3_aY+6B2}tX$7vU8GC>9@r ztRn=2CB-xwz^^k=kaaMy)-ztL(~@5Nvf$qK#Pu}Cfz-W8mZQo|R z=}J3=s$^N0$H#G~X+z@1U&C4uom1Nfz7?McPWi)}<%^V_#c`5=6fpSVq(tE=l=`O> zxwKFwSRb2BD>uVCcu^u9pI6PrO&OvSQm24qJN=G|vg1pF=7Z;W}A)UnB z3;kiRf9RVQruT$91mCCOhl3tmJ& zRRSdG3@X#4RHJ50CmHS=b1y6I8@ROLY=v-3b0W(ySub_nkuTlKHBR4P5;r0ZeH4fD z2P=sTT-lOSKl|5B{4btbu&C2djA`|^S(VdpY>bo0x=TKFSwT_!=Hcj?=C=^l0wOY> zBa{+oem*?&V?HB4UXfQ(eZZ&Ew|x!X$((;tNGN5{6<0&dM)kg;0P?sldOSOnRXx-7 z&Bl4J#*t4P?1^jD`{uys%=4$Huq*!>AfPSr=z;#f5aoiu($X1(zjWRAscIFirPd*J zU#&DDt|}P{ba#1^@_QwKlt;Cbw~hNuTOs-7!7u)wg%e8q3k$U0WCV{7g?-Bn;tmOI zVhiE*$I!9>zkcnMBj<2A+~hbUo`Y#wv0Z(XKkjIze%rBW!p=^ zSMlah{8cwNfnBiP+Hhg77AfMnN_=`orrr0Uj$_LlB_O!7!iU9#_kDmjRDA&*KH>4@ za%BiN;UnxAW-Tp8o@la^zh-6^*Q%K(&R`|=7iG%?R_1u01u*4zw$YCu2zj|X2fN)8 z{7%Q@*LQ(@HsR-(bI|03>(f}vFl*zy?M|5D`})Dy#dK1#Y-burwnG{vhKTvV#)aOpUczvaJ=%eG(z&4TqR8P_4n`}YW(F!U}InY$R&MUgyDNJO6)r4lh6Lb#sY&nCGE6hk}%)1a6!4nJk#a$vYfryLnH*U>fdqH z;zpa+9=NjCt+Lp?K{Ku9bRm=iYRHxOoI<>+NlMpppzvMHTPajQUrGiW4O&Up>(L%? z<-MuiIlxfPu^z*dwaJ!0E*m!}FED%J%o}pm2Y}uAl5H#NsOlZQ!KDi0>F1Mxwh$5W zs-_2hO)42XO-1sf8ZRoL)l0V115Oz+iWm8x&0Bj-m$WUhaRb5o(nD%{ErY0$70CWp z`H(%ZEr1aWYHvEj>`tkkR<)S48TseYOWZ`4d@`9~_z84I@{5!F-%w|)m)}2uSK-9W zN<=Zyo}4j{_4Q9r$M0x0Loa?^r-nsw#c8)+Thm`cp9k7u^D}?>wEV%JJhX7ljLEOO z8q+RRa5K7T?R8>n$?9hBs9765$U^jEGA6o?A&iuUyGopM#MmI9>XtYxwYD?c+p38x zd|mF1RjNVluBtG_F?)#=?5;f<+0^Y^E(eHR@)}d$Vn~b~3Vy}7{6^J*BXO15 z%RkyPPl`u{Y$dU2PImeJ zOa{OD)!pFDC6{qZ9sVA4#7pVi>aG&o(uLmK2Tryk-=;w2x?w41aOp47tYTLd_HV;n zJ3JfqIix!t%LyT&xlPPe4l+UU5{-g%m+FHK79-M!Bu(3nzqj6|ceno`s=oH>Fy4Hy zUl>nlaXI1D+qTFa`QmoP(LRz&KQuFqWEzJ{E*9Vu<~3HF&`x9TI@;5nqT60$;Nu%3 zJ;@zv)cc~EZ8<1^yQfJ5yh9~d3GpS{`xo)VB?=g>~Xw~B&jE{;|OgnJP*U+xjvm7~9u63exAx!QzP_+flk2Q9 zFp@`CiIv0$=SUqT42~Er%&?5VTD9H$#HgNwzBHnG`YXaKJ=hY|ZYe;qJNtL{2G!p` zbZ(&_MnsgO)Bg|`sjmL%bQ&%Y$jO)k689Q0PyjX+W^_7$v?@I%VAp0&1Og@w!I>#D8<3i5ko-ey zYR|mqSnsuayCnM2H}u1cjpr8EgYWH-(K+MfxbLnt0m&o>8tl^%LaCNQsf8Kjo`~Vk zPd#Y+s%u66*BED7ov?oGg=~d5{-byLCvLp=23>YMbN1r>(pB0MT$&d=n)+fQ`oj-g zl^2{b}Q0s;a(Kt5j6zoVA=2bX!;%b$jtF$I?5{^%J826yZb%kF%(<9wSj&UPt8``?++ zzr)ftLY8av9Be%qZhC@91O|f{uf;|5Hy|t-04k$NIh^=Qsj4ilvr8h&tioA$p5mAEAaIi zC2&)ak7QNElL*nUFZ{bg36t!Q6p#pGpxWUwg?88!Lr|rm0+m8OQ-^1RkV*1a`cym* zxo&O=e>{;PY~GF;b9@0SwSoF*dneX|T%a6f86)Ed?XIY7x{Q2-gF?m7L@k8p>6xEu zEDh8ZSzSLxw^8!T4t$QiXF!ouQ5bediTdiv!cnm2GJ&qs9}c4;I~TYY&1r3C9&IQh^(3;+r9C}i1Y1sV;yBUJJrZdCC-n{q|@q7Yns zBCY1GNQxEvcm(CIp8PCqVM|UemPc67ikKO}+2^J77CG(XjWQFN>83d^_&Fe!Mp_l< zZYT()BWRW_E1kfN{7ytk1p|$XL&(bx|E9$lCiyAm0)LNg0Be%G)-^neCK$ouAemAk zKO@(6c9Qp?xKZ;aA_LiLWZ)seS`=E{v-isZvjPR--sitm=Z(k|K1zWOqb)4!C=6{tz_IOQF$)7#_)9Y?JA7#_6%}aQ+nQ0GA8ub z$A&SyLB30*wd&P{eG4~63k;?wg+H4Z?_?^>Hsei0&kZN=6Ro7#`y#}e)|4WYzz*!k zD5y|!>^s^4|H}$T+^c; z3x;MqifdS+#hq4!W}Iwpfh4gnrPs~H#>#-+*1GyTI(mxu_mfX6&0@pMaZ@T+nUTbM zTey&;Ol!Ac26vV#RsA1dg)@hv8)^}A?y#F02G$qo+XfyV`IDYZireNz78)v2>8X2) zZz6`Xnl-%c72WWl%= zJoQwk->{_I)Uvv!8(9aT@sH31`Dtk9=`|a5*I|T;R~7FV$Ygr%(iw2v2@HC|XvRy4 zps1gP46BncCA#5KWTZkySh@`!m?=y;N*DZXNOsd+e*B|En znrW_Yo>(MgcyMmjUrwSEG=6FM9;rPQEPWGt5Lj#k&Ud(P2%m?=JuTFQ+>^JI=H+XfHc7x48PKR51|6BL4X7S7YB*EdsT z{BnJ$fJ|lpAt&uFDsN>7g*0#T3&-o(c8m|2W4^_fqkfB zj*%HN;M}A$@-txoNPsOE=Ncxoq+yMb_0trjh*S{ekq_Bbm??DW#NYRxhe1X{Kf8xK zZ=DQG@y4Dx`Q>)GBdm<0DC9>>ya1S}zam+#q_ZAI?HDPQQlBDD(AxuapjCbG`BGkX zvdu+wZ!Hx@n-wu4(4+yO%FWo=zC!S^u^Oztzw`$_amV!`N3ujNpp|-e_7_2GJ!Rm; zTKMKc1a@i_5*RDm_#;t!OycOxwQBdOrZ$G+4Gykr_>%7$% z%wVHc(Npz9R&(h@*zSBq`OR_3c*o(Sb}%}@YLd3sHF8*3yOEk*PoyBZ_ansT`8&N8 z%5ewIw2UfQQavFCHdk59XPBhexRfqcGFGSyO52kV@JozYxc?v1&&j0U^;DwUW9N$z zJSB4G5db0AJXW_8YDZC3RFqsWRbx;WCJ1Uo-y5UsFro%z ze)w_T`)U4rL@3LUAupYb4=q_{LU^r6!WeF>B0f0t4Qs3u>f(TJZ&REciZ!faj$4AN zXOg1Y0Yw?MWCeX8{U!WI8A_H_TG^infw@nA=8*}#4#TqA^GhW4jY-lT$LIBOs8vs0 z&su|Ard7JPLG6$OOT};towXyLmB`5>X1K-)y3Y~AN3$y(fHour|7I=z&8&iIsiIk0 z?A9pwm4RokG2jFtlc5WCAkBk0_}A0Dg)H6#v+$oV!kNCPk}o*46$)y^tr+ToMkN9ay_BEssfX36uy zr?F1Vf$N9WPX+s|X<*@jmKTA}1Fx=TB)>RsQo2zo;BZ_m*Jv~+%&#}Bc<9zIQ-AJZ zba|%O?X4{u^u=X~IV62CqbVKeRk<$goSW^x0t5hB)aV z5#sWZ!N3>dq#+BOFVY^`DWv#EZsufOUnU*xZW3ROy(C?g{&){sSHxM+wD`J@M9#n_ z!eK^zw=O6;j(zmWPw_=yZ1<77)zdsj!=QUkw+5%FjRx*X^>F4;0%R<(El^-is6r@n zZ-=1nMG|z)#!uPsMI~M6Wrc<&b;rk?l9{FDD?!qX-xF;%9>9$^JDGa+voE@{LaSegq*3f} za)4XgHuhi#?7%@>kiUQ*^3Rm7g4kL1bz^NdIXq)1yM>Nk&dT+#V~i}B}+QDl;1*$8mefBu%tNg>{zjGIe)~= zRy_S9)I^|c22!`xaI93~5?{-YVjKj;Of=vhvzdQFvNU?$nODwcVz=1*1_7>B!s z2m;pjE4Ys5-LR*%96lrW8!MZQj8LsNAE5tP(P`y^4X%f(yJU(PAx{V%kL&w$mwR7^ zaCI%C<>KweQ=WYEmf1&i?UP^(w|OfPnx?qwdx9&gmH~|pTT24UY&6MHRyss`ELA?y zf^#%Ve{xm%Q5dYbQzfTFB(}VRM?L%{<#UEW0Z80eQh5#0O^iN#syBAbWmRY`y0Zrr zjmg2Z);KLpg~@Vnp8tg4cc}Z~ari$DLD}O97X$GS@V~i8F+KcLq|`H+-nMI8>;AnT zS{K)+g#MffRLj2*X2~Z0EJ^WTlFIK?6jaJ^xnW_W#Z(p+I9Izz7&{`|z{c>|ey^gC zpqVT~l|ykeXh7M)Dl+R^&gR<6ec{>M@#o7)P{hQF)ty$Dk9@J+ zNs%;hRyd|pEswe!_xo+Ib4`rfH&2^RypP+@#iy)YZ9Sww@njb8OTImH#NQ3Yawd;N zbc@7x!k)M`LqE|lZ3!e#3EdKopP_aA%?JMUz*7nCROA({B&0ZtzIgs zl=q1k1)(xrH&QFl-|tDcO@d0%#vS6 z>rcxQhKiw3^H=V+xs=J|u-?)|-+LvoBz*J9L}{-QHn#s{;jWfak%)$iqmryW(P#fx zY}2%WUad+DBvXtWT~r%w=+v(v_$B?FgY`2|lzMaRzF9OD<+x!On_>dZs?P--*0JtCB$HpLrfzCcI2w&z0w4-Omj6CvQLG*%;8dNHUvntBMFRooWV%~qdv6Tb6an&t+9e9B+_C@4%*5TgpT4{4c z-Qcyr!($;}Gr%MD0+8K^i213hJn>c%p3^l3~6gL_^3>|(@ z#@nDN;r8f#KYe>NiiSj=+4>nkw_qk3j<74@!EVmoZjPQK0X z#egZ@!ZPlV6^M|(rbSSpbRbju_$y-6wpn3#20a!^Wm^S5@f>0+nFx~tnrf4VH2wP?0PWKR{b!IDzgjUIQ{JIqu9916h~pw8$(gHfm7qX_8v z`F5SBb%jmW6x~$rs_^!3-T5Cm`EF~SkE;i|vgR?-M zY zUw4YMhFCl@q^#Yddy#f>8KL`HwC31V=|xgqBFLo)&4-7OkB4DirmN*{J-uFi{IGu| z^$1iUeVrcieJESw!eU@wD^0^=NSE2Nc~{jtt`w-0FMZguJ1;7f8~evqMDQgy_4i(3 zvX*g#@k7^KW$)?I`qbHJvlF1H<1)^#cK&3^C1qy8K)jM)4X=q0=a?xaCAhZLe=*Ma zylpXH?HizaJWXhm#(n{}dvqclRn)<=1FvqVJ>T7F7^s_LE8=tS`eJnSdlr<=Mn>;r z2Ni2wx+8Kx^sl_vA{Bi?&HN!?FE=oB^5`oqEY^wXz}#)mmWL6K5$hB|Ix)Lo;)L2S zb^J!_w)h`fes8{gV>m42aI`LpVD69)!*=EKON!S`;EEtaXu&R82h}kfp2t>hT2$6RL+I;Z zE~D9&|fp}s*M0aM4`om6rmSrQNy`W#t5C;9R+c5hu#>@3l6 z9c8F2YFI``;jqPC*l1LKoz)r6O#*B6r6yGjY&}B~xl>M~+~|hw-6SpvRqQ>H=1B+b z626wX<-{b}*7$cMVln_NbzW{vfA&wb#@R<>!Zg02=Cnd?dGk0=1NR@fdalQR<)^{D zp+78BYE*~8g_Ajaf%nwixn9To&asesQmdA)|beTvj=O7x|SAu7s9r88u?C7p# z698)6XQ`l60&lTgDw~4nbLd-`w^Q{7o4~BSVUWgNVdk%{9)av?&0d~n_9gauR(zD9 zZGYDuNhLPmgdTjaE(yQ|vMDYivM~v9`NjXZ{qx=160*4xEb#w66(0dL)b%7 literal 0 HcmV?d00001 diff --git a/charts/supabase/values.example.yaml b/charts/supabase/values.example.yaml index c5b739b0..04ce6583 100644 --- a/charts/supabase/values.example.yaml +++ b/charts/supabase/values.example.yaml @@ -43,7 +43,6 @@ studio: DEFAULT_PROJECT_NAME: Default Project SUPABASE_PUBLIC_URL: http://example.com NEXT_PUBLIC_ENABLE_LOGS: true - initialDelaySeconds: 3 auth: image: diff --git a/index.yaml b/index.yaml index e3b8437f..a1a6af4a 100644 --- a/index.yaml +++ b/index.yaml @@ -2,16 +2,17 @@ apiVersion: v1 entries: supabase: - apiVersion: v2 - created: "2023-02-10T15:04:18.116554-05:00" + created: "2025-11-24T10:31:07.33544705-03:00" description: The open source Firebase alternative. - digest: 79a75d1ca844b0551a9d0a084131273c63925c19f32513ad18fdc23e6f5854bf + digest: 68d5675757c377f26b40911b3aa375611c22068fc229f17d3925518cb6e658b6 + icon: https://avatars.githubusercontent.com/u/54469796?s=280&v=4 name: supabase type: application urls: - - https://supabase-community.github.io/supabase-kubernetes/build/supabase-0.0.3.tgz - version: 0.0.3 + - https://supabase-community.github.io/supabase-kubernetes/build/supabase-0.2.0.tgz + version: 0.2.0 - apiVersion: v2 - created: "2023-02-10T15:04:18.113431-05:00" + created: "2025-11-24T10:31:07.332314036-03:00" description: The open source Firebase alternative. digest: a0d6c0627c049642f3a9a1d068ecc4601d87c26d0326b47422223a7660424e31 name: supabase @@ -20,7 +21,7 @@ entries: - https://supabase-community.github.io/supabase-kubernetes/build/supabase-0.0.2.tgz version: 0.0.2 - apiVersion: v2 - created: "2023-02-10T15:04:18.111993-05:00" + created: "2025-11-24T10:31:07.331174634-03:00" description: The open source Firebase alternative. digest: 651547b54edc5cfbac1ed39cb42fc574ee766ff8c1c61aa6cedef84d2faa358f name: supabase @@ -28,4 +29,4 @@ entries: urls: - https://supabase-community.github.io/supabase-kubernetes/build/supabase-0.0.1.tgz version: 0.0.1 -generated: "2023-02-10T15:04:18.110189-05:00" +generated: "2025-11-24T10:31:07.329905479-03:00" From 0906d72e6e046610dfde21c230b4b5a0e39d5649 Mon Sep 17 00:00:00 2001 From: Luiz Felipe Machado Date: Sat, 20 Dec 2025 15:56:38 -0300 Subject: [PATCH 4/5] fix: fix too few spaces before comment --- charts/supabase/values.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/supabase/values.yaml b/charts/supabase/values.yaml index 15b0488a..659a664f 100644 --- a/charts/supabase/values.yaml +++ b/charts/supabase/values.yaml @@ -228,7 +228,7 @@ studio: SUPABASE_PUBLIC_URL: http://example.com NEXT_PUBLIC_ENABLE_LOGS: true # Set value to bigquery to use Big Query backend for analytics - NEXT_ANALYTICS_BACKEND_PROVIDER: postgres # postgres, bigquery + NEXT_ANALYTICS_BACKEND_PROVIDER: postgres # postgres, bigquery # volumeMounts: # - name: volume_name # mountPath: /path/to/my/secret @@ -302,7 +302,7 @@ auth: DB_USER: supabase_auth_admin DB_PORT: 5432 DB_DRIVER: postgres - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full API_EXTERNAL_URL: http://example.com GOTRUE_API_HOST: "0.0.0.0" GOTRUE_API_PORT: "9999" @@ -417,7 +417,7 @@ rest: DB_USER: authenticator DB_PORT: 5432 DB_DRIVER: postgres - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full PGRST_DB_SCHEMAS: public,storage,graphql_public PGRST_DB_ANON_ROLE: anon PGRST_DB_USE_LEGACY_GUCS: false @@ -493,7 +493,7 @@ realtime: # DB_HOST: DATABASE.NAMESPACE.svc.cluster.local DB_USER: supabase_admin DB_PORT: 5432 - DB_SSL: false # true + DB_SSL: false # true PORT: "4000" FLY_ALLOC_ID: fly123 FLY_APP_NAME: realtime @@ -579,7 +579,7 @@ meta: DB_USER: supabase_admin DB_PORT: 5432 DB_DRIVER: postgres - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full PG_META_PORT: "8080" # volumeMounts: # - name: volume_name @@ -654,11 +654,11 @@ storage: DB_USER: supabase_storage_admin DB_PORT: 5432 DB_DRIVER: postgres - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full REQUEST_ALLOW_X_FORWARDED_PATH: "true" PGOPTIONS: -c search_path=storage,public FILE_SIZE_LIMIT: "52428800" - STORAGE_BACKEND: file # file, s3 + STORAGE_BACKEND: file # file, s3 FILE_STORAGE_BACKEND_PATH: /var/lib/storage TENANT_ID: stub REGION: stub @@ -1079,7 +1079,7 @@ functions: DB_USERNAME: postgres DB_PORT: 5432 DB_DRIVER: postgresql - DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full + DB_SSL: disable # disable, allow, prefer, require, verify-ca, verify-full VERIFY_JWT: false # Mount user functions # volumeMounts: From d03ceb694017619ab813e8cc6c3cd9990dfada76 Mon Sep 17 00:00:00 2001 From: Luiz Felipe Machado Date: Sat, 20 Dec 2025 16:24:02 -0300 Subject: [PATCH 5/5] fix: remove unused DB_USER from test connection db --- charts/supabase/templates/test/db.yaml | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/charts/supabase/templates/test/db.yaml b/charts/supabase/templates/test/db.yaml index 296bcc3b..10a5c74a 100644 --- a/charts/supabase/templates/test/db.yaml +++ b/charts/supabase/templates/test/db.yaml @@ -16,7 +16,7 @@ spec: - /bin/sh - -c - | - pg_isready -h $(DB_HOST) -p $(DB_PORT) -U $(DB_USER) || $(echo "\e[0;31mFailed to connect to the database." && exit 1) + pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres || $(echo "\e[0;31mFailed to connect to the database." && exit 1) echo "Database is ready" env: - name: DB_HOST @@ -25,16 +25,6 @@ spec: {{- else }} value: {{ .Values.auth.environment.DB_HOST | quote }} {{- end }} - - name: DB_USER - valueFrom: - secretKeyRef: - {{- if .Values.secret.db.secretRef }} - name: {{ .Values.secret.db.secretRef }} - key: {{ .Values.secret.db.secretRefKey.username | default "username" }} - {{- else }} - name: {{ include "supabase.secret.db" . }} - key: username - {{- end }} - name: DB_PORT value: {{ .Values.auth.environment.DB_PORT | quote }} image: postgres:15-alpine