{{- if .Values.storage.enabled -}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "supabase.storage.fullname" . }} labels: {{- include "supabase.labels" . | nindent 4 }} spec: {{- if not .Values.storage.autoscaling.enabled }} replicas: {{ .Values.storage.replicaCount }} {{- end }} selector: matchLabels: {{- include "supabase.storage.selectorLabels" . | nindent 6 }} template: metadata: {{- with .Values.storage.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "supabase.storage.selectorLabels" . | nindent 8 }} spec: restartPolicy: Always {{- with .Values.storage.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "supabase.storage.serviceAccountName" . }} securityContext: {{- toYaml .Values.storage.podSecurityContext | nindent 8 }} initContainers: - name: init-db image: postgres:15-alpine imagePullPolicy: IfNotPresent env: - name: DB_HOST {{- if .Values.db.enabled }} value: {{ include "supabase.db.fullname" . | quote }} {{- else }} value: {{ .Values.auth.environment.DB_HOST | quote }} {{- end }} - name: DB_USER valueFrom: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} key: {{ .Values.secret.db.secretRefKey.username | default "username" }} {{- else }} name: {{ include "supabase.secret.db" . }} key: username {{- end }} - name: DB_PORT value: {{ .Values.analytics.environment.DB_PORT | quote }} command: ["/bin/sh", "-c"] args: - | until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U $(DB_USER); do echo "Waiting for database to start..." sleep 2 done - echo "Database is ready" {{- if .Values.minio.enabled }} - env: - name: MINIO_ROOT_USER valueFrom: secretKeyRef: name: {{ include "supabase.secret.s3" . }} key: keyId - name: MINIO_ROOT_PASSWORD valueFrom: secretKeyRef: name: {{ include "supabase.secret.s3" . }} key: accessKey name: init-bucket image: minio/mc imagePullPolicy: IfNotPresent command: - /bin/sh - -c - | until /usr/bin/mc alias set supa-minio http://{{ include "supabase.minio.fullname" . }}:{{ .Values.minio.service.port }} $MINIO_ROOT_USER $MINIO_ROOT_PASSWORD; do echo "Waiting for minio to start..." sleep 2 done /usr/bin/mc mb --ignore-existing supa-minio/stub {{- end }} containers: - name: {{ include "supabase.storage.name" $ }} securityContext: {{- toYaml .Values.storage.securityContext | nindent 12 }} image: "{{ .Values.storage.image.repository }}:{{ .Values.storage.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.storage.image.pullPolicy }} env: {{- range $key, $value := .Values.storage.environment }} - name: {{ $key }} value: {{ $value | quote }} {{- end }} {{- if .Values.db.enabled }} - name: DB_HOST value: {{ include "supabase.db.fullname" . }} {{- end }} {{- if .Values.rest.enabled }} - name: POSTGREST_URL value: http://{{ include "supabase.rest.fullname" . }}:{{ .Values.rest.service.port }} {{- end }} - name: DB_PASSWORD valueFrom: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} key: {{ .Values.secret.db.secretRefKey.password | default "password" }} {{- else }} name: {{ include "supabase.secret.db" . }} key: password {{- end }} - name: DB_PASSWORD_ENC valueFrom: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} key: {{ .Values.secret.db.secretRefKey.password | default "password" }} {{- else }} name: {{ include "supabase.secret.db" . }} key: password_encoded {{- end }} - name: DB_NAME valueFrom: secretKeyRef: {{- if .Values.secret.db.secretRef }} name: {{ .Values.secret.db.secretRef }} key: {{ .Values.secret.db.secretRefKey.database | default "database" }} {{- else }} name: {{ include "supabase.secret.db" . }} key: database {{- end }} - name: DATABASE_URL value: $(DB_DRIVER)://$(DB_USER):$(DB_PASSWORD_ENC)@$(DB_HOST):$(DB_PORT)/$(DB_NAME)?search_path=auth&sslmode=$(DB_SSL) - name: PGRST_JWT_SECRET valueFrom: secretKeyRef: {{- if .Values.secret.jwt.secretRef }} name: {{ .Values.secret.jwt.secretRef }} key: {{ .Values.secret.jwt.secretRefKey.secret | default "secret" }} {{- else }} name: {{ include "supabase.secret.jwt" . }} key: secret {{- end }} - name: ANON_KEY valueFrom: secretKeyRef: {{- if .Values.secret.jwt.secretRef }} name: {{ .Values.secret.jwt.secretRef }} key: {{ .Values.secret.jwt.secretRefKey.anonKey | default "anonKey" }} {{- else }} name: {{ include "supabase.secret.jwt" . }} key: anonKey {{- end }} - name: SERVICE_KEY valueFrom: secretKeyRef: {{- if .Values.secret.jwt.secretRef }} name: {{ .Values.secret.jwt.secretRef }} key: {{ .Values.secret.jwt.secretRefKey.serviceKey | default "serviceKey" }} {{- else }} name: {{ include "supabase.secret.jwt" . }} key: serviceKey {{- end }} {{- if .Values.imgproxy.enabled }} - name: IMGPROXY_URL value: http://{{ include "supabase.imgproxy.fullname" . }}:{{ .Values.imgproxy.service.port | int }} {{- end }} {{- if eq (include "supabase.secret.s3.isValid" .) "true" }} - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: {{- if .Values.secret.s3.secretRef }} name: {{ .Values.secret.s3.secretRef }} key: {{ .Values.secret.s3.secretRefKey.keyId | default "keyId" }} {{- else }} name: {{ include "supabase.secret.s3" . }} key: keyId {{- end }} - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: {{- if .Values.secret.s3.secretRef }} name: {{ .Values.secret.s3.secretRef }} key: {{ .Values.secret.s3.secretRefKey.keyId | default "accessKey" }} {{- else }} name: {{ include "supabase.secret.s3" . }} key: accessKey {{- end }} {{- end }} {{- if .Values.minio.enabled }} - name: GLOBAL_S3_ENDPOINT value: http://{{ include "supabase.minio.fullname" . }}:{{ default 9000 .Values.minio.service.port }} {{- end }} {{- with .Values.storage.livenessProbe }} livenessProbe: {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.storage.readinessProbe }} readinessProbe: {{- toYaml . | nindent 12 }} {{- end }} ports: - name: http containerPort: 5000 protocol: TCP {{- with .Values.storage.resources }} resources: {{- toYaml . | nindent 12 }} {{- end }} volumeMounts: {{- with .Values.storage.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} - mountPath: /var/lib/storage name: storage-data {{- with .Values.storage.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.storage.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.storage.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} volumes: - name: storage-data {{- if .Values.storage.persistence.enabled }} persistentVolumeClaim: claimName: {{ include "supabase.storage.fullname" . }}-pvc {{- else }} emptyDir: medium: "" {{- end }} {{- with .Values.storage.volumes }} {{- toYaml . | nindent 8 }} {{- end }} {{- end }}