{{- if .Values.kong.enabled -}} apiVersion: v1 kind: ConfigMap metadata: name: {{ include "supabase.kong.fullname" . }} labels: {{- include "supabase.labels" . | nindent 4 }} data: wrapper.sh: | #!/bin/bash set -euo pipefail echo "Replacing env placeholders of /usr/local/kong/kong.yml" sed \ -e "s/\${SUPABASE_ANON_KEY}/${SUPABASE_ANON_KEY}/" \ -e "s/\${SUPABASE_SERVICE_KEY}/${SUPABASE_SERVICE_KEY}/" \ -e "s/\${DASHBOARD_USERNAME}/${DASHBOARD_USERNAME}/" \ -e "s/\${DASHBOARD_PASSWORD}/${DASHBOARD_PASSWORD}/" \ /usr/local/kong/template.yml \ > /usr/local/kong/kong.yml exec /docker-entrypoint.sh kong docker-start template.yml: | _format_version: '2.1' _transform: true consumers: {{- if .Values.secret.dashboard }} - username: DASHBOARD {{- end }} - username: anon keyauth_credentials: - key: ${SUPABASE_ANON_KEY} - username: service_role keyauth_credentials: - key: ${SUPABASE_SERVICE_KEY} acls: - consumer: anon group: anon - consumer: service_role group: admin {{- if .Values.secret.dashboard }} basicauth_credentials: - consumer: DASHBOARD username: ${DASHBOARD_USERNAME} password: ${DASHBOARD_PASSWORD} {{- end }} services: {{- if .Values.auth.enabled }} - name: auth-v1-open url: http://{{ include "supabase.auth.fullname" . }}:{{ .Values.auth.service.port }}/verify routes: - name: auth-v1-open strip_path: true paths: - /auth/v1/verify plugins: - name: cors - name: auth-v1-open-callback url: http://{{ include "supabase.auth.fullname" . }}:{{ .Values.auth.service.port }}/callback routes: - name: auth-v1-open-callback strip_path: true paths: - /auth/v1/callback plugins: - name: cors - name: auth-v1-open-authorize url: http://{{ include "supabase.auth.fullname" . }}:{{ .Values.auth.service.port }}/authorize routes: - name: auth-v1-open-authorize strip_path: true paths: - /auth/v1/authorize plugins: - name: cors - name: auth-v1 _comment: "GoTrue: /auth/v1/* -> http://{{ include "supabase.auth.fullname" . }}:{{ .Values.auth.service.port }}/*" url: http://{{ include "supabase.auth.fullname" . }}:{{ .Values.auth.service.port }} routes: - name: auth-v1-all strip_path: true paths: - /auth/v1/ plugins: - name: cors - name: key-auth config: hide_credentials: false - name: acl config: hide_groups_header: true allow: - admin - anon {{- end }} {{- if .Values.rest.enabled }} - name: rest-v1 _comment: "PostgREST: /rest/v1/* -> http://{{ include "supabase.rest.fullname" . }}:{{ .Values.rest.service.port }}/*" url: http://{{ include "supabase.rest.fullname" . }}:{{ .Values.rest.service.port }}/ routes: - name: rest-v1-all strip_path: true paths: - /rest/v1/ plugins: - name: cors - name: key-auth config: hide_credentials: true - name: acl config: hide_groups_header: true allow: - admin - anon - name: graphql-v1 _comment: 'PostgREST: /graphql/v1/* -> http://{{ include "supabase.rest.fullname" . }}:{{ .Values.rest.service.port }}/rpc/graphql' url: http://{{ include "supabase.rest.fullname" . }}:{{ .Values.rest.service.port }}/rpc/graphql routes: - name: graphql-v1-all strip_path: true paths: - /graphql/v1 plugins: - name: cors - name: key-auth config: hide_credentials: true - name: request-transformer config: add: headers: - Content-Profile:graphql_public - name: acl config: hide_groups_header: true allow: - admin - anon {{- end }} {{- if .Values.realtime.enabled }} - name: realtime-v1 _comment: "Realtime: /realtime/v1/* -> ws://{{ include "supabase.realtime.fullname" . }}:{{ .Values.realtime.service.port }}/socket/*" url: http://{{ include "supabase.realtime.fullname" . }}:{{ .Values.realtime.service.port }}/socket routes: - name: realtime-v1-all strip_path: true paths: - /realtime/v1/ plugins: - name: cors - name: key-auth config: hide_credentials: false - name: acl config: hide_groups_header: true allow: - admin - anon {{- end }} {{- if .Values.storage.enabled }} - name: storage-v1 _comment: "Storage: /storage/v1/* -> http://{{ include "supabase.storage.fullname" . }}:{{ .Values.storage.service.port }}/*" url: http://{{ include "supabase.storage.fullname" . }}:{{ .Values.storage.service.port }}/ routes: - name: storage-v1-all strip_path: true paths: - /storage/v1/ plugins: - name: cors {{- end }} {{- if .Values.functions.enabled }} - name: functions-v1 _comment: 'Edge Functions: /functions/v1/* -> http://{{ include "supabase.functions.fullname" . }}:{{ .Values.functions.service.port }}/*' url: http://functions:{{ .Values.functions.service.port }}/ routes: - name: functions-v1-all strip_path: true paths: - /functions/v1/ plugins: - name: cors {{- end }} {{- if .Values.analytics.enabled }} - name: analytics-v1 _comment: 'Analytics: /analytics/v1/* -> http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/*' url: http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/ routes: - name: analytics-v1-all strip_path: true paths: - /analytics/v1/ {{- end }} {{- if .Values.meta.enabled }} - name: meta _comment: "pg-meta: /pg/* -> http://{{ include "supabase.meta.fullname" . }}:{{ .Values.meta.service.port }}/*" url: http://{{ include "supabase.meta.fullname" . }}:{{ .Values.meta.service.port }}/ routes: - name: meta-all strip_path: true paths: - /pg/ plugins: - name: key-auth config: hide_credentials: false - name: acl config: hide_groups_header: true allow: - admin {{- end }} - name: dashboard _comment: 'Studio: /* -> http://{{ include "supabase.studio.fullname" . }}:{{ .Values.studio.service.port }}/*' url: http://{{ include "supabase.studio.fullname" . }}:{{ .Values.studio.service.port }}/ routes: - name: dashboard-all strip_path: true paths: - / {{- if .Values.secret.dashboard }} plugins: - name: cors - name: basic-auth config: hide_credentials: true {{- end }} {{- end }}