233 lines
7.6 KiB
YAML
233 lines
7.6 KiB
YAML
{{- if .Values.kong.enabled -}}
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: {{ include "supabase.kong.fullname" . }}
|
|
labels:
|
|
{{- include "supabase.labels" . | nindent 4 }}
|
|
data:
|
|
wrapper.sh: |
|
|
#!/bin/bash
|
|
|
|
set -euo pipefail
|
|
|
|
echo "Replacing env placeholders of /usr/local/kong/kong.yml"
|
|
|
|
sed \
|
|
-e "s/\${SUPABASE_ANON_KEY}/${SUPABASE_ANON_KEY}/" \
|
|
-e "s/\${SUPABASE_SERVICE_KEY}/${SUPABASE_SERVICE_KEY}/" \
|
|
-e "s/\${DASHBOARD_USERNAME}/${DASHBOARD_USERNAME}/" \
|
|
-e "s/\${DASHBOARD_PASSWORD}/${DASHBOARD_PASSWORD}/" \
|
|
/usr/local/kong/template.yml \
|
|
> /usr/local/kong/kong.yml
|
|
|
|
exec /docker-entrypoint.sh kong docker-start
|
|
template.yml: |
|
|
_format_version: '2.1'
|
|
_transform: true
|
|
|
|
consumers:
|
|
{{- if .Values.secret.dashboard }}
|
|
- username: DASHBOARD
|
|
{{- end }}
|
|
- username: anon
|
|
keyauth_credentials:
|
|
- key: ${SUPABASE_ANON_KEY}
|
|
- username: service_role
|
|
keyauth_credentials:
|
|
- key: ${SUPABASE_SERVICE_KEY}
|
|
acls:
|
|
- consumer: anon
|
|
group: anon
|
|
- consumer: service_role
|
|
group: admin
|
|
{{- if .Values.secret.dashboard }}
|
|
basicauth_credentials:
|
|
- consumer: DASHBOARD
|
|
username: ${DASHBOARD_USERNAME}
|
|
password: ${DASHBOARD_PASSWORD}
|
|
{{- end }}
|
|
services:
|
|
{{- if .Values.auth.enabled }}
|
|
- name: auth-v1-open
|
|
url: http://{{ include "supabase.auth.fullname" . }}:{{ .Values.auth.service.port }}/verify
|
|
routes:
|
|
- name: auth-v1-open
|
|
strip_path: true
|
|
paths:
|
|
- /auth/v1/verify
|
|
plugins:
|
|
- name: cors
|
|
- name: auth-v1-open-callback
|
|
url: http://{{ include "supabase.auth.fullname" . }}:{{ .Values.auth.service.port }}/callback
|
|
routes:
|
|
- name: auth-v1-open-callback
|
|
strip_path: true
|
|
paths:
|
|
- /auth/v1/callback
|
|
plugins:
|
|
- name: cors
|
|
- name: auth-v1-open-authorize
|
|
url: http://{{ include "supabase.auth.fullname" . }}:{{ .Values.auth.service.port }}/authorize
|
|
routes:
|
|
- name: auth-v1-open-authorize
|
|
strip_path: true
|
|
paths:
|
|
- /auth/v1/authorize
|
|
plugins:
|
|
- name: cors
|
|
- name: auth-v1
|
|
_comment: "GoTrue: /auth/v1/* -> http://{{ include "supabase.auth.fullname" . }}:{{ .Values.auth.service.port }}/*"
|
|
url: http://{{ include "supabase.auth.fullname" . }}:{{ .Values.auth.service.port }}
|
|
routes:
|
|
- name: auth-v1-all
|
|
strip_path: true
|
|
paths:
|
|
- /auth/v1/
|
|
plugins:
|
|
- name: cors
|
|
- name: key-auth
|
|
config:
|
|
hide_credentials: false
|
|
- name: acl
|
|
config:
|
|
hide_groups_header: true
|
|
allow:
|
|
- admin
|
|
- anon
|
|
{{- end }}
|
|
{{- if .Values.rest.enabled }}
|
|
- name: rest-v1
|
|
_comment: "PostgREST: /rest/v1/* -> http://{{ include "supabase.rest.fullname" . }}:{{ .Values.rest.service.port }}/*"
|
|
url: http://{{ include "supabase.rest.fullname" . }}:{{ .Values.rest.service.port }}/
|
|
routes:
|
|
- name: rest-v1-all
|
|
strip_path: true
|
|
paths:
|
|
- /rest/v1/
|
|
plugins:
|
|
- name: cors
|
|
- name: key-auth
|
|
config:
|
|
hide_credentials: true
|
|
- name: acl
|
|
config:
|
|
hide_groups_header: true
|
|
allow:
|
|
- admin
|
|
- anon
|
|
- name: graphql-v1
|
|
_comment: 'PostgREST: /graphql/v1/* -> http://{{ include "supabase.rest.fullname" . }}:{{ .Values.rest.service.port }}/rpc/graphql'
|
|
url: http://{{ include "supabase.rest.fullname" . }}:{{ .Values.rest.service.port }}/rpc/graphql
|
|
routes:
|
|
- name: graphql-v1-all
|
|
strip_path: true
|
|
paths:
|
|
- /graphql/v1
|
|
plugins:
|
|
- name: cors
|
|
- name: key-auth
|
|
config:
|
|
hide_credentials: true
|
|
- name: request-transformer
|
|
config:
|
|
add:
|
|
headers:
|
|
- Content-Profile:graphql_public
|
|
- name: acl
|
|
config:
|
|
hide_groups_header: true
|
|
allow:
|
|
- admin
|
|
- anon
|
|
{{- end }}
|
|
{{- if .Values.realtime.enabled }}
|
|
- name: realtime-v1
|
|
_comment: "Realtime: /realtime/v1/* -> ws://{{ include "supabase.realtime.fullname" . }}:{{ .Values.realtime.service.port }}/socket/*"
|
|
url: http://{{ include "supabase.realtime.fullname" . }}:{{ .Values.realtime.service.port }}/socket
|
|
routes:
|
|
- name: realtime-v1-all
|
|
strip_path: true
|
|
paths:
|
|
- /realtime/v1/
|
|
plugins:
|
|
- name: cors
|
|
- name: key-auth
|
|
config:
|
|
hide_credentials: false
|
|
- name: acl
|
|
config:
|
|
hide_groups_header: true
|
|
allow:
|
|
- admin
|
|
- anon
|
|
{{- end }}
|
|
{{- if .Values.storage.enabled }}
|
|
- name: storage-v1
|
|
_comment: "Storage: /storage/v1/* -> http://{{ include "supabase.storage.fullname" . }}:{{ .Values.storage.service.port }}/*"
|
|
url: http://{{ include "supabase.storage.fullname" . }}:{{ .Values.storage.service.port }}/
|
|
routes:
|
|
- name: storage-v1-all
|
|
strip_path: true
|
|
paths:
|
|
- /storage/v1/
|
|
plugins:
|
|
- name: cors
|
|
{{- end }}
|
|
{{- if .Values.functions.enabled }}
|
|
- name: functions-v1
|
|
_comment: 'Edge Functions: /functions/v1/* -> http://{{ include "supabase.functions.fullname" . }}:{{ .Values.functions.service.port }}/*'
|
|
url: http://functions:{{ .Values.functions.service.port }}/
|
|
routes:
|
|
- name: functions-v1-all
|
|
strip_path: true
|
|
paths:
|
|
- /functions/v1/
|
|
plugins:
|
|
- name: cors
|
|
{{- end }}
|
|
{{- if .Values.analytics.enabled }}
|
|
- name: analytics-v1
|
|
_comment: 'Analytics: /analytics/v1/* -> http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/*'
|
|
url: http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/
|
|
routes:
|
|
- name: analytics-v1-all
|
|
strip_path: true
|
|
paths:
|
|
- /analytics/v1/
|
|
{{- end }}
|
|
{{- if .Values.meta.enabled }}
|
|
- name: meta
|
|
_comment: "pg-meta: /pg/* -> http://{{ include "supabase.meta.fullname" . }}:{{ .Values.meta.service.port }}/*"
|
|
url: http://{{ include "supabase.meta.fullname" . }}:{{ .Values.meta.service.port }}/
|
|
routes:
|
|
- name: meta-all
|
|
strip_path: true
|
|
paths:
|
|
- /pg/
|
|
plugins:
|
|
- name: key-auth
|
|
config:
|
|
hide_credentials: false
|
|
- name: acl
|
|
config:
|
|
hide_groups_header: true
|
|
allow:
|
|
- admin
|
|
{{- end }}
|
|
- name: dashboard
|
|
_comment: 'Studio: /* -> http://{{ include "supabase.studio.fullname" . }}:{{ .Values.studio.service.port }}/*'
|
|
url: http://{{ include "supabase.studio.fullname" . }}:{{ .Values.studio.service.port }}/
|
|
routes:
|
|
- name: dashboard-all
|
|
strip_path: true
|
|
paths:
|
|
- /
|
|
{{- if .Values.secret.dashboard }}
|
|
plugins:
|
|
- name: cors
|
|
- name: basic-auth
|
|
config:
|
|
hide_credentials: true
|
|
{{- end }}
|
|
{{- end }} |