-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathzarf.yaml
147 lines (143 loc) · 6.15 KB
/
zarf.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.16.0/zarf.schema.json
kind: ZarfPackageConfig
metadata:
name: supabase
version: '###ZARF_PKG_TMPL_IMAGE_VERSION###'
description: >
supabase instance and all of its dependencies
constants:
- name: DASHBOARD_USERNAME
description: The dashboard's (Supabase studio) default username
value: supabase-admin
- name: EXTERNAL_KEYCLOAK_CLIENT_ID
description: 'External keycloak client value'
value: "uds-supabase"
- name: IMAGE_VERSION
value: '###ZARF_PKG_TMPL_IMAGE_VERSION###'
variables:
- name: DOMAIN
default: "uds.dev"
- name: ENABLE_AUTH
description: 'Enable Supabases built-in authentication and authorization parts'
default: "true"
- name: ENABLE_META
description: 'Enable the restful API for managing Postgres, fetch tables, add roles, and run queries'
default: "true"
- name: ENABLE_REALTIME
description: 'Enables the API for sending and receiving messages between clients in realtime in addition to listening for db changes'
default: "true"
- name: ENABLE_REST
description: 'Enable the autogenerated high level rest API for interacting with the database'
default: "true"
- name: ENABLE_STORAGE
description: 'Enable the Supabase object store'
default: "true"
- name: ENABLE_STUDIO
description: 'Enable the dashboard for managing Supabase, this dashboard depends on and sits atop other Supabase components'
default: "true"
- name: ENABLE_VOLUME_PERMISSIONS
description: 'Enable init container that changes the owner/group of the PV mount point to runAsUser:fsGroup'
default: "false"
- name: ENABLE_KONG
description: 'Enable the API gateway that automatically handles the routing between the Supabase workloads'
default: "true"
- name: ENABLE_POSTGRES
description: 'Enable built-in postgres db to store account information and serve as the backend db for integrating applications'
default: "true"
- name: ENABLE_EXTERNAL_KEYCLOAK
description: 'Enable the integration between Supabase and an external keycloak instance be enabled'
default: "true"
- name: MAX_FILE_UPLOAD_SIZE_IN_BYTES
description: 'The maximum upload file size for Supabase storage in bytes, default is equivalent to 512Mb'
default: "536870912"
components:
- name: supabase
required: true
only:
flavor: upstream
charts:
# This exists because the jwt token job fails to run in the main helm chart at the proper time due to its reliance on `helm.sh/hook: post-install`.
# This annotation causes it to run at the end of the Supabase Zarf component.
# Because of this the job never starts. As parts of Supabase rely on this token being created before moving on.
# When attempts are made to move it earlier in the process within the same component the job does not complete due to pre-requisites that the job has.
# So all of this has been moved into the bootstrap values file and component.
- name: supabase-bootstrap
namespace: leapfrogai
url: oci://registry-1.docker.io/bitnamicharts/supabase
releaseName: supabase-bootstrap
version: 5.3.3
valuesFiles:
- "bitnami-values.yaml"
- "bitnami-values-bootstrap.yaml"
- name: supabase-secrets-generator
namespace: leapfrogai
localPath: chart/
releaseName: supabase-secrets-generator
version: 0.0.1
valuesFiles:
- "bitnami-values.yaml"
- name: supabase
namespace: leapfrogai
url: oci://registry-1.docker.io/bitnamicharts/supabase
releaseName: supabase
version: 5.3.3
valuesFiles:
- "bitnami-values.yaml"
images:
- docker.io/bitnami/gotrue:2.155.6-debian-12-r3
- docker.io/bitnami/jwt-cli:6.1.0-debian-12-r5
- docker.io/bitnami/kubectl:1.30.3-debian-12-r4
- docker.io/bitnami/os-shell:12-debian-12-r27
- docker.io/bitnami/postgrest:11.2.2-debian-12-r31
- docker.io/bitnami/supabase-postgres:15.6.1-debian-12-r2
- docker.io/bitnami/supabase-postgres-meta:0.83.2-debian-12-r3
- docker.io/bitnami/supabase-realtime:2.30.14-debian-12-r2
- docker.io/bitnami/supabase-storage:1.8.2-debian-12-r2
- docker.io/bitnami/supabase-studio:1.24.5-debian-12-r4
- docker.io/bitnami/kong:3.7.1-debian-12-r5
- name: supabase-post-process
description: "Perform necessary post processing here"
required: true
only:
flavor: upstream
actions:
onDeploy:
before:
# Deletes the initial kong config created by the upstream chart
- cmd: ./zarf tools kubectl delete cm supabase-kong-declarative-config -n leapfrogai
after:
# Restarts supabase-kong after the new kong config has been applied
# so that it can be loaded into the kong container
- cmd: ./zarf tools kubectl rollout restart deployment supabase-kong -n leapfrogai
- cmd: ./zarf tools kubectl rollout status deployment supabase-kong -n leapfrogai
manifests:
# Applies an update kong config that includes basic auth, this gets applied
# after the kong pods have started so the original config needs to be deleted and pod restarted
- name: supabase-manifests
namespace: leapfrogai
files:
- "manifests/declarative-conf-configmap.yaml"
- name: supabase-migrations
description: "Migrations that operate on a database configuration level that require higher elevated permissions (ie adding extensions)"
required: true
only:
flavor: upstream
charts:
- name: supabase-migrations
namespace: leapfrogai
localPath: migrationChart/
releaseName: supabase-migrations
version: 0.0.1
valuesFiles:
- "migration-values.yaml"
images:
- "ghcr.io/defenseunicorns/leapfrogai/supabase-migrations:###ZARF_PKG_TMPL_IMAGE_VERSION###"
actions:
onDeploy:
after:
- wait:
cluster:
kind: Job
name: supabase-migrations-###ZARF_PKG_TMPL_IMAGE_VERSION###
namespace: leapfrogai
condition: complete