This directory contains the configurations and scripts required to run Supabase inside a Kubernetes cluster.
We use bitnami/postgres to create and manage the Postgres database. This permit you to use replication if needed but you'll have to use the Postgres image provided Bitnami or build your own on top of it. You can also choose to use other databases provider like StackGres or Postgres Operator.
For the moment we are using a root container to permit the installation of the missing pgjwt and wal2json extension inside the initdbScripts. This is considered a security issue, but you can use your own Postgres image instead with the extension already installed to prevent this. We provide an example of Dockerfilefor this purpose, you can use ours or build and host it on your own.
The database configuration we provide is an example using only one master. If you want to go to production, we highly recommend you to use a replicated database.
For this section we're using Minikube and Docker to create a Kubernetes cluster
You'll first need to replace the secrets and endpoints with correct values inside the values.template.yaml.
You can create a copy of this file and update the following values:
your-super-secret-jwt-token-with-at-least-32-characters-long: With a generated secret key (openssl rand 64 | base64).JWT_ANON_KEY: A JWT signed with the key above and the roleanon.JWT_SERVICE_KEY: A JWT signed with the key above and the roleservice_role. You can use the JWT Tool to generate your keys.MY_VERY_HARD_PASSWORD_FOR_DATABASE: Postgres root password for the created database.RELEASE_NAME: Name used for helm release.NAMESPACE: Namespace used for the helm release.
helm repo add supabase https://supabase-community.github.io/supabase-kubernetes
helm install RELEASE_NAME supabase/supabase --namespace NAMESPACE -f your-values.yaml --create-namespaceThe first deployment can take some time to complete. You can view the status of the pods using:
kubectl get pod -n NAMESPACEWhen the installation will be complete you'll be able to create a tunnel using minikube:
minikube tunnelIf you just use the value.example.yaml file, you can access the API or the Studio App using the following endpoints:
We didn't provide a complete configuration to go production because of the multiple possibility.
But here are the important points you have to think about:
- Use a replicated version of the Postgres database.
- Add SSL to the Postgres database.
- Add SSL configuration to the ingresses endpoints using either the
cert-manageror a LoadBalancer provider. - Change the domain used in the ingresses endpoints.
- Generate a new secure JWT Secret.
Depending on your Kubernetes version you might want to fill the className property instead of the kubernetes.io/ingress.class annotations. For example:
kong:
ingress:
enabled: 'true'
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /