Skip to content

Core

The Core resource configures the essential Supabase services:

  • PostgREST
  • Auth

and it manages the initial DB migrations that are not done by the services themselves and are part of the supabase/postgres repository.

To deploy a basic Core instance, you can use the following snippet as a 'template':

Basic 'Core' example
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
apiVersion: supabase.k8s.icb4dc0.de/v1alpha1
kind: Core
metadata:
  name: core-sample
  labels:
    app.kubernetes.io/name: supabase-operator
    app.kubernetes.io/managed-by: kustomize
spec:
  # public URL of the Supabase instance (API)
  # normally the Ingress/HTTPRoute endpoint
  externalUrl: http://localhost:8000/
  # public URL of the frontend
  # could be the same as the externalUrl if you're using one Ingress/HTTPRoute for both
  # or a different one if you prefer to separate API and frontend URLs
  # will be used by Supabase Auth to redirect users after login
  siteUrl: http://localhost:3000/
  database:
    dsnSecretRef:
      # name of the secret containing the database DSN
      name: supabase-demo-credentials
      key: url
  auth:
    enableEmailAutoconfirm: true
    providers: {}
  postgrest:
    maxRows: 1000
  jwt:
    expiry: 3600
    # name of the secret containing the JWT secret
    # will be created if not found, make sure to refernce this secret in:
    # - APIGateway
    # - Dashboard-
    # - Storage
    secretName: core-sample-jwt

Postgres Database

This operator only manages the Supabase specific migrations and roles. There are plenty of Postgres operators like:

(Ordered alphabetically)

that handle all aspects of managing a Postgres instance or even a whole cluster including various backup and restore capabilities and much more.

This operator "only" needs a superuser access to the Postgres instance, where you would like to setup your Supabase instance.

The connection to the database is configured via a regular DSN in a Kubernetes Secret like this:

---
apiVersion: v1
kind: Secret
metadata:
  name: supabase-demo-credentials
  namespace: supabase-demo
stringData:
  url: postgresql://supabase_admin:<password>@<postgres-host>:5432/<postgres DB>

Please note that the structure of Supabase migrations makes it hard to run multiple Supabase instances (or generally multiple apps, for that matter) on the same Postgres instance. Independently of whether this might possible in the future or not, it does make sense to isolate Supabase apps against each other from a resource perspective, which is easier if you do not share database servers.

PostgREST

The default configuration for PostgREST should be sufficient for most use cases. If you want to customize the PostgREST, please check the API reference.

Auth

Supabase Auth supports a vast amount of auth providers. This operator will eventually support the same set of auth providers, but, considering that it is currently still more of a PoC, it is currently still limited. To get a detailed view of which providers are currently supported, please check the auth overview and the API reference.

Auth providers are configured via environment variables exposed to the auth service. The configuration of each provider abstracts these environment variables, in order to provide you with a typed API, to avoid as many mistakes as possible. If you are in desperate need of a provider that is not yet supported, please create a GitHub issue.