Skip to content

Storage

The Storage resources configures the following optional services:

The image proxy can be omitted if you don't need it.

The Supabase Storage service can use two different storage backends:

  • an upstream S3 storage
  • a local volume (e.g. a PVC)

If you want to use another object storage (like Azure Storage Accounts), it is advised to check whether there's a Container Storage Interface (CSI) driver available that allows you to use the object storage in question as a persistent volume.

Upstream S3 storage

The following example illustrates how to connect your Storage API to an upstream S3 storage:

Upstream S3 'Storage' example
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
apiVersion: supabase.k8s.icb4dc0.de/v1alpha1
kind: Storage
metadata:
  labels:
    app.kubernetes.io/name: supabase-operator
    app.kubernetes.io/managed-by: kustomize
  name: storage-sample
spec:
  api:
    s3Backend:
      endpoint: http://minio.minio-dev.svc:9000
      region: us-east-1
      forcePathStyle: true
      bucket: test
      credentialsSecretRef:
        secretName: storage-s3-credentials
    s3: {}
    db:
      host: cluster-example-rw.supabase-demo.svc
      dbName: app
      dbCredentialsRef:
        # will be created by Core resource operator if not present
        # just make sure the secret name is either based on the name of the core resource or explicitly set
        # format <core-resource-name>-db-creds-supabase-storage-admin
        secretName: core-sample-db-creds-supabase-storage-admin
    enableImageTransformation: true
    jwtAuth:
      # will be created by Core resource operator if not present
      # just make sure the secret name is either based on the name of the core resource or explicitly set
      secretName: core-sample-jwt
  imageProxy:
    enable: true

Please note that the credentials are referenced via a Kubernetes Secret. The keys of the secret can be configured, but by default the Secret would look like this:

apiVersion: v1
kind: Secret
metadata:
  name: storage-s3-credentials
stringData:
  accessKeyId: <value>
  secretAccessKey: <value>

if you want or need different secret keys, please have a look at the API reference.

Local volume

Alternatively, you can use any 'local' storage in the Pod. It is strongly recommended to create and mount a PVC or a host path to ensure persistence, but it's strictly necessary.

The following example shows how you can configure the Storage API for local storage and how you can customize the workload to mount a volume.

Local volume 'Storage' example
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
apiVersion: supabase.k8s.icb4dc0.de/v1alpha1
kind: Storage
metadata:
  labels:
    app.kubernetes.io/name: supabase-operator
    app.kubernetes.io/managed-by: kustomize
  name: storage-sample
spec:
  api:
    fileBackend:
      path: /tmp
    db:
      host: cluster-example-rw.supabase-demo.svc
      dbName: app
      dbCredentialsRef:
        # will be created by Core resource operator if not present
        # just make sure the secret name is either based on the name of the core resource or explicitly set
        # format <core-resource-name>-db-creds-supabase-storage-admin
        secretName: core-sample-db-creds-supabase-storage-admin
    enableImageTransformation: true
    jwtAuth:
      # will be created by Core resource operator if not present
      # just make sure the secret name is either based on the name of the core resource or explicitly set
      secretName: core-sample-jwt
    workloadTemplate:
      workload:
        volumeMounts:
          - name: storage-temp
            mountPath: /tmp
      additionalVolumes:
        - name: storage-temp
          emtpyDir:
            sizeLimit: 500Mi
  imageProxy:
    enable: true

Please note that, the API workload will be a Kubernetes Deployment. But even if this would change in the future to a StatefulSet for some reason, the Storage API is really only an API and does not replicate or distribute data across instances. In consequence, when using Kubernetes volumes, you should either use volumes that ideally support ReadWriteMany mode or you might want to configure the strategy of the Storage API workload to Recreate (see also upstream docs).

For further details on how to configure the strategy please check out the reference docs.