Add supabase deployment

packages/supabase/clean-cluster.sh

@@ -0,0 +1,3 @@
+kubectl delete deployments --all -n leapfrogai
+helm uninstall supabase -n leapfrogai
+zarf package remove supabase --confirm

packages/supabase/initial-push.sh

@@ -0,0 +1,26 @@
+docker tag supabase/studio:20230127-6bfd87b localhost:5000/supabase/studio:20230127-6bfd87b
+docker push localhost:5000/supabase/studio:20230127-6bfd87b
+
+docker tag supabase/postgres:14.1.0.105 localhost:5000/supabase/postgres:14.1.0.105
+docker push localhost:5000/supabase/postgres:14.1.0.105
+
+docker tag postgres:15-alpine localhost:5000/postgres:15-alpine
+docker push localhost:5000/postgres:15-alpine
+
+docker tag supabase/gotrue:v2.146.0 localhost:5000/supabase/gotrue:v2.146.0
+docker push localhost:5000/supabase/gotrue:v2.146.0
+
+docker tag postgrest/postgrest:latest localhost:5000/postgrest/postgrest:latest
+docker push localhost:5000/postgrest/postgrest:latest
+
+docker tag supabase/realtime:v2.1.0 localhost:5000/supabase/realtime:v2.1.0
+docker push localhost:5000/supabase/realtime:v2.1.0
+
+docker tag supabase/storage-api:v0.26.1 localhost:5000/supabase/storage-api:v0.26.1
+docker push localhost:5000/supabase/storage-api:v0.26.1
+
+docker tag kong:2.8.1 localhost:5000/kong:2.8.1
+docker push localhost:5000/kong:2.8.1
+
+docker tag supabase/postgres-meta:latest localhost:5000/supabase/postgres-meta:latest
+docker push localhost:5000/supabase/postgres-meta:latest

packages/supabase/supabase-kubernetes/charts/supabase/Chart.yaml

@@ -0,0 +1,25 @@
+apiVersion: v2
+name: supabase
+description: The open source Firebase alternative.
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.0.3
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+# Not used because too difficult to follow correctly
+# appVersion: "1.16.0"

packages/supabase/supabase-kubernetes/charts/supabase/README.md

@@ -0,0 +1,189 @@
+# Supabase for Kubernetes with Helm 3
+
+This directory contains the configurations and scripts required to run Supabase inside a Kubernetes cluster.
+
+## Disclamer
+
+We use [supabase/postgres](https://hub.docker.com/r/supabase/postgres) to create and manage the Postgres database. This permit you to use replication if needed but you'll have to use the Postgres image provided Supabase or build your own on top of it. You can also choose to use other databases provider like [StackGres](https://stackgres.io/) or [Postgres Operator](https://github.com/zalando/postgres-operator).
+
+For the moment we are using a root container to permit the installation of the missing `pgjwt` and `wal2json` extension inside the `initdbScripts`. This is considered a security issue, but you can use your own Postgres image instead with the extension already installed to prevent this. We provide an example of `Dockerfile`for this purpose, you can use [ours](https://hub.docker.com/r/tdeoliv/supabase-bitnami-postgres) or build and host it on your own.
+
+The database configuration we provide is an example using only one master. If you want to go to production, we highly recommend you to use a replicated database.
+
+## Quickstart
+
+> For this section we're using Minikube and Docker to create a Kubernetes cluster
+
+```bash
+# Clone Repository
+git clone https://github.com/supabase-community/supabase-kubernetes
+
+# Switch to charts directory
+cd supabase-kubernetes/charts/supabase/
+
+# Create JWT secret
+kubectl -n default create secret generic demo-supabase-jwt \
+  --from-literal=anonKey='eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICAgInJvbGUiOiAiYW5vbiIsCiAgICAiaXNzIjogInN1cGFiYXNlIiwKICAgICJpYXQiOiAxNjc1NDAwNDAwLAogICAgImV4cCI6IDE4MzMxNjY4MDAKfQ.ztuiBzjaVoFHmoljUXWmnuDN6QU2WgJICeqwyzyZO88' \
+  --from-literal=serviceKey='eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.ewogICAgInJvbGUiOiAic2VydmljZV9yb2xlIiwKICAgICJpc3MiOiAic3VwYWJhc2UiLAogICAgImlhdCI6IDE2NzU0MDA0MDAsCiAgICAiZXhwIjogMTgzMzE2NjgwMAp9.qNsmXzz4tG7eqJPh1Y58DbtIlJBauwpqx39UF-MwM8k' \
+  --from-literal=secret='abcdefghijklmnopqrstuvwxyz123456'
+
+# Create SMTP secret
+kubectl -n default create secret generic demo-supabase-smtp \
+  --from-literal=username='[email protected]' \
+  --from-literal=password='example123456'
+
+# Create DB secret
+kubectl -n default create secret generic demo-supabase-db \
+  --from-literal=username='postgres' \
+  --from-literal=password='example123456' 
+
+# Install the chart
+helm -n default install demo -f values.example.yaml .
+```
+
+The first deployment can take some time to complete (especially auth service). You can view the status of the pods using:
+
+```bash
+kubectl -n default get pod 
+
+NAME                                      READY   STATUS    RESTARTS      AGE
+demo-supabase-auth-78547c5c8d-chkbm       1/1     Running   2 (40s ago)   47s
+demo-supabase-db-5bc75fbf56-4cxcv         1/1     Running   0             47s
+demo-supabase-kong-8c666695f-5vzwt        1/1     Running   0             47s
+demo-supabase-meta-6779677c7-s77qq        1/1     Running   0             47s
+demo-supabase-realtime-6b55986d7d-csnr7   1/1     Running   0             47s
+demo-supabase-rest-5d864469d-bk5rv        1/1     Running   0             47s
+demo-supabase-storage-6c878dcbd4-zzzcv    1/1     Running   0             47s
+```
+
+### Tunnel with Minikube
+
+When the installation will be complete you'll be able to create a tunnel using minikube:
+
+```bash
+# First, enable the ingress addon in Minikube
+minikube addons enable ingress
+
+# Then enable the tunnel (will need sudo credentials because you are opening Port 80/443 on your local machine)
+minikube tunnel
+```
+
+If you just use the `value.example.yaml` file, you can access the API or the Studio App using the following endpoints:
+
+- <http://api.localhost>
+- <http://studio.localhost>
+
+### Uninstall
+
+```Bash
+# Uninstall Helm chart
+helm -n default uninstall demo 
+
+# Delete secrets
+kubectl -n default delete secret demo-supabase-db
+kubectl -n default delete secret demo-supabase-jwt
+kubectl -n default delete secret demo-supabase-smtp
+```
+
+## Customize
+
+You should consider to adjust the following values in `values.yaml`:
+
+- `JWT_SECRET_NAME`: Reference to Kubernetes secret with JWT secret data `secret`, `anonKey` & `serviceKey`
+- `SMTP_SECRET_NAME`: Reference to Kubernetes secret with SMTP credentials `username` & `password`
+- `DB_SECRET_NAME`: Reference to Kubernetes secret with Postgres credentials `username` & `password`
+- `RELEASE_NAME`: Name used for helm release
+- `NAMESPACE`: Namespace used for the helm release
+- `API.EXAMPLE.COM` URL to Kong API
+- `STUDIO.EXAMPLE.COM` URL to Studio
+
+If you want to use mail, consider to adjust the following values in `values.yaml`:
+
+- `SMTP_ADMIN_MAIL`
+- `SMTP_HOST`
+- `SMTP_PORT`
+- `SMTP_SENDER_NAME`
+
+### JWT Secret
+
+We encourage you to use your own JWT keys by generating a new Kubernetes secret and reference it in `values.yaml`:
+
+```yaml
+  jwt:
+    secretName: "JWT_SECRET_NAME"
+```
+
+The secret can be created with kubectl via command-line:
+
+```bash
+kubectl -n NAMESPACE create secret generic JWT_SECRET_NAME \
+  --from-literal=secret='JWT_TOKEN_AT_LEAST_32_CHARACTERS_LONG' \
+  --from-literal=anonKey='JWT_ANON_KEY' \
+  --from-literal=serviceKey='JWT_SERVICE_KEY'
+```
+
+> 32 characters long secret can be generated with `openssl rand 64 | base64`
+> You can use the [JWT Tool](https://supabase.com/docs/guides/hosting/overview#api-keys) to generate anon and service keys.
+
+### SMTP Secret
+
+Connection credentials for the SMTP mail server will also be provided via Kubernetes secret referenced in `values.yaml`:
+
+```yaml
+  smtp:
+    secretName: "SMTP_SECRET_NAME"
+```
+
+The secret can be created with kubectl via command-line:
+
+```bash
+kubectl -n NAMESPACE create secret generic SMTP_SECRET_NAME \
+  --from-literal=username='SMTP_USER' \
+  --from-literal=password='SMTP_PASSWORD'
+```
+
+### DB Secret
+
+DB credentials will also be stored in a Kubernetes secret and referenced in `values.yaml`:
+
+```yaml
+  db:
+    secretName: "DB_SECRET_NAME"
+```
+
+The secret can be created with kubectl via command-line:
+
+```bash
+kubectl -n NAMESPACE create secret generic DB_SECRET_NAME \
+  --from-literal=username='DB_USER' \
+  --from-literal=password='PW_USER'
+```
+
+> If you depend on database providers like [StackGres](https://stackgres.io/) or [Postgres Operator](https://github.com/zalando/postgres-operator) you only need to reference the already existing secret in `values.yaml`.
+
+## How to use in Production
+
+We didn't provide a complete configuration to go production because of the multiple possibility.
+
+But here are the important points you have to think about:
+
+- Use a replicated version of the Postgres database.
+- Add SSL to the Postgres database.
+- Add SSL configuration to the ingresses endpoints using either the `cert-manager` or a LoadBalancer provider.
+- Change the domain used in the ingresses endpoints.
+- Generate a new secure JWT Secret.
+
+## Troubleshooting
+
+### Ingress Controller and Ingress Class
+
+Depending on your Kubernetes version you might want to fill the `className` property instead of the `kubernetes.io/ingress.class` annotations. For example:
+
+```yml
+kong:
+  ingress:
+    enabled: 'true'
+    className: "nginx"
+    annotations:
+      nginx.ingress.kubernetes.io/rewrite-target: /
+```

packages/supabase/supabase-kubernetes/charts/supabase/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "supabase.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "supabase.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "supabase.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "supabase.labels" -}}
+helm.sh/chart: {{ include "supabase.chart" . }}
+{{ include "supabase.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "supabase.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "supabase.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "supabase.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "supabase.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

packages/supabase/supabase-kubernetes/charts/supabase/templates/auth/_helpers.tpl

@@ -0,0 +1,43 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "supabase.auth.name" -}}
+{{- default (print .Chart.Name "-auth") .Values.auth.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "supabase.auth.fullname" -}}
+{{- if .Values.auth.fullnameOverride }}
+{{- .Values.auth.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default (print .Chart.Name "-auth") .Values.auth.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "supabase.auth.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "supabase.auth.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "supabase.auth.serviceAccountName" -}}
+{{- if .Values.auth.serviceAccount.create }}
+{{- default (include "supabase.auth.fullname" .) .Values.auth.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.auth.serviceAccount.name }}
+{{- end }}
+{{- end }}

packages/supabase/supabase-kubernetes/charts/supabase/templates/auth/config.yaml

@@ -0,0 +1,10 @@
+{{- if .Values.auth.enabled -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "supabase.auth.fullname" . }}
+  labels:
+    {{- include "supabase.labels" . | nindent 4 }}
+data:
+  {{- toYaml .Values.auth.environment | nindent 2 }}
+{{- end }}