Bitnami package for Supabase

Supabase is an open source Firebase alternative. Provides all the necessary backend features to build your application in a scalable way. Uses PostgreSQL as datastore.

Overview of Supabase

Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.

TL;DR

helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/supabase

Note: You need to substitute the placeholders REGISTRY_NAME and REPOSITORY_NAME with a reference to your Helm chart registry and repository.

Introduction

Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads.

This chart bootstraps a Supabase deployment in a Kubernetes cluster using the Helm package manager. Bitnami charts can be used with Kubeapps for deployment and management of Helm Charts in clusters.

Prerequisites

• Kubernetes 1.23+
• Helm 3.8.0+
• PV provisioner support in the underlying infrastructure
• ReadWriteMany volumes for deployment scaling

Installing the Chart

To install the chart with the release name my-release:

helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/supabase

Note: You need to substitute the placeholders REGISTRY_NAME and REPOSITORY_NAME with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use REGISTRY_NAME=registry-1.docker.io and REPOSITORY_NAME=bitnamicharts.

The command deploys Supabase on the Kubernetes cluster in the default configuration. The Parameters section lists the parameters that can be configured during installation.

Tip: List all releases using helm list

Configuration and installation details

Resource requests and limits

Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the resources value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.

To make this process easier, the chart contains the resourcesPreset values, which automatically sets the resources section according to different presets. Check these presets in the bitnami/common chart. However, in production workloads using resourcePreset is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the official Kubernetes documentation.

Rolling VS Immutable tags

It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.

Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.

External database support

You may want to have supabase connect to an external database rather than installing one inside your cluster. Typical reasons for this are to use a managed database service, or to share a common database server for all your applications. To achieve this, the chart allows you to specify credentials for an external database with the externalDatabase parameter. You should also disable the PostgreSQL installation with the postgresql.enabled option. Here is an example:

postgresql.enabled=false
externalDatabase.host=myexternalhost
externalDatabase.user=myuser
externalDatabase.password=mypassword
externalDatabase.database=mydatabase
externalDatabase.port=5432

Ingress

This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as nginx-ingress-controller or contour you can utilize the ingress controller to serve your application.To enable Ingress integration, set studio.ingress.enabled to true.

The most common scenario is to have one host name mapped to the deployment. In this case, the studio.ingress.hostname property can be used to set the host name. The studio.ingress.tls parameter can be used to add the TLS configuration for this host.

However, it is also possible to have more than one host. To facilitate this, the studio.ingress.extraHosts parameter (if available) can be set with the host names specified as an array. The studio.ingress.extraTLS parameter (if available) can also be used to add the TLS configuration for extra hosts.

NOTE: For each host specified in the studio.ingress.extraHosts parameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but this annotation reference document lists the annotations supported by many popular Ingress controllers.

Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists.

Learn more about Ingress controllers.

TLS secrets

This chart facilitates the creation of TLS secrets for use with the Ingress controller (although this is not mandatory). There are several common use cases:

• Generate certificate secrets based on chart parameters.
• Enable externally generated certificates.
• Manage application certificates via an external service (like cert-manager).
• Create self-signed certificates within the chart (if supported).

In the first two cases, a certificate and a key are needed. Files are expected in .pem format.

Here is an example of a certificate file:

NOTE: There may be more than one certificate if there is a certificate chain.

-----BEGIN CERTIFICATE-----
MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
...
jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7
-----END CERTIFICATE-----

Here is an example of a certificate key:

-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4
...
wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc=
-----END RSA PRIVATE KEY-----

• If using Helm to manage the certificates based on the parameters, copy these values into the certificate and key values for a given *.ingress.secrets entry.
• If managing TLS secrets separately, it is necessary to create a TLS secret with name INGRESS_HOSTNAME-tls (where INGRESS_HOSTNAME is a placeholder to be replaced with the hostname you set using the *.ingress.hostname parameter).
• If your cluster has a cert-manager add-on to automate the management and issuance of TLS certificates, add to *.ingress.annotations the corresponding ones for cert-manager.
• If using self-signed certificates created by Helm, set both *.ingress.tls and *.ingress.selfSigned to true.

Additional environment variables

In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the extraEnvVars property inside the different component sections.

rest:
  extraEnvVars:
    - name: LOG_LEVEL
      value: error

Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the extraEnvVarsCM or the extraEnvVarsSecret values inside the specific component sections.

Sidecars

If additional containers are needed in the same pod as supabase (such as additional metrics or logging exporters), they can be defined using the sidecars parameter inside the component specific sections.

sidecars:
- name: your-image-name
  image: your-image
  imagePullPolicy: Always
  ports:
  - name: portname
    containerPort: 1234

If these sidecars export extra ports, extra port definitions can be added using the service.extraPorts parameter (where available), as shown in the example below:

service:
  extraPorts:
  - name: extraPort
    port: 11311
    targetPort: 11311

NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the --enable-metrics=true parameter at deployment time. The sidecars parameter should therefore only be used for any extra sidecar containers.

If additional init containers are needed in the same pod, they can be defined using the initContainers parameter. Here is an example:

initContainers:
  - name: your-image-name
    image: your-image
    imagePullPolicy: Always
    ports:
      - name: portname
        containerPort: 1234

Learn more about sidecar containers and init containers.

Pod affinity

This chart allows you to set your custom affinity using the affinity parameter. Find more information about Pod affinity in the kubernetes documentation.

As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the bitnami/common chart. To do so, set the podAffinityPreset, podAntiAffinityPreset, or nodeAffinityPreset parameters inside the specific component sections.

Persistence

The chart mounts a Persistent Volume volume at /bitnami/supabase-storage. The volume is created using dynamic volume provisioning, by default. An existing PersistentVolumeClaim can also be defined.

If you encounter errors when working with persistent volumes, refer to our troubleshooting guide for persistent volumes.

Parameters

Global parameters

Name	Description	Value
global.imageRegistry	Global Docker image registry	""
global.imagePullSecrets	Global Docker registry secret names as an array	[]
global.storageClass	Global StorageClass for Persistent Volume(s)	""
global.jwt.existingSecret	The name of the existing secret containing the JWT secret	""
global.jwt.existingSecretKey	The key in the existing secret containing the JWT secret	secret
global.jwt.existingSecretAnonKey	The key in the existing secret containing the JWT anon key	anon-key
global.jwt.existingSecretServiceKey	The key in the existing secret containing the JWT service key	service-key
global.compatibility.openshift.adaptSecurityContext	Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)	auto

Common parameters

Name	Description	Value
kubeVersion	Override Kubernetes version	""
nameOverride	String to partially override common.names.name	""
fullnameOverride	String to fully override common.names.fullname	""
namespaceOverride	String to fully override common.names.namespace	""
commonLabels	Labels to add to all deployed objects	{}
commonAnnotations	Annotations to add to all deployed objects	{}
clusterDomain	Kubernetes cluster domain name	cluster.local
extraDeploy	Array of extra objects to deploy with the release	[]
diagnosticMode.enabled	Enable diagnostic mode (all probes will be disabled and the command will be overridden)	false
diagnosticMode.command	Command to override all containers in the deployment	["sleep"]
diagnosticMode.args	Args to override all containers in the deployment	["infinity"]

Supabase Common parameters

Name	Description	Value
jwt.secret	The secret string used to sign JWT tokens	""
jwt.anonKey	JWT string for annonymous users	""
jwt.serviceKey	JWT string for service users	""
jwt.autoGenerate.forceRun	Force the run of the JWT generation job	false
jwt.autoGenerate.image.registry	JWT CLI image registry	REGISTRY_NAME
jwt.autoGenerate.image.repository	JWT CLI image repository	REPOSITORY_NAME/jwt-cli
jwt.autoGenerate.image.digest	JWT CLI image digest in the way sha256:aa…. Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)	""
jwt.autoGenerate.image.pullPolicy	JWT CLI image pull policy	IfNotPresent
jwt.autoGenerate.image.pullSecrets	JWT CLI image pull secrets	[]
jwt.autoGenerate.kubectlImage.registry	Kubectl image registry	REGISTRY_NAME
jwt.autoGenerate.kubectlImage.repository	Kubectl image repository	REPOSITORY_NAME/kubectl
jwt.autoGenerate.kubectlImage.digest	Kubectl image digest in the way sha256:aa…. Please note this parameter, if set, will override the tag	""
jwt.autoGenerate.kubectlImage.pullPolicy	Kubectl image pull policy	IfNotPresent
jwt.autoGenerate.kubectlImage.pullSecrets	Kubectl image pull secrets	[]
jwt.autoGenerate.backoffLimit	set backoff limit of the job	10
jwt.autoGenerate.extraVolumes	Optionally specify extra list of additional volumes for the jwt init job	[]
jwt.autoGenerate.livenessProbe.enabled	Enable livenessProbe on Supabase auth containers	true
jwt.autoGenerate.livenessProbe.initialDelaySeconds	Initial delay seconds for livenessProbe	5
jwt.autoGenerate.livenessProbe.periodSeconds	Period seconds for livenessProbe	10
jwt.autoGenerate.livenessProbe.timeoutSeconds	Timeout seconds for livenessProbe	5
jwt.autoGenerate.livenessProbe.failureThreshold	Failure threshold for livenessProbe	6
jwt.autoGenerate.livenessProbe.successThreshold	Success threshold for livenessProbe	1
jwt.autoGenerate.readinessProbe.enabled	Enable readinessProbe on Supabase auth containers	true
jwt.autoGenerate.readinessProbe.initialDelaySeconds	Initial delay seconds for readinessProbe	5
jwt.autoGenerate.readinessProbe.periodSeconds	Period seconds for readinessProbe	10
jwt.autoGenerate.readinessProbe.timeoutSeconds	Timeout seconds for readinessProbe	5
jwt.autoGenerate.readinessProbe.failureThreshold	Failure threshold for readinessProbe	6
jwt.autoGenerate.readinessProbe.successThreshold	Success threshold for readinessProbe	1
jwt.autoGenerate.startupProbe.enabled	Enable startupProbe on Supabase auth containers	false
jwt.autoGenerate.startupProbe.initialDelaySeconds	Initial delay seconds for startupProbe	5
jwt.autoGenerate.startupProbe.periodSeconds	Period seconds for startupProbe	10
jwt.autoGenerate.startupProbe.timeoutSeconds	Timeout seconds for startupProbe	5
jwt.autoGenerate.startupProbe.failureThreshold	Failure threshold for startupProbe	6
jwt.autoGenerate.startupProbe.successThreshold	Success threshold for startupProbe	1
jwt.autoGenerate.customLivenessProbe	Custom livenessProbe that overrides the default one	{}
jwt.autoGenerate.customReadinessProbe	Custom readinessProbe that overrides the default one	{}
jwt.autoGenerate.customStartupProbe	Custom startupProbe that overrides the default one	{}
jwt.autoGenerate.networkPolicy.enabled	Enable creation of NetworkPolicy resources	true
jwt.autoGenerate.networkPolicy.allowExternal	The Policy model to apply	true
jwt.autoGenerate.networkPolicy.allowExternalEgress	Allow the pod to access any range of port and all destinations.	true
jwt.autoGenerate.networkPolicy.kubeAPIServerPorts	List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)	[]
jwt.autoGenerate.networkPolicy.extraIngress	Add extra ingress rules to the NetworkPolicy	[]
jwt.autoGenerate.networkPolicy.extraEgress	Add extra ingress rules to the NetworkPolicy	[]
jwt.autoGenerate.networkPolicy.ingressNSMatchLabels	Labels to match to allow traffic from other namespaces	{}
jwt.autoGenerate.networkPolicy.ingressNSPodMatchLabels	Pod labels to match to allow traffic from other namespaces	{}
jwt.autoGenerate.serviceAccount.create	Specifies whether a ServiceAccount should be created	true
jwt.autoGenerate.serviceAccount.name	The name of the ServiceAccount to use.	""
jwt.autoGenerate.serviceAccount.annotations	Additional Service Account annotations (evaluated as a template)	{}
jwt.autoGenerate.serviceAccount.automountServiceAccountToken	Automount service account token for the server service account	false
jwt.autoGenerate.containerSecurityContext.enabled	Enabled jwt init job containers’ Security Context	true
jwt.autoGenerate.containerSecurityContext.seLinuxOptions	Set SELinux options in container	{}
jwt.autoGenerate.containerSecurityContext.runAsUser	Set jwt init job containers’ Security Context runAsUser	1001
jwt.autoGenerate.containerSecurityContext.runAsGroup	Set jwt init job containers’ Security Context runAsUser	1001
jwt.autoGenerate.containerSecurityContext.runAsNonRoot	Set jwt init job container’s Security Context runAsNonRoot	true
jwt.autoGenerate.containerSecurityContext.privileged	Set jwt init job container’s Security Context privileged	false
jwt.autoGenerate.containerSecurityContext.readOnlyRootFilesystem	Set jwt init job container’s Security Context readOnlyRootFilesystem	true
jwt.autoGenerate.containerSecurityContext.allowPrivilegeEscalation	Set jwt init job container’s Security Context allowPrivilegeEscalation	false
jwt.autoGenerate.containerSecurityContext.capabilities.drop	List of jwt init job capabilities to be dropped	["ALL"]
jwt.autoGenerate.containerSecurityContext.seccompProfile.type	Set jwt init job container’s Security Context seccomp profile	RuntimeDefault
jwt.autoGenerate.podSecurityContext.enabled	Enabled jwt init job pods’ Security Context	true
jwt.autoGenerate.podSecurityContext.fsGroupChangePolicy	Set filesystem group change policy	Always
jwt.autoGenerate.podSecurityContext.sysctls	Set kernel settings using the sysctl interface	[]
jwt.autoGenerate.podSecurityContext.supplementalGroups	Set filesystem extra groups	[]
jwt.autoGenerate.podSecurityContext.fsGroup	Set jwt init job pod’s Security Context fsGroup	1001
jwt.autoGenerate.extraEnvVars	Array containing extra env vars to configure the jwt init job	[]
jwt.autoGenerate.extraEnvVarsCM	ConfigMap containing extra env vars to configure the jwt init job	""
jwt.autoGenerate.extraEnvVarsSecret	Secret containing extra env vars to configure the jwt init job (in case of sensitive data)	""
jwt.autoGenerate.extraVolumeMounts	Array of extra volume mounts to be added to the jwt Container (evaluated as template). Normally used with extraVolumes.	[]
jwt.autoGenerate.resourcesPreset	Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if jwt.autoGenerate.resources is set (jwt.autoGenerate.resources is recommended for production).	nano
jwt.autoGenerate.resources	Set container requests and limits for different resources like CPU or memory (essential for production workloads)	{}
jwt.autoGenerate.automountServiceAccountToken	Mount Service Account token in pod	true
jwt.autoGenerate.hostAliases	Add deployment host aliases	[]
jwt.autoGenerate.annotations	Add annotations to the job	{}
jwt.autoGenerate.podLabels	Additional pod labels	{}
jwt.autoGenerate.podAnnotations	Additional pod annotations	{}
publicURL	Supabase API public URL	""
dbSSL	Supabase API database connection mode for SSL. Applied to all components. Allowed values: verify-ca, verify-full, disable, allow, prefer, require	disable

Supabase Auth Parameters

Name	Description	Value
auth.enabled	Enable Supabase auth	true
auth.replicaCount	Number of Supabase auth replicas to deploy	1
auth.defaultConfig	Supabase auth default configuration	""
auth.extraConfig	Supabase auth extra configuration	{}
auth.existingConfigmap	The name of an existing ConfigMap with the default configuration	""
auth.extraConfigExistingConfigmap	The name of an existing ConfigMap with extra configuration	""
auth.image.registry	Gotrue image registry	REGISTRY_NAME
auth.image.repository	Gotrue image repository	REPOSITORY_NAME/gotrue
auth.image.digest	Gotrue image digest in the way sha256:aa…. Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)	""
auth.image.pullPolicy	Gotrue image pull policy	IfNotPresent
auth.image.pullSecrets	Gotrue image pull secrets	[]
auth.containerPorts.http	Supabase auth HTTP container port	9999
auth.livenessProbe.enabled	Enable livenessProbe on Supabase auth containers	true
auth.livenessProbe.initialDelaySeconds	Initial delay seconds for livenessProbe	5
auth.livenessProbe.periodSeconds	Period seconds for livenessProbe	10
auth.livenessProbe.timeoutSeconds	Timeout seconds for livenessProbe	5
auth.livenessProbe.failureThreshold	Failure threshold for livenessProbe	6
auth.livenessProbe.successThreshold	Success threshold for livenessProbe	1
auth.readinessProbe.enabled	Enable readinessProbe on Supabase auth containers	true
auth.readinessProbe.initialDelaySeconds	Initial delay seconds for readinessProbe	5
auth.readinessProbe.periodSeconds	Period seconds for readinessProbe	10
auth.readinessProbe.timeoutSeconds	Timeout seconds for readinessProbe	5
auth.readinessProbe.failureThreshold	Failure threshold for readinessProbe	6
auth.readinessProbe.successThreshold	Success threshold for readinessProbe	1
auth.startupProbe.enabled	Enable startupProbe on Supabase auth containers	false
auth.startupProbe.initialDelaySeconds	Initial delay seconds for startupProbe	5
auth.startupProbe.periodSeconds	Period seconds for startupProbe	10
auth.startupProbe.timeoutSeconds	Timeout seconds for startupProbe	5
auth.startupProbe.failureThreshold	Failure threshold for startupProbe	6
auth.startupProbe.successThreshold	Success threshold for startupProbe	1
auth.customLivenessProbe	Custom livenessProbe that overrides the default one	{}
auth.customReadinessProbe	Custom readinessProbe that overrides the default one	{}
auth.customStartupProbe	Custom startupProbe that overrides the default one	{}
auth.resourcesPreset	Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if auth.resources is set (auth.resources is recommended for production).	micro
auth.resources	Set container requests and limits for different resources like CPU or memory (essential for production workloads)	{}
auth.podSecurityContext.enabled	Enabled Supabase auth pods’ Security Context	true
auth.podSecurityContext.fsGroupChangePolicy	Set filesystem group change policy	Always
auth.podSecurityContext.sysctls	Set kernel settings using the sysctl interface	[]
auth.podSecurityContext.supplementalGroups	Set filesystem extra groups	[]
auth.podSecurityContext.fsGroup	Set Supabase auth pod’s Security Context fsGroup	1001
auth.containerSecurityContext.enabled	Enabled containers’ Security Context	true
auth.containerSecurityContext.seLinuxOptions	Set SELinux options in container	{}
auth.containerSecurityContext.runAsUser	Set containers’ Security Context runAsUser	1001
auth.containerSecurityContext.runAsGroup	Set containers’ Security Context runAsGroup	1001
auth.containerSecurityContext.runAsNonRoot	Set container’s Security Context runAsNonRoot	true
auth.containerSecurityContext.privileged	Set container’s Security Context privileged	false
auth.containerSecurityContext.readOnlyRootFilesystem	Set container’s Security Context readOnlyRootFilesystem	true
auth.containerSecurityContext.allowPrivilegeEscalation	Set container’s Security Context allowPrivilegeEscalation	false
auth.containerSecurityContext.capabilities.drop	List of capabilities to be dropped	["ALL"]
auth.containerSecurityContext.seccompProfile.type	Set container’s Security Context seccomp profile	RuntimeDefault
auth.command	Override default container command (useful when using custom images)	[]
auth.args	Override default container args (useful when using custom images)	[]
auth.automountServiceAccountToken	Mount Service Account token in pod	false
auth.hostAliases	Supabase auth pods host aliases	[]
auth.podLabels	Extra labels for Supabase auth pods	{}
auth.podAnnotations	Annotations for Supabase auth pods	{}
auth.podAffinityPreset	Pod affinity preset. Ignored if auth.affinity is set. Allowed values: soft or hard	""
auth.podAntiAffinityPreset	Pod anti-affinity preset. Ignored if auth.affinity is set. Allowed values: soft or hard	soft
auth.nodeAffinityPreset.type	Node affinity preset type. Ignored if auth.affinity is set. Allowed values: soft or hard	""
auth.nodeAffinityPreset.key	Node label key to match. Ignored if auth.affinity is set	""
auth.nodeAffinityPreset.values	Node label values to match. Ignored if auth.affinity is set	[]
auth.affinity	Affinity for Supabase auth pods assignment	{}
auth.nodeSelector	Node labels for Supabase auth pods assignment	{}
auth.tolerations	Tolerations for Supabase auth pods assignment	[]
auth.updateStrategy.type	Supabase auth statefulset strategy type	RollingUpdate
auth.priorityClassName	Supabase auth pods’ priorityClassName	""
auth.topologySpreadConstraints	Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template	[]
auth.schedulerName	Name of the k8s scheduler (other than default) for Supabase auth pods	""
auth.terminationGracePeriodSeconds	Seconds Redmine pod needs to terminate gracefully	""
auth.lifecycleHooks	for the Supabase auth container(s) to automate configuration before or after startup	{}
auth.extraEnvVars	Array with extra environment variables to add to Supabase auth nodes	[]
auth.extraEnvVarsCM	Name of existing ConfigMap containing extra env vars for Supabase auth nodes	""
auth.extraEnvVarsSecret	Name of existing Secret containing extra env vars for Supabase auth nodes	""
auth.extraVolumes	Optionally specify extra list of additional volumes for the Supabase auth pod(s)	[]
auth.extraVolumeMounts	Optionally specify extra list of additional volumeMounts for the Supabase auth container(s)	[]
auth.sidecars	Add additional sidecar containers to the Supabase auth pod(s)	[]
auth.initContainers	Add additional init containers to the Supabase auth pod(s)	[]
auth.pdb.create	Enable/disable a Pod Disruption Budget creation	true
auth.pdb.minAvailable	Minimum number/percentage of pods that should remain scheduled	""
auth.pdb.maxUnavailable	Maximum number/percentage of pods that may be made unavailable. Defaults to 1 if both auth.pdb.minAvailable and auth.pdb.maxUnavailable are empty.	""

Supabase Auth Traffic Exposure Parameters

Name	Description	Value
auth.service.type	Supabase auth service type	ClusterIP
auth.service.ports.http	Supabase auth service HTTP port	80
auth.service.nodePorts.http	Node port for HTTP	""
auth.service.clusterIP	Supabase auth service Cluster IP	""
auth.service.loadBalancerIP	Supabase auth service Load Balancer IP	""
auth.service.loadBalancerSourceRanges	Supabase auth service Load Balancer sources	[]
auth.service.externalTrafficPolicy	Supabase auth service external traffic policy	Cluster
auth.service.annotations	Additional custom annotations for Supabase auth service	{}
auth.service.extraPorts	Extra ports to expose in Supabase auth service (normally used with the sidecars value)	[]
auth.service.sessionAffinity	Control where auth requests go, to the same pod or round-robin	None
auth.service.sessionAffinityConfig	Additional settings for the sessionAffinity	{}
auth.networkPolicy.enabled	Specifies whether a NetworkPolicy should be created	true
auth.networkPolicy.allowExternal	Don’t require client label for connections	true
auth.networkPolicy.allowExternalEgress	Allow the pod to access any range of port and all destinations.	true
auth.networkPolicy.extraIngress	Add extra ingress rules to the NetworkPolicy	[]
auth.networkPolicy.extraEgress	Add extra ingress rules to the NetworkPolicy	[]
auth.networkPolicy.ingressNSMatchLabels	Labels to match to allow traffic from other namespaces	{}
auth.networkPolicy.ingressNSPodMatchLabels	Pod labels to match to allow traffic from other namespaces	{}

Supabase Meta Parameters

Name	Description	Value
meta.enabled	Enable Supabase Postgres Meta	true
meta.replicaCount	Number of Supabase Postgres Meta replicas to deploy	1
meta.defaultConfig	Default Supabase Postgres Meta configuration	""
meta.extraConfig	Extra Supabase Postgres Meta configuration	{}
meta.existingConfigmap	The name of an existing ConfigMap with the default configuration	""
meta.extraConfigExistingConfigmap	The name of an existing ConfigMap with extra configuration	""
meta.image.registry	Supabase Postgres Meta image registry	REGISTRY_NAME
meta.image.repository	Supabase Postgres Meta image repository	REPOSITORY_NAME/supabase-postgres-meta
meta.image.digest	Supabase Postgres Meta image digest in the way sha256:aa…. Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)	""
meta.image.pullPolicy	Supabase Postgres Meta image pull policy	IfNotPresent
meta.image.pullSecrets	Supabase Postgres Meta image pull secrets	[]
meta.containerPorts.http	Supabase Postgres Meta HTTP container port	8080
meta.livenessProbe.enabled	Enable livenessProbe on Supabase Postgres Meta containers	true
meta.livenessProbe.initialDelaySeconds	Initial delay seconds for livenessProbe	5
meta.livenessProbe.periodSeconds	Period seconds for livenessProbe	10
meta.livenessProbe.timeoutSeconds	Timeout seconds for livenessProbe	5
meta.livenessProbe.failureThreshold	Failure threshold for livenessProbe	6
meta.livenessProbe.successThreshold	Success threshold for livenessProbe	1
meta.readinessProbe.enabled	Enable readinessProbe on Supabase Postgres Meta containers	true
meta.readinessProbe.initialDelaySeconds	Initial delay seconds for readinessProbe	5
meta.readinessProbe.periodSeconds	Period seconds for readinessProbe	10
meta.readinessProbe.timeoutSeconds	Timeout seconds for readinessProbe	5
meta.readinessProbe.failureThreshold	Failure threshold for readinessProbe	6
meta.readinessProbe.successThreshold	Success threshold for readinessProbe	1
meta.startupProbe.enabled	Enable startupProbe on Supabase Postgres Meta containers	false
meta.startupProbe.initialDelaySeconds	Initial delay seconds for startupProbe	5
meta.startupProbe.periodSeconds	Period seconds for startupProbe	10
meta.startupProbe.timeoutSeconds	Timeout seconds for startupProbe	5
meta.startupProbe.failureThreshold	Failure threshold for startupProbe	6
meta.startupProbe.successThreshold	Success threshold for startupProbe	1
meta.customLivenessProbe	Custom livenessProbe that overrides the default one	{}
meta.customReadinessProbe	Custom readinessProbe that overrides the default one	{}
meta.customStartupProbe	Custom startupProbe that overrides the default one	{}
meta.resourcesPreset	Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if meta.resources is set (meta.resources is recommended for production).	micro
meta.resources	Set container requests and limits for different resources like CPU or memory (essential for production workloads)	{}
meta.podSecurityContext.enabled	Enabled Supabase Postgres Meta pods’ Security Context	true
meta.podSecurityContext.fsGroupChangePolicy	Set filesystem group change policy	Always
meta.podSecurityContext.sysctls	Set kernel settings using the sysctl interface	[]
meta.podSecurityContext.supplementalGroups	Set filesystem extra groups	[]
meta.podSecurityContext.fsGroup	Set Supabase Postgres Meta pod’s Security Context fsGroup	1001
meta.containerSecurityContext.enabled	Enabled containers’ Security Context	true
meta.containerSecurityContext.seLinuxOptions	Set SELinux options in container	{}
meta.containerSecurityContext.runAsUser	Set containers’ Security Context runAsUser	1001
meta.containerSecurityContext.runAsGroup	Set containers’ Security Context runAsGroup	1001
meta.containerSecurityContext.runAsNonRoot	Set container’s Security Context runAsNonRoot	true
meta.containerSecurityContext.privileged	Set container’s Security Context privileged	false
meta.containerSecurityContext.readOnlyRootFilesystem	Set container’s Security Context readOnlyRootFilesystem	true
meta.containerSecurityContext.allowPrivilegeEscalation	Set container’s Security Context allowPrivilegeEscalation	false
meta.containerSecurityContext.capabilities.drop	List of capabilities to be dropped	["ALL"]
meta.containerSecurityContext.seccompProfile.type	Set container’s Security Context seccomp profile	RuntimeDefault
meta.command	Override default container command (useful when using custom images)	[]
meta.args	Override default container args (useful when using custom images)	[]
meta.automountServiceAccountToken	Mount Service Account token in pod	false
meta.hostAliases	Supabase Postgres Meta pods host aliases	[]
meta.podLabels	Extra labels for Supabase Postgres Meta pods	{}
meta.podAnnotations	Annotations for Supabase Postgres Meta pods	{}
meta.podAffinityPreset	Pod affinity preset. Ignored if meta.affinity is set. Allowed values: soft or hard	""
meta.podAntiAffinityPreset	Pod anti-affinity preset. Ignored if meta.affinity is set. Allowed values: soft or hard	soft
meta.nodeAffinityPreset.type	Node affinity preset type. Ignored if meta.affinity is set. Allowed values: soft or hard	""
meta.nodeAffinityPreset.key	Node label key to match. Ignored if meta.affinity is set	""
meta.nodeAffinityPreset.values	Node label values to match. Ignored if meta.affinity is set	[]
meta.affinity	Affinity for Supabase Postgres Meta pods assignment	{}
meta.nodeSelector	Node labels for Supabase Postgres Meta pods assignment	{}
meta.tolerations	Tolerations for Supabase Postgres Meta pods assignment	[]
meta.updateStrategy.type	Supabase Postgres Meta statefulset strategy type	RollingUpdate
meta.priorityClassName	Supabase Postgres Meta pods’ priorityClassName	""
meta.topologySpreadConstraints	Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template	[]
meta.schedulerName	Name of the k8s scheduler (other than default) for Supabase Postgres Meta pods	""
meta.terminationGracePeriodSeconds	Seconds Redmine pod needs to terminate gracefully	""
meta.lifecycleHooks	for the Supabase Postgres Meta container(s) to automate configuration before or after startup	{}
meta.extraEnvVars	Array with extra environment variables to add to Supabase Postgres Meta nodes	[]
meta.extraEnvVarsCM	Name of existing ConfigMap containing extra env vars for Supabase Postgres Meta nodes	""
meta.extraEnvVarsSecret	Name of existing Secret containing extra env vars for Supabase Postgres Meta nodes	""
meta.extraVolumes	Optionally specify extra list of additional volumes for the Supabase Postgres Meta pod(s)	[]
meta.extraVolumeMounts	Optionally specify extra list of additional volumeMounts for the Supabase Postgres Meta container(s)	[]
meta.sidecars	Add additional sidecar containers to the Supabase Postgres Meta pod(s)	[]
meta.initContainers	Add additional init containers to the Supabase Postgres Meta pod(s)	[]
meta.pdb.create	Enable/disable a Pod Disruption Budget creation	true
meta.pdb.minAvailable	Minimum number/percentage of pods that should remain scheduled	""
meta.pdb.maxUnavailable	Maximum number/percentage of pods that may be made unavailable. Defaults to 1 if both meta.pdb.minAvailable and meta.pdb.maxUnavailable are empty.	""

Supabase Meta Traffic Exposure Parameters

Name	Description	Value
meta.service.type	Supabase Postgres Meta service type	ClusterIP
meta.service.ports.http	Supabase Postgres Meta service HTTP port	80
meta.service.nodePorts.http	Node port for HTTP	""
meta.service.clusterIP	Supabase Postgres Meta service Cluster IP	""
meta.service.loadBalancerIP	Supabase Postgres Meta service Load Balancer IP	""
meta.service.loadBalancerSourceRanges	Supabase Postgres Meta service Load Balancer sources	[]
meta.service.externalTrafficPolicy	Supabase Postgres Meta service external traffic policy	Cluster
meta.service.annotations	Additional custom annotations for Supabase Postgres Meta service	{}
meta.service.extraPorts	Extra ports to expose in Supabase Postgres Meta service (normally used with the sidecars value)	[]
meta.service.sessionAffinity	Control where meta requests go, to the same pod or round-robin	None
meta.service.sessionAffinityConfig	Additional settings for the sessionAffinity	{}
meta.networkPolicy.enabled	Specifies whether a NetworkPolicy should be created	true
meta.networkPolicy.allowExternal	Don’t require client label for connections	true
meta.networkPolicy.allowExternalEgress	Allow the pod to access any range of port and all destinations.	true
meta.networkPolicy.extraIngress	Add extra ingress rules to the NetworkPolicy	[]
meta.networkPolicy.extraEgress	Add extra ingress rules to the NetworkPolicy	[]
meta.networkPolicy.ingressNSMatchLabels	Labels to match to allow traffic from other namespaces	{}
meta.networkPolicy.ingressNSPodMatchLabels	Pod labels to match to allow traffic from other namespaces	{}

Supabase Realtime Parameters

Name	Description	Value
realtime.enabled	Enable Supabase realtime	true
realtime.replicaCount	Number of Supabase realtime replicas to deploy	1
realtime.keyBase	key base for Supabase realtime	""
realtime.existingSecret	Name of an existing secret containing the key base for Supabase realtime	""
realtime.existingSecretKey	Key in the existing secret containing the key base for Supabase realtime	key-base
realtime.defaultConfig	Default configuration for Supabase realtime	""
realtime.extraConfig	Extra configuration for Supabase realtime	{}
realtime.existingConfigmap	The name of an existing ConfigMap with the default configuration	""
realtime.extraConfigExistingConfigmap	The name of an existing ConfigMap with extra configuration	""
realtime.image.registry	Realtime image registry	REGISTRY_NAME
realtime.image.repository	Realtime image repository	REPOSITORY_NAME/supabase-realtime
realtime.image.digest	Realtime image digest in the way sha256:aa…. Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)	""
realtime.image.pullPolicy	Realtime image pull policy	IfNotPresent
realtime.image.pullSecrets	Realtime image pull secrets	[]
realtime.containerPorts.http	Supabase realtime HTTP container port	9999
realtime.livenessProbe.enabled	Enable livenessProbe on Supabase realtime containers	true
realtime.livenessProbe.initialDelaySeconds	Initial delay seconds for livenessProbe	30
realtime.livenessProbe.periodSeconds	Period seconds for livenessProbe	10
realtime.livenessProbe.timeoutSeconds	Timeout seconds for livenessProbe	5
realtime.livenessProbe.failureThreshold	Failure threshold for livenessProbe	6
realtime.livenessProbe.successThreshold	Success threshold for livenessProbe	1
realtime.readinessProbe.enabled	Enable readinessProbe on Supabase realtime containers	true
realtime.readinessProbe.initialDelaySeconds	Initial delay seconds for readinessProbe	5
realtime.readinessProbe.periodSeconds	Period seconds for readinessProbe	10
realtime.readinessProbe.timeoutSeconds	Timeout seconds for readinessProbe	5
realtime.readinessProbe.failureThreshold	Failure threshold for readinessProbe	6
realtime.readinessProbe.successThreshold	Success threshold for readinessProbe	1
realtime.startupProbe.enabled	Enable startupProbe on Supabase realtime containers	false
realtime.startupProbe.initialDelaySeconds	Initial delay seconds for startupProbe	5
realtime.startupProbe.periodSeconds	Period seconds for startupProbe	10
realtime.startupProbe.timeoutSeconds	Timeout seconds for startupProbe	5
realtime.startupProbe.failureThreshold	Failure threshold for startupProbe	6
realtime.startupProbe.successThreshold	Success threshold for startupProbe	1
realtime.customLivenessProbe	Custom livenessProbe that overrides the default one	{}
realtime.customReadinessProbe	Custom readinessProbe that overrides the default one	{}
realtime.customStartupProbe	Custom startupProbe that overrides the default one	{}
realtime.resourcesPreset	Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if realtime.resources is set (realtime.resources is recommended for production).	medium
realtime.resources	Set container requests and limits for different resources like CPU or memory (essential for production workloads)	{}
realtime.podSecurityContext.enabled	Enabled Supabase realtime pods’ Security Context	true
realtime.podSecurityContext.fsGroupChangePolicy	Set filesystem group change policy	Always
realtime.podSecurityContext.sysctls	Set kernel settings using the sysctl interface	[]
realtime.podSecurityContext.supplementalGroups	Set filesystem extra groups	[]
realtime.podSecurityContext.fsGroup	Set Supabase realtime pod’s Security Context fsGroup	1001
realtime.containerSecurityContext.enabled	Enabled containers’ Security Context	true
realtime.containerSecurityContext.seLinuxOptions	Set SELinux options in container	{}
realtime.containerSecurityContext.runAsUser	Set containers’ Security Context runAsUser	1001
realtime.containerSecurityContext.runAsGroup	Set containers’ Security Context runAsGroup	1001
realtime.containerSecurityContext.runAsNonRoot	Set container’s Security Context runAsNonRoot	true
realtime.containerSecurityContext.privileged	Set container’s Security Context privileged	false
realtime.containerSecurityContext.readOnlyRootFilesystem	Set container’s Security Context readOnlyRootFilesystem	true
realtime.containerSecurityContext.allowPrivilegeEscalation	Set container’s Security Context allowPrivilegeEscalation	false
realtime.containerSecurityContext.capabilities.drop	List of capabilities to be dropped	["ALL"]
realtime.containerSecurityContext.seccompProfile.type	Set container’s Security Context seccomp profile	RuntimeDefault
realtime.command	Override default container command (useful when using custom images)	[]
realtime.args	Override default container args (useful when using custom images)	[]
realtime.automountServiceAccountToken	Mount Service Account token in pod	false
realtime.hostAliases	Supabase realtime pods host aliases	[]
realtime.podLabels	Extra labels for Supabase realtime pods	{}
realtime.podAnnotations	Annotations for Supabase realtime pods	{}
realtime.podAffinityPreset	Pod affinity preset. Ignored if realtime.affinity is set. Allowed values: soft or hard	""
realtime.podAntiAffinityPreset	Pod anti-affinity preset. Ignored if realtime.affinity is set. Allowed values: soft or hard	soft
realtime.nodeAffinityPreset.type	Node affinity preset type. Ignored if realtime.affinity is set. Allowed values: soft or hard	""
realtime.nodeAffinityPreset.key	Node label key to match. Ignored if realtime.affinity is set	""
realtime.nodeAffinityPreset.values	Node label values to match. Ignored if realtime.affinity is set	[]
realtime.affinity	Affinity for Supabase realtime pods assignment	{}
realtime.nodeSelector	Node labels for Supabase realtime pods assignment	{}
realtime.tolerations	Tolerations for Supabase realtime pods assignment	[]
realtime.updateStrategy.type	Supabase realtime statefulset strategy type	RollingUpdate
realtime.priorityClassName	Supabase realtime pods’ priorityClassName	""
realtime.topologySpreadConstraints	Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template	[]
realtime.schedulerName	Name of the k8s scheduler (other than default) for Supabase realtime pods	""
realtime.terminationGracePeriodSeconds	Seconds Redmine pod needs to terminate gracefully	""
realtime.lifecycleHooks	for the Supabase realtime container(s) to automate configuration before or after startup	{}
realtime.extraEnvVars	Array with extra environment variables to add to Supabase realtime nodes	[]
realtime.extraEnvVarsCM	Name of existing ConfigMap containing extra env vars for Supabase realtime nodes	""
realtime.extraEnvVarsSecret	Name of existing Secret containing extra env vars for Supabase realtime nodes	""
realtime.extraVolumes	Optionally specify extra list of additional volumes for the Supabase realtime pod(s)	[]
realtime.extraVolumeMounts	Optionally specify extra list of additional volumeMounts for the Supabase realtime container(s)	[]
realtime.sidecars	Add additional sidecar containers to the Supabase realtime pod(s)	[]
realtime.initContainers	Add additional init containers to the Supabase realtime pod(s)	[]
realtime.pdb.create	Enable/disable a Pod Disruption Budget creation	true
realtime.pdb.minAvailable	Minimum number/percentage of pods that should remain scheduled	""
realtime.pdb.maxUnavailable	Maximum number/percentage of pods that may be made unavailable. Defaults to 1 if both realtime.pdb.minAvailable and realtime.pdb.maxUnavailable are empty.	""

Supabase Realtime Traffic Exposure Parameters

Name	Description	Value
realtime.service.type	Supabase realtime service type	ClusterIP
realtime.service.ports.http	Supabase realtime service HTTP port	80
realtime.service.nodePorts.http	Node port for HTTP	""
realtime.service.clusterIP	Supabase realtime service Cluster IP	""
realtime.service.loadBalancerIP	Supabase realtime service Load Balancer IP	""
realtime.service.loadBalancerSourceRanges	Supabase realtime service Load Balancer sources	[]
realtime.service.externalTrafficPolicy	Supabase realtime service external traffic policy	Cluster
realtime.service.annotations	Additional custom annotations for Supabase realtime service	{}
realtime.service.extraPorts	Extra ports to expose in Supabase realtime service (normally used with the sidecars value)	[]
realtime.service.sessionAffinity	Control where realtime requests go, to the same pod or round-robin	None
realtime.service.sessionAffinityConfig	Additional settings for the sessionAffinity	{}
realtime.networkPolicy.enabled	Specifies whether a NetworkPolicy should be created	true
realtime.networkPolicy.allowExternal	Don’t require client label for connections	true
realtime.networkPolicy.allowExternalEgress	Allow the pod to access any range of port and all destinations.	true
realtime.networkPolicy.extraIngress	Add extra ingress rules to the NetworkPolicy	[]
realtime.networkPolicy.extraEgress	Add extra ingress rules to the NetworkPolicy	[]
realtime.networkPolicy.ingressNSMatchLabels	Labels to match to allow traffic from other namespaces	{}
realtime.networkPolicy.ingressNSPodMatchLabels	Pod labels to match to allow traffic from other namespaces	{}

Supabase Rest Parameters

Name	Description	Value
rest.enabled	Enable Supabase rest	true
rest.replicaCount	Number of Supabase rest replicas to deploy	1
rest.defaultConfig	Default configuration for the Supabase rest service	""
rest.extraConfig	Extra configuration for the Supabase rest service	{}
rest.existingConfigmap	The name of an existing ConfigMap with the default configuration	""
rest.extraConfigExistingConfigmap	The name of an existing ConfigMap with extra configuration	""
rest.image.registry	PostgREST image registry	REGISTRY_NAME
rest.image.repository	PostgREST image repository	REPOSITORY_NAME/postgrest
rest.image.digest	PostgREST image digest in the way sha256:aa…. Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)	""
rest.image.pullPolicy	PostgREST image pull policy	IfNotPresent
rest.image.pullSecrets	PostgREST image pull secrets	[]
rest.containerPorts.http	Supabase rest HTTP container port	3000
rest.livenessProbe.enabled	Enable livenessProbe on Supabase rest containers	true
rest.livenessProbe.initialDelaySeconds	Initial delay seconds for livenessProbe	5
rest.livenessProbe.periodSeconds	Period seconds for livenessProbe	10
rest.livenessProbe.timeoutSeconds	Timeout seconds for livenessProbe	5
rest.livenessProbe.failureThreshold	Failure threshold for livenessProbe	6
rest.livenessProbe.successThreshold	Success threshold for livenessProbe	1
rest.readinessProbe.enabled	Enable readinessProbe on Supabase rest containers	true
rest.readinessProbe.initialDelaySeconds	Initial delay seconds for readinessProbe	5
rest.readinessProbe.periodSeconds	Period seconds for readinessProbe	10
rest.readinessProbe.timeoutSeconds	Timeout seconds for readinessProbe	5
rest.readinessProbe.failureThreshold	Failure threshold for readinessProbe	6
rest.readinessProbe.successThreshold	Success threshold for readinessProbe	1
rest.startupProbe.enabled	Enable startupProbe on Supabase rest containers	false
rest.startupProbe.initialDelaySeconds	Initial delay seconds for startupProbe	5
rest.startupProbe.periodSeconds	Period seconds for startupProbe	10
rest.startupProbe.timeoutSeconds	Timeout seconds for startupProbe	5
rest.startupProbe.failureThreshold	Failure threshold for startupProbe	6
rest.startupProbe.successThreshold	Success threshold for startupProbe	1
rest.customLivenessProbe	Custom livenessProbe that overrides the default one	{}
rest.customReadinessProbe	Custom readinessProbe that overrides the default one	{}
rest.customStartupProbe	Custom startupProbe that overrides the default one	{}
rest.resourcesPreset	Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if rest.resources is set (rest.resources is recommended for production).	micro
rest.resources	Set container requests and limits for different resources like CPU or memory (essential for production workloads)	{}
rest.podSecurityContext.enabled	Enabled Supabase rest pods’ Security Context	true
rest.podSecurityContext.fsGroupChangePolicy	Set filesystem group change policy	Always
rest.podSecurityContext.sysctls	Set kernel settings using the sysctl interface	[]
rest.podSecurityContext.supplementalGroups	Set filesystem extra groups	[]
rest.podSecurityContext.fsGroup	Set Supabase rest pod’s Security Context fsGroup	1001
rest.containerSecurityContext.enabled	Enabled containers’ Security Context	true
rest.containerSecurityContext.seLinuxOptions	Set SELinux options in container	{}
rest.containerSecurityContext.runAsUser	Set containers’ Security Context runAsUser	1001
rest.containerSecurityContext.runAsGroup	Set containers’ Security Context runAsGroup	1001
rest.containerSecurityContext.runAsNonRoot	Set container’s Security Context runAsNonRoot	true
rest.containerSecurityContext.privileged	Set container’s Security Context privileged	false
rest.containerSecurityContext.readOnlyRootFilesystem	Set container’s Security Context readOnlyRootFilesystem	true
rest.containerSecurityContext.allowPrivilegeEscalation	Set container’s Security Context allowPrivilegeEscalation	false
rest.containerSecurityContext.capabilities.drop	List of capabilities to be dropped	["ALL"]
rest.containerSecurityContext.seccompProfile.type	Set container’s Security Context seccomp profile	RuntimeDefault
rest.command	Override default container command (useful when using custom images)	[]
rest.args	Override default container args (useful when using custom images)	[]
rest.automountServiceAccountToken	Mount Service Account token in pod	false
rest.hostAliases	Supabase rest pods host aliases	[]
rest.podLabels	Extra labels for Supabase rest pods	{}
rest.podAnnotations	Annotations for Supabase rest pods	{}
rest.podAffinityPreset	Pod affinity preset. Ignored if rest.affinity is set. Allowed values: soft or hard	""
rest.podAntiAffinityPreset	Pod anti-affinity preset. Ignored if rest.affinity is set. Allowed values: soft or hard	soft
rest.nodeAffinityPreset.type	Node affinity preset type. Ignored if rest.affinity is set. Allowed values: soft or hard	""
rest.nodeAffinityPreset.key	Node label key to match. Ignored if rest.affinity is set	""
rest.nodeAffinityPreset.values	Node label values to match. Ignored if rest.affinity is set	[]
rest.affinity	Affinity for Supabase rest pods assignment	{}
rest.nodeSelector	Node labels for Supabase rest pods assignment	{}
rest.tolerations	Tolerations for Supabase rest pods assignment	[]
rest.updateStrategy.type	Supabase rest statefulset strategy type	RollingUpdate
rest.priorityClassName	Supabase rest pods’ priorityClassName	""
rest.topologySpreadConstraints	Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template	[]
rest.schedulerName	Name of the k8s scheduler (other than default) for Supabase rest pods	""
rest.terminationGracePeriodSeconds	Seconds Redmine pod needs to terminate gracefully	""
rest.lifecycleHooks	for the Supabase rest container(s) to automate configuration before or after startup	{}
rest.extraEnvVars	Array with extra environment variables to add to Supabase rest nodes	[]
rest.extraEnvVarsCM	Name of existing ConfigMap containing extra env vars for Supabase rest nodes	""
rest.extraEnvVarsSecret	Name of existing Secret containing extra env vars for Supabase rest nodes	""
rest.extraVolumes	Optionally specify extra list of additional volumes for the Supabase rest pod(s)	[]
rest.extraVolumeMounts	Optionally specify extra list of additional volumeMounts for the Supabase rest container(s)	[]
rest.sidecars	Add additional sidecar containers to the Supabase rest pod(s)	[]
rest.initContainers	Add additional init containers to the Supabase rest pod(s)	[]
rest.pdb.create	Enable/disable a Pod Disruption Budget creation	true
rest.pdb.minAvailable	Minimum number/percentage of pods that should remain scheduled	""
rest.pdb.maxUnavailable	Maximum number/percentage of pods that may be made unavailable. Defaults to 1 if both rest.pdb.minAvailable and rest.pdb.maxUnavailable are empty.	""

Supabase Rest Traffic Exposure Parameters

Name	Description	Value
rest.service.type	Supabase rest service type	ClusterIP
rest.service.ports.http	Supabase rest service HTTP port	80
rest.service.nodePorts.http	Node port for HTTP	""
rest.service.clusterIP	Supabase rest service Cluster IP	""
rest.service.loadBalancerIP	Supabase rest service Load Balancer IP	""
rest.service.loadBalancerSourceRanges	Supabase rest service Load Balancer sources	[]
rest.service.externalTrafficPolicy	Supabase rest service external traffic policy	Cluster
rest.service.annotations	Additional custom annotations for Supabase rest service	{}
rest.service.extraPorts	Extra ports to expose in Supabase rest service (normally used with the sidecars value)	[]
rest.service.sessionAffinity	Control where rest requests go, to the same pod or round-robin	None
rest.service.sessionAffinityConfig	Additional settings for the sessionAffinity	{}
rest.networkPolicy.enabled	Specifies whether a NetworkPolicy should be created	true
rest.networkPolicy.allowExternal	Don’t require client label for connections	true
rest.networkPolicy.allowExternalEgress	Allow the pod to access any range of port and all destinations.	true
rest.networkPolicy.extraIngress	Add extra ingress rules to the NetworkPolicy	[]
rest.networkPolicy.extraEgress	Add extra ingress rules to the NetworkPolicy	[]
rest.networkPolicy.ingressNSMatchLabels	Labels to match to allow traffic from other namespaces	{}
rest.networkPolicy.ingressNSPodMatchLabels	Pod labels to match to allow traffic from other namespaces	{}

Supabase Storage Parameters

Name	Description	Value
storage.enabled	Enable Supabase storage	true
storage.replicaCount	Number of Supabase storage replicas to deploy	1
storage.defaultConfig	Default configuration for Supabase storage	""
storage.extraConfig	Extra configuration for Supabase storage	{}
storage.existingConfigmap	The name of an existing ConfigMap with the default configuration	""
storage.extraConfigExistingConfigmap	The name of an existing ConfigMap with extra configuration	""
storage.image.registry	Storage image registry	REGISTRY_NAME
storage.image.repository	Storage image repository	REPOSITORY_NAME/supabase-storage
storage.image.digest	Storage image digest in the way sha256:aa…. Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)	""
storage.image.pullPolicy	Storage image pull policy	IfNotPresent
storage.image.pullSecrets	Storage image pull secrets	[]
storage.containerPorts.http	Supabase storage HTTP container port	5000
storage.livenessProbe.enabled	Enable livenessProbe on Supabase storage containers	true
storage.livenessProbe.initialDelaySeconds	Initial delay seconds for livenessProbe	30
storage.livenessProbe.periodSeconds	Period seconds for livenessProbe	10
storage.livenessProbe.timeoutSeconds	Timeout seconds for livenessProbe	5
storage.livenessProbe.failureThreshold	Failure threshold for livenessProbe	6
storage.livenessProbe.successThreshold	Success threshold for livenessProbe	1
storage.readinessProbe.enabled	Enable readinessProbe on Supabase storage containers	true
storage.readinessProbe.initialDelaySeconds	Initial delay seconds for readinessProbe	5
storage.readinessProbe.periodSeconds	Period seconds for readinessProbe	10
storage.readinessProbe.timeoutSeconds	Timeout seconds for readinessProbe	5
storage.readinessProbe.failureThreshold	Failure threshold for readinessProbe	6
storage.readinessProbe.successThreshold	Success threshold for readinessProbe	1
storage.startupProbe.enabled	Enable startupProbe on Supabase storage containers	false
storage.startupProbe.initialDelaySeconds	Initial delay seconds for startupProbe	5
storage.startupProbe.periodSeconds	Period seconds for startupProbe	10
storage.startupProbe.timeoutSeconds	Timeout seconds for startupProbe	5
storage.startupProbe.failureThreshold	Failure threshold for startupProbe	6
storage.startupProbe.successThreshold	Success threshold for startupProbe	1
storage.customLivenessProbe	Custom livenessProbe that overrides the default one	{}
storage.customReadinessProbe	Custom readinessProbe that overrides the default one	{}
storage.customStartupProbe	Custom startupProbe that overrides the default one	{}
storage.resourcesPreset	Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if storage.resources is set (storage.resources is recommended for production).	medium
storage.resources	Set container requests and limits for different resources like CPU or memory (essential for production workloads)	{}
storage.podSecurityContext.enabled	Enabled Supabase storage pods’ Security Context	true
storage.podSecurityContext.fsGroupChangePolicy	Set filesystem group change policy	Always
storage.podSecurityContext.sysctls	Set kernel settings using the sysctl interface	[]
storage.podSecurityContext.supplementalGroups	Set filesystem extra groups	[]
storage.podSecurityContext.fsGroup	Set Supabase storage pod’s Security Context fsGroup	1001
storage.containerSecurityContext.enabled	Enabled containers’ Security Context	true
storage.containerSecurityContext.seLinuxOptions	Set SELinux options in container	{}
storage.containerSecurityContext.runAsUser	Set containers’ Security Context runAsUser	1001
storage.containerSecurityContext.runAsGroup	Set containers’ Security Context runAsGroup	1001
storage.containerSecurityContext.runAsNonRoot	Set container’s Security Context runAsNonRoot	true
storage.containerSecurityContext.privileged	Set container’s Security Context privileged	false
storage.containerSecurityContext.readOnlyRootFilesystem	Set container’s Security Context readOnlyRootFilesystem	true
storage.containerSecurityContext.allowPrivilegeEscalation	Set container’s Security Context allowPrivilegeEscalation	false
storage.containerSecurityContext.capabilities.drop	List of capabilities to be dropped	["ALL"]
storage.containerSecurityContext.seccompProfile.type	Set container’s Security Context seccomp profile	RuntimeDefault
storage.command	Override default container command (useful when using custom images)	[]
storage.args	Override default container args (useful when using custom images)	[]
storage.automountServiceAccountToken	Mount Service Account token in pod	false
storage.hostAliases	Supabase storage pods host aliases	[]
storage.podLabels	Extra labels for Supabase storage pods	{}
storage.podAnnotations	Annotations for Supabase storage pods	{}
storage.podAffinityPreset	Pod affinity preset. Ignored if storage.affinity is set. Allowed values: soft or hard	""
storage.podAntiAffinityPreset	Pod anti-affinity preset. Ignored if storage.affinity is set. Allowed values: soft or hard	soft
storage.nodeAffinityPreset.type	Node affinity preset type. Ignored if storage.affinity is set. Allowed values: soft or hard	""
storage.nodeAffinityPreset.key	Node label key to match. Ignored if storage.affinity is set	""
storage.nodeAffinityPreset.values	Node label values to match. Ignored if storage.affinity is set	[]
storage.affinity	Affinity for Supabase storage pods assignment	{}
storage.nodeSelector	Node labels for Supabase storage pods assignment	{}
storage.tolerations	Tolerations for Supabase storage pods assignment	[]
storage.updateStrategy.type	Supabase storage statefulset strategy type	RollingUpdate
storage.priorityClassName	Supabase storage pods’ priorityClassName	""
storage.topologySpreadConstraints	Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template	[]
storage.schedulerName	Name of the k8s scheduler (other than default) for Supabase storage pods	""
storage.terminationGracePeriodSeconds	Seconds Redmine pod needs to terminate gracefully	""
storage.lifecycleHooks	for the Supabase storage container(s) to automate configuration before or after startup	{}
storage.extraEnvVars	Array with extra environment variables to add to Supabase storage nodes	[]
storage.extraEnvVarsCM	Name of existing ConfigMap containing extra env vars for Supabase storage nodes	""
storage.extraEnvVarsSecret	Name of existing Secret containing extra env vars for Supabase storage nodes	""
storage.extraVolumes	Optionally specify extra list of additional volumes for the Supabase storage pod(s)	[]
storage.extraVolumeMounts	Optionally specify extra list of additional volumeMounts for the Supabase storage container(s)	[]
storage.sidecars	Add additional sidecar containers to the Supabase storage pod(s)	[]
storage.initContainers	Add additional init containers to the Supabase storage pod(s)	[]
storage.pdb.create	Enable/disable a Pod Disruption Budget creation	true
storage.pdb.minAvailable	Minimum number/percentage of pods that should remain scheduled	""
storage.pdb.maxUnavailable	Maximum number/percentage of pods that may be made unavailable. Defaults to 1 if both storage.pdb.minAvailable and storage.pdb.maxUnavailable are empty.	""

Supabase Storage Traffic Exposure Parameters

Name	Description	Value
storage.service.type	Supabase storage service type	ClusterIP
storage.service.ports.http	Supabase storage service HTTP port	80
storage.service.nodePorts.http	Node port for HTTP	""
storage.service.clusterIP	Supabase storage service Cluster IP	""
storage.service.loadBalancerIP	Supabase storage service Load Balancer IP	""
storage.service.loadBalancerSourceRanges	Supabase storage service Load Balancer sources	[]
storage.service.externalTrafficPolicy	Supabase storage service external traffic policy	Cluster
storage.service.annotations	Additional custom annotations for Supabase storage service	{}
storage.service.extraPorts	Extra ports to expose in Supabase storage service (normally used with the sidecars value)	[]
storage.service.sessionAffinity	Control where storage requests go, to the same pod or round-robin	None
storage.service.sessionAffinityConfig	Additional settings for the sessionAffinity	{}
storage.networkPolicy.enabled	Specifies whether a NetworkPolicy should be created	true
storage.networkPolicy.allowExternal	Don’t require client label for connections	true
storage.networkPolicy.allowExternalEgress	Allow the pod to access any range of port and all destinations.	true
storage.networkPolicy.extraIngress	Add extra ingress rules to the NetworkPolicy	[]
storage.networkPolicy.extraEgress	Add extra ingress rules to the NetworkPolicy	[]
storage.networkPolicy.ingressNSMatchLabels	Labels to match to allow traffic from other namespaces	{}
storage.networkPolicy.ingressNSPodMatchLabels	Pod labels to match to allow traffic from other namespaces	{}

Storage Persistence Parameters

Name	Description	Value
storage.persistence.enabled	Enable persistence using Persistent Volume Claims	true
storage.persistence.mountPath	Path to mount the volume at.	/bitnami/supabase-storage
storage.persistence.subPath	The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services	""
storage.persistence.storageClass	Storage class of backing PVC	""
storage.persistence.annotations	Persistent Volume Claim annotations	{}
storage.persistence.accessModes	Persistent Volume Access Modes	["ReadWriteOnce"]
storage.persistence.size	Size of data volume	8Gi
storage.persistence.existingClaim	The name of an existing PVC to use for persistence	""
storage.persistence.selector	Selector to match an existing Persistent Volume for Supabase data PVC	{}
storage.persistence.dataSource	Custom PVC data source	{}

Supabase Studio Parameters

Name	Description	Value
studio.enabled	Enable Supabase studio	true
studio.publicURL	Supabase studio public URL	""
studio.replicaCount	Number of Supabase studio replicas to deploy	1
studio.defaultConfig	Supabase studio default configuration	""
studio.extraConfig	Supabase studio extra configuration	{}
studio.existingConfigmap	The name of an existing ConfigMap with the default configuration	""
studio.extraConfigExistingConfigmap	The name of an existing ConfigMap with extra configuration	""
studio.image.registry	Studio image registry	REGISTRY_NAME
studio.image.repository	Studio image repository	REPOSITORY_NAME/supabase-studio
studio.image.digest	Studio image digest in the way sha256:aa…. Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)	""
studio.image.pullPolicy	Studio image pull policy	IfNotPresent
studio.image.pullSecrets	Studio image pull secrets	[]
studio.containerPorts.http	Supabase studio HTTP container port	3000
studio.livenessProbe.enabled	Enable livenessProbe on Supabase studio containers	true
studio.livenessProbe.initialDelaySeconds	Initial delay seconds for livenessProbe	5
studio.livenessProbe.periodSeconds	Period seconds for livenessProbe	10
studio.livenessProbe.timeoutSeconds	Timeout seconds for livenessProbe	5
studio.livenessProbe.failureThreshold	Failure threshold for livenessProbe	6
studio.livenessProbe.successThreshold	Success threshold for livenessProbe	1
studio.readinessProbe.enabled	Enable readinessProbe on Supabase studio containers	true
studio.readinessProbe.initialDelaySeconds	Initial delay seconds for readinessProbe	5
studio.readinessProbe.periodSeconds	Period seconds for readinessProbe	10
studio.readinessProbe.timeoutSeconds	Timeout seconds for readinessProbe	5
studio.readinessProbe.failureThreshold	Failure threshold for readinessProbe	6
studio.readinessProbe.successThreshold	Success threshold for readinessProbe	1
studio.startupProbe.enabled	Enable startupProbe on Supabase studio containers	false
studio.startupProbe.initialDelaySeconds	Initial delay seconds for startupProbe	5
studio.startupProbe.periodSeconds	Period seconds for startupProbe	10
studio.startupProbe.timeoutSeconds	Timeout seconds for startupProbe	5
studio.startupProbe.failureThreshold	Failure threshold for startupProbe	6
studio.startupProbe.successThreshold	Success threshold for startupProbe	1
studio.customLivenessProbe	Custom livenessProbe that overrides the default one	{}
studio.customReadinessProbe	Custom readinessProbe that overrides the default one	{}
studio.customStartupProbe	Custom startupProbe that overrides the default one	{}
studio.resourcesPreset	Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if studio.resources is set (studio.resources is recommended for production).	micro
studio.resources	Set container requests and limits for different resources like CPU or memory (essential for production workloads)	{}
studio.podSecurityContext.enabled	Enabled Supabase studio pods’ Security Context	true
studio.podSecurityContext.fsGroupChangePolicy	Set filesystem group change policy	Always
studio.podSecurityContext.sysctls	Set kernel settings using the sysctl interface	[]
studio.podSecurityContext.supplementalGroups	Set filesystem extra groups	[]
studio.podSecurityContext.fsGroup	Set Supabase studio pod’s Security Context fsGroup	1001
studio.containerSecurityContext.enabled	Enabled containers’ Security Context	true
studio.containerSecurityContext.seLinuxOptions	Set SELinux options in container	{}
studio.containerSecurityContext.runAsUser	Set containers’ Security Context runAsUser	1001
studio.containerSecurityContext.runAsGroup	Set containers’ Security Context runAsGroup	1001
studio.containerSecurityContext.runAsNonRoot	Set container’s Security Context runAsNonRoot	true
studio.containerSecurityContext.privileged	Set container’s Security Context privileged	false
studio.containerSecurityContext.readOnlyRootFilesystem	Set container’s Security Context readOnlyRootFilesystem	true
studio.containerSecurityContext.allowPrivilegeEscalation	Set container’s Security Context allowPrivilegeEscalation	false
studio.containerSecurityContext.capabilities.drop	List of capabilities to be dropped	["ALL"]
studio.containerSecurityContext.seccompProfile.type	Set container’s Security Context seccomp profile	RuntimeDefault
studio.command	Override default container command (useful when using custom images)	[]
studio.args	Override default container args (useful when using custom images)	[]
studio.automountServiceAccountToken	Mount Service Account token in pod	false
studio.hostAliases	Supabase studio pods host aliases	[]
studio.podLabels	Extra labels for Supabase studio pods	{}
studio.podAnnotations	Annotations for Supabase studio pods	{}
studio.podAffinityPreset	Pod affinity preset. Ignored if studio.affinity is set. Allowed values: soft or hard	""
studio.podAntiAffinityPreset	Pod anti-affinity preset. Ignored if studio.affinity is set. Allowed values: soft or hard	soft
studio.nodeAffinityPreset.type	Node affinity preset type. Ignored if studio.affinity is set. Allowed values: soft or hard	""
studio.nodeAffinityPreset.key	Node label key to match. Ignored if studio.affinity is set	""
studio.nodeAffinityPreset.values	Node label values to match. Ignored if studio.affinity is set	[]
studio.affinity	Affinity for Supabase studio pods assignment	{}
studio.nodeSelector	Node labels for Supabase studio pods assignment	{}
studio.tolerations	Tolerations for Supabase studio pods assignment	[]
studio.updateStrategy.type	Supabase studio statefulset strategy type	RollingUpdate
studio.priorityClassName	Supabase studio pods’ priorityClassName	""
studio.topologySpreadConstraints	Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template	[]
studio.schedulerName	Name of the k8s scheduler (other than default) for Supabase studio pods	""
studio.terminationGracePeriodSeconds	Seconds Redmine pod needs to terminate gracefully	""
studio.lifecycleHooks	for the Supabase studio container(s) to automate configuration before or after startup	{}
studio.extraEnvVars	Array with extra environment variables to add to Supabase studio nodes	[]
studio.extraEnvVarsCM	Name of existing ConfigMap containing extra env vars for Supabase studio nodes	""
studio.extraEnvVarsSecret	Name of existing Secret containing extra env vars for Supabase studio nodes	""
studio.extraVolumes	Optionally specify extra list of additional volumes for the Supabase studio pod(s)	[]
studio.extraVolumeMounts	Optionally specify extra list of additional volumeMounts for the Supabase studio container(s)	[]
studio.sidecars	Add additional sidecar containers to the Supabase studio pod(s)	[]
studio.initContainers	Add additional init containers to the Supabase studio pod(s)	[]
studio.pdb.create	Enable/disable a Pod Disruption Budget creation	true
studio.pdb.minAvailable	Minimum number/percentage of pods that should remain scheduled	""
studio.pdb.maxUnavailable	Maximum number/percentage of pods that may be made unavailable. Defaults to 1 if both studio.pdb.minAvailable and studio.pdb.maxUnavailable are empty.	""

Supabase Studio Traffic Exposure Parameters

Name	Description	Value
studio.service.type	Supabase studio service type	ClusterIP
studio.service.ports.http	Supabase studio service HTTP port	80
studio.service.nodePorts.http	Node port for HTTP	""
studio.service.clusterIP	Supabase studio service Cluster IP	""
studio.service.loadBalancerIP	Supabase studio service Load Balancer IP	""
studio.service.loadBalancerSourceRanges	Supabase studio service Load Balancer sources	[]
studio.service.externalTrafficPolicy	Supabase studio service external traffic policy	Cluster
studio.service.annotations	Additional custom annotations for Supabase studio service	{}
studio.service.extraPorts	Extra ports to expose in Supabase studio service (normally used with the sidecars value)	[]
studio.service.sessionAffinity	Control where studio requests go, to the same pod or round-robin	None
studio.service.sessionAffinityConfig	Additional settings for the sessionAffinity	{}
studio.networkPolicy.enabled	Specifies whether a NetworkPolicy should be created	true
studio.networkPolicy.allowExternal	Don’t require client label for connections	true
studio.networkPolicy.allowExternalEgress	Allow the pod to access any range of port and all destinations.	true
studio.networkPolicy.extraIngress	Add extra ingress rules to the NetworkPolicy	[]
studio.networkPolicy.extraEgress	Add extra ingress rules to the NetworkPolicy	[]
studio.networkPolicy.ingressNSMatchLabels	Labels to match to allow traffic from other namespaces	{}
studio.networkPolicy.ingressNSPodMatchLabels	Pod labels to match to allow traffic from other namespaces	{}
studio.ingress.enabled	Enable ingress record generation for Supabase	false
studio.ingress.pathType	Ingress path type	ImplementationSpecific
studio.ingress.hostname	Default host for the ingress record	supabase-studio.local
studio.ingress.ingressClassName	IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)	""
studio.ingress.path	Default path for the ingress record	/
studio.ingress.annotations	Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.	{}
studio.ingress.tls	Enable TLS configuration for the host defined at studio.ingress.hostname parameter	false
studio.ingress.selfSigned	Create a TLS secret for this ingress record using self-signed certificates generated by Helm	false
studio.ingress.extraHosts	An array with additional hostname(s) to be covered with the ingress record	[]
studio.ingress.extraPaths	An array with additional arbitrary paths that may need to be added to the ingress under the main host	[]
studio.ingress.extraTls	TLS configuration for additional hostname(s) to be covered with this ingress record	[]
studio.ingress.secrets	Custom TLS certificates as secrets	[]
studio.ingress.extraRules	Additional rules to be covered with this ingress record	[]

Init Container Parameters

Name	Description	Value
volumePermissions.enabled	Enable init container that changes the owner/group of the PV mount point to runAsUser:fsGroup	false
volumePermissions.image.registry	OS Shell + Utility image registry	REGISTRY_NAME
volumePermissions.image.repository	OS Shell + Utility image repository	REPOSITORY_NAME/os-shell
volumePermissions.image.pullPolicy	OS Shell + Utility image pull policy	IfNotPresent
volumePermissions.image.pullSecrets	OS Shell + Utility image pull secrets	[]
volumePermissions.resourcesPreset	Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).	micro
volumePermissions.resources	Set container requests and limits for different resources like CPU or memory (essential for production workloads)	{}
volumePermissions.containerSecurityContext.seLinuxOptions	Set SELinux options in container	{}
volumePermissions.containerSecurityContext.runAsUser	Set init container’s Security Context runAsUser	0
psqlImage.registry	PostgreSQL client image registry	REGISTRY_NAME
psqlImage.repository	PostgreSQL client image repository	REPOSITORY_NAME/supabase-postgres
psqlImage.digest	PostgreSQL client image digest (overrides image tag)	""
psqlImage.pullPolicy	PostgreSQL client image pull policy	IfNotPresent
psqlImage.pullSecrets	PostgreSQL client image pull secrets	[]
psqlImage.debug	Enable PostgreSQL client image debug mode	false

Other Parameters

Name	Description	Value
rbac.create	Specifies whether RBAC resources should be created	true
serviceAccount.create	Specifies whether a ServiceAccount should be created	true
serviceAccount.name	The name of the ServiceAccount to use.	""
serviceAccount.annotations	Additional Service Account annotations (evaluated as a template)	{}
serviceAccount.automountServiceAccountToken	Automount service account token for the server service account	false

Kong sub-chart parameters

Name	Description	Value
kong.enabled	Enable Kong	true
kong.database	Database to use	off
kong.initContainers	Add additional init containers to the Kong pods	""
kong.ingressController.enabled	Enable Kong Ingress Controller	false
kong.kong.extraVolumeMounts	Additional volumeMounts to the Kong container	[]
kong.kong.extraEnvVars	Additional environment variables to set	[]
kong.kong.resourcesPreset	Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if kong.resources is set (kong.resources is recommended for production).	medium
kong.kong.resources	Set container requests and limits for different resources like CPU or memory (essential for production workloads)	{}
kong.extraVolumes	Additional volumes to the Kong pods	[]
kong.ingress.enabled	Enable Ingress rule	false
kong.ingress.hostname	Kong Ingress hostname	supabase.local
kong.ingress.tls	Enable TLS for Kong Ingress	false
kong.service.loadBalancerIP	Kubernetes service LoadBalancer IP	""
kong.service.type	Kubernetes service type	LoadBalancer
kong.service.ports.proxyHttp	Kong service port	80
kong.postgresql.enabled	Switch to enable or disable the PostgreSQL helm chart inside the Kong subchart	false

PostgreSQL sub-chart parameters

Name	Description	Value
postgresql.enabled	Switch to enable or disable the PostgreSQL helm chart	true
postgresql.auth.existingSecret	Name of existing secret to use for PostgreSQL credentials	""
postgresql.architecture	PostgreSQL architecture (standalone or replication)	standalone
postgresql.service.ports.postgresql	PostgreSQL service port	5432
postgresql.image.registry	PostgreSQL image registry	REGISTRY_NAME
postgresql.image.repository	PostgreSQL image repository	REPOSITORY_NAME/supabase-postgres
postgresql.image.digest	PostgreSQL image digest in the way sha256:aa…. Please note this parameter, if set, will override the tag	""
postgresql.image.pullPolicy	PostgreSQL image pull policy	IfNotPresent
postgresql.image.pullSecrets	Specify image pull secrets	[]
postgresql.image.debug	Specify if debug values should be set	false
postgresql.postgresqlSharedPreloadLibraries	Set the shared_preload_libraries parameter in postgresql.conf	pg_stat_statements, pg_stat_monitor, pgaudit, plpgsql, plpgsql_check, pg_cron, pg_net, pgsodium, timescaledb, auto_explain
postgresql.auth.postgresPassword	PostgreSQL admin password	""
postgresql.auth.existingSecret	Name of existing secret to use for PostgreSQL credentials	""
postgresql.architecture	PostgreSQL architecture (standalone or replication)	standalone
postgresql.service.ports.postgresql	PostgreSQL service port	5432
postgresql.primary.resourcesPreset	Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production).	nano
postgresql.primary.resources	Set container requests and limits for different resources like CPU or memory (essential for production workloads)	{}
externalDatabase.host	Database host	""
externalDatabase.port	Database port number	5432
externalDatabase.user	Non-root username for PostgreSQL	supabase_admin
externalDatabase.password	Password for the non-root username for PostgreSQL	""
externalDatabase.database	PostgreSQL database name	postgres
externalDatabase.existingSecret	Name of an existing secret resource containing the database credentials	""
externalDatabase.existingSecretPasswordKey	Name of an existing secret key containing the database credentials	""

The above parameters map to the env variables defined in bitnami/supabase-studio. For more information please refer to the bitnami/supabase-studio image documentation.

Specify each parameter using the --set key=value[,key=value] argument to helm install. For example,

$ helm install my-release \
  --set postgresql.auth.postgresPassword=secretpassword \
    oci://REGISTRY_NAME/REPOSITORY_NAME/supabase

Note: You need to substitute the placeholders REGISTRY_NAME and REPOSITORY_NAME with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use REGISTRY_NAME=registry-1.docker.io and REPOSITORY_NAME=bitnamicharts.

The above command sets the PostgreSQL postgres user password to secretpassword.

NOTE: Once this chart is deployed, it is not possible to change the application’s access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application’s built-in administrative tools if available.

Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,

helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/supabase

Note: You need to substitute the placeholders REGISTRY_NAME and REPOSITORY_NAME with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use REGISTRY_NAME=registry-1.docker.io and REPOSITORY_NAME=bitnamicharts. Tip: You can use the default values.yaml

Troubleshooting

Find more information about how to deal with common errors related to Bitnami’s Helm charts in this troubleshooting guide.

Upgrading

To 4.0.0

This major updates the Auth container to use the supabase/auth package. You can find more information about the changes here.

To 3.0.0

This major bump changes the following security defaults:

• runAsGroup is changed from 0 to 1001
• readOnlyRootFilesystem is set to true
• resourcesPreset is changed from none to the minimum size working in our test suites (NOTE: resourcesPreset is not meant for production usage, but resources adapted to your use case).
• global.compatibility.openshift.adaptSecurityContext is changed from disabled to auto.

This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones.

To 2.0.0

This major updates the Kong subchart to its newest major, 10.0.0. Here you can find more information about the changes introduced in that version.

To 1.0.0

This major updates the PostgreSQL subchart to its newest major, 13.0.0. Here you can find more information about the changes introduced in that version.

License

Copyright © 2024 Broadcom. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.

Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.