Update image tags

drpsyko101 · drpsyko101 · commit 43060ba15188 · 2023-12-10T14:54:35.000+08:00
* add JWT expiry
* update `db` JWT schema
* update `db` arguments based on docker-compose
* update README with local testing suite
* fix testing conditions
* remove `db` ingress
diff --git a/charts/supabase/README.md b/charts/supabase/README.md
@@ -211,6 +211,21 @@ kong:
     annotations:
       nginx.ingress.kubernetes.io/rewrite-target: /
 ```
+
+### Testing suite
+
+Before creating a merge request, you can test the charts locally by using [helm/chart-testing](https://github.com/helm/chart-testing). If you have Docker and a Kubernetes environment to test with, simply run:
+
+```shell
+docker run -it \
+  --network host \
+  --workdir=/data \
+  --volume ~/.kube/config:/root/.kube/config:ro \
+  --volume $(pwd)/charts/supabase:/data \
+  quay.io/helmpack/chart-testing:v3.7.1 \
+  ct install --chart-dirs . --charts .
+```
+
 ### Version compatibility
 
 #### `0.0.x` to `0.1.x`
diff --git a/charts/supabase/templates/db/ingress.yaml b/charts/supabase/templates/db/ingress.yaml
diff --git a/charts/supabase/templates/db/initdb.config.yaml b/charts/supabase/templates/db/initdb.config.yaml
@@ -6,6 +6,12 @@ metadata:
   labels:
     {{- include "supabase.labels" . | nindent 4 }}
 data:
+  99-jwt.sql: |
+    \set jwt_secret `echo "$JWT_SECRET"`
+    \set jwt_exp `echo "$JWT_EXP"`
+
+    ALTER DATABASE postgres SET "app.settings.jwt_secret" TO :jwt_secret;
+    ALTER DATABASE postgres SET "app.settings.jwt_exp" TO :jwt_exp;
   99-logs.sql: |
     \set pguser `echo "$POSTGRES_USER"`
 
diff --git a/charts/supabase/templates/rest/deployment.yaml b/charts/supabase/templates/rest/deployment.yaml
@@ -65,6 +65,11 @@ spec:
                 secretKeyRef:
                   name: {{ include "supabase.secret.jwt" . }}
                   key: secret
+            - name: JWT_EXPIRY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "supabase.secret.jwt" . }}
+                  key: expiry
           {{- with .Values.rest.livenessProbe }}
           livenessProbe:
             {{- toYaml . | nindent 12 }}
diff --git a/charts/supabase/templates/secrets/jwt.yaml b/charts/supabase/templates/secrets/jwt.yaml
@@ -8,6 +8,6 @@ metadata:
 type: Opaque
 data:
 {{- range $key, $value := .Values.secret.jwt }}
-  {{ $key }}: {{ $value | b64enc }}
+  {{ $key }}: {{ $value | toString | b64enc }}
 {{- end }}
 {{- end }}
diff --git a/charts/supabase/templates/test/analytics.yaml b/charts/supabase/templates/test/analytics.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.analytics.enabled -}}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -21,3 +22,4 @@ spec:
                 http://{{ include "supabase.analytics.fullname" . }}:{{ .Values.analytics.service.port }}/health
               echo "Sevice {{ include "supabase.analytics.fullname" . }} is healthy."
       restartPolicy: Never
+{{- end }}
diff --git a/charts/supabase/templates/test/auth.yaml b/charts/supabase/templates/test/auth.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.auth.enabled -}}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -21,3 +22,4 @@ spec:
                 http://{{ include "supabase.auth.fullname" . }}:{{ .Values.auth.service.port }}/health
               echo "Sevice {{ include "supabase.auth.fullname" . }} is healthy."
       restartPolicy: Never
+{{- end }}
diff --git a/charts/supabase/templates/test/db.yaml b/charts/supabase/templates/test/db.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.db.enabled -}}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -35,3 +36,4 @@ spec:
           imagePullPolicy: IfNotPresent
           name: test-db
       restartPolicy: Never
+{{- end }}
diff --git a/charts/supabase/templates/test/imgproxy.yaml b/charts/supabase/templates/test/imgproxy.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.imgproxy.enabled -}}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -21,3 +22,4 @@ spec:
                 http://{{ include "supabase.imgproxy.fullname" . }}:{{ .Values.imgproxy.service.port }}/health
               echo "Sevice {{ include "supabase.imgproxy.fullname" . }} is healthy."
       restartPolicy: Never
+{{- end }}
diff --git a/charts/supabase/templates/test/kong.yaml b/charts/supabase/templates/test/kong.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.kong.enabled -}}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -28,10 +29,11 @@ spec:
             - /bin/bash
             - -c
             - |
-              RETURN_CODE=$(curl -sL \
-                -w "%{http_code}\n" \
+              echo "Attempting to access dashboard with provided credentials..."
+              curl -sL --fail \
                 -o /dev/null \
-                http://${DASHBOARD_USERNAME}:${DASHBOARD_PASSWORD}@{{ include "supabase.kong.fullname" . }}:{{ .Values.kong.service.port }})
-              ! [[ "$RETURN_CODE" =~ 20[0-9] ]] && echo -e "\e[0;31mFailed to get a valid response." && exit 1
+                "http://${DASHBOARD_USERNAME}:${DASHBOARD_PASSWORD}@{{ include "supabase.kong.fullname" . }}:{{ .Values.kong.service.port }}" \
+                || ( echo -e "\e[0;31mFailed to get a valid response." && exit 1 )
               echo "Successfully connected."
       restartPolicy: Never
+{{- end }}
diff --git a/charts/supabase/templates/test/meta.yaml b/charts/supabase/templates/test/meta.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.meta.enabled -}}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -21,3 +22,4 @@ spec:
                 http://{{ include "supabase.meta.fullname" . }}:{{ .Values.meta.service.port }}/health
               echo "Sevice {{ include "supabase.meta.fullname" . }} is healthy."
       restartPolicy: Never
+{{- end }}
diff --git a/charts/supabase/templates/test/realtime.yaml b/charts/supabase/templates/test/realtime.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.realtime.enabled -}}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -21,3 +22,4 @@ spec:
                 http://{{ include "supabase.realtime.fullname" . }}:{{ .Values.realtime.service.port }}
               echo "Sevice {{ include "supabase.realtime.fullname" . }} is healthy."
       restartPolicy: Never
+{{- end }}
diff --git a/charts/supabase/templates/test/rest.yaml b/charts/supabase/templates/test/rest.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.rest.enabled -}}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -21,3 +22,4 @@ spec:
                 http://{{ include "supabase.rest.fullname" . }}:{{ .Values.rest.service.port }}
               echo "Sevice {{ include "supabase.rest.fullname" . }} is healthy."
       restartPolicy: Never
+{{- end }}
diff --git a/charts/supabase/templates/test/storage.yaml b/charts/supabase/templates/test/storage.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.storage.enabled -}}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -21,3 +22,4 @@ spec:
                 http://{{ include "supabase.storage.fullname" . }}:{{ .Values.storage.service.port }}/status
               echo "Sevice {{ include "supabase.storage.fullname" . }} is healthy."
       restartPolicy: Never
+{{- end }}
diff --git a/charts/supabase/templates/test/studio.yaml b/charts/supabase/templates/test/studio.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.studio.enabled -}}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -21,3 +22,4 @@ spec:
                 http://{{ include "supabase.studio.fullname" . }}:{{ .Values.studio.service.port }}/api/profile
               echo "Sevice {{ include "supabase.studio.fullname" . }} is healthy."
       restartPolicy: Never
+{{- end }}
diff --git a/charts/supabase/values.example.yaml b/charts/supabase/values.example.yaml
@@ -60,7 +60,7 @@ auth:
 
 rest:
   image:
-    tag: v11.2.0
+    tag: v11.2.2
 
 realtime:
   image:
@@ -77,7 +77,7 @@ meta:
 
 storage:
   image:
-    tag: v0.40.4
+    tag: v0.43.11
   livenessProbe:
     httpGet:
       path: /status
@@ -145,4 +145,4 @@ vector:
 
 functions:
   image:
-    tag: v1.22.3
+    tag: v1.22.4
diff --git a/charts/supabase/values.yaml b/charts/supabase/values.yaml
@@ -20,6 +20,7 @@ secret:
     anonKey: ""
     serviceKey: ""
     secret: ""
+    expiry: 3600
   # database credentials
   # these fields must be provided even if using external database
   db:
@@ -82,25 +83,9 @@ db:
     PGPORT: "5432"
     POSTGRES_PORT: "5432"
     # POSTGRES_HOST_AUTH_METHOD: md5
-  ingress:
-    enabled: false
-    className: "nginx"
-    annotations:
-      nginx.ingress.kubernetes.io/rewrite-target: /
-      # cert-manager.io/cluster-issuer: "letsencrypt-staging"
-      # kubernetes.io/tls-acme: "true"
-    tls:
-      - secretName: DB.EXAMPLE.COM
-        hosts:
-          - DB.EXAMPLE.COM
-    hosts:
-      - host: DB.EXAMPLE.COM
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              serviceName: database
-              servicePort: 5432
+    # Enable SSL for postgres by specifying paths for mounted certificate key pair
+    # POSTGRES_SSL_CERT: /path/to/ssl/server.crt
+    # POSTGRES_SSL_KEY: /path/to/ssl/server.key
   # volumeMounts:
   #   - name: volume_name
   #     mountPath: /path/to/my/secret
@@ -357,7 +342,6 @@ rest:
     PGRST_DB_SCHEMAS: public,storage,graphql_public
     PGRST_DB_ANON_ROLE: anon
     PGRST_DB_USE_LEGACY_GUCS: false
-    JWT_EXPIRY: 3600
   # volumeMounts:
   #   - name: volume_name
   #     mountPath: /path/to/my/secret
