Open
Description
Bug report
Describe the bug
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
fixing permissions on existing directory /var/lib/postgresql/data ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... Etc/UTC
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
initdb: warning: enabling "trust" authentication for local connections
initdb: hint: You can change this by editing pg_hba.conf or using the option -A, or --auth-local and --auth-host, the next time you run initdb.
syncing data to disk ... ok
Success. You can now start the database server using:
/usr/bin/pg_ctl -D /var/lib/postgresql/data -l logfile start
waiting for server to start.... 2024-12-28 00:07:12.689 UTC [49] LOG: pgaudit extension initialized
2024-12-28 00:07:13.359 UTC [49] LOG: pgsodium primary server secret key loaded
.. 2024-12-28 00:07:15.317 UTC [49] LOG: starting PostgreSQL 15.6 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 13.2.0, 64-bit
2024-12-28 00:07:15.356 UTC [49] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
2024-12-28 00:07:15.439 UTC [58] LOG: database system was shut down at 2024-12-28 00:07:06 UTC
. 2024-12-28 00:07:15.824 UTC [49] LOG: database system is ready to accept connections
done
server started
2024-12-28 00:07:16.133 UTC [61] LOG: TimescaleDB background worker launcher connected to shared catalogs
2024-12-28 00:07:16.160 UTC [63] LOG: pg_cron scheduler started
/usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/init-scripts
/usr/local/bin/docker-entrypoint.sh: running /docker-entrypoint-initdb.d/migrate.sh
[local] 2024-12-28 00:07:17.215 UTC [73] supabase_admin@postgres FATAL: password authentication failed for user "supabase_admin"
[local] 2024-12-28 00:07:17.215 UTC [73] supabase_admin@postgres DETAIL: Role "supabase_admin" does not exist.
Connection matched pg_hba.conf line 82: "local all supabase_admin scram-sha-256"
psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: password authentication failed for user "supabase_admin"
To Reproduce
- Followed the instructions to clone the repo
- Integrate the release as part of a simple terraform module
- Try to bring up the release
terraform {
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.35.1"
}
helm = {
source = "hashicorp/helm"
version = "2.17.0"
}
}
}
provider "kubernetes" {
config_path = var.kubernetes_provider_config["config_path"]
config_context = var.kubernetes_provider_config["config_context"]
}
provider "helm" {
kubernetes {
config_path = var.kubernetes_provider_config["config_path"]
config_context = var.kubernetes_provider_config["config_context"]
}
}
resource "kubernetes_namespace" "supabase" {
metadata {
name = "supabase-${var.environment}"
}
}
resource "helm_release" "supabase" {
name = "supabase"
namespace = kubernetes_namespace.supabase.metadata[0].name
chart = "${path.module}/supabase-kubernetes/charts/supabase"
# Image tags from docker-compose.yml
set {
name = "studio.image.tag"
value = "20241106-f29003e"
}
set {
name = "auth.image.tag"
value = "v2.164.0"
}
set {
name = "rest.image.tag"
value = "v12.2.0"
}
set {
name = "realtime.image.tag"
value = "v2.30.34"
}
set {
name = "meta.image.tag"
value = "v0.84.2"
}
set {
name = "storage.image.tag"
value = "v1.11.13"
}
set {
name = "imgproxy.image.tag"
value = "v3.8.0"
}
set {
name = "functions.image.tag"
value = "v1.62.2"
}
set {
name = "analytics.image.tag"
value = "1.4.0"
}
set {
name = "vector.image.tag"
value = "0.28.1-alpine"
}
set {
name = "db.image.tag"
value = "15.6.1.142"
}
set {
name = "secret.jwt.secret"
value = var.jwt_secret
}
set {
name = "secret.jwt.anonKey"
value = var.anon_key
}
set {
name = "secret.jwt.serviceKey"
value = var.service_role_key
}
set {
name = "secret.db.username"
value = "postgres"
}
set {
name = "secret.db.password"
value = var.postgres_password
}
set {
name = "secret.db.database"
value = "postgres"
}
set {
name = "secret.smtp.username"
value = var.smtp_user
}
set {
name = "secret.smtp.password"
value = var.smtp_pass
}
set {
name = "secret.dashboard.username"
value = "admin"
}
set {
name = "secret.dashboard.password"
value = var.dashboard_password
}
set {
name = "db.enabled"
value = true
}
# set {
# name = "studio.environment.SUPABASE_PUBLIC_URL"
# value = var.supabase_public_url
# }
set {
name = "studio.environment.STUDIO_DEFAULT_ORGANIZATION"
value = var.studio_default_organization
}
set {
name = "studio.environment.STUDIO_DEFAULT_PROJECT"
value = var.studio_default_project
}
# Auth service environment variables
set {
name = "auth.environment.API_EXTERNAL_URL"
value = var.api_external_url
}
set {
name = "auth.environment.GOTRUE_SITE_URL"
value = var.site_url
}
set {
name = "auth.environment.GOTRUE_URI_ALLOW_LIST"
value = "*"
}
set {
name = "auth.environment.GOTRUE_DISABLE_SIGNUP"
value = var.disable_signup
}
set {
name = "auth.environment.GOTRUE_JWT_EXP"
value = var.jwt_expiry
}
set {
name = "auth.environment.GOTRUE_EXTERNAL_EMAIL_ENABLED"
value = var.enable_email_signup
}
set {
name = "auth.environment.GOTRUE_EXTERNAL_ANONYMOUS_USERS_ENABLED"
value = var.enable_anonymous_users
}
set {
name = "auth.environment.GOTRUE_MAILER_AUTOCONFIRM"
value = var.enable_email_autoconfirm
}
set {
name = "auth.environment.GOTRUE_SMTP_ADMIN_EMAIL"
value = var.smtp_admin_email
}
set {
name = "auth.environment.GOTRUE_SMTP_HOST"
value = var.smtp_host
}
set {
name = "auth.environment.GOTRUE_SMTP_PORT"
value = var.smtp_port
}
set {
name = "auth.environment.GOTRUE_SMTP_SENDER_NAME"
value = var.smtp_sender_name
}
set {
name = "auth.environment.GOTRUE_MAILER_URLPATHS_INVITE"
value = var.mailer_urlpaths_invite
}
set {
name = "auth.environment.GOTRUE_MAILER_URLPATHS_CONFIRMATION"
value = var.mailer_urlpaths_confirmation
}
set {
name = "auth.environment.GOTRUE_MAILER_URLPATHS_RECOVERY"
value = var.mailer_urlpaths_recovery
}
set {
name = "auth.environment.GOTRUE_MAILER_URLPATHS_EMAIL_CHANGE"
value = var.mailer_urlpaths_email_change
}
set {
name = "auth.environment.GOTRUE_EXTERNAL_PHONE_ENABLED"
value = var.enable_phone_signup
}
set {
name = "auth.environment.GOTRUE_SMS_AUTOCONFIRM"
value = var.enable_phone_autoconfirm
}
# # Rest service environment variables
# set {
# name = "rest.environment.PGRST_DB_SCHEMAS"
# value = var.pgrst_db_schemas
# }
# Storage service environment variables
set {
name = "storage.environment.FILE_SIZE_LIMIT"
value = "52428800"
}
# Imgproxy environment variables
set {
name = "imgproxy.environment.IMGPROXY_ENABLE_WEBP_DETECTION"
value = var.imgproxy_enable_webp_detection
}
# Functions environment variables
set {
name = "functions.environment.VERIFY_JWT"
value = var.functions_verify_jwt
}
# Analytics environment variables
set {
name = "analytics.environment.LOGFLARE_API_KEY"
value = var.logflare_api_key
}
set {
name = "auth.environment.GOTRUE_JWT_ADMIN_ROLES"
value = "service_role"
}
# Dependencies
depends_on = [
kubernetes_namespace.supabase
]
}
Expected behavior
Initial migrations located in /docker-entrypoint-initdb.d/init-scripts should be exectured. This includes:
root@supabase-supabase-db-7448b48b6b-qcwh7:/docker-entrypoint-initdb.d# cd init-scripts/
root@supabase-supabase-db-7448b48b6b-qcwh7:/docker-entrypoint-initdb.d/init-scripts# ls
00000000000000-initial-schema.sql 00000000000002-storage-schema.sql 00-schema.sql 99-roles.sql
00000000000001-auth-schema.sql 00000000000003-post-setup.sql 98-webhooks.sql
root@supabase-supabase-db-7448b48b6b-qcwh7:/docker-entrypoint-initdb.d/init-scripts#
Additional context
Using terraform helm provider