diff --git a/charts/supabase/templates/realtime/deployment.yaml b/charts/supabase/templates/realtime/deployment.yaml index 4083a46f..146acb67 100644 --- a/charts/supabase/templates/realtime/deployment.yaml +++ b/charts/supabase/templates/realtime/deployment.yaml @@ -76,6 +76,8 @@ spec: - name: DB_HOST value: {{ include "supabase.db.fullname" . }} {{- end }} + - name: TENANT_NAME + value: {{ include "supabase.realtime.fullname" . }} - name: DB_PASSWORD valueFrom: secretKeyRef: @@ -132,14 +134,20 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.realtime.volumeMounts }} volumeMounts: + {{- with .Values.realtime.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.realtime.volumes }} + - name: realtime-seed-volume + mountPath: /app/lib/realtime-{{ .Values.realtime.image.tag | trimPrefix "v" }}/priv/repo/seeds.exs + subPath: seeds.exs volumes: + {{- with .Values.realtime.volumes }} {{- toYaml . | nindent 8 }} {{- end }} + - name: realtime-seed-volume + configMap: + name: {{ printf "%s-seeds" (include "supabase.realtime.fullname" .) }} {{- with .Values.realtime.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -152,4 +160,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/supabase/templates/realtime/seeds.yaml b/charts/supabase/templates/realtime/seeds.yaml new file mode 100644 index 00000000..a28e9525 --- /dev/null +++ b/charts/supabase/templates/realtime/seeds.yaml @@ -0,0 +1,66 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-seeds" (include "supabase.realtime.fullname" .) }} +data: + seeds.exs: | + require Logger + alias Realtime.{Api.Tenant, Repo} + import Ecto.Adapters.SQL, only: [query: 3] + + tenant_name = System.get_env("TENANT_NAME", "realtime-dev") + + env = if :ets.whereis(Mix.State) != :undefined, do: Mix.env(), else: :prod + default_db_host = if env in [:dev, :test], do: "localhost", else: "host.docker.internal" + + Repo.transaction(fn -> + case Repo.get_by(Tenant, external_id: tenant_name) do + %Tenant{} = tenant -> Repo.delete!(tenant) + nil -> {:ok, nil} + end + + %Tenant{} + |> Tenant.changeset(%{ + "name" => tenant_name, + "external_id" => tenant_name, + "jwt_secret" => + System.get_env("API_JWT_SECRET", "super-secret-jwt-token-with-at-least-32-characters-long"), + "jwt_jwks" => System.get_env("API_JWT_JWKS") |> then(fn v -> if v, do: Jason.decode!(v) end), + "extensions" => [ + %{ + "type" => "postgres_cdc_rls", + "settings" => %{ + "db_name" => System.get_env("DB_NAME", "postgres"), + "db_host" => System.get_env("DB_HOST", default_db_host), + "db_user" => System.get_env("DB_USER", "supabase_admin"), + "db_password" => System.get_env("DB_PASSWORD", "postgres"), + "db_port" => System.get_env("DB_PORT", "5433"), + "region" => "us-east-1", + "poll_interval_ms" => 100, + "poll_max_record_bytes" => 1_048_576, + "ssl_enforced" => false + } + } + ], + "notify_private_alpha" => true + }) + |> Repo.insert!() + end) + + if env in [:dev, :test] do + publication = "supabase_realtime" + + {:ok, _} = + Repo.transaction(fn -> + [ + "drop publication if exists #{publication}", + "drop table if exists public.test_tenant;", + "create table public.test_tenant ( id SERIAL PRIMARY KEY, details text );", + "grant all on table public.test_tenant to anon;", + "grant all on table public.test_tenant to postgres;", + "grant all on table public.test_tenant to authenticated;", + "create publication #{publication} for table public.test_tenant" + ] + |> Enum.each(&query(Repo, &1, [])) + end) + end