2024
File
The issue that we are currently facing is the installation of a custom file into the container.
Quick commands to help debug this situation:
# Get Supabase Pods
kubectl get pods -n supabase
# Get Logs
kubectl logs supabase-release-supabase-db-1-initdb-7djvz -n supabase
# Describe
kubectl describe pod supabase-release-supabase-db-1-initdb-2wwtr -n supabase
Okay to load the pgsodium key / shell, we can try to setup a sidecar with the information. Actually since its the initDB, we can get away with using the environment because the whole container would get destroyed once its done with the init? We would load the sidecar then through another deployment which would be the recovery? Hmm, there are ways to make this work.
Here is the pod template that we used to init the container:
podTemplate:
spec:
initContainers:
- name: pgsodium-getkey-init
image: busybox
command: ["/bin/sh", "-c", "kubectl get secret secret-pgsodium-key -n supabase -o jsonpath='{.data.pgsodium_key}' | base64 --decode > /pgsodium/keyfile"]
volumeMounts:
- name: pgsodium-keyfile-volume
mountPath: /pgsodium
containers:
- name: main-container
image: {{ .Values.db.image.repository }}:{{ .Values.db.image.tag }}
volumeMounts:
- name: pgsodium-keyfile-volume
mountPath: /pgsodium
volumes:
- name: pgsodium-keyfile-volume
emptyDir: {}
However, for now, we will just load the key in via the environmental variable.
SegFault
Looks like after disabling the pgsodium, we had to wrap back around and disable the kilobase extension as well because I believe I might have made an error with how I went to set up the extension. I will look into the extension at another time, as there are just too many things on the plate and if worse comes to worse, we can just move the extension out of the postgres and into our own structure. This is a tough moment but its okay, I know when to move on and there are a decent amount of other things that are on our plate to deal with.
- repo :
https://github.com/KBVE/kbve.git - path:
/migrations/kube/charts/kilobase
There are 4 more core SQL files that we need to add into the configuration. Well there were 5 total, but we got the websockets to execute without any issues.
Just to recap the 5 total:
- jwt. - done using parameters.
- logs. - giving it to the
supabase_admin - realtime.
- roles.
- webhooks. - works fine for now.
We got the webhooks out of the way and we can just pass in the jwt directly through the parameters.
Now there is another error that we need to look through, which was the supabase-secret-db, but I was under the impression that we already did this through the sealed secrets, hmm.
Okay the other three core SQLs files that we need are these:
-- 99-jwt.sql |
\set jwt_secret `echo "$JWT_SECRET"`
\set jwt_exp `echo "$JWT_EXP"`
ALTER DATABASE postgres SET "app.settings.jwt_secret" TO :'jwt_secret';
ALTER DATABASE postgres SET "app.settings.jwt_exp" TO :'jwt_exp';
-- 99-logs.sql: |
\set pguser `echo "$POSTGRES_USER"`
create schema if not exists _analytics;
alter schema _analytics owner to :pguser;
-- 99-realtime.sql: |
\set pguser `echo "$POSTGRES_USER"`
create schema if not exists _realtime;
alter schema _realtime owner to :pguser;
-- 99-roles.sql: |
-- NOTE: change to your own passwords for production environments
\set pgpass `echo "$POSTGRES_PASSWORD"`
ALTER USER authenticator WITH PASSWORD :'pgpass';
ALTER USER pgbouncer WITH PASSWORD :'pgpass';
ALTER USER supabase_auth_admin WITH PASSWORD :'pgpass';
ALTER USER supabase_functions_admin WITH PASSWORD :'pgpass';
ALTER USER supabase_storage_admin WITH PASSWORD :'pgpass';
Source: https://github.com/supabase/supabase/tree/master/docker/volumes/db
Now of these three core files, we can start with the small.
For the log, we looked back at the supabase docker swarm and it looks like we set it to the supabase_admin, so lets go ahead and add that into the configmap.
The best move we can make right now would be to shut the whole thing down and restart the cluster.
Damn the JWT did not set via the parameters and we will have to go back to the SQL method.
We will try to alter it directly within the cnpg-kilobase-postgres.yaml.
Okay next applying the password for the role changes.
ALTER USER authenticator WITH PASSWORD 'your_password_here';
ALTER USER pgbouncer WITH PASSWORD 'your_password_here';
ALTER USER supabase_auth_admin WITH PASSWORD 'your_password_here';
ALTER USER supabase_functions_admin WITH PASSWORD 'your_password_here';
ALTER USER supabase_storage_admin WITH PASSWORD 'your_password_here';
Now lets go ahead and fix up the functions part of the supabase. It looks like the error is in the permissions, specifically the cache?
apiVersion: v1
kind: PersistentVolume
metadata:
name: deno-cache-pv
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/data/deno_cache"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: deno-cache-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
Okay the temporary fix for the functions seems fine and now we can move on towards temporary fixing the kong. We can always replace the kong with our own kilokong in the future or a better service down the line, but for now, we just want to run it.
What a wild ride, we were able to shift through all the docs and finally getting to the full cluster. The only thing left is the final parts of the backing up and restoring.
For this section, we will need to double check the cluster.
kubectl describe clusters.postgresql.cnpg.io supabase-release-supabase-db -n supabase
2023
- 6:40am - So the plan for the mornings should be a sunrise photoshoot? This would be a great excuse to get outside early and improve upon my photography skills! I already have a decent collection of equipment and a ton of abstract software background, I think its just finding that niche that I want to explore within.
- 8:30am - All I am craving is a mocha whey protein shake with an extremely spice Taylor ham and egg bagel! The combination of the heat that it generates and sweetness from the coffee, make it an amazing blend! It hits around 1000 calories but that is definitely more than enough to breeze through until mid-day.
- 4:35pm - Almost have my Appwrite / Square hackathon project outlined, now I just need to execute it as fast as possible before the event ends. There are a couple things that I wanted to make sure that would work before I commit a ton of time into them.
- 11:15pm - Pushing through some of the work projects, I also just got another job offer and damn I am already backed up for this weekend!
Quote
Tragedy is a tool for the living to gain wisdom, not a guide by which to live. — Robert F. Kennedy
Tasks
- [ ]