search

supabase-community / supabase-kubernetes

Helm 3 charts to deploy a Supabase on Kubernetes
Apache License 2.0
406 stars 116 forks source link

supabase-auth pod CrashLoopBackOff #30

Closed kubeworkz closed 1 year ago

kubeworkz commented 1 year ago

After doing a fresh helm install: helm -n default install MY-RELEASE -f values.yaml . I get a CrashLoopBackOff from the supabase-auth pod (also tried values.example.yaml) The logs produce the following:

[POP] 2023/02/08 01:10:15 info - 0.0140 seconds
time="2023-02-08T01:10:15Z" level=fatal msg="running db migrations: Migrator: problem creating schema migrations: CREATE TABLE \"schema_migrations\" (\n\"version\" VARCHAR (14) NOT NULL\n);\nCREATE UNIQUE INDEX \"schema_migrations_version_idx\" ON \"schema_migrations\" (version);: ERROR: no schema has been selected to create in (SQLSTATE 3F000)"

I'm attaching to a Zalando postgres-operator instance in my cluster. I can pop into the master node and re-create those SQL commands no problem. I'm only getting a crashloopbackoff on supabase-auth and supabase-realtime. Realtime kicks out because of supabase-auth.

I tried a few options to fix the error:

revoke usage on schema public from public;
grant usage on schema public to public;
grant create on schema public to public;

It seems the search_path is messed up somehow. There's no auth schema getting created. It's like the templates/db/initdb.config.yaml isn't getting called.

Here's my auth service section from values.yaml:

...
# Auth Service
auth:
  enabled: true # Disable the auth service
  image:
    repository: supabase/gotrue
    pullPolicy: IfNotPresent
    tag: "latest"
  imagePullSecrets: []
  replicaCount: 1
  nameOverride: ""
  fullnameOverride: ""
  serviceAccount:
    # Specifies whether a service account should be created
    create: true
    # Annotations to add to the service account
    annotations: {}
    # The name of the service account to use.
    # If not set and create is true, a name is generated using the fullname template
    name: ""
  podAnnotations: {}
  podSecurityContext: {}
    # fsGroup: 2000
  securityContext: {}
    # capabilities:
    #   drop:
    #   - ALL
    # readOnlyRootFilesystem: true
    # runAsNonRoot: true
    # runAsUser: 1000
  service:
    type: ClusterIP
    port: 9999
  environment:
    DB_HOST: supa.default.svc.cluster.local
    DB_PORT: "5432"
    DB_DRIVER: postgres
    DB_NAME: postgres
    DB_SSL: require # disable, allow, prefer, require, verify-ca, verify-full
    GOTRUE_API_HOST: "0.0.0.0"
    GOTRUE_API_PORT: "9999"
    GOTRUE_SITE_URL: https://studio.cloudrock.ca
    GOTRUE_URI_ALLOW_LIST: "*"
    GOTRUE_DISABLE_SIGNUP: "false"
    GOTRUE_JWT_DEFAULT_GROUP_NAME: authenticated
    GOTRUE_JWT_ADMIN_ROLES: service_role
    GOTRUE_JWT_AUD: authenticated
    GOTRUE_JWT_EXP: "3600"
    GOTRUE_EXTERNAL_EMAIL_ENABLED: "true"
    GOTRUE_MAILER_AUTOCONFIRM: "true"
    GOTRUE_SMTP_ADMIN_EMAIL: "support@cloudrock.ca"
    GOTRUE_SMTP_HOST: "smtppro.zoho.com"
    GOTRUE_SMTP_PORT: "465"
    GOTRUE_SMTP_SENDER_NAME: "support@cloudrock.ca"
    GOTRUE_EXTERNAL_PHONE_ENABLED: "false"
    GOTRUE_SMS_AUTOCONFIRM: "false"
    GOTRUE_MAILER_URLPATHS_INVITE: "https://api.cloudrock.ca/auth/v1/verify"
    GOTRUE_MAILER_URLPATHS_CONFIRMATION: "https://api.cloudrock.ca/auth/v1/verify"
    GOTRUE_MAILER_URLPATHS_RECOVERY: "https://api.cloudrock.ca/auth/v1/verify"
    GOTRUE_MAILER_URLPATHS_EMAIL_CHANGE: "https://api.cloudrock.ca/auth/v1/verify"
  ingress:
    enabled: false
    className: ""
    annotations: {}
    hosts: []
    tls: []
    #  - secretName: chart-example-tls
    #    hosts:
    #      - chart-example.local
  # volumeMounts:
  #   - name: volume_name
  #     mountPath: /path/to/my/secret
  # volumes:
  #   - name: volume_name
  #     secret:
  #       defaultMode: 733
  #       secretName: my_secret
  #       items:
  #       - key: my_secret.txt
  #         path: name_of_file_in_container.txt
  resources: {}
    # We usually recommend not to specify default resources and to leave this as a conscious
    # choice for the user. This also increases chances charts run on environments with little
    # resources, such as Minikube. If you do want to specify resources, uncomment the following
    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
    # limits:
    #   cpu: 100m
    #   memory: 128Mi
    # requests:
    #   cpu: 100m
    #   memory: 128Mi
  autoscaling:
    enabled: true
    minReplicas: 1
    maxReplicas: 100
    targetCPUUtilizationPercentage: 80
    # targetMemoryUtilizationPercentage: 80
  nodeSelector: {}
  tolerations: []
  affinity: {}
...

Has anyone experienced this? Cheers, Dave

bigbitbus commented 1 year ago

@kubeworkz there was a recent update to the docker image versions, do you want to re-try and check if the error persists?

kubeworkz commented 1 year ago

I installed yesterday - would that have picked up the new versions? or is there something I need to tweak....

bigbitbus commented 1 year ago

I installed yesterday - would that have picked up the new versions? or is there something I need to tweak....

Yea I believe the merge for the new dockers happened only a few hours ago; check your commit hash to confirm.

kubeworkz commented 1 year ago

Ah cool. I'll check it out thanks.

bigbitbus commented 1 year ago

If its fixed can you close the issue?