SupaControl is a self-hosted management platform for orchestrating multi-tenant Supabase instances on Kubernetes. It provides a robust API and web dashboard for automated provisioning, monitoring, and lifecycle management of Supabase deployments.
Perfect for:
- π’ SaaS Providers offering Supabase as a managed service
- π¨βπ» Development Teams managing multiple environments
- π Educational Institutions providing isolated instances for students
- ποΈ Platform Engineers building internal developer platforms
- Overview
- Features
- Architecture
- Quick Start
- Installation
- Usage
- Configuration
- Documentation
- CLI Tool
- Roadmap
- Contributing
- License
- Support
SupaControl acts as a control plane that sits between you and your Kubernetes cluster, simplifying the complexity of managing multiple Supabase instances.
- π Automates Supabase instance deployment using Helm charts
- π Isolates each instance in its own Kubernetes namespace
- π Manages complete instance lifecycle (create, monitor, delete)
- π Secures API access with JWT authentication and API keys
- π Provides a modern web dashboard for visual management
- π οΈ Integrates with CI/CD pipelines via REST API
Without SupaControl:
# Manual Supabase deployment
helm repo add supabase https://...
kubectl create namespace supa-myapp
helm install myapp supabase/supabase -n supa-myapp -f custom-values.yaml
kubectl apply -f ingress.yaml -n supa-myapp
# Repeat for each instance... πWith SupaControl:
# One command deployment
supactl create myapp
# Or via API
curl -X POST https://supacontrol.example.com/api/v1/instances \
-H "Authorization: Bearer $API_KEY" \
-d '{"name": "myapp"}'- π Automated Provisioning: Deploy complete Supabase stacks with a single API call
- π Complete Isolation: Each instance in its own dedicated Kubernetes namespace
- π Security First: API key and JWT authentication, encrypted secrets management
- π Persistent Inventory: PostgreSQL for users and API keys only; instance state managed via Kubernetes CRDs. See ADR 001 for details.
- β³ Asynchronous Operations: Instance creation and deletion are asynchronous; poll
GET /api/v1/instances/:namefor status updates. - π Web Dashboard: Modern React-based UI for instance management
- π API Key Management: Generate, list, and revoke keys for CLI/programmatic access
- π― Status Monitoring: Real-time instance health and deployment status
- ποΈ Clean Deletion: Automated cleanup of namespaces and resources
- API-First Design: Complete functionality exposed via REST API
- Kubernetes-Native: Built on client-go and Helm v3 SDK
- Stateless Application: Horizontally scalable for high availability
- Declarative Orchestration: Kubernetes resources managed declaratively
- Multi-Tenant Ready: Designed for managing dozens to hundreds of instances
- Production-Ready: Includes health checks, logging, and error handling
- CI/CD Friendly: Integrate with automated deployment pipelines
SaaS Multi-Tenancy
Customer A β Instance: supa-customer-a (dedicated database, isolated)
Customer B β Instance: supa-customer-b (dedicated database, isolated)
Customer C β Instance: supa-customer-c (dedicated database, isolated)
Development Environments
Production β Instance: supa-prod
Staging β Instance: supa-staging
Development β Instance: supa-dev
Testing β Instance: supa-test
Educational Institutions
Student 1 β Instance: supa-student1 (isolated learning environment)
Student 2 β Instance: supa-student2 (isolated learning environment)
...
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β SupaControl β
β (Control Plane) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β ββββββββββββββββ ββββββββββββββββ β
β β Web UI β β REST API β β
β β (React) ββββββ€ (Echo/Go) βββββ API Clients β
β ββββββββββββββββ ββββββββ¬ββββββββ β
β β β
β βββββββββββΌβββββββββββ β
β β Orchestrator β β
β β (K8s + Helm) β β
β βββββββββββ¬βββββββββββ β
β β β
β βββββββββββΌβββββββββββ β
β β Inventory DB β β
β β (PostgreSQL) β β
β ββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βββββββββββΌβββββββββββ
β Kubernetes API β
βββββββββββ¬βββββββββββ
β
βββββββββββββββββββββββΌββββββββββββββββββββββ
β β β
ββββββΌβββββ ββββββΌβββββ ββββββΌβββββ
βInstance1β βInstance2β βInstance3β
βNamespaceβ βNamespaceβ βNamespaceβ
βsupa-app1β βsupa-app2β βsupa-app3β
β β β β β β
β Supabaseβ β Supabaseβ β Supabaseβ
β Stack β β Stack β β Stack β
βββββββββββ βββββββββββ βββββββββββ
For detailed architecture documentation, see ARCHITECTURE.md.
SupaControl uses Kubernetes Custom Resource Definitions (CRDs) as the single source of truth for instance state. The SupabaseInstance CRD tracks the desired and actual state of each Supabase deployment, enabling declarative management and reconciliation.
βββββββββββββββββββ
β SupabaseInstance CRD β
β (Desired State) β
βββββββββββ¬ββββββββββββββββ
β Watches
βββββββββββΌβββββββββββ
β Controller β
β (Reconciles) β
βββββββββββ¬βββββββββββ
β Creates/Manages
βΌ
ββββββββββββββββββββ
β Supabase Stack β
β (Actual State) β
ββββββββββββββββββββ
See ADR 001 for the rationale behind using CRDs.
The fastest way to get started with SupaControl is using our interactive installer.
Note: Currently requires git clone as no npx installer is available.
Before you begin, ensure you have:
- β Kubernetes Cluster (v1.24+) running and accessible
- β kubectl installed and configured
- β Helm (v3.13+) installed
- β Ingress Controller (e.g., nginx-ingress) deployed in your cluster
β οΈ DNS/Domain configured for accessing the dashboard
Quick Prerequisites Check:
# Verify kubectl
kubectl version --client
# Verify Helm
helm version
# Verify cluster access
kubectl cluster-info
# Verify ingress controller
kubectl get ingressclass# 1. Clone the repository
git clone https://github.com/qubitquilt/SupaControl.git
cd SupaControl/cli
# 2. Install dependencies
npm install
# 3. Run interactive installer
npm startThe installer will:
- β Check all prerequisites
- π Generate secure secrets automatically
- π Guide you through configuration (domain, ingress, etc.)
- π Deploy to your Kubernetes cluster
- π Provide access information and next steps
After installation completes:
# 1. Wait for pods to be ready (1-2 minutes)
kubectl get pods -n supacontrol --watch
# 2. Access the dashboard
# Navigate to https://supacontrol.yourdomain.com
# 3. Login with default credentials
# Username: admin
# Password: admin
# β οΈ CHANGE THIS IMMEDIATELY!# 1. Access dashboard and change default password
# Go to Settings β Change Password
# 2. Generate an API key for CLI access
# Go to Settings β API Keys β Create New Key
# 3. Install the CLI tool
curl -sSL https://raw.githubusercontent.com/qubitquilt/supactl/main/scripts/install.sh | bash
# 4. Login to SupaControl
supactl login https://supacontrol.yourdomain.com
# 5. Create your first Supabase instance
supactl create my-first-app
# 6. Check instance status
supactl status my-first-app
# 7. List all instances
supactl listThe easiest way to install SupaControl. See Quick Start above.
Full CLI installer documentation: cli/README.md
For advanced users who want full control over the installation.
# 1. Clone repository
git clone https://github.com/qubitquilt/SupaControl.git
cd SupaControl
# 2. Create values.yaml
cat > values.yaml <<EOF
config:
jwtSecret: "your-very-long-and-secure-jwt-secret-here-change-this"
database:
host: "supacontrol-postgresql"
port: "5432"
user: "supacontrol"
password: "your-secure-db-password-here-change-this"
name: "supacontrol"
kubernetes:
ingressClass: "nginx"
ingressDomain: "supabase.yourdomain.com"
ingress:
enabled: true
className: "nginx"
hosts:
- host: supacontrol.yourdomain.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: supacontrol-tls
hosts:
- supacontrol.yourdomain.com
postgresql:
enabled: true
auth:
password: "your-secure-postgres-password-here"
database: "supacontrol"
username: "supacontrol"
EOF
# 3. Install with Helm
kubectl create namespace supacontrol
helm install supacontrol ./charts/supacontrol \
-f values.yaml \
-n supacontrol
# 4. Watch deployment
kubectl get pods -n supacontrol --watchFor local development without Kubernetes:
Before running, ensure KUBECONFIG is set for local Kubernetes development. See docs/DEVELOPMENT.md for detailed setup instructions and troubleshooting.
# 1. Start PostgreSQL
docker run --name supacontrol-postgres \
-e POSTGRES_USER=supacontrol \
-e POSTGRES_PASSWORD=password \
-e POSTGRES_DB=supacontrol \
-p 5432:5432 \
-d postgres:14
# 2. Set environment variables
export DB_HOST=localhost DB_PORT=5432
export DB_USER=supacontrol DB_PASSWORD=password DB_NAME=supacontrol
export JWT_SECRET=your-dev-jwt-secret-at-least-32-chars
# 3. Run backend
cd server && go run main.go
# 4. Run frontend (in another terminal)
cd ui && npm install && npm run devAccess the dashboard at https://supacontrol.yourdomain.com
Dashboard Features:
- π Instance Overview - List all Supabase instances with status
- β Create Instances - Deploy new instances with one click
- ποΈ Delete Instances - Remove instances and clean up resources
- π API Key Management - Generate and revoke API keys
- π€ User Settings - Change password and manage account
All API endpoints require authentication except /healthz and /api/v1/auth/login.
Quick Example:
# 1. Login
TOKEN=$(curl -X POST https://supacontrol.example.com/api/v1/auth/login \
-H "Content-Type: application/json" \
-d '{"username":"admin","password":"admin"}' | jq -r '.token')
# 2. Create instance
curl -X POST https://supacontrol.example.com/api/v1/instances \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"name":"my-app"}'
# Note: Instance creation is asynchronous. Poll for status:
curl -X GET https://supacontrol.example.com/api/v1/instances/my-app \
-H "Authorization: Bearer $TOKEN"
# 3. List instances
curl -X GET https://supacontrol.example.com/api/v1/instances \
-H "Authorization: Bearer $TOKEN"Complete API documentation: docs/API.md
| Variable | Description | Default | Required |
|---|---|---|---|
SERVER_PORT |
HTTP server port | 8091 |
No |
DB_HOST |
PostgreSQL host | localhost |
Yes |
DB_PORT |
PostgreSQL port | 5432 |
Yes |
DB_USER |
Database username | supacontrol |
Yes |
DB_PASSWORD |
Database password | - | Yes |
DB_NAME |
Database name | supacontrol |
Yes |
JWT_SECRET |
JWT signing secret | - | Yes |
KUBECONFIG |
Path to kubeconfig | Empty (in-cluster) | No |
DEFAULT_INGRESS_CLASS |
Ingress class | nginx |
No |
DEFAULT_INGRESS_DOMAIN |
Base domain for instances | supabase.example.com |
No |
Note for Developers: The
KUBECONFIGenvironment variable is crucial for local Kubernetes development. See the Development Guide for detailed setup instructions and troubleshooting.
For complete configuration options, see the Helm chart values.
Comprehensive documentation is available in the /docs directory:
- π README.md (this file) - Overview and quick start
- π cli/README.md - CLI installer documentation
- ποΈ ARCHITECTURE.md - System design and architecture
- π‘ docs/API.md - Complete API reference
- π docs/DEPLOYMENT.md - Production deployment guide
- π» docs/DEVELOPMENT.md - Development setup and guidelines
- π docs/SECURITY.md - Security best practices
- π§ docs/TROUBLESHOOTING.md - Common issues and solutions
- π€ CONTRIBUTING.md - Contribution guidelines
- π§ͺ TESTING.md - Testing documentation
- π€ CLAUDE.md - AI assistant development guide
The project's cli/ directory contains the interactive installer for SupaControl. For the full supactl CLI tool, see https://github.com/qubitquilt/supactl. Features like local mode are available in the external repository.
# Linux/macOS
curl -sSL https://raw.githubusercontent.com/qubitquilt/supactl/main/scripts/install.sh | bash
# Or download from releases
# https://github.com/qubitquilt/supactl/releases# Login to SupaControl server
supactl login https://supacontrol.yourdomain.com
# Create instance
supactl create my-project
# List instances
supactl list
# Check instance status
supactl status my-project
# Delete instance
supactl delete my-project- π Single binary - No dependencies, works everywhere
- π Secure auth - Credential management built-in
- π Directory linking - Associate local dirs with instances
- π¨ Interactive UI - Beautiful prompts and progress indicators
- π³ Local mode - Manage Docker-based instances without a server
Full CLI documentation: github.com/qubitquilt/supactl
- Instance update/upgrade support
- Custom resource limits per instance
- Instance status webhooks
- Backup and restore functionality
- Prometheus metrics integration
- Grafana dashboards
- Instance templates/presets
- Multi-cluster support
- Cost tracking per instance
- Resource quota management
- Advanced RBAC (user roles)
- Audit logging
- GitOps integration (ArgoCD/Flux)
- Instance cloning
- Automated scaling policies
- Multi-tenancy improvements
- Custom domain per instance
- Instance migration between clusters
Have ideas? We'd love to hear them!
- π‘ Open a feature request
- π³οΈ Vote on existing feature requests
- π¬ Join discussions on GitHub
We welcome contributions! Whether you're fixing bugs, improving documentation, or proposing new features, we appreciate your help.
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Make your changes
- Test:
make test - Commit:
git commit -m 'feat: add amazing feature' - Push:
git push origin feature/amazing-feature - Open a Pull Request
- π§ͺ Testing - Improve test coverage (currently ~6%). See TESTING.md for details.
- π Documentation - Tutorials, guides, examples
- π Bug Fixes - Fix reported issues
- β¨ Features - Implement roadmap items
- π¨ UI/UX - Improve dashboard design
- π Security - Security audits and improvements
See CONTRIBUTING.md for detailed guidelines.
MIT License - See LICENSE.md for details.
Copyright (c) 2024 SupaControl Contributors
- README (this file) - Overview and getting started
- Complete Documentation - All technical documentation
- CONTRIBUTING.md - Contribution guidelines
- TESTING.md - Testing documentation
- π¬ Discussions - GitHub Discussions
- π Bug Reports - GitHub Issues
- π‘ Feature Requests - GitHub Issues
- supactl - Official CLI tool for SupaControl
- supabase-kubernetes - Community Helm chart for Supabase
SupaControl is built on excellent open-source projects:
- Supabase - The open source Firebase alternative
- supabase-kubernetes - Community Helm chart
- Kubernetes - Container orchestration platform
- Helm - The package manager for Kubernetes
- Echo - High performance Go web framework
- React - JavaScript library for user interfaces
- Vite - Next generation frontend tooling
- client-go - Go client for Kubernetes
- sqlx - Extensions to Go's database/sql
Special thanks to all contributors!
SupaControl - Self-hosted Supabase management, simplified.
Get Started Β· Documentation Β· Report Bug Β· Request Feature
Made with β€οΈ by the SupaControl community