This repository contains Helm charts for deploying the EQTY Lab Governance Platform on Kubernetes.
| Chart | Type | Description |
|---|---|---|
| governance-platform | Umbrella | Complete platform deployment (recommended) |
| governance-studio | Subchart | React-based frontend application |
| governance-service | Subchart | Go-based backend API and workflow engine |
| integrity-service | Subchart | Rust-based verifiable credentials and lineage service |
| auth-service | Subchart | Go-based authentication and authorization service |
| keycloak-bootstrap | Utility | Keycloak realm and client configuration job |
The chart repository is organized using an umbrella chart pattern:
charts/
├── governance-platform/ # Umbrella chart (deploy this for full platform)
│ ├── Chart.yaml # Dependencies on all subcharts
│ ├── values.yaml # Global configuration + subchart overrides
│ └── templates/ # Shared resources (secrets, configmaps)
├── governance-studio/ # Frontend subchart
├── governance-service/ # Backend API subchart
├── integrity-service/ # Credentials/lineage subchart
├── auth-service/ # Authentication subchart
└── keycloak-bootstrap/ # Keycloak configuration utility
Recommended approach: Deploy using the governance-platform umbrella chart. This provides:
- Centralized configuration through global values
- Automatic service discovery and integration
- Coordinated secret management
- Consistent versioning across components
Alternative: Subcharts can be deployed individually for advanced use cases.
- Kubernetes 1.21+
- Helm 3.8+
- kubectl configured for your cluster
- Container registry access (GitHub Container Registry)
# 1. Create namespace
kubectl create namespace governance
# 2. Create required secrets (see governance-platform/README.md for full list)
# Alternatively, use the secrets-sample.yaml template:
# cp charts/governance-platform/examples/secrets-sample.yaml secrets.yaml
# Then pass --values secrets.yaml alongside your values file during deploy.
kubectl create secret generic platform-database \
--from-literal=username=postgres \
--from-literal=password="$(openssl rand -base64 24)" \
--namespace governance
# ... additional secrets as documented in governance-platform/README.md
# 3. Create values file (use the appropriate example as a starting point)
# For Auth0: cp charts/governance-platform/examples/values-auth0.yaml values.yaml
# For Keycloak: cp charts/governance-platform/examples/values-keycloak.yaml values.yaml
# Then edit values.yaml with your environment-specific settings.
# 4. Deploy
helm dependency update ./charts/governance-platform
helm upgrade --install governance-platform ./charts/governance-platform \
--namespace governance \
--values values.yaml
# 5. Verify
kubectl get pods -n governanceFor complete documentation, see governance-platform/README.md.
# Update dependencies
helm dependency update ./charts/governance-platform
# Install
helm upgrade --install governance-platform ./charts/governance-platform \
--namespace governance \
--create-namespace \
--values values.yaml# Authenticate with GitHub Container Registry
echo $GITHUB_PAT | helm registry login ghcr.io -u USERNAME --password-stdin
# Install from registry
helm upgrade --install governance-platform oci://ghcr.io/eqtylab/charts/governance-platform \
--version 0.1.0 \
--namespace governance \
--create-namespace \
--values values.yamlThe charts/governance-platform/examples/ directory contains complete deployment examples:
| Example | Description |
|---|---|
| values-auth0.yaml | Platform deployment using Auth0 as the identity provider |
| values-keycloak.yaml | Platform deployment using Keycloak as the identity provider |
| secrets-sample.yaml | Complete secrets configuration template |
# Lint a chart
helm lint ./charts/governance-platform
# Template a chart (preview rendered manifests)
helm template governance-platform ./charts/governance-platform \
--values values.yaml \
--debug
# Dry-run installation
helm upgrade --install governance-platform ./charts/governance-platform \
--namespace governance \
--values values.yaml \
--dry-run --debug
# Diff against existing release (requires helm-diff plugin)
helm diff upgrade governance-platform ./charts/governance-platform \
--namespace governance \
--values values.yaml# Update all subchart dependencies
helm dependency update ./charts/governance-platform
# List dependencies
helm dependency list ./charts/governance-platform# Run helm unittest (if configured)
helm unittest ./charts/governance-platform
# Validate against Kubernetes API
helm upgrade --install governance-platform ./charts/governance-platform \
--namespace governance \
--values values.yaml \
--dry-run \
--validateCharts are published to GitHub Container Registry (GHCR) as OCI artifacts.
# Authenticate
export CR_PAT="YOUR-GITHUB-PERSONAL-ACCESS-TOKEN"
echo $CR_PAT | helm registry login ghcr.io -u USERNAME --password-stdin
# Package chart
helm package ./charts/governance-platform
# Push to registry
helm push governance-platform-0.1.0.tgz oci://ghcr.io/eqtylab/chartsCharts are automatically published via GitHub Actions when changes are merged to main. See .github/workflows/publish.yaml for details.
Charts follow Semantic Versioning:
- MAJOR: Breaking changes to values schema or removed features
- MINOR: New features, new configuration options
- PATCH: Bug fixes, documentation updates
The umbrella chart (governance-platform) version is incremented when:
- Any subchart version changes
- Global configuration schema changes
- New subcharts are added
| Document | Description |
|---|---|
| governance-platform/README.md | Complete platform deployment guide |
| governance-studio/README.md | Frontend configuration |
| governance-service/README.md | Backend API configuration |
| integrity-service/README.md | Credentials service configuration |
| auth-service/README.md | Authentication service configuration |
| keycloak-bootstrap/README.md | Keycloak realm/client configuration |
- Email: support@eqtylab.io
- Documentation: https://docs.eqtylab.io
- GitHub Issues: https://github.com/eqtylab/governance-studio-infrastructure/issues