{"id":18000178,"url":"https://github.com/autom8ter/helmgate","last_synced_at":"2025-12-14T22:36:35.015Z","repository":{"id":54827792,"uuid":"327482530","full_name":"autom8ter/helmgate","owner":"autom8ter","description":"secure grpc/graphQL/REST API for managing k8s applications with helm ","archived":false,"fork":false,"pushed_at":"2021-03-04T00:54:56.000Z","size":3893,"stargazers_count":3,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-04-04T07:44:01.195Z","etag":null,"topics":["api","golang","graphql","grpc","istio","kubernetes"],"latest_commit_sha":null,"homepage":"https://autom8ter.github.io/helmgate/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/autom8ter.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-01-07T02:33:11.000Z","updated_at":"2023-08-10T16:30:13.000Z","dependencies_parsed_at":"2022-08-14T04:01:06.206Z","dependency_job_id":null,"html_url":"https://github.com/autom8ter/helmgate","commit_stats":null,"previous_names":["autom8ter/helmproxy","autom8ter/meshpaas","graphikdb/kdeploy","autom8ter/kdeploy","autom8ter/hpaas"],"tags_count":28,"template":false,"template_full_name":null,"purl":"pkg:github/autom8ter/helmgate","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/autom8ter%2Fhelmgate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/autom8ter%2Fhelmgate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/autom8ter%2Fhelmgate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/autom8ter%2Fhelmgate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/autom8ter","download_url":"https://codeload.github.com/autom8ter/helmgate/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/autom8ter%2Fhelmgate/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":27738220,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-14T02:00:11.348Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","golang","graphql","grpc","istio","kubernetes"],"created_at":"2024-10-29T23:10:03.514Z","updated_at":"2025-12-14T22:36:34.965Z","avatar_url":"https://github.com/autom8ter.png","language":"Go","readme":"# helmgate\n\nA secure API for easily deploying applications on Kubernetes with Helm charts\n\n[![GoDoc](https://godoc.org/github.com/autom8ter/helmgate?status.svg)](https://godoc.org/github.com/autom8ter/helmgate/helmgate-client-go)\n\n- [API Documentation](https://autom8ter.github.io/helmgate/)\n                                        \n## Features\n- [x] [Headless](https://en.wikipedia.org/wiki/Headless_software)\n- [x] [Stateless](https://nordicapis.com/defining-stateful-vs-stateless-web-services/)\n- [x] [gRPC](https://grpc.io/) support\n    - [protobuf schema](schema.proto)\n- [x] [graphQL](https://graphql.org/) support `/graphql`\n    - [graphQL schema](schema.graphql)\n- [x] REST support `/`\n    - [openapi schema](schema.swagger.json)\n- [x] Serve gRPC, graphQL, \u0026 REST on same port\n- [x] Authentication - JWT/OAuth with remote JWKS verification\n- [x] Authorization - [Rego](https://www.openpolicyagent.org/docs/latest/policy-language/) based Authorization engine\n- [x] Direct [Helm](https://helm.sh/) client integration(no exec'ing out to shell)\n- [x] Autogenerated Client gRPC SDK's\n    - [x] Go\n        - [![GoDoc](https://godoc.org/github.com/autom8ter/helmgate?status.svg)](https://godoc.org/github.com/autom8ter/helmgate/helmgate-client-go)\n    - [x] [Node](./gen/grpc/node)\n    - [x] [PHP](./gen/grpc/php)\n    - [x] [C#](./gen/grpc/csharp)\n    - [x] [Java](./gen/grpc/java)\n    - [x] [gRPC Web](./gen/grpc/web)\n\n- [x] Structured JSON Logs\n- [x] Metrics Server(prometheus/pprof)\n- [x] [Sample Kubernetes Manifest](k8s.yaml)\n    \n## Helpful Links\n- [Helm Docs](https://helm.sh/docs/)\n\n## Command Line\n\n```\nhelmgate -h\nUsage of helmgate:\n      --config string   path to config file (env: HELMGATE_JWKS_URI) (default \"helmgate.yaml\")\n```\n\n## Sample Config\n\n\n```yaml\n# port to serve on. metrics server is started on this port+1\nport: 8820\n# enable debug logs\ndebug: true\n# rego policy for authorization. inputs: input.claims(map), input.headers(map), input.request(map), input.method(string)\n# caution - this one allows any request\nrego_policy: |-\n  package helmgate.authz\n\n  default allow = true\n# query the allow variable\nrego_query: \"data.helmgate.authz.allow\"\n# remote json web keys uri for verifying inbound JWTs\njwks_uri: \"https://www.googleapis.com/oauth2/v3/certs\"\n# add list of helm repos to load at startup\nrepos:\n  - name: \"stable\"\n    url: \"https://charts.helm.sh/stable\"\n```\n\n## User Interface\n\nPlease take a look at the following options for stategate user-interface clients:\n\n- [OAuth GraphQL Playground](https://github.com/autom8ter/oauth-graphql-playground): A graphQL IDE that may be used to connect \u0026 interact with the full functionality of the stategate graphQL API as an authenticated user\n\n## Notes\n\n- graphQL API is served on :8820/graphql by default\n- gRPC API is served on :8820 by default\n- metrics server(prometheus/pprof) is served on :8821 by default\n- intended to be exposed publicly behind an SSL load balancer/ingress as an alternative to exposing your Kubernetes API\n- jwks uri is used to fetch public keys from a remote source in order to verify inbound JWTs - this is authentication\n    - if no jwks uri is provided, inbound jwt's will not be verified(insecure)\n- a rego policy may be added to the helmgate config in order to implement fine-grainded authorization\n    - if the rego policy is empty, a default allow-all policy will be used(insecure)\n- input attributes passed to the rego authorization policy on each client request include: \n    - `input.claims(map)` - the payload/claims of the inbound jwt\n    - `input.headers(map)`- the headers of the inbound request\n    - `input.request(map)` - the payload of the inbound request\n    - `input.method(string)` - the gRPC method of the inbound request\n      \n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fautom8ter%2Fhelmgate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fautom8ter%2Fhelmgate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fautom8ter%2Fhelmgate/lists"}