{"id":21273479,"url":"https://github.com/graphaware/hume-helm-charts","last_synced_at":"2025-07-19T23:35:12.040Z","repository":{"id":69925599,"uuid":"536465446","full_name":"graphaware/hume-helm-charts","owner":"graphaware","description":"Helm charts for deploying GraphAware Hume on Kubernetes","archived":false,"fork":false,"pushed_at":"2025-03-28T18:59:45.000Z","size":1096,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-06-24T06:02:51.239Z","etag":null,"topics":["docker","helm","helm-chart","k8s","kubernetes","neo4j"],"latest_commit_sha":null,"homepage":"https://graphaware.com/products/hume","language":"Smarty","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/graphaware.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-09-14T07:37:25.000Z","updated_at":"2025-03-28T18:59:48.000Z","dependencies_parsed_at":"2024-02-29T13:44:48.198Z","dependency_job_id":"b1a68eab-e8a5-46d0-942d-7e4dca5ee986","html_url":"https://github.com/graphaware/hume-helm-charts","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/graphaware/hume-helm-charts","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graphaware%2Fhume-helm-charts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graphaware%2Fhume-helm-charts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graphaware%2Fhume-helm-charts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graphaware%2Fhume-helm-charts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/graphaware","download_url":"https://codeload.github.com/graphaware/hume-helm-charts/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graphaware%2Fhume-helm-charts/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266041879,"owners_count":23867956,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","helm","helm-chart","k8s","kubernetes","neo4j"],"created_at":"2024-11-21T09:14:57.497Z","updated_at":"2025-07-19T23:35:12.009Z","avatar_url":"https://github.com/graphaware.png","language":"Smarty","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!--- app-name: Hume --\u003e\n\n# Hume packaged by GraphAware\n\nHume is an enterprise-level graph analytics solution that is easy to set up, maintain, and use. Hume helps organisations gain a competitive advantage by leveraging the power of graphs.\n\n[Overview of Hume](https://www.graphaware.com/products/hume/)\n\nTrademarks: This software listing is packaged by GraphAware. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.\n\n## Introduction\n\nGraphAware charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads.\n\nThis chart bootstraps a [Hume](https://github.com/graphaware/hume-helm-charts) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.\n\n## Prerequisites\n\n- Kubernetes 1.19+\n- Helm 3.2.0+\n- Customer account in https://docker.graphaware.com/ in order to download both Helm chart and docker images\n- A Hume licence key\n\n## Installing the Chart\n\n### Prepare the release\n\n1. Create a new namespace dedicated for Hume, assuming `hume` will be the namespace name\n```bash\nkubectl create namespace hume\n```\n\n2. Create the `docker-registry` secret with your GraphAware docker registry credentials\n```bash\nkubectl create secret docker-registry graphaware-docker-creds --docker-server='docker.graphaware.com' --docker-username='\u003cusername\u003e' --docker-password='\u003cpassword\u003e' -n hume\n```\n\n3. Optionally, create the `hume-licence` secret with your Hume licence key (.b64 file content)\n```bash\nkubectl create secret generic --from-literal=hume.licence.key=\u003clicence-b64-string\u003e -n hume\n```\n\n\u003e **NOTE**\n\u003e Providing the `hume-licence` secret will install the licence automatically. If not provided you will be prompt to upload the licence file when logging in to Hume for the first time.\n\n4. Add the GraphAware OCI Helm repository to your local repository\n```bash\nhelm registry login -u '\u003cusername\u003e' docker.graphaware.com\nhelm pull oci://docker.graphaware.com/public/hume --version 2.21.0\n```\n\n### Install the Helm chart\n\nAssuming `hume` is the namespace name and `my-release` is the helm release name.\n\n```bash\n$ helm install my-release oci://docker.graphaware.com/public/hume --version 2.21.0\nor\n$ helm install my-release oci://docker.graphaware.com/public/hume --version 2.21.0 -n hume -f values.yaml\n```\n\u003e **NOTE** \n\u003e These commands deploy a Hume application on the Kubernetes cluster in the default configuration. It means that the Hume application will not be exposed to the Internet. If you want to access it via Ingress below we will provide a few examples.\n\n### Verify the installation\n\n1. Check the pods are ready\n```bash\nkubectl get pods -n hume\nNAME READY STATUS RESTARTS AGE\ndev-release-0 1/1 Running 0 8m24s\nhume-api-897bbccb7-6g6vk 1/1 Running 1 (8m13s ago) 8m24s\nhume-orchestra-0 1/1 Running 0 8m24s\nhume-web-8d7d855fc-kwhvv 1/1 Running 0 8m24s\npostgresql-core-0 1/1 Running 0 8m24s\n```\n\n2. Check the services look OK\n\n```bash\nkubectl get svc -n hume\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\ndev-release ClusterIP 10.99.0.111 \u003cnone\u003e 7687/TCP,7474/TCP,7473/TCP 9m29s\ndev-release-admin ClusterIP 10.100.142.91 \u003cnone\u003e 6362/TCP,7687/TCP,7474/TCP,7473/TCP 9m29s\ndev-release-neo4j LoadBalancer 10.106.141.47 localhost 7474:31776/TCP,7473:31964/TCP,7687:30353/TCP 9m29s\nhume-api NodePort 10.97.248.25 \u003cnone\u003e 8080:32081/TCP 9m29s\nhume-orchestra ClusterIP 10.98.32.28 \u003cnone\u003e 8100/TCP 9m29s\nhume-web ClusterIP 10.104.105.20 \u003cnone\u003e 8081/TCP 9m29s\npostgresql-core ClusterIP 10.106.90.201 \u003cnone\u003e 5432/TCP 9m29s\npostgresql-core-hl ClusterIP None \u003cnone\u003e 5432/TCP 9m29s\n```\n\n3. Use `port-forwarding` to get access to the Hume user interface\n\nFrom one terminal run the following command : \n```bash\nkubectl port-forward service/hume-web 8081:8081 -n hume\n```\n\nFrom another terminal run the following command : \n```bash\nkubectl port-forward service/hume-api 8080:8080 -n hume\n```\n\nIn a web browser, open the Hume user interface at http://localhost:8081.\n\nUse the default username/password `admin@hume.k8s / password` to log in to Hume.\n\n## Ingress\n\nIn order to deploy Ingress resource we have to define `baseDomain` parameter and annotations per your Ingress Controller.\n\n**[AWS Load Balancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/)**\n\nExample of `values.yaml`:\n```bash\nbaseDomain: \"\u003cyour-domain\u003e\"\ningress:\n enabled: true\n annotations:\n kubernetes.io/ingress.class: \"alb\"\n alb.ingress.kubernetes.io/scheme: \"internal\"\n alb.ingress.kubernetes.io/group.name: \"default-internal\"\n alb.ingress.kubernetes.io/target-type: \"ip\"\n alb.ingress.kubernetes.io/listen-ports: '[{\"HTTPS\":443}, {\"HTTP\":80}]'\n alb.ingress.kubernetes.io/actions.ssl-redirect: '{\"Type\": \"redirect\", \"RedirectConfig\": { \"Protocol\": \"HTTPS\", \"Port\": \"443\", \"StatusCode\": \"HTTP_301\"}}'\n```\n\n**[Nginx Ingresss Controller](https://kubernetes.github.io/ingress-nginx/)**\n\nExample of `values.yaml`:\n```bash\nbaseDomain: \"\u003cyour-domain\u003e\"\ningress:\n enabled: true\n ingressClassName: nginx\n annotations:\n```\n## Uninstalling the Chart\n\nTo uninstall/delete the `my-release` deployment:\n\n```bash\n$ helm uninstall my-release -n hume\n```\nThe command removes all the Kubernetes components associated with the chart and deletes the release.\n## Parameters\n\n| Name | Description | Value |\n| ------------------------- | ----------------------------------------------------------------------------------- | --------------------------------- |\n| `baseDomain` | Domain name (for example graphaware.com) | `\"\"` |\n| `imagePullSecrets` | Docker registry secret name | `graphaware-docker-creds` |\n| `autoscaling` | Enable autoscaling for Hume | `\"false\"` |\n| `deploymentStrategy` | Kubernetes Deployment Strategy Type | `\"RollingUpdate\"` |\n| `nameOverride` | String to partially override hume.fullname | `\"\"` |\n| `fullnameOverride` | String to fully override hume.fullname | `\"hume\"` |\n| `ingress.enabled` | Enables ingress | `\"false\"` |\n| `autoscaling` | Enable autoscaling for Hume | `\"false\"` |\n| `keycloak.enabled` | Enable Keycloak | `\"false\"` |\n| `serviceAccount.create` | Enable ServiceAccount | `\"true\"` |\n\n## Using your own Docker registry\n\nWhen you need to use your own Docker registry, for example in air gapped environments you will need to copy the images from our Docker registry to yours.\n\nAdditionally you need to adapt the chart to change the coordinates of the Docker images, to do so you can \noverride the following values : \n\n| Chart | value | default | override |\n| --- | --- | --- | --- |\n| hume-core | `humeCoreBaseRepository` | `docker.graphaware.com/hume-core/` | `your-docker-domain.example/` |\n| hume-alerting | `humeAlertingBaseRepository` | `docker.graphaware.com/hume-alerting/` | `your-docker-domain.example/` |\n\n**Don't forget the trailing slash at the end of the repository name**\n\n## Overriding container environment variables\n\nThe chart comes with default sensible environment variables. Those variables can be overriden for each service in their respective `env` section.\n\nFor eg, to use a secret for the API postgres database password, you can provide the secret name like this \n\n```yaml\n# values.yml\napi:\n env:\n - name: spring.datasource.password\n valueFrom:\n secretKeyRef:\n key: db-password\n name: api-postgres-db-password\n```\n\n## Deployment with all the persistence outside of Kubernetes\n\nIt is not uncommon to have a PostgreSQL server and Neo4j server outside of Kubernetes. It's then necessary to disable all persistence dependencies and override the defaults for connections to those, Keycloak is often installed outside of the chart as well.\n\nSee [`deployment-scenarios/external-persistence/values.yaml`](./deployment-scenarios/external-persistence/values.yml) for an example configuration.\n\n## Install specific versions\n\nYou can install a specific version of the chart by specifying the chart version \n\n```bash\nhelm install my-release graphaware/hume -f values.yml --version 2.16.8\n```\n\n## Initial API Key creation\n\nHume can be configured to have an initial api key created when the application starts the first time.\n\n```yaml\napi:\n remoteApi:\n enabled: true\n initialKey:\n create: true\n name: my-initial-key\n token: my-insecure-token\n roles: ADMINISTRATOR\n```\n\nOptionally, you can use an existing secret for the token\n\n```yaml\napi:\n remoteApi:\n enabled: true\n initialyKey:\n create: true\n name: my-initial-key\n roles: ADMINISTRATOR\n existingSecret: hume-api-key-secret # name of the secret to use\n existingSecretKey: secret # optional, defaults to \"token\"\n```\n\n### Audit logging to console logs\n\nConfiguring Hume to log all logs including the audit logs to console is generally helpful in Kubernetes \nenvironments so all logs can be picked up by centralised logging such as Grafana Loki for example.\n\nTo do so, you will need to create a configmap that defines the log4j2 configuration\n\n```yaml\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: api-log4j2-configmap\ndata:\n server-logs.xml: |\n \u003c?xml version=\"1.0\" encoding=\"UTF-8\"?\u003e\n \u003c!--\n ~ Copyright (c) Graph Aware Limited - All Rights Reserved\n ~ This file is part of GraphAware Hume\n ~ Unauthorized copying of this file, via any medium is strictly prohibited\n ~ Proprietary and confidential\n --\u003e\n\n \u003cConfiguration status=\"info\"\u003e\n \u003cProperties\u003e\n \u003cProperty name=\"_hume.security.audit.enabled\"\u003e${sys:hume.security.audit.enabled:-false}\u003c/Property\u003e\n \u003cProperty name=\"_hume.security.audit.log.path\"\u003e${sys:hume.security.audit.log.path:-/tmp/hume-audit}\u003c/Property\u003e\n \u003cProperty name=\"_hume.logging.shortenedClassNameLength\"\u003e${sys:hume.logging.shortenedClassNameLength}\u003c/Property\u003e\n \u003cProperty name=\"_hume.logging.format\"\u003e${sys:hume.logging.format:-plain}\u003c/Property\u003e\n \u003cProperty name=\"_hume.logging.maxDepth\"\u003e${sys:hume.logging.maxDepth}\u003c/Property\u003e\n \u003cProperty name=\"_hume.logging.maxLength\"\u003e${sys:hume.logging.maxLength}\u003c/Property\u003e\n \u003cProperty name=\"pattern\"\u003e%highlight{[%-5level]}{FATAL=bg_red, ERROR=red, WARN=yellow, INFO=green, DEBUG=blue} %d{dd-MM-yyyy HH:mm:ss.SSS} %style{[%thread]}{blue} %style{[%c{1}]}{yellow} - %m%n\u003c/Property\u003e\n \u003cProperty name=\"pattern_audit\"\u003e%highlight{[%-5level]}{FATAL=bg_red, ERROR=red, WARN=yellow, INFO=green, DEBUG=blue} %d{dd-MM-yyyy HH:mm:ss.SSS} %style{[%thread]}{blue} %style{[%c{1}]}{yellow} - %m%n\u003c/Property\u003e\n \u003c/Properties\u003e\n\n \u003cAppenders\u003e\n \u003cConsole name=\"console_plain\" target=\"SYSTEM_OUT\"\u003e\n \u003cPatternLayout pattern=\"${pattern}\" /\u003e\n \u003c/Console\u003e\n \u003cConsole name=\"console_json\" target=\"SYSTEM_OUT\"\u003e\n \u003cJsonTemplateLayout eventTemplateUri=\"classpath:LogstashJsonEventLayoutV1.json\" /\u003e\n \u003c/Console\u003e\n\n \u003cConsole name=\"audit_false\" target=\"SYSTEM_OUT\"\u003e\n \u003cPatternLayout pattern=\"${pattern_audit}\"/\u003e\n \u003c/Console\u003e\n\n \u003cConsole name=\"audit_console_plain\" target=\"SYSTEM_OUT\"\u003e\n \u003cPatternLayout pattern=\"${pattern_audit}\"/\u003e\n \u003c/Console\u003e\n \u003c/Appenders\u003e\n\n \u003cLoggers\u003e\n \u003cRoot level=\"info\" additivity=\"true\"\u003e\n \u003cAppenderRef ref=\"console_${_hume.logging.format}\" /\u003e\n \u003c/Root\u003e\n\n \u003cLogger name=\"hume.audit\" level=\"info\" additivity=\"false\"\u003e\n \u003cAppenderRef ref=\"audit_console_plain\" /\u003e\n \u003c/Logger\u003e\n\n \u003cLogger name=\"org.springframework.web\" level=\"warn\" additivity=\"false\"\u003e\n \u003cAppenderRef ref=\"console_${_hume.logging.format}\" /\u003e\n \u003c/Logger\u003e\n\n \u003cLogger name=\"org.hibernate\" level=\"warn\" additivity=\"false\"\u003e\n \u003cAppenderRef ref=\"console_${_hume.logging.format}\" /\u003e\n \u003c/Logger\u003e\n\n \u003cLogger name=\"org.springframework.data.convert.CustomConversions\" level=\"error\" additivity=\"false\"\u003e\n \u003cAppenderRef ref=\"console_${_hume.logging.format}\" /\u003e\n \u003c/Logger\u003e\n\n \u003cLogger name=\"org.springframework.context.support\" level=\"warn\" additivity=\"false\"\u003e\n \u003cAppenderRef ref=\"console_${_hume.logging.format}\" /\u003e\n \u003c/Logger\u003e\n\n \u003cLogger name=\"org.hibernate.type.descriptor\" level=\"error\" additivity=\"false\"\u003e\n \u003cAppenderRef ref=\"console_${_hume.logging.format}\" /\u003e\n \u003c/Logger\u003e\n\n \u003cLogger name=\"org.springframework.data.jpa.repository.query\" level=\"error\" additivity=\"false\"\u003e\n \u003cAppenderRef ref=\"console_${_hume.logging.format}\" /\u003e\n \u003c/Logger\u003e\n\n \u003cLogger name=\"org.elasticsearch.client.RestClient\" level=\"warn\" additivity=\"false\"\u003e\n \u003cAppenderRef ref=\"console_${_hume.logging.format}\" /\u003e\n \u003c/Logger\u003e\n\n \u003cLogger name=\"org.springframework.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker\"\n level=\"error\" additivity=\"false\"\u003e\n \u003cAppenderRef ref=\"console_${_hume.logging.format}\" /\u003e\n \u003c/Logger\u003e\n \u003c/Loggers\u003e\n \u003c/Configuration\u003e\n```\n\nSecondly you will need to mount a volume and a volumemount with the configmap, add this to the `api` section of the chart : \n\n```yaml\n volumes:\n - configMap:\n name: api-log4j2-configmap\n name: api-log4j2-volume\n volumeMounts:\n - mountPath: /conf\n name: api-log4j2-volume\n```\n\nLastly, provide the following settings in the api environment variables\n\n```yaml\n env:\n - name: hume.security.audit.enabled\n value: 'true'\n - name: hume.security.audit.appender\n value: 'console_plain'\n - name: \"hume.logging.config.location\"\n value: \"/conf/server-logs.xml\"\n```\n\n\n## License\n\nCopyright \u0026copy; 2022 GraphAware\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgraphaware%2Fhume-helm-charts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgraphaware%2Fhume-helm-charts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgraphaware%2Fhume-helm-charts/lists"}