{"id":41233871,"url":"https://github.com/linuxfoundation/lfx-v2-helm","last_synced_at":"2026-04-24T00:01:16.831Z","repository":{"id":303471276,"uuid":"1008027355","full_name":"linuxfoundation/lfx-v2-helm","owner":"linuxfoundation","description":"LFX v2 Platform Helm Charts","archived":false,"fork":false,"pushed_at":"2026-04-21T17:45:07.000Z","size":785,"stargazers_count":1,"open_issues_count":8,"forks_count":4,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-21T18:34:19.918Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go Template","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/linuxfoundation.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-06-24T23:07:48.000Z","updated_at":"2026-04-21T17:45:09.000Z","dependencies_parsed_at":"2025-07-07T21:39:06.060Z","dependency_job_id":"a2ab99b3-e1af-4214-b71a-b73c73edb58d","html_url":"https://github.com/linuxfoundation/lfx-v2-helm","commit_stats":null,"previous_names":["linuxfoundation/lfx-v2-helm"],"tags_count":49,"template":false,"template_full_name":null,"purl":"pkg:github/linuxfoundation/lfx-v2-helm","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linuxfoundation%2Flfx-v2-helm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linuxfoundation%2Flfx-v2-helm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linuxfoundation%2Flfx-v2-helm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linuxfoundation%2Flfx-v2-helm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/linuxfoundation","download_url":"https://codeload.github.com/linuxfoundation/lfx-v2-helm/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linuxfoundation%2Flfx-v2-helm/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32203362,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-23T20:19:26.138Z","status":"ssl_error","status_checked_at":"2026-04-23T20:19:23.520Z","response_time":53,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-23T00:59:58.875Z","updated_at":"2026-04-24T00:01:16.796Z","avatar_url":"https://github.com/linuxfoundation.png","language":"Go Template","funding_links":[],"categories":[],"sub_categories":[],"readme":"# LFX v2 Helm charts\n\nThis repository contains Helm charts for deploying the LFX v2 platform on Kubernetes.\n\n## Repository structure\n\n```text\nlfx-v2-helm/\n└── charts/\n └── lfx-platform/ # Main LFX Platform chart\n ├── templates/ # Kubernetes templates\n ├── Chart.yaml # Chart metadata\n ├── values.yaml # Default values\n └── README.md # Documentation\n```\n\n## Installation\n\nSee the [lfx-platform chart README](./charts/lfx-platform/README.md) for\ninstallation instructions.\n\n## Components\n\nLFX v2 includes the following infrastructure components:\n\n- **Traefik**: API Gateway and Ingress Controller.\n- **OpenFGA**: Fine-Grained Authorization with Relationship-Based Access\n Control (ReBAC).\n- **Heimdall**: Access decision service, bridges Traefik to OpenFGA.\n- **NATS**: Messaging layer used by LFX v2 resource APIs to communicate with\n each other and with platform components; also provides durable key-value storage.\n- **OpenSearch**: Powers platform global search and audit log capabilities.\n\nBuilding on those, custom platform components provide shared services essential\nto the LFX v2 platform:\n\n- **[indexer](https://github.com/linuxfoundation/lfx-v2-indexer-service)**:\n Processes messages from resource APIs to keep OpenSearch in sync\n with data changes, and propagates data events to the rest of the platform.\n- **[fga-sync](https://github.com/linuxfoundation/lfx-v2-fga-sync)**: Processes\n messages from resource APIs to keep OpenFGA relationships in sync with data\n changes, and acts as a caching proxy for serving OpenFGA bulk access-check\n requests in the platform.\n- **[query-svc](https://github.com/linuxfoundation/lfx-v2-query-service)**:\n HTTP service for LFX API consumers to perform\n access-controlled queries for LFX resources, including typeahead and\n full-text search.\n- **[access-check](https://github.com/linuxfoundation/lfx-v2-access-check)**:\n HTTP service for LFX API consumers to perform bulk access checks for\n resources.\n\nKey LFX resource APIs are forthcoming, which can be optionally enabled with this chart.\n\n## Component diagram\n\n```mermaid\nflowchart TD\n Traefik(Traefik Ingress)\n OpenSearch[(OpenSearch)]\n OpenFGA(OpenFGA)\n Heimdall{Heimdall}\n\n subgraph NATS\n nats-access-check-subject@{ shape: braces, label: \"access-check \u0026 replies\" }\n nats-update-access-subject@{ shape: braces, label: \"update-access \u0026 ACK\" }\n nats-update-index-subject@{ shape: braces, label: \"index data \u0026 ACK\" }\n nats-kv-data@{ shape: braces, label: \"Jetstream\u003cbr /\u003eKV buckets\" }\n end\n\n Traefik --\u003e|allow/deny?| Heimdall\n Heimdall --\u003e|decision| Traefik\n Heimdall --\u003e|check relations based on URL pattern rulesets| OpenFGA\n\n Traefik ---\u003e|user queries| query-svc\n query-svc --\u003e OpenSearch\n\n access-check[\u003cem\u003eaccess-check\u003c/em\u003e]\n Traefik ---\u003e|user access checks| access-check\n access-check \u003c-.-\u003e nats-access-check-subject\n\n resource-apis@{ shape: processes, label: \"Resource APIs\u003cbr /\u003e(projects, committees, etc)\"}\n Traefik --\u003e|Heimdall-authorized user requests| resource-apis\n\n query-svc[\u003cem\u003equery-svc\u003c/em\u003e]\n query-svc \u003c-.-\u003e|filter search results| nats-access-check-subject\n\n nats-access-check-subject \u003c-.-\u003e|bulk access checks and responses| fga-sync\n nats-update-access-subject \u003c-.-\u003e|access updates \u0026 ACK| fga-sync\n\n fga-sync[\u003cem\u003efga-sync\u003c/em\u003e]\n fga-sync \u003c--\u003e|access updates, bulk access checks| OpenFGA\n\n indexer[\u003cem\u003eindexer\u003c/em\u003e]\n nats-update-index-subject \u003c-.-\u003e|index data \u0026 ACK| indexer\n indexer \u003c--\u003e|index/revision resources| OpenSearch\n\n resource-apis \u003c-..-\u003e nats-update-access-subject\n resource-apis \u003c-.-\u003e nats-update-index-subject\n resource-apis \u003c-.-\u003e|data storage| nats-kv-data\n```\n\n## Configuration\n\nSee the [lfx-platform chart README](./charts/lfx-platform/README.md) for configuration options and examples.\n\n## Releases\n\nThis repository automatically publishes Helm charts to GitHub Container Registry (GHCR) when tags are created.\n\n### Creating a Release\n\n1. Update the chart version in `charts/lfx-platform/Chart.yaml` as part of any\n pull requests which update the chart manifests or configuration.\n2. After the pull request is merged, create a GitHub release and choose the\n option for GitHub to also tag the repository. The tag can be anything, but\n the current convention is for the format `v{version}` (e.g., `v0.0.2`). This\n tag does _not_ have to match the chart version: it is an `appVersion` that\n is unused at the umbrella chart level, and _only_ used to trigger Helm\n releases.\n3. The GitHub Actions workflow will automatically:\n - Package the Helm chart\n - Publish it to `ghcr.io/linuxfoundation/lfx-v2-helm/chart`\n - Sign the chart with cosign for security\n - Generate SLSA provenance attestation\n\n## Development\n\nTo contribute to this repository:\n\n1. Fork the repository\n2. Commit your changes to a feature branch in your fork. Ensure your commits\n are signed with the [Developer Certificate of Origin\n (DCO)](https://developercertificate.org/).\n You can use the `git commit -s` command to sign your commits.\n3. Ensure the chart version in `charts/lfx-platform/Chart.yaml` has been\n updated following semantic version conventions.\n4. If you are adding a new platform component, ensure it is documented in the\n [component diagram](#component-diagram) and the README.\n5. Run MegaLinter locally at the root of the working directory to check for\n errors or linting problems:\n ```bash\n docker run --rm --platform linux/amd64 \\\n -v \"$(pwd):/tmp/lint:rw\" \\\n oxsecurity/megalinter-documentation:v8\n ```\n6. Submit your pull request\n\n## License\n\nCopyright The Linux Foundation and each contributor to LFX.\n\nThis project’s source code is licensed under the MIT License. A copy of the\nlicense is available in `LICENSE`.\n\nThis project’s documentation is licensed under the Creative Commons Attribution\n4.0 International License \\(CC-BY-4.0\\). A copy of the license is available in\n`LICENSE-docs`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flinuxfoundation%2Flfx-v2-helm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flinuxfoundation%2Flfx-v2-helm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flinuxfoundation%2Flfx-v2-helm/lists"}