{"id":26167549,"url":"https://github.com/open-metadata/openmetadata-helm-charts","last_synced_at":"2026-04-01T17:26:10.423Z","repository":{"id":38040823,"uuid":"425719281","full_name":"open-metadata/openmetadata-helm-charts","owner":"open-metadata","description":null,"archived":false,"fork":false,"pushed_at":"2026-03-31T10:25:45.000Z","size":779,"stargazers_count":67,"open_issues_count":19,"forks_count":114,"subscribers_count":4,"default_branch":"main","last_synced_at":"2026-03-31T10:26:51.659Z","etag":null,"topics":["hacktoberfest","hacktoberfest2022","hacktoberfest2025","hactoberfest2024","helm","k8s","kubernetes"],"latest_commit_sha":null,"homepage":"","language":"Go Template","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/open-metadata.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-11-08T06:14:50.000Z","updated_at":"2026-03-31T10:25:50.000Z","dependencies_parsed_at":"2023-09-25T18:18:17.153Z","dependency_job_id":"d13e5605-9cdf-47c6-8ecb-47594bf93d2b","html_url":"https://github.com/open-metadata/openmetadata-helm-charts","commit_stats":null,"previous_names":[],"tags_count":387,"template":false,"template_full_name":null,"purl":"pkg:github/open-metadata/openmetadata-helm-charts","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-metadata%2Fopenmetadata-helm-charts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-metadata%2Fopenmetadata-helm-charts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-metadata%2Fopenmetadata-helm-charts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-metadata%2Fopenmetadata-helm-charts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/open-metadata","download_url":"https://codeload.github.com/open-metadata/openmetadata-helm-charts/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-metadata%2Fopenmetadata-helm-charts/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31290537,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T13:12:26.723Z","status":"ssl_error","status_checked_at":"2026-04-01T13:12:25.102Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest","hacktoberfest2022","hacktoberfest2025","hactoberfest2024","helm","k8s","kubernetes"],"created_at":"2025-03-11T17:39:21.685Z","updated_at":"2026-04-01T17:26:10.407Z","avatar_url":"https://github.com/open-metadata.png","language":"Go Template","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n \u003cimg src=\"https://i.imgur.com/5VumwFS.png\" align=\"center\" alt=\"OpenMetadata\" height=\"90\"/\u003e\n \u003chr /\u003e\n\u003c/div\u003e\n\n# Open Metadata Helm Charts [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/open-metadata)](https://artifacthub.io/packages/search?repo=open-metadata)\n\n- [Introduction](#introduction)\n- [Setup](#setup)\n- [Quickstart](#quickstart)\n- [OpenShift (ROSA) Installation](#openshift-rosa-installation)\n- [Documentation and Support](#documentation-and-support)\n- [Contributors](#contributors)\n- [License](#license)\n\n## Introduction\n\n\n[This Repository](https://github.com/open-metadata/openmetadata-helm-charts) houses Kubernetes [Helm](https://helm.sh) charts for deploying [Open Metadata](https://github.com/open-metadata/OpenMetadata) and it's dependencies (Elastic Search and MySQL) on a Kubernetes Cluster.\n\n---\n\n## Setup\n\n\nSet up a Kubernetes Cluster\n- In a cloud platform of your choice like [Amazon EKS](https://aws.amazon.com/eks/), [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine) or [Azure Kubernetes Service](https://azure.microsoft.com/en-in/services/kubernetes-service/#overview)\n\u003cbr /\u003eOR\u003cbr /\u003e\n- On Local Environment using [Minikube](https://minikube.sigs.k8s.io/docs) or [Docker Desktop](https://www.docker.com/products/docker-desktop). Note, atleast 4 GB of RAM is required to run Open Metadata and it's dependencies.\n\nInstall the below tools:\n- [Kubectl](https://kubernetes.io/docs/tasks/tools/) to manage Kubernetes Resources\n- [Helm](https://helm.sh) to deploy resources based on Helm Charts from this repository. Note, we only support Helm 3\n\n---\n\n## Quickstart\n\nAssuming kubectl context points to the correct kubernetes cluster, first create kubernetes secrets that contain MySQL and Airflow passwords as secrets.\n\n```\nkubectl create secret generic mysql-secrets --from-literal=openmetadata-mysql-password=openmetadata_password\nkubectl create secret generic airflow-secrets --from-literal=openmetadata-airflow-password=admin\n```\n\nThe above commands sets the passwords as an example. Change to any password of choice.\n\nNext, we install Open Metadata dependencies.\n\nAdd openmetadata helm repo by running the following - \n\n```\nhelm repo add open-metadata https://helm.open-metadata.org/\n```\nRun the command `helm repo list` to list the addition of openmetadata helm repo -\n\n```\nNAME \tURL \nopen-metadata\thttps://helm.open-metadata.org/\n```\n\nAssuming kubectl context points to the correct kubernetes cluster, first create kubernetes secrets that contain airflow mysql password as secrets.\n\n```\nkubectl create secret generic airflow-mysql-secrets --from-literal=airflow-mysql-password=airflow_pass\n```\n\nDeploy the dependencies by running\n\n```\nhelm install openmetadata-dependencies open-metadata/openmetadata-dependencies\n```\n\nNote - The above command uses configurations defined [here](charts/deps/values.yaml). You can modify any configuration and deploy by passing your own `values.yaml`\n\n```\nhelm install openmetadata-dependencies open-metadata/openmetadata-dependencies --values \u003c\u003cpath-to-values-file\u003e\u003e\n```\n\nRun `kubectl get pods` to check whether all the pods for the dependencies are running. You should get a result similar to below.\n\n```\nNAME READY STATUS RESTARTS AGE\nmysql-0 1/1 Running 0 5m\nopensearch-0 1/1 Running 0 5m\nopenmetadata-dependencies-api-server-xxxxx 1/1 Running 0 5m\nopenmetadata-dependencies-scheduler-0 2/2 Running 0 5m\nopenmetadata-dependencies-dag-processor-xxxxx 2/2 Running 0 5m\nopenmetadata-dependencies-triggerer-0 2/2 Running 0 5m\nopenmetadata-dependencies-statsd-xxxxx 1/1 Running 0 5m\n```\n\n**Note**: This chart now uses Apache Airflow 3 with the official Apache Airflow Helm chart. See [charts/deps/README.md](charts/deps/README.md) for Airflow 3 compatibility details.\n\nNext, deploy the openmetadata by running the following\n\n```\nhelm install openmetadata open-metadata/openmetadata\n```\n\nValues in [values.yaml](charts/openmetadata/values.yaml) are preset to match with dependencies deployed using [openmetadata-dependencies](charts/deps) with release name \"openmetadata-dependencies\". If you deployed helm chart using different release name, make sure to update values.yaml accordingly before installing.\n\nRun `kubectl get pods` command to check the statuses of pods running you should get a result similar to below.\n\n```\nNAME READY STATUS RESTARTS AGE\nelasticsearch-0 1/1 Running 0 5m34s\nmysql-0 1/1 Running 0 5m34s\nopenmetadata-5566f4d8b9-544gb 1/1 Running 0 98s\n```\n\nTo expose the Openmetadata UI locally, run the below command -\n\n```\nkubectl port-forward deployment/openmetadata 8585:8585\n```\n\n---\n\n## OpenShift (ROSA) Installation\n\nOpenMetadata can be deployed on Red Hat OpenShift, including ROSA (Red Hat OpenShift Service on AWS). The OpenShift setup uses the Kubernetes-native pipeline service client (`K8sPipelineClient`) instead of Airflow — no Airflow installation is required.\n\n### Prerequisites\n\nInstall the [OpenShift CLI (`oc`)](https://docs.openshift.com/container-platform/latest/cli_reference/openshift_cli/getting-started-cli.html) and ensure your `kubectl`/`helm` context points to your OpenShift cluster.\n\nRun these commands once before installing the charts:\n\n```bash\n# Create the namespace\noc new-project openmetadata\n\n# Allow OpenSearch's sysctl init container to run privileged\n# (needed to set vm.max_map_count=262144)\noc adm policy add-scc-to-user privileged \\\n -z opensearch -n openmetadata\n\n# Allow the OpenMetadata server to run as a fixed non-root UID\noc adm policy add-scc-to-user anyuid \\\n -z openmetadata -n openmetadata\n```\n\n| SCC | Granted to | Reason |\n|-----|-----------|--------|\n| `privileged` | `opensearch` ServiceAccount | OpenSearch requires a privileged init container to set the kernel parameter `vm.max_map_count=262144`. |\n| `anyuid` | `openmetadata` ServiceAccount | The OpenMetadata server image runs as a fixed non-root UID, which OpenShift's default `restricted` SCC rejects. |\n\n### Step 1 — Install dependencies (MySQL + OpenSearch)\n\nSave the following as `values-openshift-deps.yaml` and adjust the image tags and storage sizes for your environment:\n\n```yaml\n# Airflow is not needed — using the Kubernetes-native pipeline service client\nairflow:\n enabled: false\n\nmysql:\n enabled: true\n fullnameOverride: \"mysql\"\n architecture: standalone\n image:\n registry: docker.io\n repository: bitnamilegacy/mysql\n tag: 8.0.37-debian-12-r2\n pullPolicy: \"Always\"\n auth:\n rootPassword: password # change this\n database: openmetadata_db\n username: openmetadata_user\n password: openmetadata_password # change this\n # Override base chart initdbScripts with no-ops to prevent the airflow_db\n # script from failing on restart with \"Can't create database; database exists\"\n initdbScripts:\n init_airflow_db_scripts.sql: \"SELECT 1;\"\n init_openmetadata_db_scripts.sql: \"SELECT 1;\"\n primary:\n extraFlags: \"--sort_buffer_size=10M\"\n persistence:\n size: 50Gi\n\nopensearch:\n enabled: true\n clusterName: opensearch\n fullnameOverride: opensearch\n nodeGroup: \"\"\n # Fully-qualify the image: ROSA's CRI-O rejects short image names\n image:\n repository: \"docker.io/opensearchproject/opensearch\"\n imagePullPolicy: Always\n opensearchJavaOpts: \"-Xmx1g -Xms1g\"\n persistence:\n size: 30Gi\n protocol: http\n config:\n opensearch.yml: |\n plugins.security.disabled: true\n indices.query.bool.max_clause_count: 4096\n singleNode: true\n resources:\n requests:\n cpu: \"100m\"\n memory: \"256M\"\n limits:\n cpu: \"2000m\"\n memory: \"2048M\"\n # Dedicated SA so the privileged SCC grant is scoped to OpenSearch only\n rbac:\n create: true\n serviceAccountName: \"opensearch\"\n # Privileged init container to set vm.max_map_count=262144\n sysctlInit:\n enabled: true\n image: docker.io/library/busybox # fully-qualified for CRI-O\n imageTag: latest\n```\n\nThen install:\n\n```bash\nhelm upgrade --install openmetadata-dependencies open-metadata/openmetadata-dependencies \\\n --namespace openmetadata --create-namespace \\\n --values values-openshift-deps.yaml\n```\n\nWait for the pods to be ready:\n\n```bash\noc rollout status deployment/mysql -n openmetadata\noc rollout status statefulset/opensearch -n openmetadata\n```\n\n### Step 2 — Install OpenMetadata\n\nSave the following as `values-openshift.yaml`. Update `image.tag` and `ingestionImage` to match your target OpenMetadata version:\n\n```yaml\nimage:\n tag: \"\u003cversion\u003e\" # e.g. 1.12.0\n\nopenmetadata:\n config:\n # No Airflow deploy step needed with the k8s pipeline client\n deployPipelinesConfig:\n enabled: false\n\n pipelineServiceClientConfig:\n enabled: true\n # Use the Kubernetes-native pipeline client\n type: \"k8s\"\n metadataApiEndpoint: \"http://openmetadata:8585/api\"\n k8s:\n className: \"org.openmetadata.service.clients.pipeline.k8s.K8sPipelineClient\"\n # Must match image.tag above\n ingestionImage: \"docker.getcollate.io/openmetadata/ingestion:\u003cversion\u003e\"\n imagePullPolicy: \"Always\"\n # SA that runs ingestion Jobs (created automatically when rbac.enabled: true)\n serviceAccountName: \"openmetadata-ingestion\"\n rbac:\n # Creates ServiceAccount, Role, and RoleBinding for ingestion Jobs\n enabled: true\n\n # Point at the MySQL installed above.\n # Bitnami stores the user password in a Secret named \"mysql\" under key \"mysql-password\".\n database:\n enabled: true\n host: mysql\n port: 3306\n driverClass: com.mysql.cj.jdbc.Driver\n dbScheme: mysql\n databaseName: openmetadata_db\n auth:\n username: openmetadata_user\n password:\n secretRef: mysql\n secretKey: mysql-password\n dbParams: \"allowPublicKeyRetrieval=true\u0026useSSL=false\u0026serverTimezone=UTC\"\n\n elasticsearch:\n enabled: true\n host: opensearch\n searchType: opensearch\n port: 9200\n scheme: http\n\n# Leave security contexts empty — OpenShift assigns UIDs via the anyuid SCC\npodSecurityContext: {}\nsecurityContext: {}\n```\n\nThen install:\n\n```bash\nhelm upgrade --install openmetadata open-metadata/openmetadata \\\n --namespace openmetadata \\\n --values values-openshift.yaml\n```\n\nWait for the server to be ready:\n\n```bash\noc rollout status deployment/openmetadata -n openmetadata\n```\n\n### Step 3 — Expose the UI\n\n**For production**, add a `route` block to your `values-openshift.yaml` to create an OpenShift `Route`. When `host` is omitted, OpenShift auto-assigns a hostname under the cluster's default application subdomain:\n\n```yaml\nroute:\n enabled: true\n # host: openmetadata.apps.\u003cyour-cluster-domain\u003e # optional — auto-assigned if omitted\n tls:\n enabled: true\n termination: edge # TLS terminated at the router; pod receives plain HTTP\n insecureEdgeTerminationPolicy: Redirect # redirect HTTP → HTTPS\n```\n\nThen re-apply:\n\n```bash\nhelm upgrade openmetadata open-metadata/openmetadata \\\n --namespace openmetadata \\\n --values values-openshift.yaml\n```\n\nGet the assigned hostname:\n\n```bash\noc get route openmetadata -n openmetadata -o jsonpath='{.spec.host}'\n```\n\n**For local testing only**, use a port-forward instead of a Route:\n\n```bash\nkubectl port-forward svc/openmetadata 8585:8585 -n openmetadata\n```\n\nOpen `http://localhost:8585` — default credentials: `admin / admin`.\n\n#### TLS termination modes\n\n| `tls.termination` | Description |\n|-------------------|-------------|\n| `edge` | TLS terminated at the OpenShift router; traffic to the pod is plain HTTP. Most common. |\n| `reencrypt` | TLS terminated at the router and re-encrypted before forwarding to the pod. |\n| `passthrough` | TLS passed through unchanged; the pod must serve TLS directly. |\n\n### How it works — Kubernetes pipeline client\n\nInstead of Airflow, OpenMetadata uses the `K8sPipelineClient` to schedule ingestion. When you trigger a pipeline in the UI, the server creates a Kubernetes `Job` in the configured namespace and monitors it via the API. No separate pipeline orchestrator is needed.\n\nSetting `pipelineServiceClientConfig.k8s.rbac.enabled: true` automatically creates the `ServiceAccount`, `Role`, and `RoleBinding` that the ingestion Jobs need to run.\n\n### Key differences from a standard Kubernetes install\n\n| Aspect | Standard Kubernetes | OpenShift |\n|--------|--------------------|-----------|\n| Pipeline runner | Airflow (`AirflowRESTClient`) | Kubernetes Jobs (`K8sPipelineClient`) |\n| Airflow required | Yes | No |\n| Security contexts | Set via `podSecurityContext` | Left empty — OpenShift assigns UIDs via the `anyuid` SCC |\n| Image names | Short names accepted | Fully-qualified names required (`docker.io/...`) — ROSA's CRI-O enforces this |\n| RBAC | Not required | `pipelineServiceClientConfig.k8s.rbac.enabled: true` |\n\n---\n\n## Setting Up Chart Testing Lint with Pre-commit Hook\n#### Why Chart Testing Lint?\nWhen working with Helm charts, it's important to ensure that they meet best practices, are free from errors, and follow the defined guidelines. **Chart Testing (ct) Lint** is a tool designed to automate this process by linting your Helm charts before committing them to the repository. It helps to:\n- Catch errors early.\n- Enforce best practices in chart development.\n- Automatically validate changes to Helm charts during pull requests or commits.\n\n\nThis guide will show you how to integrate `chart-testing` linting into your pre-commit hooks to automatically lint charts before committing them. It also allows you to manually trigger linting when needed.\n\n#### Prerequisites\nBefore setting up the pre-commit hook, make sure you have the following dependencies installed:\n\n##### 1. Install `chart-testing`\n`chart-testing` is a command-line tool used to lint and validate Helm charts. It can be installed using **Homebrew** on macOS.\n\nTo install `chart-testing`, run the following command:\n\n```bash\nbrew install chart-testing\n```\n##### 2. Install `pre-commit`\nTo install the pre-commit tool, run:\n```bash\npip install pre-commit\n```\n#### Setting Up Pre-commit Hook for Chart Testing Lint\n##### 1. Install the Pre-commit Hook\nOnce the dependencies are installed, navigate to your repository and run the following command to install the pre-commit hook:\n```bash\npre-commit install\n```\nThis will set up the pre-commit hook in the .git/hooks directory of your repository.\n##### 2. Manually Trigger the Linting Process\nIf you need to manually trigger the linting of charts at any time, navigate to the root of your repository and run:\n```bash\nct lint --all --check-version-increment=false --use-helmignore\n```\n---\n## Documentation and Support\n\nCheck out [OpenMetadata documentation](https://docs.open-metadata.org/) for a complete description of OpenMetadata's features.\n\nJoin [our Slack Community](https://slack.open-metadata.org/) if you get stuck, want to chat, or are thinking of a new feature.\n\nOr join the group at [https://groups.google.com/g/openmetadata-users](https://groups.google.com/g/openmetadata-users)\n\nWe're here to help - and make OpenMetadata even better!\n\n## Contributors\n\nWe ❤️ all contributions, big and small!\n\nRead [Build Code and Run Tests](https://docs.open-metadata.org/developer/build-code-and-run-tests) for how to setup your local development environment. Get started with our [Good first issues](https://github.com/open-metadata/OpenMetadata/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22).\n\nIf you want to, you can reach out via [Slack](https://openmetadata.slack.com/join/shared_invite/zt-wksh1bww-iQGk45NTw6Tp4Q9UZd6QOw#/shared-invite/email) or [email](mailto:dev@open-metadata.org) and we'll set up a pair programming session to get you started.\n\n## License\n\nOpenMetadata is released under [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopen-metadata%2Fopenmetadata-helm-charts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopen-metadata%2Fopenmetadata-helm-charts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopen-metadata%2Fopenmetadata-helm-charts/lists"}