{"id":28028400,"url":"https://github.com/permitio/opal-helm-chart","last_synced_at":"2025-05-11T07:13:30.752Z","repository":{"id":42567193,"uuid":"363646809","full_name":"permitio/opal-helm-chart","owner":"permitio","description":"You know, for Kubernetes","archived":false,"fork":false,"pushed_at":"2024-10-08T15:45:33.000Z","size":403,"stargazers_count":21,"open_issues_count":11,"forks_count":24,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-05-11T07:13:20.473Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Smarty","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/permitio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-05-02T12:33:52.000Z","updated_at":"2025-04-24T16:02:28.000Z","dependencies_parsed_at":"2023-02-14T16:40:26.678Z","dependency_job_id":"acd4f882-c87b-4c8e-80ed-c97c0e8a92e4","html_url":"https://github.com/permitio/opal-helm-chart","commit_stats":null,"previous_names":[],"tags_count":29,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/permitio%2Fopal-helm-chart","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/permitio%2Fopal-helm-chart/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/permitio%2Fopal-helm-chart/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/permitio%2Fopal-helm-chart/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/permitio","download_url":"https://codeload.github.com/permitio/opal-helm-chart/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253528978,"owners_count":21922637,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-11T07:13:30.234Z","updated_at":"2025-05-11T07:13:30.745Z","avatar_url":"https://github.com/permitio.png","language":"Smarty","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp  align=\"center\"\u003e\n \u003cimg src=\"https://i.ibb.co/BGVBmMK/opal.png\" height=100 alt=\"opal\" border=\"0\" /\u003e\n\u003c/p\u003e\n\u003ch2 align=\"center\"\u003e\nOPAL Helm Chart for Kubernetes\n\u003c/h2\u003e\n\nOPAL is an administration layer for Open Policy Agent (OPA), detecting changes to both policy and policy data in realtime and pushing live updates to your agents.\n\nOPAL brings open-policy up to the speed needed by live applications. As your application state changes (whether it's via your APIs, DBs, git, S3 or 3rd-party SaaS services), OPAL will make sure your services are always in sync with the authorization data and policy they need (and only those they need).\n\n[Check out OPAL main repo here.](https://github.com/permitio/opal)\n\n### Installation\n\nOPAL Helm chart could be installed only with [Helm 3](https://helm.sh/docs/).\nThe chart is published to public Helm repository, [hosted on GitHub itself](https://permitio.github.io/opal-helm-chart/). It's recommended to install OPAL into a dedicated namespace.\n\nAdd Helm repository\n\n```\nhelm repo add permitio https://permitio.github.io/opal-helm-chart\nhelm repo update\n```\n\nInstall the latest version\n\n```\nhelm install --create-namespace -n opal-ns opal permitio/opal\n```\n\nSearch for all available versions\n\n```\nhelm search repo opal --versions\n```\n\n### Deploy OPAL to your Kubernetes cluster\n\nInstall specific version (with default configuration):\n\n```\nhelm install --create-namespace -n opal-ns --version x.x.x opal permitio/opal\n```\n\nInstall specific version (with custom configuration provided as YAML):\n\n```\nhelm install -f myvalues.yaml --create-namespace -n opal-ns --version x.x.x opal permitio/opal\n```\n\n`myvalues.yaml` must conform to the [json schema](https://raw.githubusercontent.com/permitio/opal-helm-chart/master/values.schema.json).\n\n### Verify installation\n\nOPAL Client should populate embedded OPA instance with polices and data from configured Git repository.\nTo validate it - one could create port-forwarding to OPAL client Pod. Port 8181 is the embedded OPA agent.\n\n```\nkubectl port-forward -n opal-ns service/opal-client 8181:8181\n```\n\nThen, open http://localhost:8181/v1/data/ in your browser to check OPA data document state.\n\n### Important Configuration\n\nThis is not a comprehensive list, but includes the main variables you have to think about\n\n| Variable                                       | Description                                                                                                                                      |\n| ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ |\n| `server.policyRepoUrl`                         | Git repository holding policy code (\u0026 optionally policy data) to be tracked by OPAL                                                              |\n| `server.dataConfigSources`                     | Data sources to be published to clients (and their managed OPAs)                                                                                 |\n| `server.dataConfigSources.config.entries`      | Static list of data source entries (See [OPAL Docs](https://docs.opal.ac/getting-started/running-opal/run-opal-server/data-sources))             |\n| `server.dataConfigSources.external_source_url` | URL to dynamically fetch data sources entries from (See [OPAL Docs](https://docs.opal.ac/tutorials/configure_external_data_sources))             |\n| `server.broadcastUri`                          | Backend for broadcasting updates across multiple opal-server processes (necessary if either `server.uvicornWorkers` or `server.replicas` is \u003e 1) |\n| `server.uvicornWorkers`                        | Count of gunicorn workers (/processes) per opal-server replica                                                                                   |\n| `server.replicas`                              | opal-server's deployment replica count                                                                                                           |\n| `server.extraEnv`                              | Extra configuration for opal-server (see [OPAL Docs](https://docs.opal.ac/tutorials/configure_opal))                                             |\n| `client.extraEnv`                              | Extra configuration for opal-server [OPAL Docs](https://docs.opal.ac/tutorials/configure_opal)                                                   |\n\n**Note:** If you leave `server.dataConfigSources` with no entries - The chart would automatically set `OPAL_DATA_UPDATER_ENABLED: False` in `client.extraEnv` so client won't report an unhealthy state.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpermitio%2Fopal-helm-chart","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpermitio%2Fopal-helm-chart","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpermitio%2Fopal-helm-chart/lists"}