Updated helm chart to use image v6.8.0 and some minor improvements (#600)

2023-10-28 15:14:02 +02:00
parent d2b421a58b
commit 3640bd03a2
8 changed files with 86 additions and 23 deletions
--- a/.github/workflows/chart-test.yaml
+++ b/.github/workflows/chart-test.yaml
@@ -15,7 +15,7 @@ jobs:
      - name: Install helm-docs
        working-directory: /tmp
        env:
-          HELM_DOCS_URL: https://github.com/norwoodj/helm-docs/releases/download/v1.11.0/helm-docs_1.11.0_Linux_x86_64.tar.gz
+          HELM_DOCS_URL: https://github.com/norwoodj/helm-docs/releases/download/v1.11.3/helm-docs_1.11.3_Linux_x86_64.tar.gz
        run: |
          curl -LSs $HELM_DOCS_URL | tar xz && \
          mv ./helm-docs /usr/local/bin/helm-docs && \
@@ -30,6 +30,7 @@ jobs:
        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
        with:
          fetch-depth: 0
      - name: Check if documentation is up-to-date
        run: helm-docs && git diff --exit-code HEAD
--- a/charts/hapi-fhir-jpaserver/Chart.yaml
+++ b/charts/hapi-fhir-jpaserver/Chart.yaml
@@ -10,18 +10,18 @@ dependencies:
    version: 12.5.6
    repository: oci://registry-1.docker.io/bitnamicharts
    condition: postgresql.enabled
-appVersion: 6.6.0
+appVersion: 6.8.3
-version: 0.13.0
+version: 0.14.0
 annotations:
  artifacthub.io/license: Apache-2.0
  artifacthub.io/changes: |
    # When using the list of objects option the valid supported kinds are
    # added, changed, deprecated, removed, fixed, and security.
    - kind: added
-      description: allow specifying application properties via yaml config
+      description: updated starter image to 6.8.3
    - kind: fixed
      description: incorrect handling of existing secret database config
    - kind: added
-      description: allow setting resource limits and requests for the Helm test pods
+      description: support for using a non-admin user for the postgres database
-    - kind: changed
+    - kind: added
-      description: updated curl used by helm tests to version to v8.2.0
+      description: ability to create a dedicated ServiceAccount
    - kind: changed
      description: allow disabling the liveness-, readiness-, and startup-probes entirely
--- a/charts/hapi-fhir-jpaserver/README.md
+++ b/charts/hapi-fhir-jpaserver/README.md
@@ -1,6 +1,6 @@
 # HAPI FHIR JPA Server Starter Helm Chart
-![Version: 0.13.0](https://img.shields.io/badge/Version-0.13.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.6.0](https://img.shields.io/badge/AppVersion-6.6.0-informational?style=flat-square)
+![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.8.3](https://img.shields.io/badge/AppVersion-6.8.3-informational?style=flat-square)
 This helm chart will help you install the HAPI FHIR JPA Server in a Kubernetes environment.
@@ -36,7 +36,7 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver
 | image.pullPolicy | string | `"IfNotPresent"` | image pullPolicy to use |
 | image.registry | string | `"docker.io"` | registry where the HAPI FHIR server image is hosted |
 | image.repository | string | `"hapiproject/hapi"` | the path inside the repository |
-| image.tag | string | `"v6.6.0@sha256:c00367865ae5dad4e171cbb68bfc1c39818854079d1565bee4c86a45e78335d0"` | the image tag. As of v5.7.0, this is the `distroless` flavor by default, add `-tomcat` to use the Tomcat-based image. |
+| image.tag | string | `"v6.8.3@sha256:6195f1116ebabfb0a608addde043b3e524c456c4d4f35b3d25025afd7dcd2e27"` | the image tag. As of v5.7.0, this is the `distroless` flavor by default, add `-tomcat` to use the Tomcat-based image. |
 | imagePullSecrets | list | `[]` | image pull secrets to use when pulling the image |
 | ingress.annotations | object | `{}` | provide any additional annotations which may be required. Evaluated as a template. |
 | ingress.enabled | bool | `false` | whether to create an Ingress to expose the FHIR server HTTP endpoint |
@@ -73,6 +73,10 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver
 | securityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
 | service.port | int | `8080` | port where the server will be exposed at |
 | service.type | string | `"ClusterIP"` | service type |
 | serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | serviceAccount.automount | bool | `true` | Automatically mount a ServiceAccount's API credentials? |
 | serviceAccount.create | bool | `false` | Specifies whether a service account should be created. |
 | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 | tests.resources | object | `{}` | configure the test pods resource requests and limits |
 | tolerations | list | `[]` | pod tolerations |
 | topologySpreadConstraints | list | `[]` | pod topology spread configuration see: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#api |
@@ -139,4 +143,4 @@ kubectl port-forward -n observability service/simplest-query 16686:16686
 and opening <http://localhost:16686/> in your browser.
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
+Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)
--- a/charts/hapi-fhir-jpaserver/ci/custom-postgres-user-values.yaml
+++ b/charts/hapi-fhir-jpaserver/ci/custom-postgres-user-values.yaml
@@ -0,0 +1,7 @@
 postgresql:
  enabled: true
  auth:
    username: hapi_fhir_jpaserver_starter_user
    database: hapi_fhir_jpaserver_starter
    password: secret_user_password
    postgresPassword: secret_postgres_password
--- a/charts/hapi-fhir-jpaserver/templates/_helpers.tpl
+++ b/charts/hapi-fhir-jpaserver/templates/_helpers.tpl
@@ -50,6 +50,17 @@ app.kubernetes.io/name: {{ include "hapi-fhir-jpaserver.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 {{/*
 Create the name of the service account to use
 */}}
 {{- define "hapi-fhir-jpaserver.serviceAccountName" -}}
 {{- if .Values.serviceAccount.create }}
 {{- default (include "hapi-fhir-jpaserver.fullname" .) .Values.serviceAccount.name }}
 {{- else }}
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
 {{/*
 Create a default fully qualified postgresql name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
@@ -63,10 +74,12 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 Get the Postgresql credentials secret name.
 */}}
 {{- define "hapi-fhir-jpaserver.postgresql.secretName" -}}
-{{- if and (.Values.postgresql.enabled) (not .Values.postgresql.auth.existingSecret) -}}
+{{- if .Values.postgresql.enabled -}}
-    {{- printf "%s" (include "hapi-fhir-jpaserver.postgresql.fullname" .) -}}
+    {{- if .Values.postgresql.auth.existingSecret -}}
 {{- else if and (.Values.postgresql.enabled) (.Values.postgresql.auth.existingSecret) -}}
        {{- printf "%s" .Values.postgresql.auth.existingSecret -}}
    {{- else -}}
        {{- printf "%s" (include "hapi-fhir-jpaserver.postgresql.fullname" .) -}}
    {{- end -}}
 {{- else }}
    {{- if .Values.externalDatabase.existingSecret -}}
        {{- printf "%s" .Values.externalDatabase.existingSecret -}}
@@ -80,12 +93,20 @@ Get the Postgresql credentials secret name.
 Get the Postgresql credentials secret key.
 */}}
 {{- define "hapi-fhir-jpaserver.postgresql.secretKey" -}}
-{{- if (.Values.externalDatabase.existingSecret) -}}
+{{- if .Values.postgresql.enabled -}}
-    {{- printf "%s" .Values.externalDatabase.existingSecretKey -}}
+    {{- if .Values.postgresql.auth.username -}}
        {{- printf "%s" .Values.postgresql.auth.secretKeys.userPasswordKey -}}
    {{- else -}}
        {{- printf "%s" .Values.postgresql.auth.secretKeys.adminPasswordKey -}}
    {{- end -}}
 {{- else }}
    {{- if .Values.externalDatabase.existingSecret -}}
        {{- printf "%s" .Values.externalDatabase.existingSecretKey -}}
    {{- else -}}
        {{- printf "postgres-password" -}}
    {{- end -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Add environment variables to configure database values
@@ -98,7 +119,11 @@ Add environment variables to configure database values
 Add environment variables to configure database values
 */}}
 {{- define "hapi-fhir-jpaserver.database.user" -}}
-{{- ternary "postgres" .Values.externalDatabase.user .Values.postgresql.enabled -}}
+{{- if .Values.postgresql.enabled -}}
    {{- printf "%s" .Values.postgresql.auth.username | default "postgres" -}}
 {{- else -}}
    {{- printf "%s" .Values.externalDatabase.user -}}
 {{- end -}}
 {{- end -}}
 {{/*
--- a/charts/hapi-fhir-jpaserver/templates/deployment.yaml
+++ b/charts/hapi-fhir-jpaserver/templates/deployment.yaml
@@ -26,6 +26,7 @@ spec:
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "hapi-fhir-jpaserver.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      initContainers:
--- a/charts/hapi-fhir-jpaserver/templates/serviceaccount.yaml
+++ b/charts/hapi-fhir-jpaserver/templates/serviceaccount.yaml
@@ -0,0 +1,13 @@
 {{- if .Values.serviceAccount.create  -}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "hapi-fhir-jpaserver.serviceAccountName" . }}
  labels:
    {{- include "hapi-fhir-jpaserver.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
 automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
 {{- end }}
--- a/charts/hapi-fhir-jpaserver/values.yaml
+++ b/charts/hapi-fhir-jpaserver/values.yaml
@@ -7,7 +7,7 @@ image:
  # -- the path inside the repository
  repository: hapiproject/hapi
  # -- the image tag. As of v5.7.0, this is the `distroless` flavor by default, add `-tomcat` to use the Tomcat-based image.
-  tag: "v6.6.0@sha256:c00367865ae5dad4e171cbb68bfc1c39818854079d1565bee4c86a45e78335d0"
+  tag: "v6.8.3@sha256:6195f1116ebabfb0a608addde043b3e524c456c4d4f35b3d25025afd7dcd2e27"
  # -- image pullPolicy to use
  pullPolicy: IfNotPresent
@@ -198,6 +198,17 @@ podDisruptionBudget:
  # -- maximum unavailable instances
  maxUnavailable: ""
 serviceAccount:
  # -- Specifies whether a service account should be created.
  create: false
  # -- Annotations to add to the service account
  annotations: {}
  # -- The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
  # -- Automatically mount a ServiceAccount's API credentials?
  automount: true
 metrics:
  serviceMonitor:
    # -- if enabled, creates a ServiceMonitor instance for Prometheus Operator-based monitoring
@@ -229,7 +240,7 @@ curl:
  image:
    registry: docker.io
    repository: curlimages/curl
-    tag: 8.2.0@sha256:daf3f46a2639c1613b25e85c9ee4193af8a1d538f92483d67f9a3d7f21721827
+    tag: 8.4.0@sha256:4a3396ae573c44932d06ba33f8696db4429c419da87cbdc82965ee96a37dd0af
 tests:
  # -- configure the test pods resource requests and limits
@@ -242,7 +253,8 @@ tests:
  #   memory: 128Mi
 # -- additional Spring Boot application config. Mounted as a file and automatically loaded by the application.
-extraConfig: ""
+extraConfig:
  ""
  # # For example:
  # |
  # hapi: