Personal-Twin/hapi-fhir-jpaserver-starter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

updated helm chart to use v5.7.0 and latest PostgreSQL sub-chart (#346)

Browse Source
This commit is contained in:
chgl
2022-04-11 17:56:32 +02:00
committed by GitHub
parent bb21ccfe90
commit 4bed69fedf
9 changed files with 82 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
charts/hapi-fhir-jpaserver/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: postgresql - name: postgresql
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
version: 10.12.2 version: 11.1.19
digest: sha256:38ee315eae1af3e3f6eb20e1dd8ffd60d4ab7ee0c51bf26941b56c8bcb376c11 digest: sha256:5bb38230bfa62c63547851e6f46f66a61441a4a4f18e3689827546277e34d192
generated: "2021-10-07T00:19:18.9743522+02:00" generated: "2022-04-08T21:55:34.6868891+02:00"

17
charts/hapi-fhir-jpaserver/Chart.yaml
View File

@@ -7,20 +7,23 @@ sources:
- https://github.com/hapifhir/hapi-fhir-jpaserver-starter - https://github.com/hapifhir/hapi-fhir-jpaserver-starter
dependencies: dependencies:
- name: postgresql - name: postgresql
version: 10.12.2 version: 11.1.19
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
condition: postgresql.enabled condition: postgresql.enabled
annotations: annotations:
artifacthub.io/license: Apache-2.0 artifacthub.io/license: Apache-2.0
artifacthub.io/prerelease: "true"
artifacthub.io/changes: | artifacthub.io/changes: |
# When using the list of objects option the valid supported kinds are # When using the list of objects option the valid supported kinds are
# added, changed, deprecated, removed, fixed, and security. # added, changed, deprecated, removed, fixed, and security.
- kind: changed - kind: changed
description: | description: |
updated HAPI FHIR starter image to 5.6.0 updated HAPI FHIR starter image to 5.7.0
- kind: added - kind: changed
description: | description: |
added support for configuring PodDisruptionBudget for the server pods BREAKING CHANGE: updated included PostgreSQL-subchart to v11
appVersion: v5.6.0 - kind: changed
version: 0.7.0 description: |
BREAKING CHANGE: removed ability to override the image flavor.
The one based on distroless is now the new default.
appVersion: v5.7.0
version: 0.8.0

13
charts/hapi-fhir-jpaserver/README.md
View File

@@ -1,6 +1,6 @@
# HAPI FHIR JPA Server Starter Helm Chart # HAPI FHIR JPA Server Starter Helm Chart
![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v5.6.0](https://img.shields.io/badge/AppVersion-v5.6.0-informational?style=flat-square) ![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v5.7.0](https://img.shields.io/badge/AppVersion-v5.7.0-informational?style=flat-square)
This helm chart will help you install the HAPI FHIR JPA Server in a Kubernetes environment. This helm chart will help you install the HAPI FHIR JPA Server in a Kubernetes environment.
@@ -29,11 +29,10 @@ helm install --render-subchart-notes hapi-fhir-jpaserver hapifhir/hapi-fhir-jpas
| externalDatabase.user | string | `"fhir"` | username for the external database | | externalDatabase.user | string | `"fhir"` | username for the external database |
| extraEnv | list | `[]` | extra environment variables to set on the server container | | extraEnv | list | `[]` | extra environment variables to set on the server container |
| fullnameOverride | string | `""` | override the chart fullname | | fullnameOverride | string | `""` | override the chart fullname |
| image.flavor | string | `"distroless"` | the flavor or variant of the image to use. appended to the image tag by `-`. |
| image.pullPolicy | string | `"IfNotPresent"` | image pullPolicy to use | | image.pullPolicy | string | `"IfNotPresent"` | image pullPolicy to use |
| image.registry | string | `"docker.io"` | registry where the HAPI FHIR server image is hosted | | image.registry | string | `"docker.io"` | registry where the HAPI FHIR server image is hosted |
| image.repository | string | `"hapiproject/hapi"` | the path inside the repository | | image.repository | string | `"hapiproject/hapi"` | the path inside the repository |
| image.tag | string | `""` | defaults to `Chart.appVersion` | | image.tag | string | `""` | defaults to `Chart.appVersion`. As of v5.7.0, this is the `distroless` flavor |
| imagePullSecrets | list | `[]` | image pull secrets to use when pulling the image | | imagePullSecrets | list | `[]` | image pull secrets to use when pulling the image |
| ingress.annotations | object | `{}` | provide any additional annotations which may be required. Evaluated as a template. | | ingress.annotations | object | `{}` | provide any additional annotations which may be required. Evaluated as a template. |
| ingress.enabled | bool | `false` | whether to create an Ingress to expose the FHIR server HTTP endpoint | | ingress.enabled | bool | `false` | whether to create an Ingress to expose the FHIR server HTTP endpoint |
@@ -51,11 +50,11 @@ helm install --render-subchart-notes hapi-fhir-jpaserver hapifhir/hapi-fhir-jpas
| podDisruptionBudget.maxUnavailable | string | `""` | maximum unavailable instances | | podDisruptionBudget.maxUnavailable | string | `""` | maximum unavailable instances |
| podDisruptionBudget.minAvailable | int | `1` | minimum available instances | | podDisruptionBudget.minAvailable | int | `1` | minimum available instances |
| podSecurityContext | object | `{}` | pod security context | | podSecurityContext | object | `{}` | pod security context |
| postgresql.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | | | postgresql.auth.database | string | `"fhir"` | name for a custom database to create |
| postgresql.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | | | postgresql.auth.existingSecret | string | `""` | Name of existing secret to use for PostgreSQL credentials `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret The secret must contain the keys `postgres-password` (which is the password for "postgres" admin user), `password` (which is the password for the custom user to create when `auth.username` is set), and `replication-password` (which is the password for replication user). The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. The value is evaluated as a template. |
| postgresql.enabled | bool | `true` | enable an included PostgreSQL DB. see <https://github.com/bitnami/charts/tree/master/bitnami/postgresql> for details if set to `false`, the values under `externalDatabase` are used | | postgresql.enabled | bool | `true` | enable an included PostgreSQL DB. see <https://github.com/bitnami/charts/tree/master/bitnami/postgresql> for details if set to `false`, the values under `externalDatabase` are used |
| postgresql.existingSecret | string | `""` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-postgres-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template. | | postgresql.primary.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| postgresql.postgresqlDatabase | string | `"fhir"` | name of the database to create see: <https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run> | | postgresql.primary.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| readinessProbe.failureThreshold | int | `5` | | | readinessProbe.failureThreshold | int | `5` | |
| readinessProbe.initialDelaySeconds | int | `30` | | | readinessProbe.initialDelaySeconds | int | `30` | |
| readinessProbe.periodSeconds | int | `20` | | | readinessProbe.periodSeconds | int | `20` | |

6
charts/hapi-fhir-jpaserver/ci/enabled-ingress-values.yaml Normal file
View File

@@ -0,0 +1,6 @@
ingress:
enabled: true
postgresql:
auth:
postgresPassword: secretpassword

24
charts/hapi-fhir-jpaserver/templates/_helpers.tpl
View File

@@ -30,18 +30,6 @@ Create chart name and version as used by the chart label.
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }} {{- end }}
{{/*
Create image tag
*/}}
{{- define "hapi-fhir-jpaserver.imageTag" -}}
{{- $version := default .Chart.AppVersion .Values.image.tag -}}
{{- if .Values.image.flavor }}
{{- printf "%s-%s" $version .Values.image.flavor }}
{{- else }}
{{- printf "%s" $version }}
{{- end }}
{{- end }}
{{/* {{/*
Common labels Common labels
*/}} */}}
@@ -75,10 +63,10 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
Get the Postgresql credentials secret name. Get the Postgresql credentials secret name.
*/}} */}}
{{- define "hapi-fhir-jpaserver.postgresql.secretName" -}} {{- define "hapi-fhir-jpaserver.postgresql.secretName" -}}
{{- if and (.Values.postgresql.enabled) (not .Values.postgresql.existingSecret) -}} {{- if and (.Values.postgresql.enabled) (not .Values.postgresql.auth.existingSecret) -}}
{{- printf "%s" (include "hapi-fhir-jpaserver.postgresql.fullname" .) -}} {{- printf "%s" (include "hapi-fhir-jpaserver.postgresql.fullname" .) -}}
{{- else if and (.Values.postgresql.enabled) (.Values.postgresql.existingSecret) -}} {{- else if and (.Values.postgresql.enabled) (.Values.postgresql.auth.existingSecret) -}}
{{- printf "%s" .Values.postgresql.existingSecret -}} {{- printf "%s" .Values.postgresql.auth.existingSecret -}}
{{- else }} {{- else }}
{{- if .Values.externalDatabase.existingSecret -}} {{- if .Values.externalDatabase.existingSecret -}}
{{- printf "%s" .Values.externalDatabase.existingSecret -}} {{- printf "%s" .Values.externalDatabase.existingSecret -}}
@@ -95,7 +83,7 @@ Get the Postgresql credentials secret key.
{{- if (.Values.externalDatabase.existingSecret) -}} {{- if (.Values.externalDatabase.existingSecret) -}}
{{- printf "%s" .Values.externalDatabase.existingSecretKey -}} {{- printf "%s" .Values.externalDatabase.existingSecretKey -}}
{{- else }} {{- else }}
{{- printf "postgresql-password" -}} {{- printf "postgres-password" -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
@@ -110,14 +98,14 @@ Add environment variables to configure database values
Add environment variables to configure database values Add environment variables to configure database values
*/}} */}}
{{- define "hapi-fhir-jpaserver.database.user" -}} {{- define "hapi-fhir-jpaserver.database.user" -}}
{{- ternary .Values.postgresql.postgresqlUsername .Values.externalDatabase.user .Values.postgresql.enabled -}} {{- ternary "postgres" .Values.externalDatabase.user .Values.postgresql.enabled -}}
{{- end -}} {{- end -}}
{{/* {{/*
Add environment variables to configure database values Add environment variables to configure database values
*/}} */}}
{{- define "hapi-fhir-jpaserver.database.name" -}} {{- define "hapi-fhir-jpaserver.database.name" -}}
{{- ternary .Values.postgresql.postgresqlDatabase .Values.externalDatabase.database .Values.postgresql.enabled -}} {{- ternary .Values.postgresql.auth.database .Values.externalDatabase.database .Values.postgresql.enabled -}}
{{- end -}} {{- end -}}
{{/* {{/*

8
charts/hapi-fhir-jpaserver/templates/deployment.yaml
View File

@@ -60,7 +60,7 @@ spec:
- name: {{ .Chart.Name }} - name: {{ .Chart.Name }}
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml .Values.securityContext | nindent 12 }}
image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ include "hapi-fhir-jpaserver.imageTag" . }} image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
ports: ports:
- name: http - name: http
@@ -102,12 +102,10 @@ spec:
key: {{ include "hapi-fhir-jpaserver.postgresql.secretKey" . }} key: {{ include "hapi-fhir-jpaserver.postgresql.secretKey" . }}
- name: SPRING_DATASOURCE_DRIVERCLASSNAME - name: SPRING_DATASOURCE_DRIVERCLASSNAME
value: org.postgresql.Driver value: org.postgresql.Driver
- name: SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT - name: spring.jpa.properties.hibernate.dialect
value: org.hibernate.dialect.PostgreSQL10Dialect value: ca.uhn.fhir.jpa.model.dialect.HapiFhirPostgres94Dialect
- name: HAPI_FHIR_USE_APACHE_ADDRESS_STRATEGY - name: HAPI_FHIR_USE_APACHE_ADDRESS_STRATEGY
value: "true" value: "true"
- name: SPRING_JPA_DATABASE_PLATFORM
value: org.hibernate.dialect.PostgreSQLDialect
{{- if .Values.extraEnv }} {{- if .Values.extraEnv }}
{{ toYaml .Values.extraEnv | nindent 12 }} {{ toYaml .Values.extraEnv | nindent 12 }}
{{- end }} {{- end }}

4
charts/hapi-fhir-jpaserver/templates/externaldb-secret.yaml
View File

@@ -1,4 +1,4 @@
{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecret) (not .Values.postgresql.existingSecret) }} {{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecret) (not .Values.postgresql.auth.existingSecret) }}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
@@ -7,5 +7,5 @@ metadata:
{{- include "hapi-fhir-jpaserver.labels" . | nindent 4 }} {{- include "hapi-fhir-jpaserver.labels" . | nindent 4 }}
type: Opaque type: Opaque
data: data:
postgresql-password: {{ .Values.externalDatabase.password | b64enc | quote }} postgres-password: {{ .Values.externalDatabase.password | b64enc | quote }}
{{- end }} {{- end }}

29
charts/hapi-fhir-jpaserver/templates/tests/test-connection.yaml → charts/hapi-fhir-jpaserver/templates/tests/test-endpoints.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: "{{ include "hapi-fhir-jpaserver.fullname" . }}-test-connection" name: "{{ include "hapi-fhir-jpaserver.fullname" . }}-test-endpoints"
labels: labels:
{{- include "hapi-fhir-jpaserver.labels" . | nindent 4 }} {{- include "hapi-fhir-jpaserver.labels" . | nindent 4 }}
{{ include "hapi-fhir-jpaserver.fullname" . }}-client: "true" {{ include "hapi-fhir-jpaserver.fullname" . }}-client: "true"
@@ -10,7 +10,32 @@ metadata:
spec: spec:
restartPolicy: Never restartPolicy: Never
containers: containers:
- name: wget - name: test-metadata-endpoint
image: busybox:1
command: ['wget', '-O', '-']
args: ['http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.service.port }}/fhir/metadata']
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsUser: 22222
runAsNonRoot: true
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
livenessProbe:
exec:
command: ["true"]
readinessProbe:
exec:
command: ["true"]
- name: test-patient-endpoint
image: busybox:1 image: busybox:1
command: ['wget', '-O', '-'] command: ['wget', '-O', '-']
args: ['http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.service.port }}/fhir/Patient?_count=1'] args: ['http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.service.port }}/fhir/Patient?_count=1']

27
charts/hapi-fhir-jpaserver/values.yaml
View File

@@ -6,11 +6,8 @@ image:
registry: docker.io registry: docker.io
# -- the path inside the repository # -- the path inside the repository
repository: hapiproject/hapi repository: hapiproject/hapi
# -- defaults to `Chart.appVersion` # -- defaults to `Chart.appVersion`. As of v5.7.0, this is the `distroless` flavor
tag: "" tag: ""
# -- the flavor or variant of the image to use.
# appended to the image tag by `-`.
flavor: "distroless"
# -- image pullPolicy to use # -- image pullPolicy to use
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
@@ -96,17 +93,19 @@ postgresql:
# see <https://github.com/bitnami/charts/tree/master/bitnami/postgresql> for details # see <https://github.com/bitnami/charts/tree/master/bitnami/postgresql> for details
# if set to `false`, the values under `externalDatabase` are used # if set to `false`, the values under `externalDatabase` are used
enabled: true enabled: true
# -- name of the database to create auth:
# see: <https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run> # -- name for a custom database to create
postgresqlDatabase: "fhir" database: "fhir"
# -- Name of existing secret to use for PostgreSQL passwords. # -- Name of existing secret to use for PostgreSQL credentials
# The secret has to contain the keys `postgresql-password` # `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret
# which is the password for `postgresqlUsername` when it is # The secret must contain the keys `postgres-password` (which is the password for "postgres" admin user),
# different of `postgres`, `postgresql-postgres-password` which # `password` (which is the password for the custom user to create when `auth.username` is set),
# will override `postgresqlPassword`, `postgresql-replication-password` # and `replication-password` (which is the password for replication user).
# which will override `replication.password` and `postgresql-ldap-password` # The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and
# which will be sed to authenticate on LDAP. The value is evaluated as a template. # picked from this secret in this case.
# The value is evaluated as a template.
existingSecret: "" existingSecret: ""
primary:
containerSecurityContext: containerSecurityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities: