Updated helm chart with additional config settings (#566)

2023-07-21 16:26:10 +02:00
parent 5bd43b29c9
commit 8ef50832d3
8 changed files with 126 additions and 80 deletions
--- a/charts/hapi-fhir-jpaserver/Chart.yaml
+++ b/charts/hapi-fhir-jpaserver/Chart.yaml
@@ -11,15 +11,17 @@ dependencies:
    repository: oci://registry-1.docker.io/bitnamicharts
    condition: postgresql.enabled
 appVersion: 6.6.0
-version: 0.12.0
+version: 0.13.0
 annotations:
  artifacthub.io/license: Apache-2.0
  artifacthub.io/changes: |
    # When using the list of objects option the valid supported kinds are
    # added, changed, deprecated, removed, fixed, and security.
+    - kind: added
+      description: allow specifying application properties via yaml config
+    - kind: added
+      description: allow setting resource limits and requests for the Helm test pods
    - kind: changed
-      description: updated HAPI FHIR JPA Server app image version to v6.6.0
+      description: updated curl used by helm tests to version to v8.2.0
    - kind: changed
-      description: updated curl used by helm tests to version to v8.1.1
-    - kind: changed
-      description: updated postgresql sub-chart to v12.5.6
+      description: allow disabling the liveness-, readiness-, and startup-probes entirely
--- a/charts/hapi-fhir-jpaserver/README.md
+++ b/charts/hapi-fhir-jpaserver/README.md
@@ -1,6 +1,6 @@
 # HAPI FHIR JPA Server Starter Helm Chart

-![Version: 0.12.0](https://img.shields.io/badge/Version-0.12.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.6.0](https://img.shields.io/badge/AppVersion-6.6.0-informational?style=flat-square)
+![Version: 0.13.0](https://img.shields.io/badge/Version-0.13.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.6.0](https://img.shields.io/badge/AppVersion-6.6.0-informational?style=flat-square)

 This helm chart will help you install the HAPI FHIR JPA Server in a Kubernetes environment.

@@ -30,6 +30,7 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver
 | externalDatabase.password | string | `""` | database password |
 | externalDatabase.port | int | `5432` | database port number |
 | externalDatabase.user | string | `"fhir"` | username for the external database |
+| extraConfig | string | `""` | additional Spring Boot application config. Mounted as a file and automatically loaded by the application. |
 | extraEnv | list | `[]` | extra environment variables to set on the server container |
 | fullnameOverride | string | `""` | override the chart fullname |
 | image.pullPolicy | string | `"IfNotPresent"` | image pullPolicy to use |
@@ -43,11 +44,6 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver
 | ingress.hosts[0].pathType | string | `"ImplementationSpecific"` |  |
 | ingress.hosts[0].paths[0] | string | `"/"` |  |
 | ingress.tls | list | `[]` | ingress TLS config |
-| livenessProbe.failureThreshold | int | `5` |  |
-| livenessProbe.initialDelaySeconds | int | `30` |  |
-| livenessProbe.periodSeconds | int | `20` |  |
-| livenessProbe.successThreshold | int | `1` |  |
-| livenessProbe.timeoutSeconds | int | `30` |  |
 | metrics.service.port | int | `8081` |  |
 | metrics.serviceMonitor.additionalLabels | object | `{}` | additional labels to apply to the ServiceMonitor object, e.g. `release: prometheus` |
 | metrics.serviceMonitor.enabled | bool | `false` | if enabled, creates a ServiceMonitor instance for Prometheus Operator-based monitoring |
@@ -65,11 +61,6 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver
 | postgresql.primary.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` |  |
 | postgresql.primary.containerSecurityContext.runAsNonRoot | bool | `true` |  |
 | postgresql.primary.containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
-| readinessProbe.failureThreshold | int | `5` |  |
-| readinessProbe.initialDelaySeconds | int | `30` |  |
-| readinessProbe.periodSeconds | int | `20` |  |
-| readinessProbe.successThreshold | int | `1` |  |
-| readinessProbe.timeoutSeconds | int | `20` |  |
 | replicaCount | int | `1` | number of replicas to deploy |
 | resources | object | `{}` | configure the FHIR server's resource requests and limits |
 | securityContext.allowPrivilegeEscalation | bool | `false` |  |
@@ -82,18 +73,14 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver
 | securityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
 | service.port | int | `8080` | port where the server will be exposed at |
 | service.type | string | `"ClusterIP"` | service type |
-| startupProbe.failureThreshold | int | `10` |  |
-| startupProbe.initialDelaySeconds | int | `30` |  |
-| startupProbe.periodSeconds | int | `30` |  |
-| startupProbe.successThreshold | int | `1` |  |
-| startupProbe.timeoutSeconds | int | `30` |  |
+| tests.resources | object | `{}` | configure the test pods resource requests and limits |
 | tolerations | list | `[]` | pod tolerations |
 | topologySpreadConstraints | list | `[]` | pod topology spread configuration see: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#api |

 ## Development

 To update the Helm chart when a new version of the `hapiproject/hapi` image is released, [values.yaml](values.yaml) `image.tag` and the [Chart.yaml](Chart.yaml)'s
-`version` and optionally the `appVersion` field on major releases need to be updated. Afterwards, re-generate the [README.md](README.md)
+`version` and optionally the `appVersion` field need to be updated. Afterwards, re-generate the [README.md](README.md)
 by running:

 ```sh
--- a/charts/hapi-fhir-jpaserver/README.md.gotmpl
+++ b/charts/hapi-fhir-jpaserver/README.md.gotmpl
@@ -18,7 +18,7 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver
 ## Development

 To update the Helm chart when a new version of the `hapiproject/hapi` image is released, [values.yaml](values.yaml) `image.tag` and the [Chart.yaml](Chart.yaml)'s
-`version` and optionally the `appVersion` field on major releases need to be updated. Afterwards, re-generate the [README.md](README.md)
+`version` and optionally the `appVersion` field need to be updated. Afterwards, re-generate the [README.md](README.md)
 by running:

 ```sh
--- a/charts/hapi-fhir-jpaserver/ci/extra-config-values.yaml
+++ b/charts/hapi-fhir-jpaserver/ci/extra-config-values.yaml
@@ -0,0 +1,17 @@
+extraConfig: |
+  hapi:
+    fhir:
+      cr_enabled: true
+      tester:
+        home:
+          name: Hello HAPI FHIR
+          server_address: "http://fhir-server.127.0.0.1.nip.io/fhir"
+          refuse_to_fetch_third_party_urls: true
+          fhir_version: R4
+
+ingress:
+  enabled: true
+  hosts:
+    - host: fhir-server.127.0.0.1.nip.io
+      pathType: ImplementationSpecific
+      paths: ["/"]
--- a/charts/hapi-fhir-jpaserver/templates/application-config.yaml
+++ b/charts/hapi-fhir-jpaserver/templates/application-config.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.extraConfig -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "hapi-fhir-jpaserver.fullname" . }}-application-config
+  labels:
+    {{- include "hapi-fhir-jpaserver.labels" . | nindent 4 }}
+data:
+  application-extra.yaml: |-
+    {{ .Values.extraConfig | nindent 4 }}
+{{- end }}
--- a/charts/hapi-fhir-jpaserver/templates/deployment.yaml
+++ b/charts/hapi-fhir-jpaserver/templates/deployment.yaml
@@ -63,38 +63,17 @@ spec:
            - name: http-metrics
              containerPort: 8081
              protocol: TCP
-          startupProbe:
-            httpGet:
-              path: /readyz
-              port: http
          {{- with .Values.startupProbe }}
-            initialDelaySeconds: {{ .initialDelaySeconds }}
-            periodSeconds: {{ .periodSeconds }}
-            timeoutSeconds: {{ .timeoutSeconds }}
-            successThreshold: {{ .successThreshold }}
-            failureThreshold: {{ .failureThreshold }}
+          startupProbe:
+            {{- toYaml . | nindent 12 }}
          {{- end }}
-          readinessProbe:
-            httpGet:
-              path: /readyz
-              port: http
-          {{- with .Values.readinessProbe }}
-            initialDelaySeconds: {{ .initialDelaySeconds }}
-            periodSeconds: {{ .periodSeconds }}
-            timeoutSeconds: {{ .timeoutSeconds }}
-            successThreshold: {{ .successThreshold }}
-            failureThreshold: {{ .failureThreshold }}
-          {{- end }}
-          livenessProbe:
-            httpGet:
-              path: /livez
-              port: http
          {{- with .Values.livenessProbe }}
-            initialDelaySeconds: {{ .initialDelaySeconds }}
-            periodSeconds: {{ .periodSeconds }}
-            timeoutSeconds: {{ .timeoutSeconds }}
-            successThreshold: {{ .successThreshold }}
-            failureThreshold: {{ .failureThreshold }}
+          livenessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.readinessProbe }}
+          readinessProbe:
+            {{- toYaml . | nindent 12 }}
          {{- end }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
@@ -118,6 +97,10 @@ spec:
              value: "true"
            - name: MANAGEMENT_SERVER_PORT
              value: "8081"
+            {{- if .Values.extraConfig }}
+            - name: SPRING_CONFIG_IMPORT
+              value: "/app/config/application-extra.yaml"
+            {{- end }}
            {{- if .Values.extraEnv }}
            {{ toYaml .Values.extraEnv | nindent 12 }}
            {{- end }}
@@ -126,6 +109,12 @@ spec:
              name: tmp-volume
            - mountPath: /app/target
              name: lucenefiles-volume
+          {{- if .Values.extraConfig }}
+            - name: application-extra-config
+              mountPath: /app/config/application-extra.yaml
+              readOnly: true
+              subPath: application-extra.yaml
+          {{- end }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
@@ -147,3 +136,8 @@ spec:
          emptyDir: {}
        - name: lucenefiles-volume
          emptyDir: {}
+      {{- if .Values.extraConfig }}
+        - name: application-extra-config
+          configMap:
+            name: {{ include "hapi-fhir-jpaserver.fullname" . }}-application-config
+      {{- end }}
--- a/charts/hapi-fhir-jpaserver/templates/tests/test-endpoints.yaml
+++ b/charts/hapi-fhir-jpaserver/templates/tests/test-endpoints.yaml
@@ -11,20 +11,17 @@ spec:
  restartPolicy: Never
  containers:
    - name: test-metadata-endpoint
-      image: docker.io/curlimages/curl:8.1.2@sha256:ef501f5efa67be41da985b441bd63130ef39d4d6a4f9c035d737884357438b6c
+      image: "{{ .Values.curl.image.registry }}/{{ .Values.curl.image.repository }}:{{ .Values.curl.image.tag }}"
      command: ["curl", "--fail-with-body"]
      args: ["http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.service.port }}/fhir/metadata?_summary=true"]
      {{- with .Values.restrictedContainerSecurityContext }}
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- with .Values.tests.resources }}
      resources:
-        limits:
-          cpu: 100m
-          memory: 128Mi
-        requests:
-          cpu: 100m
-          memory: 128Mi
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      livenessProbe:
        exec:
          command: ["true"]
@@ -32,20 +29,17 @@ spec:
        exec:
          command: ["true"]
    - name: test-patient-endpoint
-      image: docker.io/curlimages/curl:8.1.2@sha256:ef501f5efa67be41da985b441bd63130ef39d4d6a4f9c035d737884357438b6c
+      image: "{{ .Values.curl.image.registry }}/{{ .Values.curl.image.repository }}:{{ .Values.curl.image.tag }}"
      command: ["curl", "--fail-with-body"]
      args: ["http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.service.port }}/fhir/Patient?_count=1&_summary=true"]
      {{- with .Values.restrictedContainerSecurityContext }}
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- with .Values.tests.resources }}
      resources:
-        limits:
-          cpu: 100m
-          memory: 128Mi
-        requests:
-          cpu: 100m
-          memory: 128Mi
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      livenessProbe:
        exec:
          command: ["true"]
@@ -53,20 +47,17 @@ spec:
        exec:
          command: ["true"]
    - name: test-metrics-endpoint
-      image: docker.io/curlimages/curl:8.1.2@sha256:ef501f5efa67be41da985b441bd63130ef39d4d6a4f9c035d737884357438b6c
+      image: "{{ .Values.curl.image.registry }}/{{ .Values.curl.image.repository }}:{{ .Values.curl.image.tag }}"
      command: ["curl", "--fail-with-body"]
      args: ["http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.metrics.service.port }}/actuator/prometheus"]
      {{- with .Values.restrictedContainerSecurityContext }}
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      {{- with .Values.tests.resources }}
      resources:
-        limits:
-          cpu: 100m
-          memory: 128Mi
-        requests:
-          cpu: 100m
-          memory: 128Mi
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      livenessProbe:
        exec:
          command: ["true"]
--- a/charts/hapi-fhir-jpaserver/values.yaml
+++ b/charts/hapi-fhir-jpaserver/values.yaml
@@ -131,27 +131,42 @@ postgresql:
      seccompProfile:
        type: RuntimeDefault

+# -- readiness probe
+# @ignored
 readinessProbe:
+  httpGet:
+    path: /readyz
+    port: http
  failureThreshold: 5
  initialDelaySeconds: 30
  periodSeconds: 20
  successThreshold: 1
  timeoutSeconds: 20

-startupProbe:
-  failureThreshold: 10
-  initialDelaySeconds: 30
-  periodSeconds: 30
-  successThreshold: 1
-  timeoutSeconds: 30
-
+# -- liveness probe
+# @ignored
 livenessProbe:
+  httpGet:
+    path: /livez
+    port: http
  failureThreshold: 5
  initialDelaySeconds: 30
  periodSeconds: 20
  successThreshold: 1
  timeoutSeconds: 30

+# -- startup probe
+# @ignored
+startupProbe:
+  httpGet:
+    path: /readyz
+    port: http
+  failureThreshold: 10
+  initialDelaySeconds: 30
+  periodSeconds: 30
+  successThreshold: 1
+  timeoutSeconds: 30
+
 externalDatabase:
  # -- external database host used with `postgresql.enabled=false`
  host: localhost
@@ -208,3 +223,32 @@ restrictedContainerSecurityContext:
  runAsGroup: 65534
  seccompProfile:
    type: RuntimeDefault
+
+# @ignored
+curl:
+  image:
+    registry: docker.io
+    repository: curlimages/curl
+    tag: 8.2.0@sha256:daf3f46a2639c1613b25e85c9ee4193af8a1d538f92483d67f9a3d7f21721827
+
+tests:
+  # -- configure the test pods resource requests and limits
+  resources: {}
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+# -- additional Spring Boot application config. Mounted as a file and automatically loaded by the application.
+extraConfig: ""
+  # # For example:
+  # |
+  # hapi:
+  #   fhir:
+  #     implementationguides:
+  #       gh_0_1_0:
+  #         url: https://build.fhir.org/ig/hl7-eu/gravitate-health/package.tgz
+  #         name: hl7.eu.fhir.gh
+  #         version: 0.1.0