Personal-Twin/hapi-fhir-jpaserver-starter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

simplified helm chart

Browse Source
This commit is contained in:
chgl
2021-10-07 00:38:42 +02:00
committed by Jens Kristian Villadsen
parent 79fddf8309
commit eaffce0d42
18 changed files with 285 additions and 305 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.github/ct/ct.yaml → .github/ct/config.yaml vendored
View File

@@ -1,6 +1,5 @@
debug: true debug: true
remote: origin remote: origin
lint-conf: .github/ct/lintconf.yaml
chart-yaml-schema: .github/ct/chart-schema.yaml chart-yaml-schema: .github/ct/chart-schema.yaml
validate-maintainers: false validate-maintainers: false
validate-chart-schema: true validate-chart-schema: true

40
.github/ct/lintconf.yaml vendored
View File

@@ -1,40 +0,0 @@
---
rules:
braces:
min-spaces-inside: 0
max-spaces-inside: 0
min-spaces-inside-empty: -1
max-spaces-inside-empty: -1
brackets:
min-spaces-inside: 0
max-spaces-inside: 0
min-spaces-inside-empty: -1
max-spaces-inside-empty: -1
colons:
max-spaces-before: 0
max-spaces-after: 1
commas:
max-spaces-before: 0
min-spaces-after: 1
max-spaces-after: 1
comments:
require-starting-space: true
min-spaces-from-content: 1
document-end: disable
document-start: disable
empty-lines:
max: 2
max-start: 0
max-end: 0
hyphens:
max-spaces-after: 1
indentation:
spaces: consistent
indent-sequences: whatever
check-multi-line-strings: false
key-duplicates: enable
line-length: disable
new-line-at-end-of-file: enable
trailing-spaces: enable
truthy:
level: warning

5
.github/workflows/build-images.yaml vendored
View File

@@ -4,9 +4,12 @@ on:
push: push:
tags: tags:
- "image/v*" - "image/v*"
paths-ignore:
- "charts/**"
pull_request: pull_request:
branches: [master] branches: [master]
paths-ignore:
- "charts/**"
env: env:
IMAGES: docker.io/hapiproject/hapi IMAGES: docker.io/hapiproject/hapi
PLATFORMS: linux/amd64,linux/arm64/v8 PLATFORMS: linux/amd64,linux/arm64/v8

9
.github/workflows/chart-release.yaml vendored
View File

@@ -15,21 +15,26 @@ jobs:
uses: actions/checkout@v2 uses: actions/checkout@v2
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Configure Git - name: Configure Git
run: | run: |
git config user.name "$GITHUB_ACTOR" git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com" git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Install Helm - name: Install Helm
uses: azure/setup-helm@v1 uses: azure/setup-helm@v1
with: with:
version: v3.4.0 version: v3.7.0
- name: Add bitnami repo - name: Add bitnami repo
run: helm repo add bitnami https://charts.bitnami.com/bitnami run: helm repo add bitnami https://charts.bitnami.com/bitnami
- name: Update dependencies - name: Update dependencies
run: find charts/ ! -path charts/ -maxdepth 1 -type d -exec helm dependency update {} \; run: find charts/ ! -path charts/ -maxdepth 1 -type d -exec helm dependency update {} \;
- name: Run chart-releaser - name: Run chart-releaser
uses: helm/chart-releaser-action@v1.2.0 uses: helm/chart-releaser-action@v1.2.0
with: with:
config: .github/ct/ct.yaml config: .github/ct/config.yaml
env: env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

41
.github/workflows/chart-test.yaml vendored
View File

@@ -10,18 +10,28 @@ on:
jobs: jobs:
lint: lint:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
container: ghcr.io/chgl/kube-powertools:latest container: quay.io/helmpack/chart-testing:v3.4.0
steps: steps:
- name: Install helm-docs
working-directory: /tmp
env:
HELM_DOCS_URL: https://github.com/norwoodj/helm-docs/releases/download/v1.5.0/helm-docs_1.5.0_Linux_x86_64.tar.gz
run: |
curl -LSs $HELM_DOCS_URL | tar xz && \
mv ./helm-docs /usr/local/bin/helm-docs && \
chmod +x /usr/local/bin/helm-docs && \
helm-docs --version
- name: Checkout - name: Checkout
uses: actions/checkout@v2 uses: actions/checkout@v2
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Update dependencies
run: find charts/ ! -path charts/ -maxdepth 1 -type d -exec helm dependency update {} \; - name: Check if documentation is up-to-date
run: helm-docs && git diff --exit-code HEAD
- name: Run chart-testing (lint) - name: Run chart-testing (lint)
run: ct lint --config .github/ct/ct.yaml run: ct lint --config .github/ct/config.yaml
- name: Run Powerlint
run: chart-powerlint.sh
test: test:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
@@ -32,24 +42,27 @@ jobs:
uses: actions/checkout@v2 uses: actions/checkout@v2
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Set up Helm - name: Set up Helm
uses: azure/setup-helm@v1 uses: azure/setup-helm@v1
with: with:
version: v3.5.2 version: v3.7.0
- uses: actions/setup-python@v2
with:
python-version: 3.9
- name: Set up chart-testing - name: Set up chart-testing
uses: helm/chart-testing-action@v2.0.1 uses: helm/chart-testing-action@v2.1.0
- name: Run chart-testing (list-changed) - name: Run chart-testing (list-changed)
id: list-changed id: list-changed
run: | run: |
changed=$(ct list-changed) changed=$(ct list-changed --config .github/ct/config.yaml)
if [[ -n "$changed" ]]; then if [[ -n "$changed" ]]; then
echo "::set-output name=changed::true" echo "::set-output name=changed::true"
fi fi
- name: Create k8s Kind Cluster - name: Create k8s Kind Cluster
uses: helm/kind-action@v1.1.0 uses: helm/kind-action@v1.2.0
if: steps.list-changed.outputs.changed == 'true' if: steps.list-changed.outputs.changed == 'true'
- name: Run chart-testing (install) - name: Run chart-testing (install)
run: ct install --config .github/ct/ct.yaml run: ct install --config .github/ct/config.yaml
if: steps.list-changed.outputs.changed == 'true'

41
charts/README.md
View File

@@ -1,41 +0,0 @@
# Charts
> A collection of Helm charts
```sh
helm repo add hapifhir https://hapifhir.github.io/charts
helm repo update
```
## Development
1. Make changes to the charts
1. Mount the folder in the [kube-powertools](https://github.com/chgl/kube-powertools) container to easily run linters and checks
```sh
docker run --rm -it -v $PWD:/usr/src/app ghcr.io/chgl/kube-powertools:latest
```
1. Run chart-testing and the `chart-powerlint.sh` script to lint the chart
```sh
ct lint --config .github/ct/ct.yaml && chart-powerlint.sh
```
1. (Optional) View the results of the [polaris audit check](https://github.com/FairwindsOps/polaris) in your browser
```sh
$ docker run --rm -it -p 9090:8080 -v $PWD:/usr/src/app ghcr.io/chgl/kube-powertools:latest
bash-5.0: helm template charts/fhir-server/ | polaris dashboard --audit-path -
```
You can now open your browser at <http://localhost:9090> and see the results and recommendations.
1. Run `generate-docs.sh` to auto-generate an updated README
```sh
generate-docs.sh
```
1. Bump the version in the changed Chart.yaml according to SemVer (The `ct lint` step above will complain if you forget to update the version.)

6
charts/hapi-fhir-jpaserver/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: postgresql - name: postgresql
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
version: 10.3.16 version: 10.12.2
digest: sha256:a45816f0855c6d4b1d66384ac36db99e0378f24663d02791006f815ff9d49245 digest: sha256:38ee315eae1af3e3f6eb20e1dd8ffd60d4ab7ee0c51bf26941b56c8bcb376c11
generated: "2021-04-09T15:11:17.790703505Z" generated: "2021-10-07T00:19:18.9743522+02:00"

14
charts/hapi-fhir-jpaserver/Chart.yaml
View File

@@ -7,7 +7,17 @@ sources:
- https://github.com/hapifhir/hapi-fhir-jpaserver-starter - https://github.com/hapifhir/hapi-fhir-jpaserver-starter
dependencies: dependencies:
- name: postgresql - name: postgresql
version: 10.3.16 version: 10.12.2
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
condition: postgresql.enabled condition: postgresql.enabled
version: 0.2.0 annotations:
artifacthub.io/license: Apache-2.0
artifacthub.io/prerelease: "true"
artifacthub.io/changes: |
# When using the list of objects option the valid supported kinds are
# added, changed, deprecated, removed, fixed, and security.
- kind: changed
description: |
updated HAPI FHIR starter image to 5.5.1
appVersion: v5.5.1
version: 0.6.0

161
charts/hapi-fhir-jpaserver/README.md
View File

@@ -1,101 +1,74 @@
# hapi-fhir-jpaserver # HAPI FHIR JPA Server Starter Helm Chart
[HAPI FHIR JPA Server](https://github.com/hapifhir/hapi-fhir-jpaserver-starter) - Helm chart for deploying the HAPI FHIR JPA starter server ![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v5.5.1](https://img.shields.io/badge/AppVersion-v5.5.1-informational?style=flat-square)
## TL;DR; This helm chart will help you install the HAPI FHIR JPA Server in a Kubernetes environment.
```console ## Sample usage
$ helm repo add hapifhir https://hapifhir.github.io/hapi-fhir-jpaserver-starter
$ helm repo update ```sh
$ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver -n fhir helm repo add hapifhir https://hapifhir.github.io/hapi-fhir-jpaserver-starter/
helm install --render-subchart-notes hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver
``` ```
## Introduction ## Values
This chart deploys the HAPI FHIR JPA starter server. on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. | Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | pod affinity |
| deploymentAnnotations | object | `{}` | annotations applied to the server deployment |
| externalDatabase.database | string | `"fhir"` | database name |
| externalDatabase.existingSecret | string | `""` | name of an existing secret resource containing the DB password in the `existingSecretKey` key |
| externalDatabase.existingSecretKey | string | `"postgresql-password"` | name of the key inside the `existingSecret` |
| externalDatabase.host | string | `"localhost"` | external database host used with `postgresql.enabled=false` |
| externalDatabase.password | string | `""` | database password |
| externalDatabase.port | int | `5432` | database port number |
| externalDatabase.user | string | `"fhir"` | username for the external database |
| fullnameOverride | string | `""` | override the chart fullname |
| image.flavor | string | `"distroless"` | the flavor or variant of the image to use. appended to the image tag by `-`. |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.registry | string | `"docker.io"` | |
| image.repository | string | `"hapiproject/hapi"` | |
| image.tag | string | `""` | defaults to `Chart.appVersion` |
| imagePullSecrets | list | `[]` | image pull secrets to use when pulling the image |
| ingress.annotations | object | `{}` | provide any additional annotations which may be required. Evaluated as a template. |
| ingress.enabled | bool | `false` | whether to create an Ingress to expose the FHIR server HTTP endpoint |
| ingress.hosts[0].host | string | `"fhir-server.127.0.0.1.nip.io"` | |
| ingress.hosts[0].pathType | string | `"ImplementationSpecific"` | |
| ingress.hosts[0].paths[0] | string | `"/"` | |
| ingress.tls | list | `[]` | ingress TLS config |
| nameOverride | string | `""` | override the chart name |
| networkPolicy.allowedFrom | list | `[]` | Additional allowed NetworkPolicyPeer specs Evaluated as a template so you could do: Example: allowedFrom: - podSelector: matchLabels: app.kubernetes.io/name: {{ $.Release.Name }} |
| networkPolicy.enabled | bool | `false` | enable NetworkPolicy |
| networkPolicy.explicitNamespacesSelector | object | `{}` | a Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed |
| nodeSelector | object | `{}` | node selector for the pod |
| podAnnotations | object | `{}` | annotations applied to the server pod |
| podSecurityContext | object | `{}` | pod security context |
| postgresql.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| postgresql.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| postgresql.enabled | bool | `true` | enable an included PostgreSQL DB. see <https://github.com/bitnami/charts/tree/master/bitnami/postgresql> for details if set to `false`, the values under `externalDatabase` are used |
| postgresql.existingSecret | string | `""` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-postgres-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template. |
| postgresql.postgresqlDatabase | string | `"fhir"` | name of the database to create see: <https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run> |
| readinessProbe.failureThreshold | int | `5` | |
| readinessProbe.initialDelaySeconds | int | `30` | |
| readinessProbe.periodSeconds | int | `20` | |
| readinessProbe.successThreshold | int | `1` | |
| readinessProbe.timeoutSeconds | int | `20` | |
| replicaCount | int | `1` | number of replicas to deploy |
| resources | object | `{}` | configure the FHIR server's resource requests and limits |
| securityContext.allowPrivilegeEscalation | bool | `false` | |
| securityContext.capabilities.drop[0] | string | `"ALL"` | |
| securityContext.readOnlyRootFilesystem | bool | `true` | |
| securityContext.runAsNonRoot | bool | `true` | |
| securityContext.runAsUser | int | `65532` | |
| service.port | int | `8080` | |
| service.type | string | `"ClusterIP"` | |
| startupProbe.failureThreshold | int | `10` | |
| startupProbe.initialDelaySeconds | int | `60` | |
| startupProbe.periodSeconds | int | `30` | |
| startupProbe.successThreshold | int | `1` | |
| startupProbe.timeoutSeconds | int | `30` | |
| tolerations | list | `[]` | pod tolerations |
## Prerequisites ----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0)
- Kubernetes v1.18+
- Helm v3
## Installing the Chart
To install the chart with the release name `hapi-fhir-jpaserver`:
```console
$ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver -n fhir
```
The command deploys the HAPI FHIR JPA starter server. on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm list`
## Uninstalling the Chart
To uninstall/delete the `hapi-fhir-jpaserver`:
```console
$ helm delete hapi-fhir-jpaserver -n fhir
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Configuration
The following table lists the configurable parameters of the `hapi-fhir-jpaserver` chart and their default values.
| Parameter | Description | Default |
| -------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------- |
| replicaCount | | `1` |
| imagePullSecrets | image pull secrets | `[]` |
| nameOverride | | `""` |
| fullnameOverride | | `""` |
| deploymentAnnotations | annotations applied to the server deployment | `{}` |
| podAnnotations | annotations applied to the server pod | `{}` |
| podSecurityContext | PodSecurityContext applied to the pod | `{}` |
| service.type | | `ClusterIP |
| | | # service port` |
| service.port | | `8080` |
| ingress.enabled | | `false |
| | | # provide any additional annotations which may be required. Evaluated as a template.` |
| ingress.annotations | | `{}` |
| ingress.tls | | `[]` |
| resources | resource requests and limits | `{}` |
| nodeSelector | choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. If you do want to specify resources, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: cpu: 100m memory: 128Mi requests: cpu: 100m memory: 128Mi node labels for pods assignment see: <https://kubernetes.io/docs/user-guide/node-selection/> | `{}` |
| tolerations | tolerations for pods assignment see: <https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/> | `[]` |
| affinity | affinity for pods assignment see: <https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity> | `{}` |
| postgresql.enabled | if set to `false`, the values under `webApi.db` are used | `true |
| | | # update the default Postgres version to 13.2` |
| postgresql.image | | `{"tag":"13.2.0"}` |
| postgresql.postgresqlDatabase | see: <https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run> | `"fhir"` |
| postgresql.existingSecret | The secret has to contain the keys `postgresql-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-postgres-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template. | `""` |
| postgresql.replication.enabled | | `false |
| | | # number of read replicas` |
| postgresql.replication.readReplicas | | `2` |
| postgresql.replication.synchronousCommit | | `"on"` |
| postgresql.replication.numSynchronousReplicas | | `1` |
| postgresql.metrics.enabled | | `false` |
| postgresql.metrics.serviceMonitor.enabled | | `false |
| | | # the labels used for Prometheus autodiscover, e.g. could be `release: prometheus`` |
| postgresql.metrics.serviceMonitor.additionalLabels | | `{}` |
| externalDatabase.host | | `localhost |
| | | # non-root Username for FHIR Database` |
| externalDatabase.user | | `fhir` |
| externalDatabase.password | | `""` |
| externalDatabase.existingSecret | | `""` |
| externalDatabase.database | | `fhir` |
| externalDatabase.port | | `5432` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:
```console
$ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver -n fhir --set replicaCount=1
```
Alternatively, a YAML file that specifies the values for the parameters can be provided while
installing the chart. For example:
```console
$ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver -n fhir --values values.yaml
```

16
charts/hapi-fhir-jpaserver/README.md.gotmpl Normal file
View File

@@ -0,0 +1,16 @@
# HAPI FHIR JPA Server Starter Helm Chart
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
This helm chart will help you install the HAPI FHIR JPA Server in a Kubernetes environment.
## Sample usage
```sh
helm repo add hapifhir https://hapifhir.github.io/hapi-fhir-jpaserver-starter/
helm install --render-subchart-notes hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver
```
{{ template "chart.valuesSection" . }}
{{ template "helm-docs.versionFooter" . }}

19
charts/hapi-fhir-jpaserver/doc.yaml
View File

@@ -1,19 +0,0 @@
project:
name: HAPI FHIR JPA Server
shortName: hapi-fhir-jpaserver
url: https://github.com/hapifhir/hapi-fhir-jpaserver-starter
description: Helm chart for deploying the HAPI FHIR JPA starter server
app: the HAPI FHIR JPA starter server.
repository:
url: https://hapifhir.github.io/hapi-fhir-jpaserver-starter
name: hapifhir
chart:
name: hapi-fhir-jpaserver
values: "-- generate from values file --"
valuesExample: "-- generate from values file --"
prerequisites:
- "Kubernetes v1.18+"
- "Helm v3"
release:
name: hapi-fhir-jpaserver
namespace: fhir

32
charts/hapi-fhir-jpaserver/templates/_helpers.tpl
View File

@@ -30,6 +30,18 @@ Create chart name and version as used by the chart label.
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }} {{- end }}
{{/*
Create image tag
*/}}
{{- define "hapi-fhir-jpaserver.imageTag" -}}
{{- $version := default .Chart.AppVersion .Values.image.tag -}}
{{- if .Values.image.flavor }}
{{- printf "%s-%s" $version .Values.image.flavor }}
{{- else }}
{{- printf "%s" $version }}
{{- end }}
{{- end }}
{{/* {{/*
Common labels Common labels
*/}} */}}
@@ -60,7 +72,7 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
{{- end -}} {{- end -}}
{{/* {{/*
Get the Postgresql credentials secret. Get the Postgresql credentials secret name.
*/}} */}}
{{- define "hapi-fhir-jpaserver.postgresql.secretName" -}} {{- define "hapi-fhir-jpaserver.postgresql.secretName" -}}
{{- if and (.Values.postgresql.enabled) (not .Values.postgresql.existingSecret) -}} {{- if and (.Values.postgresql.enabled) (not .Values.postgresql.existingSecret) -}}
@@ -71,11 +83,22 @@ Get the Postgresql credentials secret.
{{- if .Values.externalDatabase.existingSecret -}} {{- if .Values.externalDatabase.existingSecret -}}
{{- printf "%s" .Values.externalDatabase.existingSecret -}} {{- printf "%s" .Values.externalDatabase.existingSecret -}}
{{- else -}} {{- else -}}
{{ printf "%s-%s" .Release.Name "externaldb" }} {{ printf "%s-%s" (include "hapi-fhir-jpaserver.fullname" .) "external-db" }}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{/*
Get the Postgresql credentials secret key.
*/}}
{{- define "hapi-fhir-jpaserver.postgresql.secretKey" -}}
{{- if (.Values.externalDatabase.existingSecret) -}}
{{- printf "%s" .Values.externalDatabase.existingSecretKey -}}
{{- else }}
{{- printf "postgresql-password" -}}
{{- end -}}
{{- end -}}
{{/* {{/*
Add environment variables to configure database values Add environment variables to configure database values
*/}} */}}
@@ -87,7 +110,7 @@ Add environment variables to configure database values
Add environment variables to configure database values Add environment variables to configure database values
*/}} */}}
{{- define "hapi-fhir-jpaserver.database.user" -}} {{- define "hapi-fhir-jpaserver.database.user" -}}
{{- ternary .Values.postgresql.postgresqlUsername .Values.externalDatabase.user .Values.postgresql.enabled | quote -}} {{- ternary .Values.postgresql.postgresqlUsername .Values.externalDatabase.user .Values.postgresql.enabled -}}
{{- end -}} {{- end -}}
{{/* {{/*
@@ -111,5 +134,6 @@ Create the JDBC URL from the host, port and database name.
{{- $host := (include "hapi-fhir-jpaserver.database.host" .) -}} {{- $host := (include "hapi-fhir-jpaserver.database.host" .) -}}
{{- $port := (include "hapi-fhir-jpaserver.database.port" .) -}} {{- $port := (include "hapi-fhir-jpaserver.database.port" .) -}}
{{- $name := (include "hapi-fhir-jpaserver.database.name" .) -}} {{- $name := (include "hapi-fhir-jpaserver.database.name" .) -}}
{{ printf "jdbc:postgresql://%s:%d/%s" $host (int $port) $name }} {{- $appName := .Release.Name -}}
{{ printf "jdbc:postgresql://%s:%d/%s?ApplicationName=%s" $host (int $port) $name $appName }}
{{- end -}} {{- end -}}

31
charts/hapi-fhir-jpaserver/templates/deployment.yaml
View File

@@ -28,10 +28,9 @@ spec:
{{- end }} {{- end }}
securityContext: securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }} {{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if .Values.postgresql.enabled }}
initContainers: initContainers:
- name: wait-for-db - name: wait-for-db-to-be-ready
image: busybox:1.32 image: "{{ .Values.postgresql.image.registry }}/{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }}"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
@@ -41,15 +40,27 @@ spec:
drop: drop:
- ALL - ALL
runAsNonRoot: true runAsNonRoot: true
runAsUser: 11111 runAsUser: 1001
runAsGroup: 11111 runAsGroup: 1001
command: ["sh", "-c", "while ! nc -z {{ .Release.Name }}-postgresql 5432 -w 5; do echo $(date) waiting for database; sleep 5; done;"] env:
{{- end }} - name: PGHOST
value: "{{ include "hapi-fhir-jpaserver.database.host" . }}"
- name: PGPORT
value: "{{ include "hapi-fhir-jpaserver.database.port" . }}"
- name: PGUSER
value: "{{ include "hapi-fhir-jpaserver.database.user" . }}"
command: ["/bin/sh", "-c"]
args:
- |
until pg_isready; do
echo "Waiting for DB ${PGUSER}@${PGHOST}:${PGPORT} to be up";
sleep 15;
done;
containers: containers:
- name: {{ .Chart.Name }} - name: {{ .Chart.Name }}
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}" image: {{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ include "hapi-fhir-jpaserver.imageTag" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
ports: ports:
- name: http - name: http
@@ -68,7 +79,7 @@ spec:
{{- end }} {{- end }}
startupProbe: startupProbe:
httpGet: httpGet:
path: /fhir/Patient?_count=1 path: /fhir/metadata
port: http port: http
{{- with .Values.startupProbe }} {{- with .Values.startupProbe }}
initialDelaySeconds: {{ .initialDelaySeconds }} initialDelaySeconds: {{ .initialDelaySeconds }}
@@ -88,7 +99,7 @@ spec:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ include "hapi-fhir-jpaserver.postgresql.secretName" . }} name: {{ include "hapi-fhir-jpaserver.postgresql.secretName" . }}
key: postgresql-password key: {{ include "hapi-fhir-jpaserver.postgresql.secretKey" . }}
- name: SPRING_DATASOURCE_DRIVERCLASSNAME - name: SPRING_DATASOURCE_DRIVERCLASSNAME
value: org.postgresql.Driver value: org.postgresql.Driver
- name: SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT - name: SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT

2
charts/hapi-fhir-jpaserver/templates/externaldb-secret.yaml
View File

@@ -2,7 +2,7 @@
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: {{ printf "%s-%s" .Release.Name "externaldb" }} name: {{ include "hapi-fhir-jpaserver.fullname" . }}-external-db
labels: labels:
{{- include "hapi-fhir-jpaserver.labels" . | nindent 4 }} {{- include "hapi-fhir-jpaserver.labels" . | nindent 4 }}
type: Opaque type: Opaque

5
charts/hapi-fhir-jpaserver/templates/ingress.yaml
View File

@@ -1,6 +1,5 @@
{{- if .Values.ingress.enabled -}} {{- if .Values.ingress.enabled -}}
{{- $fullName := include "hapi-fhir-jpaserver.fullname" . -}} {{- $fullName := include "hapi-fhir-jpaserver.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion }} {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion }}
@@ -44,10 +43,10 @@ spec:
service: service:
name: {{ $fullName }} name: {{ $fullName }}
port: port:
number: {{ $svcPort }} name: http
{{ else }} {{ else }}
serviceName: {{ $fullName }} serviceName: {{ $fullName }}
servicePort: {{ $svcPort }} servicePort: http
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

27
charts/hapi-fhir-jpaserver/templates/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,27 @@
{{- if .Values.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: {{ include "hapi-fhir-jpaserver.fullname" . }}
labels:
{{- include "hapi-fhir-jpaserver.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels:
{{- include "hapi-fhir-jpaserver.selectorLabels" . | nindent 6 }}
ingress:
# Allow inbound connections from pods with the "hapi-fhir-jpaserver-client: true" label
- ports:
- port: http
from:
- podSelector:
matchLabels:
{{ include "hapi-fhir-jpaserver.fullname" . }}-client: "true"
{{- with .Values.networkPolicy.explicitNamespacesSelector }}
namespaceSelector:
{{ toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.networkPolicy.allowedFrom }}
{{ tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- end }}

2
charts/hapi-fhir-jpaserver/templates/tests/test-connection.yaml
View File

@@ -4,6 +4,7 @@ metadata:
name: "{{ include "hapi-fhir-jpaserver.fullname" . }}-test-connection" name: "{{ include "hapi-fhir-jpaserver.fullname" . }}-test-connection"
labels: labels:
{{- include "hapi-fhir-jpaserver.labels" . | nindent 4 }} {{- include "hapi-fhir-jpaserver.labels" . | nindent 4 }}
{{ include "hapi-fhir-jpaserver.fullname" . }}-client: "true"
annotations: annotations:
"helm.sh/hook": test "helm.sh/hook": test
spec: spec:
@@ -11,7 +12,6 @@ spec:
containers: containers:
- name: wget - name: wget
image: busybox:1 image: busybox:1
imagePullPolicy: Always
command: ['wget', '-O', '-'] command: ['wget', '-O', '-']
args: ['http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.service.port }}/fhir/Patient?_count=1'] args: ['http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.service.port }}/fhir/Patient?_count=1']
securityContext: securityContext:

136
charts/hapi-fhir-jpaserver/values.yaml
View File

@@ -1,33 +1,37 @@
# Default values for hapi-fhir-jpaserver. # -- number of replicas to deploy
# This is a YAML-formatted file.
# number of replicas
replicaCount: 1 replicaCount: 1
image: # +doc-gen:ignore image:
registry: ghcr.io registry: docker.io
repository: chgl/hapifhir/hapi-fhir-jpaserver-starter repository: hapiproject/hapi
tag: v5.3.0-distroless # -- defaults to `Chart.appVersion`
tag: ""
# -- the flavor or variant of the image to use.
# appended to the image tag by `-`.
flavor: "distroless"
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# image pull secrets # -- image pull secrets to use when pulling the image
imagePullSecrets: [] imagePullSecrets: []
# -- override the chart name
nameOverride: "" nameOverride: ""
# -- override the chart fullname
fullnameOverride: "" fullnameOverride: ""
# annotations applied to the server deployment # -- annotations applied to the server deployment
deploymentAnnotations: {} deploymentAnnotations: {}
# annotations applied to the server pod # -- annotations applied to the server pod
podAnnotations: {} podAnnotations: {}
# PodSecurityContext applied to the pod # -- pod security context
podSecurityContext: podSecurityContext:
{} {}
# fsGroup: 2000 # fsGroup: 2000
# ContainerSecurityContext applied to the container securityContext:
securityContext: # +doc-gen:ignore
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
drop: drop:
@@ -36,31 +40,30 @@ securityContext: # +doc-gen:ignore
runAsNonRoot: true runAsNonRoot: true
runAsUser: 65532 runAsUser: 65532
# service to expose the server
service: service:
# type of service to expose the server
type: ClusterIP type: ClusterIP
# service port
port: 8080 port: 8080
ingress: ingress:
# whether to create an Ingress to expose the FHIR server web interface # -- whether to create an Ingress to expose the FHIR server HTTP endpoint
enabled: false enabled: false
# provide any additional annotations which may be required. Evaluated as a template. # -- provide any additional annotations which may be required. Evaluated as a template.
annotations: annotations:
{} {}
# kubernetes.io/ingress.class: nginx # kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true" # kubernetes.io/tls-acme: "true"
hosts: hosts:
- host: fhir-server.127.0.0.1.xip.io - host: fhir-server.127.0.0.1.nip.io
pathType: ImplementationSpecific pathType: ImplementationSpecific
paths: ["/"] paths: ["/"]
# ingress TLS config # -- ingress TLS config
tls: [] tls: []
# - secretName: chart-example-tls # - secretName: chart-example-tls
# hosts: # hosts:
# - chart-example.local # - chart-example.local
# resource requests and limits # -- configure the FHIR server's resource requests and limits
resources: resources:
{} {}
# We usually recommend not to specify default resources and to leave this as a conscious # We usually recommend not to specify default resources and to leave this as a conscious
@@ -74,30 +77,24 @@ resources:
# cpu: 100m # cpu: 100m
# memory: 128Mi # memory: 128Mi
# node labels for pods assignment # -- node selector for the pod
# see: <https://kubernetes.io/docs/user-guide/node-selection/>
nodeSelector: {} nodeSelector: {}
# tolerations for pods assignment # -- pod tolerations
# see: <https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/>
tolerations: [] tolerations: []
# affinity for pods assignment # -- pod affinity
# see: <https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity>
affinity: {} affinity: {}
# see <https://github.com/bitnami/charts/tree/master/bitnami/postgresql> for details
postgresql: postgresql:
# enable an included PostgreSQL DB. # -- enable an included PostgreSQL DB.
# if set to `false`, the values under `webApi.db` are used # see <https://github.com/bitnami/charts/tree/master/bitnami/postgresql> for details
# if set to `false`, the values under `externalDatabase` are used
enabled: true enabled: true
# update the default Postgres version to 13.2 # -- name of the database to create
image: # +doc-gen:break
tag: 13.2.0
# name of the database to create
# see: <https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run> # see: <https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run>
postgresqlDatabase: "fhir" postgresqlDatabase: "fhir"
# Name of existing secret to use for PostgreSQL passwords. # -- Name of existing secret to use for PostgreSQL passwords.
# The secret has to contain the keys `postgresql-password` # The secret has to contain the keys `postgresql-password`
# which is the password for `postgresqlUsername` when it is # which is the password for `postgresqlUsername` when it is
# different of `postgres`, `postgresql-postgres-password` which # different of `postgres`, `postgresql-postgres-password` which
@@ -105,55 +102,58 @@ postgresql:
# which will override `replication.password` and `postgresql-ldap-password` # which will override `replication.password` and `postgresql-ldap-password`
# which will be sed to authenticate on LDAP. The value is evaluated as a template. # which will be sed to authenticate on LDAP. The value is evaluated as a template.
existingSecret: "" existingSecret: ""
replication: containerSecurityContext:
# should be true for production use
enabled: false
# number of read replicas
readReplicas: 2
# set synchronous commit mode: on, off, remote_apply, remote_write and local
synchronousCommit: "on"
# from the number of `readReplicas` defined above, set the number of those that will have synchronous replication
numSynchronousReplicas: 1
metrics:
# should also be true for production use
enabled: false
serviceMonitor:
# create a Prometheus Operator ServiceMonitor resource
enabled: false
# the labels used for Prometheus autodiscover, e.g. could be `release: prometheus`
additionalLabels: {}
containerSecurityContext: # +doc-gen:ignore
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
drop: drop:
- ALL - ALL
# readiness probe readinessProbe:
readinessProbe: # +doc-gen:ignore
failureThreshold: 5 failureThreshold: 5
initialDelaySeconds: 30 initialDelaySeconds: 30
periodSeconds: 20 periodSeconds: 20
successThreshold: 1 successThreshold: 1
timeoutSeconds: 20 timeoutSeconds: 20
# startup probe
startupProbe: # +doc-gen:ignore startupProbe:
failureThreshold: 10 failureThreshold: 10
initialDelaySeconds: 60 initialDelaySeconds: 60
periodSeconds: 30 periodSeconds: 30
successThreshold: 1 successThreshold: 1
timeoutSeconds: 30 timeoutSeconds: 30
# only used if `postgresql.enabeld=false`
externalDatabase: externalDatabase:
# Database host # -- external database host used with `postgresql.enabled=false`
host: localhost host: localhost
# non-root Username for FHIR Database # -- database port number
user: fhir
# Database password
password: ""
# Name of an existing secret resource containing the DB password in a 'postgresql-password' key
existingSecret: ""
# Database name
database: fhir
# Database port number
port: 5432 port: 5432
# -- username for the external database
user: fhir
# -- database password
password: ""
# -- name of an existing secret resource containing the DB password in the `existingSecretKey` key
existingSecret: ""
# -- name of the key inside the `existingSecret`
existingSecretKey: "postgresql-password"
# -- database name
database: fhir
networkPolicy:
# -- enable NetworkPolicy
enabled: false
# -- a Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed
explicitNamespacesSelector:
{}
# matchLabels:
# team: one
# test: foo
# -- Additional allowed NetworkPolicyPeer specs
# Evaluated as a template so you could do:
#
# Example:
# allowedFrom:
# - podSelector:
# matchLabels:
# app.kubernetes.io/name: {{ $.Release.Name }}
allowedFrom: []