added Helm chart for HAPI FHIR server

2021-04-23 01:18:29 +02:00
parent 1c54375e59
commit f26f7d3c08
20 changed files with 914 additions and 1 deletions
--- a/charts/hapi-fhir-jpaserver/values.yaml
+++ b/charts/hapi-fhir-jpaserver/values.yaml
@@ -0,0 +1,159 @@
+# Default values for hapi-fhir-jpaserver.
+# This is a YAML-formatted file.
+
+# number of replicas
+replicaCount: 1
+
+image: # +doc-gen:ignore
+  registry: ghcr.io
+  repository: chgl/hapifhir/hapi-fhir-jpaserver-starter
+  tag: v5.3.0-distroless
+  pullPolicy: IfNotPresent
+
+# image pull secrets
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+# annotations applied to the server deployment
+deploymentAnnotations: {}
+
+# annotations applied to the server pod
+podAnnotations: {}
+
+# PodSecurityContext applied to the pod
+podSecurityContext:
+  {}
+  # fsGroup: 2000
+
+# ContainerSecurityContext applied to the container
+securityContext: # +doc-gen:ignore
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 65532
+
+service:
+  # type of service to expose the server
+  type: ClusterIP
+  # service port
+  port: 8080
+
+ingress:
+  # whether to create an Ingress to expose the FHIR server web interface
+  enabled: false
+  # provide any additional annotations which may be required. Evaluated as a template.
+  annotations:
+    {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: fhir-server.127.0.0.1.xip.io
+      pathType: ImplementationSpecific
+      paths: ["/"]
+  # ingress TLS config
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+# resource requests and limits
+resources:
+  {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+# node labels for pods assignment
+# see: <https://kubernetes.io/docs/user-guide/node-selection/>
+nodeSelector: {}
+
+# tolerations for pods assignment
+# see: <https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/>
+tolerations: []
+
+# affinity for pods assignment
+# see: <https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity>
+affinity: {}
+
+# see <https://github.com/bitnami/charts/tree/master/bitnami/postgresql> for details
+postgresql:
+  # enable an included PostgreSQL DB.
+  # if set to `false`, the values under `webApi.db` are used
+  enabled: true
+  # update the default Postgres version to 13.2
+  image: # +doc-gen:break
+    tag: 13.2.0
+  # name of the database to create
+  # see: <https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run>
+  postgresqlDatabase: "fhir"
+  # Name of existing secret to use for PostgreSQL passwords.
+  # The secret has to contain the keys `postgresql-password`
+  # which is the password for `postgresqlUsername` when it is
+  # different of `postgres`, `postgresql-postgres-password` which
+  # will override `postgresqlPassword`, `postgresql-replication-password`
+  # which will override `replication.password` and `postgresql-ldap-password`
+  # which will be sed to authenticate on LDAP. The value is evaluated as a template.
+  existingSecret: ""
+  replication:
+    # should be true for production use
+    enabled: false
+    # number of read replicas
+    readReplicas: 2
+    # set synchronous commit mode: on, off, remote_apply, remote_write and local
+    synchronousCommit: "on"
+    # from the number of `readReplicas` defined above, set the number of those that will have synchronous replication
+    numSynchronousReplicas: 1
+  metrics:
+    # should also be true for production use
+    enabled: false
+    serviceMonitor:
+      # create a Prometheus Operator ServiceMonitor resource
+      enabled: false
+      # the labels used for Prometheus autodiscover, e.g. could be `release: prometheus`
+      additionalLabels: {}
+  containerSecurityContext: # +doc-gen:ignore
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+
+# readiness probe
+readinessProbe: # +doc-gen:ignore
+  failureThreshold: 5
+  initialDelaySeconds: 30
+  periodSeconds: 20
+  successThreshold: 1
+  timeoutSeconds: 20
+# startup probe
+startupProbe: # +doc-gen:ignore
+  failureThreshold: 10
+  initialDelaySeconds: 60
+  periodSeconds: 30
+  successThreshold: 1
+  timeoutSeconds: 30
+
+# only used if `postgresql.enabeld=false`
+externalDatabase:
+  # Database host
+  host: localhost
+  # non-root Username for FHIR Database
+  user: fhir
+  # Database password
+  password: ""
+  # Name of an existing secret resource containing the DB password in a 'postgresql-password' key
+  existingSecret: ""
+  # Database name
+  database: fhir
+  # Database port number
+  port: 5432