Personal-Twin/hapi-fhir-jpaserver-starter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated all Helm chart dependencies to latest (#629)

Browse Source 
* Updated all Helm chart dependencies to latest

* added k8s versions 1.28 and 1.29 to test matrix

* updated actions

* updated curl to 8.6.0
This commit is contained in:
chgl
2024-02-14 11:34:24 +01:00
committed by GitHub
parent 372ef4b6c9
commit f6671f97c5
6 changed files with 30 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.github/workflows/chart-test.yaml vendored
View File

@@ -10,7 +10,7 @@ on:
jobs: jobs:
lint: lint:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
container: quay.io/helmpack/chart-testing:v3.8.0@sha256:f058c660a28d99a9394ae081d98921efe068079531f247c86b8054e3c9d407aa container: quay.io/helmpack/chart-testing:v3.10.1@sha256:7d8a7f99fc5840142249cc33ed6d9752fc66b92f9e1bf792d987ee85227d84da
steps: steps:
- name: Install helm-docs - name: Install helm-docs
working-directory: /tmp working-directory: /tmp
@@ -27,7 +27,7 @@ jobs:
git config --global --add safe.directory /__w/hapi-fhir-jpaserver-starter/hapi-fhir-jpaserver-starter git config --global --add safe.directory /__w/hapi-fhir-jpaserver-starter/hapi-fhir-jpaserver-starter
- name: Checkout - name: Checkout
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
fetch-depth: 0 fetch-depth: 0
@@ -41,17 +41,17 @@ jobs:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
strategy: strategy:
matrix: matrix:
k8s-version: [1.25.9, 1.26.4, 1.27.2] k8s-version: [1.25.11, 1.26.6, 1.27.3, 1.28.0, 1.29.0]
needs: needs:
- lint - lint
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Set up chart-testing - name: Set up chart-testing
uses: helm/chart-testing-action@e8788873172cb653a90ca2e819d79d65a66d4e76 # v2.4.0 uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
- name: Run chart-testing (list-changed) - name: Run chart-testing (list-changed)
id: list-changed id: list-changed
@@ -62,7 +62,7 @@ jobs:
fi fi
- name: Create k8s Kind Cluster - name: Create k8s Kind Cluster
uses: helm/kind-action@fa81e57adff234b2908110485695db0f181f3c67 # v1.7.0 uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
if: ${{ steps.list-changed.outputs.changed == 'true' }} if: ${{ steps.list-changed.outputs.changed == 'true' }}
with: with:
cluster_name: kind-cluster-k8s-${{ matrix.k8s-version }} cluster_name: kind-cluster-k8s-${{ matrix.k8s-version }}

6
charts/hapi-fhir-jpaserver/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: postgresql - name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
version: 12.5.6 version: 13.2.27
digest: sha256:4d21dbc02bbdb55b957b0093e37376853727de82396abfadfaf1d738bd51b8e6 digest: sha256:6374f6f32d32adbe6763c48e2d817d85ec20a1784b2aea1fb0312c658f8e58e9
generated: "2023-06-03T20:58:45.922102213+02:00" generated: "2024-01-10T17:56:36.521957926+01:00"

26
charts/hapi-fhir-jpaserver/Chart.yaml
View File

@@ -7,21 +7,25 @@ sources:
- https://github.com/hapifhir/hapi-fhir-jpaserver-starter - https://github.com/hapifhir/hapi-fhir-jpaserver-starter
dependencies: dependencies:
- name: postgresql - name: postgresql
version: 12.5.6 version: 13.2.27
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
condition: postgresql.enabled condition: postgresql.enabled
appVersion: 6.8.3 appVersion: 6.10.1
version: 0.14.0 version: 0.15.0
annotations: annotations:
artifacthub.io/license: Apache-2.0 artifacthub.io/license: Apache-2.0
artifacthub.io/containsSecurityUpdates: "false"
artifacthub.io/operator: "false"
artifacthub.io/prerelease: "false"
artifacthub.io/recommendations: |
- url: https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack
- url: https://artifacthub.io/packages/helm/bitnami/postgresql
artifacthub.io/changes: | artifacthub.io/changes: |
# When using the list of objects option the valid supported kinds are # When using the list of objects option the valid supported kinds are
# added, changed, deprecated, removed, fixed, and security. # added, changed, deprecated, removed, fixed, and security.
- kind: added - kind: changed
description: updated starter image to 6.8.3 description: updated starter image to 6.10.1
- kind: fixed - kind: changed
description: incorrect handling of existing secret database config description: updated curlimages/curl to 8.5.0
- kind: added - kind: changed
description: support for using a non-admin user for the postgres database description: "updated postgresql sub-chart to 13.2.27. ⚠️: this updates the used PostgreSQL image from v15 to v16."
- kind: added
description: ability to create a dedicated ServiceAccount

10
charts/hapi-fhir-jpaserver/README.md
View File

@@ -1,6 +1,6 @@
# HAPI FHIR JPA Server Starter Helm Chart # HAPI FHIR JPA Server Starter Helm Chart
![Version: 0.14.0](https://img.shields.io/badge/Version-0.14.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.8.3](https://img.shields.io/badge/AppVersion-6.8.3-informational?style=flat-square) ![Version: 0.15.0](https://img.shields.io/badge/Version-0.15.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.10.1](https://img.shields.io/badge/AppVersion-6.10.1-informational?style=flat-square)
This helm chart will help you install the HAPI FHIR JPA Server in a Kubernetes environment. This helm chart will help you install the HAPI FHIR JPA Server in a Kubernetes environment.
@@ -15,7 +15,7 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver
| Repository | Name | Version | | Repository | Name | Version |
|------------|------|---------| |------------|------|---------|
| oci://registry-1.docker.io/bitnamicharts | postgresql | 12.5.6 | | oci://registry-1.docker.io/bitnamicharts | postgresql | 13.2.27 |
## Values ## Values
@@ -36,7 +36,7 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver
| image.pullPolicy | string | `"IfNotPresent"` | image pullPolicy to use | | image.pullPolicy | string | `"IfNotPresent"` | image pullPolicy to use |
| image.registry | string | `"docker.io"` | registry where the HAPI FHIR server image is hosted | | image.registry | string | `"docker.io"` | registry where the HAPI FHIR server image is hosted |
| image.repository | string | `"hapiproject/hapi"` | the path inside the repository | | image.repository | string | `"hapiproject/hapi"` | the path inside the repository |
| image.tag | string | `"v6.8.3@sha256:6195f1116ebabfb0a608addde043b3e524c456c4d4f35b3d25025afd7dcd2e27"` | the image tag. As of v5.7.0, this is the `distroless` flavor by default, add `-tomcat` to use the Tomcat-based image. | | image.tag | string | `"v6.10.1@sha256:4eac1b3481180b028616d1fab7e657e368538063d75f7ed3be2032e34c657dd4"` | the image tag. As of v5.7.0, this is the `distroless` flavor by default, add `-tomcat` to use the Tomcat-based image. |
| imagePullSecrets | list | `[]` | image pull secrets to use when pulling the image | | imagePullSecrets | list | `[]` | image pull secrets to use when pulling the image |
| ingress.annotations | object | `{}` | provide any additional annotations which may be required. Evaluated as a template. | | ingress.annotations | object | `{}` | provide any additional annotations which may be required. Evaluated as a template. |
| ingress.enabled | bool | `false` | whether to create an Ingress to expose the FHIR server HTTP endpoint | | ingress.enabled | bool | `false` | whether to create an Ingress to expose the FHIR server HTTP endpoint |
@@ -57,10 +57,6 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver
| postgresql.auth.database | string | `"fhir"` | name for a custom database to create | | postgresql.auth.database | string | `"fhir"` | name for a custom database to create |
| postgresql.auth.existingSecret | string | `""` | Name of existing secret to use for PostgreSQL credentials `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret The secret must contain the keys `postgres-password` (which is the password for "postgres" admin user), `password` (which is the password for the custom user to create when `auth.username` is set), and `replication-password` (which is the password for replication user). The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. The value is evaluated as a template. | | postgresql.auth.existingSecret | string | `""` | Name of existing secret to use for PostgreSQL credentials `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret The secret must contain the keys `postgres-password` (which is the password for "postgres" admin user), `password` (which is the password for the custom user to create when `auth.username` is set), and `replication-password` (which is the password for replication user). The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. The value is evaluated as a template. |
| postgresql.enabled | bool | `true` | enable an included PostgreSQL DB. see <https://github.com/bitnami/charts/tree/master/bitnami/postgresql> for details if set to `false`, the values under `externalDatabase` are used | | postgresql.enabled | bool | `true` | enable an included PostgreSQL DB. see <https://github.com/bitnami/charts/tree/master/bitnami/postgresql> for details if set to `false`, the values under `externalDatabase` are used |
| postgresql.primary.containerSecurityContext.allowPrivilegeEscalation | bool | `false` | |
| postgresql.primary.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | |
| postgresql.primary.containerSecurityContext.runAsNonRoot | bool | `true` | |
| postgresql.primary.containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
| replicaCount | int | `1` | number of replicas to deploy | | replicaCount | int | `1` | number of replicas to deploy |
| resources | object | `{}` | configure the FHIR server's resource requests and limits | | resources | object | `{}` | configure the FHIR server's resource requests and limits |
| securityContext.allowPrivilegeEscalation | bool | `false` | | | securityContext.allowPrivilegeEscalation | bool | `false` | |

2
charts/hapi-fhir-jpaserver/templates/deployment.yaml
View File

@@ -31,7 +31,7 @@ spec:
{{- toYaml .Values.podSecurityContext | nindent 8 }} {{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers: initContainers:
- name: wait-for-db-to-be-ready - name: wait-for-db-to-be-ready
image: docker.io/bitnami/postgresql:15.3.0-debian-11-r7@sha256:cc301eef743685f4f69d1d719853988e8a9650c90fd9521f4742ce400b3fdf6a image: docker.io/bitnami/postgresql:16.1.0-debian-11-r18@sha256:06f1f2297f6241a02bd8e8c025b31625254ca66784ac75a4a62e945fa611d045
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
{{- with .Values.restrictedContainerSecurityContext }} {{- with .Values.restrictedContainerSecurityContext }}
securityContext: securityContext:

13
charts/hapi-fhir-jpaserver/values.yaml
View File

@@ -7,7 +7,7 @@ image:
# -- the path inside the repository # -- the path inside the repository
repository: hapiproject/hapi repository: hapiproject/hapi
# -- the image tag. As of v5.7.0, this is the `distroless` flavor by default, add `-tomcat` to use the Tomcat-based image. # -- the image tag. As of v5.7.0, this is the `distroless` flavor by default, add `-tomcat` to use the Tomcat-based image.
tag: "v6.8.3@sha256:6195f1116ebabfb0a608addde043b3e524c456c4d4f35b3d25025afd7dcd2e27" tag: "v6.10.1@sha256:4eac1b3481180b028616d1fab7e657e368538063d75f7ed3be2032e34c657dd4"
# -- image pullPolicy to use # -- image pullPolicy to use
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
@@ -121,15 +121,6 @@ postgresql:
# picked from this secret in this case. # picked from this secret in this case.
# The value is evaluated as a template. # The value is evaluated as a template.
existingSecret: "" existingSecret: ""
primary:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
# -- readiness probe # -- readiness probe
# @ignored # @ignored
@@ -240,7 +231,7 @@ curl:
image: image:
registry: docker.io registry: docker.io
repository: curlimages/curl repository: curlimages/curl
tag: 8.4.0@sha256:4a3396ae573c44932d06ba33f8696db4429c419da87cbdc82965ee96a37dd0af tag: 8.6.0@sha256:c3b8bee303c6c6beed656cfc921218c529d65aa61114eb9e27c62047a1271b9b
tests: tests:
# -- configure the test pods resource requests and limits # -- configure the test pods resource requests and limits