179 lines
4.9 KiB
YAML
179 lines
4.9 KiB
YAML
# -- number of replicas to deploy
|
|
replicaCount: 1
|
|
|
|
image:
|
|
# -- registry where the HAPI FHIR server image is hosted
|
|
registry: docker.io
|
|
# -- the path inside the repository
|
|
repository: hapiproject/hapi
|
|
# -- defaults to `Chart.appVersion`. As of v5.7.0, this is the `distroless` flavor
|
|
tag: ""
|
|
# -- image pullPolicy to use
|
|
pullPolicy: IfNotPresent
|
|
|
|
# -- image pull secrets to use when pulling the image
|
|
imagePullSecrets: []
|
|
|
|
# -- override the chart name
|
|
nameOverride: ""
|
|
|
|
# -- override the chart fullname
|
|
fullnameOverride: ""
|
|
|
|
# -- annotations applied to the server deployment
|
|
deploymentAnnotations: {}
|
|
|
|
# -- annotations applied to the server pod
|
|
podAnnotations: {}
|
|
|
|
# -- pod security context
|
|
podSecurityContext:
|
|
{}
|
|
# fsGroup: 2000
|
|
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
runAsUser: 65532
|
|
|
|
# service to expose the server
|
|
service:
|
|
# -- service type
|
|
type: ClusterIP
|
|
# -- port where the server will be exposed at
|
|
port: 8080
|
|
|
|
ingress:
|
|
# -- whether to create an Ingress to expose the FHIR server HTTP endpoint
|
|
enabled: false
|
|
# -- provide any additional annotations which may be required. Evaluated as a template.
|
|
annotations:
|
|
{}
|
|
# kubernetes.io/ingress.class: nginx
|
|
# kubernetes.io/tls-acme: "true"
|
|
hosts:
|
|
- host: fhir-server.127.0.0.1.nip.io
|
|
pathType: ImplementationSpecific
|
|
paths: ["/"]
|
|
# -- ingress TLS config
|
|
tls: []
|
|
# - secretName: chart-example-tls
|
|
# hosts:
|
|
# - chart-example.local
|
|
|
|
# -- configure the FHIR server's resource requests and limits
|
|
resources:
|
|
{}
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
# -- node selector for the pod
|
|
nodeSelector: {}
|
|
|
|
# -- pod tolerations
|
|
tolerations: []
|
|
|
|
# -- pod affinity
|
|
affinity: {}
|
|
|
|
postgresql:
|
|
# -- enable an included PostgreSQL DB.
|
|
# see <https://github.com/bitnami/charts/tree/master/bitnami/postgresql> for details
|
|
# if set to `false`, the values under `externalDatabase` are used
|
|
enabled: true
|
|
auth:
|
|
# -- name for a custom database to create
|
|
database: "fhir"
|
|
# -- Name of existing secret to use for PostgreSQL credentials
|
|
# `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret
|
|
# The secret must contain the keys `postgres-password` (which is the password for "postgres" admin user),
|
|
# `password` (which is the password for the custom user to create when `auth.username` is set),
|
|
# and `replication-password` (which is the password for replication user).
|
|
# The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and
|
|
# picked from this secret in this case.
|
|
# The value is evaluated as a template.
|
|
existingSecret: ""
|
|
primary:
|
|
containerSecurityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
|
|
readinessProbe:
|
|
failureThreshold: 5
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 20
|
|
successThreshold: 1
|
|
timeoutSeconds: 20
|
|
|
|
startupProbe:
|
|
failureThreshold: 10
|
|
initialDelaySeconds: 60
|
|
periodSeconds: 30
|
|
successThreshold: 1
|
|
timeoutSeconds: 30
|
|
|
|
externalDatabase:
|
|
# -- external database host used with `postgresql.enabled=false`
|
|
host: localhost
|
|
# -- database port number
|
|
port: 5432
|
|
# -- username for the external database
|
|
user: fhir
|
|
# -- database password
|
|
password: ""
|
|
# -- name of an existing secret resource containing the DB password in the `existingSecretKey` key
|
|
existingSecret: ""
|
|
# -- name of the key inside the `existingSecret`
|
|
existingSecretKey: "postgresql-password"
|
|
# -- database name
|
|
database: fhir
|
|
|
|
networkPolicy:
|
|
# -- enable NetworkPolicy
|
|
enabled: false
|
|
# -- a Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed
|
|
explicitNamespacesSelector:
|
|
{}
|
|
# matchLabels:
|
|
# team: one
|
|
# test: foo
|
|
|
|
# -- Additional allowed NetworkPolicyPeer specs
|
|
# Evaluated as a template so you could do:
|
|
#
|
|
# Example:
|
|
# allowedFrom:
|
|
# - podSelector:
|
|
# matchLabels:
|
|
# app.kubernetes.io/name: {{ $.Release.Name }}
|
|
allowedFrom: []
|
|
|
|
# -- extra environment variables to set on the server container
|
|
extraEnv:
|
|
[]
|
|
# - name: SPRING_FLYWAY_BASELINE_ON_MIGRATE
|
|
# value: "true"
|
|
|
|
podDisruptionBudget:
|
|
# -- Enable PodDisruptionBudget for the server pods.
|
|
# uses policy/v1/PodDisruptionBudget thus requiring k8s 1.21+
|
|
enabled: false
|
|
# -- minimum available instances
|
|
minAvailable: 1
|
|
# -- maximum unavailable instances
|
|
maxUnavailable: ""
|