From f944ea08b5cb2e1035189e3a762204a3d78b6b2a Mon Sep 17 00:00:00 2001 From: chgl Date: Fri, 5 Feb 2021 17:45:51 +0100 Subject: [PATCH] Added HAPI FHIR server Helm chart (#24) * removed test values * added first draft of a HAPI FHIR helm chart * added missing fields to Chart.yaml * updated docs --- charts/hapi-fhir-jpaserver/.helmignore | 23 ++++ charts/hapi-fhir-jpaserver/Chart.lock | 6 + charts/hapi-fhir-jpaserver/Chart.yaml | 16 +++ charts/hapi-fhir-jpaserver/README.md | 101 +++++++++++++++ charts/hapi-fhir-jpaserver/doc.yaml | 19 +++ .../hapi-fhir-jpaserver/templates/NOTES.txt | 22 ++++ .../templates/_helpers.tpl | 80 ++++++++++++ .../templates/deployment.yaml | 106 +++++++++++++++ .../templates/externaldb-secret.yaml | 14 ++ .../templates/ingress.yaml | 54 ++++++++ .../templates/service.yaml | 15 +++ .../templates/tests/test-connection.yaml | 32 +++++ charts/hapi-fhir-jpaserver/values.yaml | 122 ++++++++++++++++++ charts/ohdsi/Chart.yaml | 2 +- charts/ohdsi/values-test.yaml | 20 --- 15 files changed, 611 insertions(+), 21 deletions(-) create mode 100644 charts/hapi-fhir-jpaserver/.helmignore create mode 100644 charts/hapi-fhir-jpaserver/Chart.lock create mode 100644 charts/hapi-fhir-jpaserver/Chart.yaml create mode 100644 charts/hapi-fhir-jpaserver/README.md create mode 100644 charts/hapi-fhir-jpaserver/doc.yaml create mode 100644 charts/hapi-fhir-jpaserver/templates/NOTES.txt create mode 100644 charts/hapi-fhir-jpaserver/templates/_helpers.tpl create mode 100644 charts/hapi-fhir-jpaserver/templates/deployment.yaml create mode 100644 charts/hapi-fhir-jpaserver/templates/externaldb-secret.yaml create mode 100644 charts/hapi-fhir-jpaserver/templates/ingress.yaml create mode 100644 charts/hapi-fhir-jpaserver/templates/service.yaml create mode 100644 charts/hapi-fhir-jpaserver/templates/tests/test-connection.yaml create mode 100644 charts/hapi-fhir-jpaserver/values.yaml delete mode 100644 charts/ohdsi/values-test.yaml diff --git a/charts/hapi-fhir-jpaserver/.helmignore b/charts/hapi-fhir-jpaserver/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/charts/hapi-fhir-jpaserver/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/hapi-fhir-jpaserver/Chart.lock b/charts/hapi-fhir-jpaserver/Chart.lock new file mode 100644 index 00000000..57acae1f --- /dev/null +++ b/charts/hapi-fhir-jpaserver/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 10.2.0 +digest: sha256:ffc74acdb2350c12e199b3cf080130440bb1e137d1cf10dec1fbdbe597d40510 +generated: "2021-02-05T15:35:39.0212888+01:00" diff --git a/charts/hapi-fhir-jpaserver/Chart.yaml b/charts/hapi-fhir-jpaserver/Chart.yaml new file mode 100644 index 00000000..a94f4be5 --- /dev/null +++ b/charts/hapi-fhir-jpaserver/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +name: hapi-fhir-jpaserver +description: A Helm chart for deploying the HAPI FHIR JPA server starter on Kubernetes. +type: application +home: https://github.com/hapifhir/hapi-fhir-jpaserver-starter +sources: + - https://github.com/hapifhir/hapi-fhir-jpaserver-starter +maintainers: + - name: chgl +dependencies: + - name: postgresql + version: 10.2.0 + repository: https://charts.bitnami.com/bitnami + condition: postgresql.enabled +appVersion: 5.2.0 +version: 0.1.0 diff --git a/charts/hapi-fhir-jpaserver/README.md b/charts/hapi-fhir-jpaserver/README.md new file mode 100644 index 00000000..c597dd8b --- /dev/null +++ b/charts/hapi-fhir-jpaserver/README.md @@ -0,0 +1,101 @@ +# hapi-fhir-jpaserver + +[HAPI FHIR JPA Server](https://github.com/hapifhir/hapi-fhir-jpaserver-starter) - Helm chart for deploying the HAPI FHIR JPA starter server + +## TL;DR; + +```console +$ helm repo add chgl https://chgl.github.io/charts +$ helm repo update +$ helm install hapi-fhir-jpaserver chgl/hapi-fhir-jpaserver -n fhir +``` + +## Introduction + +This chart deploys the HAPI FHIR JPA starter server. on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes v1.16+ +- Helm v3 + +## Installing the Chart + +To install the chart with the release name `hapi-fhir-jpaserver`: + +```console +$ helm install hapi-fhir-jpaserver chgl/hapi-fhir-jpaserver -n fhir +``` + +The command deploys the HAPI FHIR JPA starter server. on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `hapi-fhir-jpaserver`: + +```console +$ helm delete hapi-fhir-jpaserver -n fhir +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the `hapi-fhir-jpaserver` chart and their default values. + +| Parameter | Description | Default | +| -------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------- | +| replicaCount | | `1` | +| image.registry | | `ghcr.io` | +| image.repository | | `chgl/hapi/hapi-fhir-jpaserver-starter` | +| image.tag | | `"5.2.0-distroless"` | +| image.pullPolicy | | `IfNotPresent` | +| imagePullSecrets | | `[]` | +| nameOverride | | `""` | +| fullnameOverride | | `""` | +| podAnnotations | | `{}` | +| podSecurityContext | | `{}` | +| securityContext.readOnlyRootFilesystem | | `true` | +| securityContext.runAsNonRoot | | `true` | +| securityContext.runAsUser | | `65532` | +| service.type | | `ClusterIP` | +| service.port | | `80` | +| ingress.enabled | whether to create an Ingress to expose the FHIR server web interface | `false` | +| ingress.annotations | provide any additional annotations which may be required. Evaluated as a template. | `{}` | +| ingress.tls | ingress TLS config | `[]` | +| resources | | `{}` | +| nodeSelector | | `{}` | +| tolerations | | `[]` | +| affinity | | `{}` | +| postgresql.enabled | enable an included PostgreSQL DB. if set to `false`, the values under `webApi.db` are used | `true` | +| postgresql.image | update the default Postgres version to 13.1 | `{"tag":"13.1.0"}` | +| postgresql.postgresqlDatabase | name of the database to create see: | `"fhir"` | +| postgresql.existingSecret | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-postgres-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be sed to authenticate on LDAP. The value is evaluated as a template. | `""` | +| postgresql.replication.enabled | should be true for production use | `false` | +| postgresql.replication.readReplicas | number of read replicas | `2` | +| postgresql.replication.synchronousCommit | set synchronous commit mode: on, off, remote_apply, remote_write and local | `"on"` | +| postgresql.replication.numSynchronousReplicas | from the number of `readReplicas` defined above, set the number of those that will have synchronous replication | `1` | +| postgresql.metrics.enabled | should also be true for production use | `false` | +| postgresql.metrics.serviceMonitor.enabled | create a Prometheus Operator ServiceMonitor resource | `false` | +| postgresql.metrics.serviceMonitor.additionalLabels | the labels used for Prometheus autodiscover, e.g. could be `release: prometheus` | `{}` | +| externalDatabase.host | Database host | `localhost` | +| externalDatabase.user | non-root Username for FHIR Database | `fhir` | +| externalDatabase.password | Database password | `""` | +| externalDatabase.existingSecret | Name of an existing secret resource containing the DB password in a 'postgresql-password' key | `""` | +| externalDatabase.database | Database name | `fhir` | +| externalDatabase.port | Database port number | `5432` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: + +```console +$ helm install hapi-fhir-jpaserver chgl/hapi-fhir-jpaserver -n fhir --set replicaCount=1 +``` + +Alternatively, a YAML file that specifies the values for the parameters can be provided while +installing the chart. For example: + +```console +$ helm install hapi-fhir-jpaserver chgl/hapi-fhir-jpaserver -n fhir --values values.yaml +``` diff --git a/charts/hapi-fhir-jpaserver/doc.yaml b/charts/hapi-fhir-jpaserver/doc.yaml new file mode 100644 index 00000000..dbeb5e91 --- /dev/null +++ b/charts/hapi-fhir-jpaserver/doc.yaml @@ -0,0 +1,19 @@ +project: + name: HAPI FHIR JPA Server + shortName: hapi-fhir-jpaserver + url: https://github.com/hapifhir/hapi-fhir-jpaserver-starter + description: Helm chart for deploying the HAPI FHIR JPA starter server + app: the HAPI FHIR JPA starter server. +repository: + url: https://chgl.github.io/charts + name: chgl +chart: + name: hapi-fhir-jpaserver + values: "-- generate from values file --" + valuesExample: "-- generate from values file --" +prerequisites: + - "Kubernetes v1.16+" + - "Helm v3" +release: + name: hapi-fhir-jpaserver + namespace: fhir diff --git a/charts/hapi-fhir-jpaserver/templates/NOTES.txt b/charts/hapi-fhir-jpaserver/templates/NOTES.txt new file mode 100644 index 00000000..87fa7d4d --- /dev/null +++ b/charts/hapi-fhir-jpaserver/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "hapi-fhir-jpaserver.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "hapi-fhir-jpaserver.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "hapi-fhir-jpaserver.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "hapi-fhir-jpaserver.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/charts/hapi-fhir-jpaserver/templates/_helpers.tpl b/charts/hapi-fhir-jpaserver/templates/_helpers.tpl new file mode 100644 index 00000000..54f127c9 --- /dev/null +++ b/charts/hapi-fhir-jpaserver/templates/_helpers.tpl @@ -0,0 +1,80 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "hapi-fhir-jpaserver.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "hapi-fhir-jpaserver.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "hapi-fhir-jpaserver.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "hapi-fhir-jpaserver.labels" -}} +helm.sh/chart: {{ include "hapi-fhir-jpaserver.chart" . }} +{{ include "hapi-fhir-jpaserver.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "hapi-fhir-jpaserver.selectorLabels" -}} +app.kubernetes.io/name: {{ include "hapi-fhir-jpaserver.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the JDBC URL from the host, port and database name. +*/}} +{{- define "hapi-fhir-jpaserver.jdbcUrl" -}} +{{- if .Values.postgresql.enabled -}} +{{- $pgServiceName := ( printf "%s-%s" .Release.Name "postgresql") -}} +{{ printf "jdbc:postgresql://%s:%d/%s" $pgServiceName 5432 .Values.postgresql.postgresqlDatabase }} +{{- else -}} +{{ printf "jdbc:postgresql://%s:%d/%s" .Values.externalDatabase.host (int64 .Values.externalDatabase.port) .Values.externalDatabase.database }} +{{- end -}} +{{- end -}} + +{{/* +Get the name of the secret containing the DB password +*/}} +{{- define "hapi-fhir-jpaserver.db-secretName" -}} +{{- if .Values.postgresql.enabled -}} +{{- if .Values.postgresql.existingSecret -}} + {{ .Values.postgresql.existingSecret | quote }} +{{- else -}} + {{ printf "%s-%s" .Release.Name "postgresql" }} +{{- end -}} +{{- else if .Values.externalDatabase.existingSecret -}} + {{ .Values.externalDatabase.existingSecret | quote }} +{{- else -}} + {{ printf "%s-%s" .Release.Name "externaldb" }} +{{- end -}} +{{- end -}} diff --git a/charts/hapi-fhir-jpaserver/templates/deployment.yaml b/charts/hapi-fhir-jpaserver/templates/deployment.yaml new file mode 100644 index 00000000..3128e91a --- /dev/null +++ b/charts/hapi-fhir-jpaserver/templates/deployment.yaml @@ -0,0 +1,106 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "hapi-fhir-jpaserver.fullname" . }} + labels: + {{- include "hapi-fhir-jpaserver.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "hapi-fhir-jpaserver.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "hapi-fhir-jpaserver.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if .Values.postgresql.enabled }} + initContainers: + - name: wait-for-db + image: busybox:1.32 + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + privileged: false + capabilities: + drop: + - ALL + runAsNonRoot: true + runAsUser: 11111 + runAsGroup: 11111 + command: ["sh", "-c", "while ! nc -z {{ .Release.Name }}-postgresql 5432 -w 5; do echo $(date) waiting for database; sleep 5; done;"] + {{- end }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 8080 + protocol: TCP + readinessProbe: + httpGet: + path: /fhir/metadata + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + env: + - name: SPRING_DATASOURCE_URL + value: {{ include "hapi-fhir-jpaserver.jdbcUrl" $ }} + - name: SPRING_DATASOURCE_USERNAME + {{- if .Values.postgresql.enabled }} + value: {{ .Values.postgresql.postgresqlUsername }} + {{- else }} + value: {{ .Values.externalDatabase.user | quote }} + {{- end }} + - name: SPRING_DATASOURCE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "hapi-fhir-jpaserver.db-secretName" . }} + key: postgresql-password + - name: SPRING_DATASOURCE_DRIVERCLASSNAME + value: org.postgresql.Driver + - name: SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT + value: org.hibernate.dialect.PostgreSQL10Dialect + - name: HAPI_FHIR_USE_APACHE_ADDRESS_STRATEGY + value: "true" + - name: SPRING_JPA_DATABASE_PLATFORM + value: org.hibernate.dialect.PostgreSQLDialect + {{- if .Values.extraEnv }} + {{ toYaml .Values.extraEnv | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /tmp + name: tmp-volume + - mountPath: /app/target + name: lucenefiles-volume + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: tmp-volume + emptyDir: {} + - name: lucenefiles-volume + emptyDir: {} diff --git a/charts/hapi-fhir-jpaserver/templates/externaldb-secret.yaml b/charts/hapi-fhir-jpaserver/templates/externaldb-secret.yaml new file mode 100644 index 00000000..cc0c19ed --- /dev/null +++ b/charts/hapi-fhir-jpaserver/templates/externaldb-secret.yaml @@ -0,0 +1,14 @@ +{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecret) (not .Values.postgresql.existingSecret)}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-%s" .Release.Name "externaldb" }} + labels: + app.kubernetes.io/name: {{ include "hapi-fhir-server.name" . }} + helm.sh/chart: {{ include "hapi-fhir-server.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +type: Opaque +data: + postgresql-password: {{ .Values.externalDatabase.password | b64enc | quote }} +{{- end }} diff --git a/charts/hapi-fhir-jpaserver/templates/ingress.yaml b/charts/hapi-fhir-jpaserver/templates/ingress.yaml new file mode 100644 index 00000000..df4862b9 --- /dev/null +++ b/charts/hapi-fhir-jpaserver/templates/ingress.yaml @@ -0,0 +1,54 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "hapi-fhir-jpaserver.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion }} +apiVersion: networking.k8s.io/v1beta1 +{{ else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "hapi-fhir-jpaserver.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + {{- $pathType := .pathType }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: {{ $pathType | default "ImplementationSpecific" }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{ else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/hapi-fhir-jpaserver/templates/service.yaml b/charts/hapi-fhir-jpaserver/templates/service.yaml new file mode 100644 index 00000000..90a05a29 --- /dev/null +++ b/charts/hapi-fhir-jpaserver/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "hapi-fhir-jpaserver.fullname" . }} + labels: + {{- include "hapi-fhir-jpaserver.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "hapi-fhir-jpaserver.selectorLabels" . | nindent 4 }} diff --git a/charts/hapi-fhir-jpaserver/templates/tests/test-connection.yaml b/charts/hapi-fhir-jpaserver/templates/tests/test-connection.yaml new file mode 100644 index 00000000..f06be1b6 --- /dev/null +++ b/charts/hapi-fhir-jpaserver/templates/tests/test-connection.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "hapi-fhir-jpaserver.fullname" . }}-test-connection" + labels: + {{- include "hapi-fhir-jpaserver.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + restartPolicy: Never + containers: + - name: wget + image: busybox:1 + command: ['wget'] + args: ['{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.service.port }}/fhir/metadata'] + securityContext: + readOnlyRootFilesystem: true + runAsUser: 22222 + runAsNonRoot: true + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + livenessProbe: + exec: + command: ["true"] + readinessProbe: + exec: + command: ["true"] diff --git a/charts/hapi-fhir-jpaserver/values.yaml b/charts/hapi-fhir-jpaserver/values.yaml new file mode 100644 index 00000000..d8c35e91 --- /dev/null +++ b/charts/hapi-fhir-jpaserver/values.yaml @@ -0,0 +1,122 @@ +# Default values for hapi-fhir-jpaserver. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + registry: ghcr.io + repository: chgl/hapi/hapi-fhir-jpaserver-starter + tag: "5.2.0-distroless" + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +podAnnotations: {} + +podSecurityContext: + {} + # fsGroup: 2000 + +securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 65532 + +service: + type: ClusterIP + port: 80 + +ingress: + # whether to create an Ingress to expose the FHIR server web interface + enabled: false + # provide any additional annotations which may be required. Evaluated as a template. + annotations: + {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: fhir-server.127.0.0.1.xip.io + pathType: ImplementationSpecific + paths: ["/"] + # ingress TLS config + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: + {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +# see for details +postgresql: + # enable an included PostgreSQL DB. + # if set to `false`, the values under `webApi.db` are used + enabled: true + # update the default Postgres version to 13.1 + image: # +doc-gen:break + tag: 13.1.0 + # name of the database to create + # see: + postgresqlDatabase: "fhir" + # Name of existing secret to use for PostgreSQL passwords. + # The secret has to contain the keys `postgresql-password` + # which is the password for `postgresqlUsername` when it is + # different of `postgres`, `postgresql-postgres-password` which + # will override `postgresqlPassword`, `postgresql-replication-password` + # which will override `replication.password` and `postgresql-ldap-password` + # which will be sed to authenticate on LDAP. The value is evaluated as a template. + existingSecret: "" + replication: + # should be true for production use + enabled: false + # number of read replicas + readReplicas: 2 + # set synchronous commit mode: on, off, remote_apply, remote_write and local + synchronousCommit: "on" + # from the number of `readReplicas` defined above, set the number of those that will have synchronous replication + numSynchronousReplicas: 1 + metrics: + # should also be true for production use + enabled: false + serviceMonitor: + # create a Prometheus Operator ServiceMonitor resource + enabled: false + # the labels used for Prometheus autodiscover, e.g. could be `release: prometheus` + additionalLabels: {} + +# only used if `postgresql.enabeld=false` +externalDatabase: + # Database host + host: localhost + # non-root Username for FHIR Database + user: fhir + # Database password + password: "" + # Name of an existing secret resource containing the DB password in a 'postgresql-password' key + existingSecret: "" + # Database name + database: fhir + # Database port number + port: 5432 diff --git a/charts/ohdsi/Chart.yaml b/charts/ohdsi/Chart.yaml index a9d3ee62..18a94fec 100644 --- a/charts/ohdsi/Chart.yaml +++ b/charts/ohdsi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: ohdsi description: A Helm chart for deploying OHDSI ATLAS and WebAPI. type: application -version: 0.4.2 +version: 0.4.3 home: https://github.com/OHDSI keywords: - ohdsi diff --git a/charts/ohdsi/values-test.yaml b/charts/ohdsi/values-test.yaml deleted file mode 100644 index 65f61bb4..00000000 --- a/charts/ohdsi/values-test.yaml +++ /dev/null @@ -1,20 +0,0 @@ -postgresql: - postgresqlPassword: "postgres" - -webApi: - ingress: - enabled: true - -atlas: - ingress: - enabled: true - -achilles: - schedule: "@hourly" - schemas: - # name of the schema containing the OMOP CDM. Equivalent to the Achilles `ACHILLES_CDM_SCHEMA` env var. - cdm: "cds_cdm" - # name of the schema containing the vocabulary. Equivalent to the Achilles `ACHILLES_VOCAB_SCHEMA` env var. - vocab: "cds_cdm" - # name of the schema containing the cohort generation results. Equivalent to the Achilles `ACHILLES_RES_SCHEMA` env var. - res: "cds_results"