From 43921790fa2b5bad669715608478f5b7819f3606 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn=20Guy=20S=C3=BC=C3=9F?= Date: Wed, 16 Jul 2025 13:35:34 +1000 Subject: [PATCH] Add chart and chart workflow --- .github/ct/chart-schema.yaml | 23 ++ .github/ct/config.yaml | 15 + .github/workflows/build-images.yaml | 84 +++++ .github/workflows/chart-release.yaml | 36 ++ .github/workflows/chart-test.yaml | 73 ++++ .gitignore | 2 + charts/fhirflare-ig-toolkit/Chart.lock | 6 + charts/fhirflare-ig-toolkit/Chart.yaml | 2 +- charts/fhirflare-ig-toolkit/charts/.gitignore | 1 + .../charts/postgresql/templates/.gitignore | 2 + .../postgresql/templates/primary/.gitignore | 5 + .../hapi-fhir-jpaserver/templates/.gitignore | 2 + .../templates/tests/.gitignore | 1 + .../fhirflare-ig-toolkit/templates/.gitignore | 2 + .../templates/tests/.gitignore | 1 + .../templates/_helpers.tpl | 18 +- .../templates/deployment.yaml | 84 +++-- .../templates/service.yaml | 17 +- charts/fhirflare-ig-toolkit/values.yaml | 342 ++++-------------- 19 files changed, 404 insertions(+), 312 deletions(-) create mode 100644 .github/ct/chart-schema.yaml create mode 100644 .github/ct/config.yaml create mode 100644 .github/workflows/build-images.yaml create mode 100644 .github/workflows/chart-release.yaml create mode 100644 .github/workflows/chart-test.yaml create mode 100644 .gitignore create mode 100644 charts/fhirflare-ig-toolkit/Chart.lock create mode 100644 charts/fhirflare-ig-toolkit/charts/.gitignore create mode 100644 charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/charts/hapi-fhir-jpaserver/charts/postgresql/templates/.gitignore create mode 100644 charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/charts/hapi-fhir-jpaserver/charts/postgresql/templates/primary/.gitignore create mode 100644 charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/charts/hapi-fhir-jpaserver/templates/.gitignore create mode 100644 charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/charts/hapi-fhir-jpaserver/templates/tests/.gitignore create mode 100644 charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/templates/.gitignore create mode 100644 charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/templates/tests/.gitignore diff --git a/.github/ct/chart-schema.yaml b/.github/ct/chart-schema.yaml new file mode 100644 index 0000000..7b3fb0a --- /dev/null +++ b/.github/ct/chart-schema.yaml @@ -0,0 +1,23 @@ +name: str() +home: str() +version: str() +apiVersion: str() +appVersion: any(str(), num(), required=False) +type: str() +dependencies: any(required=False) +description: str() +keywords: list(str(), required=False) +sources: list(str(), required=False) +maintainers: list(include('maintainer'), required=False) +icon: str(required=False) +engine: str(required=False) +condition: str(required=False) +tags: str(required=False) +deprecated: bool(required=False) +kubeVersion: str(required=False) +annotations: map(str(), str(), required=False) +--- +maintainer: + name: str() + email: str(required=False) + url: str(required=False) diff --git a/.github/ct/config.yaml b/.github/ct/config.yaml new file mode 100644 index 0000000..3721957 --- /dev/null +++ b/.github/ct/config.yaml @@ -0,0 +1,15 @@ +debug: true +remote: origin +chart-yaml-schema: .github/ct/chart-schema.yaml +validate-maintainers: false +validate-chart-schema: true +validate-yaml: true +check-version-increment: true +chart-dirs: + - charts +helm-extra-args: --timeout 300s +upgrade: true +skip-missing-values: true +release-label: release +release-name-template: "helm-v{{ .Version }}" +target-branch: master diff --git a/.github/workflows/build-images.yaml b/.github/workflows/build-images.yaml new file mode 100644 index 0000000..542bd64 --- /dev/null +++ b/.github/workflows/build-images.yaml @@ -0,0 +1,84 @@ +name: Build Container Images + +on: + push: + tags: + - "image/v*" + paths-ignore: + - "charts/**" + pull_request: + branches: [master] + paths-ignore: + - "charts/**" +env: + IMAGES: docker.io/hapiproject/hapi + PLATFORMS: linux/amd64,linux/arm64/v8 + +jobs: + build: + name: Build + runs-on: ubuntu-22.04 + steps: + - name: Container meta for default (distroless) image + id: docker_meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.IMAGES }} + tags: | + type=match,pattern=image/(.*),group=1,enable=${{github.event_name != 'pull_request'}} + + + - name: Container meta for tomcat image + id: docker_tomcat_meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.IMAGES }} + tags: | + type=match,pattern=image/(.*),group=1,enable=${{github.event_name != 'pull_request'}} + flavor: | + suffix=-tomcat,onlatest=true + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to DockerHub + uses: docker/login-action@v3 + if: github.event_name != 'pull_request' + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Cache Docker layers + uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Build and push default (distroless) image + id: docker_build + uses: docker/build-push-action@v5 + with: + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.docker_meta.outputs.tags }} + labels: ${{ steps.docker_meta.outputs.labels }} + platforms: ${{ env.PLATFORMS }} + target: default + + - name: Build and push tomcat image + id: docker_build_tomcat + uses: docker/build-push-action@v5 + with: + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.docker_tomcat_meta.outputs.tags }} + labels: ${{ steps.docker_tomcat_meta.outputs.labels }} + platforms: ${{ env.PLATFORMS }} + target: tomcat diff --git a/.github/workflows/chart-release.yaml b/.github/workflows/chart-release.yaml new file mode 100644 index 0000000..19605c0 --- /dev/null +++ b/.github/workflows/chart-release.yaml @@ -0,0 +1,36 @@ +name: Release Charts + +on: + push: + branches: + - master + paths: + - "charts/**" + +jobs: + release: + runs-on: ubuntu-22.04 + steps: + - name: Add workspace as safe directory + run: | + git config --global --add safe.directory /__w/FHIRFLARE-IG-Toolkit/FHIRFLARE-IG-Toolkit + + - name: Checkout + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Update dependencies + run: find charts/ ! -path charts/ -maxdepth 1 -type d -exec helm dependency update {} \; + + - name: Run chart-releaser + uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0 + with: + config: .github/ct/config.yaml + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file diff --git a/.github/workflows/chart-test.yaml b/.github/workflows/chart-test.yaml new file mode 100644 index 0000000..ef83c32 --- /dev/null +++ b/.github/workflows/chart-test.yaml @@ -0,0 +1,73 @@ +name: Lint and Test Charts + +on: + pull_request: + branches: + - master + paths: + - "charts/**" + +jobs: + lint: + runs-on: ubuntu-22.04 + container: quay.io/helmpack/chart-testing:v3.11.0@sha256:f2fd21d30b64411105c7eafb1862783236a219d29f2292219a09fe94ca78ad2a + steps: + - name: Install helm-docs + working-directory: /tmp + env: + HELM_DOCS_URL: https://github.com/norwoodj/helm-docs/releases/download/v1.14.2/helm-docs_1.14.2_Linux_x86_64.tar.gz + run: | + curl -LSs $HELM_DOCS_URL | tar xz && \ + mv ./helm-docs /usr/local/bin/helm-docs && \ + chmod +x /usr/local/bin/helm-docs && \ + helm-docs --version + + - name: Add workspace as safe directory + run: | + git config --global --add safe.directory /__w/hapi-fhir-jpaserver-starter/hapi-fhir-jpaserver-starter + + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + + - name: Check if documentation is up-to-date + run: helm-docs && git diff --exit-code HEAD + + - name: Run chart-testing (lint) + run: ct lint --config .github/ct/config.yaml + + test: + runs-on: ubuntu-22.04 + strategy: + matrix: + k8s-version: [1.30.8, 1.31.4, 1.32.0] + needs: + - lint + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + + - name: Set up chart-testing + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --config .github/ct/config.yaml) + if [[ -n "$changed" ]]; then + echo "::set-output name=changed::true" + fi + + - name: Create k8s Kind Cluster + uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 + if: ${{ steps.list-changed.outputs.changed == 'true' }} + with: + cluster_name: kind-cluster-k8s-${{ matrix.k8s-version }} + node_image: kindest/node:v${{ matrix.k8s-version }} + + - name: Run chart-testing (install) + run: ct install --config .github/ct/config.yaml + if: ${{ steps.list-changed.outputs.changed == 'true' }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b4cd5a7 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +/instance/ +/logs/ diff --git a/charts/fhirflare-ig-toolkit/Chart.lock b/charts/fhirflare-ig-toolkit/Chart.lock new file mode 100644 index 0000000..d05fd1b --- /dev/null +++ b/charts/fhirflare-ig-toolkit/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: hapi-fhir-jpaserver + repository: https://hapifhir.github.io/hapi-fhir-jpaserver-starter/ + version: 0.20.0 +digest: sha256:0e3b3ee43fdec137a4e61465880c7f437bac52459514674d4ce54aac39f83bde +generated: "2025-07-16T09:42:23.594307042+10:00" diff --git a/charts/fhirflare-ig-toolkit/Chart.yaml b/charts/fhirflare-ig-toolkit/Chart.yaml index e76d72f..4b4a9e8 100644 --- a/charts/fhirflare-ig-toolkit/Chart.yaml +++ b/charts/fhirflare-ig-toolkit/Chart.yaml @@ -11,7 +11,7 @@ keywords: - ig-toolkit home: https://github.com/jgsuess/FHIRFLARE-IG-Toolkit maintainers: - - name: FHIRFLARE Team + - name: Jörn Guy Süß email: jgsuess@gmail.com dependencies: - name: hapi-fhir-jpaserver diff --git a/charts/fhirflare-ig-toolkit/charts/.gitignore b/charts/fhirflare-ig-toolkit/charts/.gitignore new file mode 100644 index 0000000..7368961 --- /dev/null +++ b/charts/fhirflare-ig-toolkit/charts/.gitignore @@ -0,0 +1 @@ +/hapi-fhir-jpaserver-0.20.0.tgz diff --git a/charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/charts/hapi-fhir-jpaserver/charts/postgresql/templates/.gitignore b/charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/charts/hapi-fhir-jpaserver/charts/postgresql/templates/.gitignore new file mode 100644 index 0000000..70f2fe9 --- /dev/null +++ b/charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/charts/hapi-fhir-jpaserver/charts/postgresql/templates/.gitignore @@ -0,0 +1,2 @@ +/secrets.yaml +/serviceaccount.yaml diff --git a/charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/charts/hapi-fhir-jpaserver/charts/postgresql/templates/primary/.gitignore b/charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/charts/hapi-fhir-jpaserver/charts/postgresql/templates/primary/.gitignore new file mode 100644 index 0000000..38cd264 --- /dev/null +++ b/charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/charts/hapi-fhir-jpaserver/charts/postgresql/templates/primary/.gitignore @@ -0,0 +1,5 @@ +/networkpolicy.yaml +/pdb.yaml +/statefulset.yaml +/svc-headless.yaml +/svc.yaml diff --git a/charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/charts/hapi-fhir-jpaserver/templates/.gitignore b/charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/charts/hapi-fhir-jpaserver/templates/.gitignore new file mode 100644 index 0000000..c11985b --- /dev/null +++ b/charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/charts/hapi-fhir-jpaserver/templates/.gitignore @@ -0,0 +1,2 @@ +/deployment.yaml +/service.yaml diff --git a/charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/charts/hapi-fhir-jpaserver/templates/tests/.gitignore b/charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/charts/hapi-fhir-jpaserver/templates/tests/.gitignore new file mode 100644 index 0000000..1e747a8 --- /dev/null +++ b/charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/charts/hapi-fhir-jpaserver/templates/tests/.gitignore @@ -0,0 +1 @@ +/test-endpoints.yaml diff --git a/charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/templates/.gitignore b/charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/templates/.gitignore new file mode 100644 index 0000000..c11985b --- /dev/null +++ b/charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/templates/.gitignore @@ -0,0 +1,2 @@ +/deployment.yaml +/service.yaml diff --git a/charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/templates/tests/.gitignore b/charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/templates/tests/.gitignore new file mode 100644 index 0000000..1e747a8 --- /dev/null +++ b/charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/templates/tests/.gitignore @@ -0,0 +1 @@ +/test-endpoints.yaml diff --git a/charts/fhirflare-ig-toolkit/templates/_helpers.tpl b/charts/fhirflare-ig-toolkit/templates/_helpers.tpl index 954d1e9..6383d80 100644 --- a/charts/fhirflare-ig-toolkit/templates/_helpers.tpl +++ b/charts/fhirflare-ig-toolkit/templates/_helpers.tpl @@ -1,7 +1,7 @@ {{/* Expand the name of the chart. */}} -{{- define "hapi-fhir-jpaserver.name" -}} +{{- define "fhirflare-ig-toolkit.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -10,7 +10,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "hapi-fhir-jpaserver.fullname" -}} +{{- define "fhirflare-ig-toolkit.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "hapi-fhir-jpaserver.chart" -}} +{{- define "fhirflare-ig-toolkit.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} -{{- define "hapi-fhir-jpaserver.labels" -}} -helm.sh/chart: {{ include "hapi-fhir-jpaserver.chart" . }} -{{ include "hapi-fhir-jpaserver.selectorLabels" . }} +{{- define "fhirflare-ig-toolkit.labels" -}} +helm.sh/chart: {{ include "fhirflare-ig-toolkit.chart" . }} +{{ include "fhirflare-ig-toolkit.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -45,8 +45,8 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Selector labels */}} -{{- define "hapi-fhir-jpaserver.selectorLabels" -}} -app.kubernetes.io/name: {{ include "hapi-fhir-jpaserver.name" . }} +{{- define "fhirflare-ig-toolkit.selectorLabels" -}} +app.kubernetes.io/name: {{ include "fhirflare-ig-toolkit.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} @@ -149,4 +149,4 @@ Create the JDBC URL from the host, port and database name. {{- $name := (include "hapi-fhir-jpaserver.database.name" .) -}} {{- $appName := .Release.Name -}} {{ printf "jdbc:postgresql://%s:%d/%s?ApplicationName=%s" $host (int $port) $name $appName }} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/fhirflare-ig-toolkit/templates/deployment.yaml b/charts/fhirflare-ig-toolkit/templates/deployment.yaml index 3f1eadf..76acd54 100644 --- a/charts/fhirflare-ig-toolkit/templates/deployment.yaml +++ b/charts/fhirflare-ig-toolkit/templates/deployment.yaml @@ -1,46 +1,88 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: fhirflare + name: {{ include "fhirflare-ig-toolkit.fullname" . }} + labels: +{{ include "fhirflare-ig-toolkit.labels" . | indent 4 }} spec: - replicas: 1 + replicas: {{ .Values.replicaCount | default 1 }} selector: - matchLabels: - io.kompose.service: fhirflare + matchLabels: +{{ include "fhirflare-ig-toolkit.selectorLabels" . | indent 6 }} strategy: type: Recreate template: metadata: - labels: - io.kompose.service: fhirflare + labels: +{{ include "fhirflare-ig-toolkit.selectorLabels" . | indent 8 }} + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - - args: - - supervisord - - -c - - /etc/supervisord.conf + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: ["supervisord", "-c", "/etc/supervisord.conf"] env: - name: APP_BASE_URL - value: http://localhost:5000 + value: {{ .Values.config.appBaseUrl | default "http://localhost:5000" | quote }} - name: APP_MODE - value: lite + value: {{ .Values.config.appMode | default "lite" | quote }} - name: FLASK_APP - value: app.py + value: {{ .Values.config.flaskApp | default "app.py" | quote }} - name: FLASK_ENV - value: development + value: {{ .Values.config.flaskEnv | default "development" | quote }} - name: HAPI_FHIR_URL - value: http://localhost:8080/fhir + value: {{ .Values.config.hapiFhirUrl | default "http://localhost:8080/fhir" | quote }} - name: NODE_PATH - value: /usr/lib/node_modules - image: ghcr.io/jgsuess/fhirflare-ig-toolkit:latest - name: fhirflare + value: {{ .Values.config.nodePath | default "/usr/lib/node_modules" | quote }} + - name: TMPDIR + value: "/tmp-dir" ports: - - containerPort: 5000 + - name: http + containerPort: {{ .Values.service.port | default 5000 }} protocol: TCP volumeMounts: - name: logs mountPath: /app/logs - restartPolicy: Always + - name: tmp-dir + mountPath: /tmp-dir + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} volumes: - name: logs - emptyDir: {} \ No newline at end of file + emptyDir: {} + - name: tmp-dir + emptyDir: {} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/fhirflare-ig-toolkit/templates/service.yaml b/charts/fhirflare-ig-toolkit/templates/service.yaml index 9bf5e3b..c89ccb0 100644 --- a/charts/fhirflare-ig-toolkit/templates/service.yaml +++ b/charts/fhirflare-ig-toolkit/templates/service.yaml @@ -1,11 +1,18 @@ apiVersion: v1 kind: Service metadata: - name: fhirflare + name: {{ include "fhirflare-ig-toolkit.fullname" . }} + labels: + {{- include "fhirflare-ig-toolkit.labels" . | nindent 4 }} spec: + type: {{ .Values.service.type | default "ClusterIP" }} ports: - - name: "5000" - port: 5000 - targetPort: 5000 + - name: http + port: {{ .Values.service.port | default 5000 }} + targetPort: http + protocol: TCP + {{- if and (eq .Values.service.type "NodePort") .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} selector: - io.kompose.service: fhirflare + {{- include "fhirflare-ig-toolkit.selectorLabels" . | nindent 4 }} \ No newline at end of file diff --git a/charts/fhirflare-ig-toolkit/values.yaml b/charts/fhirflare-ig-toolkit/values.yaml index 422b693..3cdc237 100644 --- a/charts/fhirflare-ig-toolkit/values.yaml +++ b/charts/fhirflare-ig-toolkit/values.yaml @@ -1,302 +1,92 @@ -# -- number of replicas to deploy +# Default values for fhirflare-ig-toolkit replicaCount: 1 image: - # -- registry where the HAPI FHIR server image is hosted - registry: docker.io - # -- the path inside the repository - repository: hapiproject/hapi - # -- the image tag. As of v5.7.0, this is the `distroless` flavor by default, add `-tomcat` to use the Tomcat-based image. - tag: "v8.0.0-1@sha256:9fbac7b012b4be91ba481e7008f1353ede4598bc99a36f3902b8abf873e70ed8" - # -- image pullPolicy to use - pullPolicy: IfNotPresent + repository: ghcr.io/jgsuess/fhirflare-ig-toolkit + pullPolicy: Always + tag: "latest" -# -- image pull secrets to use when pulling the image imagePullSecrets: [] - -# -- override the chart name nameOverride: "" - -# -- override the chart fullname fullnameOverride: "" -# -- annotations applied to the server deployment -deploymentAnnotations: {} +# FHIRflare specific configuration +config: + appBaseUrl: "http://localhost:5000" + appMode: "lite" + flaskApp: "app.py" + flaskEnv: "development" + hapiFhirUrl: "http://localhost:8080/fhir" + nodePath: "/usr/lib/node_modules" + +service: + type: ClusterIP + port: 5000 + nodePort: null -# -- annotations applied to the server pod podAnnotations: {} -# -- pod security context -podSecurityContext: - fsGroupChangePolicy: OnRootMismatch - runAsNonRoot: true - runAsGroup: 65532 - runAsUser: 65532 - fsGroup: 65532 - seccompProfile: - type: RuntimeDefault +# podSecurityContext: +# fsGroup: 65532 +# fsGroupChangePolicy: OnRootMismatch +# runAsNonRoot: true +# runAsGroup: 65532 +# runAsUser: 65532 +# seccompProfile: +# type: RuntimeDefault -securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 65532 - runAsGroup: 65532 - privileged: false - seccompProfile: - type: RuntimeDefault +# securityContext: +# allowPrivilegeEscalation: false +# capabilities: +# drop: +# - ALL +# privileged: false +# readOnlyRootFilesystem: true +# runAsGroup: 65532 +# runAsNonRoot: true +# runAsUser: 65532 +# seccompProfile: +# type: RuntimeDefault -# service to expose the server -service: - # -- service type - type: ClusterIP - # -- port where the server will be exposed at - port: 8080 - -ingress: - # -- whether to create an Ingress to expose the FHIR server HTTP endpoint - enabled: false - # -- provide any additional annotations which may be required. Evaluated as a template. - annotations: - {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: fhir-server.127.0.0.1.nip.io - pathType: ImplementationSpecific - paths: ["/"] - # -- ingress TLS config - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -# -- set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). -# This is ignored if `resources` is set (`resources` is recommended for production). -# More information: -resourcesPreset: "medium" - -# -- configure the FHIR server's resource requests and limits resources: - {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + limits: + cpu: 500m + memory: 512Mi + ephemeral-storage: 1Gi + requests: + cpu: 100m + memory: 128Mi + ephemeral-storage: 100Mi -# -- node selector for the pod -nodeSelector: {} - -# -- pod tolerations -tolerations: [] - -# -- pod affinity -affinity: {} - -# -- pod topology spread configuration -# see: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#api -topologySpreadConstraints: - [] - # - maxSkew: 1 - # topologyKey: topology.kubernetes.io/zone - # whenUnsatisfiable: ScheduleAnyway - # labelSelector: - # matchLabels: - # app.kubernetes.io/instance: hapi-fhir-jpaserver - # app.kubernetes.io/name: hapi-fhir-jpaserver - -postgresql: - # -- enable an included PostgreSQL DB. - # see for details - # if set to `false`, the values under `externalDatabase` are used - enabled: true - auth: - # -- name for a custom database to create - database: "fhir" - # -- Name of existing secret to use for PostgreSQL credentials - # `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret - # The secret must contain the keys `postgres-password` (which is the password for "postgres" admin user), - # `password` (which is the password for the custom user to create when `auth.username` is set), - # and `replication-password` (which is the password for replication user). - # The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and - # picked from this secret in this case. - # The value is evaluated as a template. - existingSecret: "" - -# -- readiness probe -# @ignored -readinessProbe: - httpGet: - path: /readyz - port: http - failureThreshold: 5 - initialDelaySeconds: 30 - periodSeconds: 20 - successThreshold: 1 - timeoutSeconds: 20 - -# -- liveness probe -# @ignored livenessProbe: httpGet: - path: /livez + path: / port: http - failureThreshold: 5 initialDelaySeconds: 30 - periodSeconds: 20 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 successThreshold: 1 - timeoutSeconds: 30 -# -- startup probe -# @ignored -startupProbe: +readinessProbe: httpGet: - path: /readyz + path: / port: http - failureThreshold: 10 - initialDelaySeconds: 30 - periodSeconds: 30 + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 successThreshold: 1 - timeoutSeconds: 30 -externalDatabase: - # -- external database host used with `postgresql.enabled=false` - host: localhost - # -- database port number - port: 5432 - # -- username for the external database - user: fhir - # -- database password - password: "" - # -- name of an existing secret resource containing the DB password in the `existingSecretKey` key - existingSecret: "" - # -- name of the key inside the `existingSecret` - existingSecretKey: "postgresql-password" - # -- database name - database: fhir +nodeSelector: {} +tolerations: [] +affinity: {} -# -- extra environment variables to set on the server container -extraEnv: - [] - # - name: SPRING_FLYWAY_BASELINE_ON_MIGRATE - # value: "true" - -podDisruptionBudget: - # -- Enable PodDisruptionBudget for the server pods. - # uses policy/v1/PodDisruptionBudget thus requiring k8s 1.21+ - enabled: false - # -- minimum available instances - minAvailable: 1 - # -- maximum unavailable instances - maxUnavailable: "" - -serviceAccount: - # -- Specifies whether a service account should be created. - create: false - # -- Annotations to add to the service account - annotations: {} - # -- The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # -- Automatically mount a ServiceAccount's API credentials? - automount: true - -metrics: - serviceMonitor: - # -- if enabled, creates a ServiceMonitor instance for Prometheus Operator-based monitoring - enabled: false - # -- additional labels to apply to the ServiceMonitor object, e.g. `release: prometheus` - additionalLabels: {} - # namespace: monitoring - # interval: 30s - # scrapeTimeout: 10s - service: - port: 8081 - -# @ignore -restrictedContainerSecurityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - privileged: false - capabilities: - drop: - - ALL - runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 - seccompProfile: - type: RuntimeDefault - -# @ignored -curl: - image: - registry: docker.io - repository: curlimages/curl - tag: 8.12.1@sha256:94e9e444bcba979c2ea12e27ae39bee4cd10bc7041a472c4727a558e213744e6 - -tests: - # -- whether the service account token should be auto-mounted for the test pods - automountServiceAccountToken: false - # -- set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). - # This is ignored if `resources` is set (`resources` is recommended for production). - # More information: - resourcesPreset: "nano" - # -- configure the test pods resource requests and limits - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - # @ignored - podSecurityContext: - fsGroupChangePolicy: OnRootMismatch - runAsNonRoot: true - runAsGroup: 65532 - runAsUser: 65532 - fsGroup: 65532 - seccompProfile: - type: RuntimeDefault - -initContainers: - # -- set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). - # This is ignored if `resources` is set (`resources` is recommended for production). - # More information: - resourcesPreset: "nano" - # -- configure the init containers pods resource requests and limits - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -# -- additional Spring Boot application config. Mounted as a file and automatically loaded by the application. -extraConfig: - "" - # # For example: - # | - # hapi: - # fhir: - # implementationguides: - # gh_0_1_0: - # url: https://build.fhir.org/ig/hl7-eu/gravitate-health/package.tgz - # name: hl7.eu.fhir.gh - # version: 0.1.0 - -# -- Optionally specify extra list of additional volumes -extraVolumes: [] - -# -- Optionally specify extra list of additional volumeMounts -extraVolumeMounts: [] +# HAPI FHIR server subchart configuration +hapi-fhir-jpaserver: + # Add any HAPI FHIR specific values here to override defaults + enabled: true + postgresql: + enabled: true + auth: + database: "fhir" \ No newline at end of file