Add chart and chart workflow

.github/ct/chart-schema.yaml

@@ -0,0 +1,23 @@
+name: str()
+home: str()
+version: str()
+apiVersion: str()
+appVersion: any(str(), num(), required=False)
+type: str()
+dependencies: any(required=False)
+description: str()
+keywords: list(str(), required=False)
+sources: list(str(), required=False)
+maintainers: list(include('maintainer'), required=False)
+icon: str(required=False)
+engine: str(required=False)
+condition: str(required=False)
+tags: str(required=False)
+deprecated: bool(required=False)
+kubeVersion: str(required=False)
+annotations: map(str(), str(), required=False)
+---
+maintainer:
+  name: str()
+  email: str(required=False)
+  url: str(required=False)

.github/ct/config.yaml

@@ -0,0 +1,15 @@
+debug: true
+remote: origin
+chart-yaml-schema: .github/ct/chart-schema.yaml
+validate-maintainers: false
+validate-chart-schema: true
+validate-yaml: true
+check-version-increment: true
+chart-dirs:
+  - charts
+helm-extra-args: --timeout 300s
+upgrade: true
+skip-missing-values: true
+release-label: release
+release-name-template: "helm-v{{ .Version }}"
+target-branch: master

.github/workflows/build-images.yaml

@@ -0,0 +1,84 @@
+name: Build Container Images
+
+on:
+  push:
+    tags:
+      - "image/v*"
+    paths-ignore:
+      - "charts/**"
+  pull_request:
+    branches: [master]
+    paths-ignore:
+      - "charts/**"
+env:
+  IMAGES: docker.io/hapiproject/hapi
+  PLATFORMS: linux/amd64,linux/arm64/v8
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Container meta for default (distroless) image
+        id: docker_meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.IMAGES }}
+          tags: |
+            type=match,pattern=image/(.*),group=1,enable=${{github.event_name != 'pull_request'}}
+           
+
+      - name: Container meta for tomcat image
+        id: docker_tomcat_meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.IMAGES }}
+          tags: |
+            type=match,pattern=image/(.*),group=1,enable=${{github.event_name != 'pull_request'}}
+          flavor: |
+            suffix=-tomcat,onlatest=true
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        if: github.event_name != 'pull_request'
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Cache Docker layers
+        uses: actions/cache@v3
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Build and push default (distroless) image
+        id: docker_build
+        uses: docker/build-push-action@v5
+        with:
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.docker_meta.outputs.tags }}
+          labels: ${{ steps.docker_meta.outputs.labels }}
+          platforms: ${{ env.PLATFORMS }}
+          target: default
+
+      - name: Build and push tomcat image
+        id: docker_build_tomcat
+        uses: docker/build-push-action@v5
+        with:
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.docker_tomcat_meta.outputs.tags }}
+          labels: ${{ steps.docker_tomcat_meta.outputs.labels }}
+          platforms: ${{ env.PLATFORMS }}
+          target: tomcat

.github/workflows/chart-release.yaml

@@ -0,0 +1,36 @@
+name: Release Charts
+
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - "charts/**"
+
+jobs:
+  release:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Add workspace as safe directory
+        run: |
+          git config --global --add safe.directory /__w/FHIRFLARE-IG-Toolkit/FHIRFLARE-IG-Toolkit
+
+      - name: Checkout
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Update dependencies
+        run: find charts/ ! -path charts/ -maxdepth 1 -type d -exec helm dependency update {} \;
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0
+        with:
+          config: .github/ct/config.yaml
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/chart-test.yaml

@@ -0,0 +1,73 @@
+name: Lint and Test Charts
+
+on:
+  pull_request:
+    branches:
+      - master
+    paths:
+      - "charts/**"
+
+jobs:
+  lint:
+    runs-on: ubuntu-22.04
+    container: quay.io/helmpack/chart-testing:v3.11.0@sha256:f2fd21d30b64411105c7eafb1862783236a219d29f2292219a09fe94ca78ad2a
+    steps:
+      - name: Install helm-docs
+        working-directory: /tmp
+        env:
+          HELM_DOCS_URL: https://github.com/norwoodj/helm-docs/releases/download/v1.14.2/helm-docs_1.14.2_Linux_x86_64.tar.gz
+        run: |
+          curl -LSs $HELM_DOCS_URL | tar xz && \
+          mv ./helm-docs /usr/local/bin/helm-docs && \
+          chmod +x /usr/local/bin/helm-docs && \
+          helm-docs --version
+
+      - name: Add workspace as safe directory
+        run: |
+          git config --global --add safe.directory /__w/hapi-fhir-jpaserver-starter/hapi-fhir-jpaserver-starter
+
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+
+      - name: Check if documentation is up-to-date
+        run: helm-docs && git diff --exit-code HEAD
+
+      - name: Run chart-testing (lint)
+        run: ct lint --config .github/ct/config.yaml
+
+  test:
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        k8s-version: [1.30.8, 1.31.4, 1.32.0]
+    needs:
+      - lint
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --config .github/ct/config.yaml)
+          if [[ -n "$changed" ]]; then
+            echo "::set-output name=changed::true"
+          fi
+
+      - name: Create k8s Kind Cluster
+        uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0
+        if: ${{ steps.list-changed.outputs.changed == 'true' }}
+        with:
+          cluster_name: kind-cluster-k8s-${{ matrix.k8s-version }}
+          node_image: kindest/node:v${{ matrix.k8s-version }}
+
+      - name: Run chart-testing (install)
+        run: ct install --config .github/ct/config.yaml
+        if: ${{ steps.list-changed.outputs.changed == 'true' }}

.gitignore

@@ -0,0 +1,2 @@
+/instance/
+/logs/

charts/fhirflare-ig-toolkit/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: hapi-fhir-jpaserver
+  repository: https://hapifhir.github.io/hapi-fhir-jpaserver-starter/
+  version: 0.20.0
+digest: sha256:0e3b3ee43fdec137a4e61465880c7f437bac52459514674d4ce54aac39f83bde
+generated: "2025-07-16T09:42:23.594307042+10:00"

charts/fhirflare-ig-toolkit/Chart.yaml

@@ -11,7 +11,7 @@ keywords:
   - ig-toolkit
 home: https://github.com/jgsuess/FHIRFLARE-IG-Toolkit
 maintainers:
-  - name: FHIRFLARE Team
+  - name: Jörn Guy Süß
     email: jgsuess@gmail.com
 dependencies:
   - name: hapi-fhir-jpaserver

charts/fhirflare-ig-toolkit/charts/.gitignore

@@ -0,0 +1 @@
+/hapi-fhir-jpaserver-0.20.0.tgz

charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/charts/hapi-fhir-jpaserver/charts/postgresql/templates/.gitignore

@@ -0,0 +1,2 @@
+/secrets.yaml
+/serviceaccount.yaml

charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/charts/hapi-fhir-jpaserver/charts/postgresql/templates/primary/.gitignore

@@ -0,0 +1,5 @@
+/networkpolicy.yaml
+/pdb.yaml
+/statefulset.yaml
+/svc-headless.yaml
+/svc.yaml

charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/charts/hapi-fhir-jpaserver/templates/.gitignore

@@ -0,0 +1,2 @@
+/deployment.yaml
+/service.yaml

charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/charts/hapi-fhir-jpaserver/templates/tests/.gitignore

@@ -0,0 +1 @@
+/test-endpoints.yaml

charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/templates/.gitignore

@@ -0,0 +1,2 @@
+/deployment.yaml
+/service.yaml

charts/fhirflare-ig-toolkit/rendered-templates/fhirflare-ig-toolkit/templates/tests/.gitignore

@@ -0,0 +1 @@
+/test-endpoints.yaml

charts/fhirflare-ig-toolkit/templates/_helpers.tpl

@@ -1,7 +1,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "hapi-fhir-jpaserver.name" -}}
+{{- define "fhirflare-ig-toolkit.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
@@ -10,7 +10,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "hapi-fhir-jpaserver.fullname" -}}
+{{- define "fhirflare-ig-toolkit.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
@@ -26,16 +26,16 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "hapi-fhir-jpaserver.chart" -}}
+{{- define "fhirflare-ig-toolkit.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
 {{/*
 Common labels
 */}}
-{{- define "hapi-fhir-jpaserver.labels" -}}
+{{- define "fhirflare-ig-toolkit.labels" -}}
-helm.sh/chart: {{ include "hapi-fhir-jpaserver.chart" . }}
+helm.sh/chart: {{ include "fhirflare-ig-toolkit.chart" . }}
-{{ include "hapi-fhir-jpaserver.selectorLabels" . }}
+{{ include "fhirflare-ig-toolkit.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
@@ -45,8 +45,8 @@ app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{/*
 Selector labels
 */}}
-{{- define "hapi-fhir-jpaserver.selectorLabels" -}}
+{{- define "fhirflare-ig-toolkit.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "hapi-fhir-jpaserver.name" . }}
+app.kubernetes.io/name: {{ include "fhirflare-ig-toolkit.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 

charts/fhirflare-ig-toolkit/templates/deployment.yaml

@@ -1,46 +1,88 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: fhirflare
+  name: {{ include "fhirflare-ig-toolkit.fullname" . }}
+  labels: 
+{{ include "fhirflare-ig-toolkit.labels" . | indent 4 }}
 spec:
-  replicas: 1
+  replicas: {{ .Values.replicaCount | default 1 }}
   selector:
     matchLabels: 
-      io.kompose.service: fhirflare
+{{ include "fhirflare-ig-toolkit.selectorLabels" . | indent 6 }}
   strategy:
     type: Recreate
   template:
     metadata:
       labels: 
-        io.kompose.service: fhirflare
+{{ include "fhirflare-ig-toolkit.selectorLabels" . | indent 8 }}
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
     spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
-        - args:
+        - name: {{ .Chart.Name }}
-            - supervisord
+          securityContext:
-            - -c
+            {{- toYaml .Values.securityContext | nindent 12 }}
-            - /etc/supervisord.conf
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          args: ["supervisord", "-c", "/etc/supervisord.conf"]
           env:
             - name: APP_BASE_URL
-              value: http://localhost:5000
+              value: {{ .Values.config.appBaseUrl | default "http://localhost:5000" | quote }}
             - name: APP_MODE
-              value: lite
+              value: {{ .Values.config.appMode | default "lite" | quote }}
             - name: FLASK_APP
-              value: app.py
+              value: {{ .Values.config.flaskApp | default "app.py" | quote }}
             - name: FLASK_ENV
-              value: development
+              value: {{ .Values.config.flaskEnv | default "development" | quote }}
             - name: HAPI_FHIR_URL
-              value: http://localhost:8080/fhir
+              value: {{ .Values.config.hapiFhirUrl | default "http://localhost:8080/fhir" | quote }}
             - name: NODE_PATH
-              value: /usr/lib/node_modules
+              value: {{ .Values.config.nodePath | default "/usr/lib/node_modules" | quote }}
-          image: ghcr.io/jgsuess/fhirflare-ig-toolkit:latest
+            - name: TMPDIR
-          name: fhirflare
+              value: "/tmp-dir"
           ports:
-            - containerPort: 5000
+            - name: http
+              containerPort: {{ .Values.service.port | default 5000 }}
               protocol: TCP
           volumeMounts:
             - name: logs
               mountPath: /app/logs
-      restartPolicy: Always
+            - name: tmp-dir
+              mountPath: /tmp-dir
+          {{- with .Values.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.livenessProbe }}
+          livenessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.readinessProbe }}
+          readinessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
       volumes:
         - name: logs
           emptyDir: {}
+        - name: tmp-dir
+          emptyDir: {}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

charts/fhirflare-ig-toolkit/templates/service.yaml

@@ -1,11 +1,18 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: fhirflare
+  name: {{ include "fhirflare-ig-toolkit.fullname" . }}
+  labels:
+    {{- include "fhirflare-ig-toolkit.labels" . | nindent 4 }}
 spec:
+  type: {{ .Values.service.type | default "ClusterIP" }}
   ports:
-    - name: "5000"
+    - name: http
-      port: 5000
+      port: {{ .Values.service.port | default 5000 }}
-      targetPort: 5000
+      targetPort: http
+      protocol: TCP
+      {{- if and (eq .Values.service.type "NodePort") .Values.service.nodePort }}
+      nodePort: {{ .Values.service.nodePort }}
+      {{- end }}
   selector:
-    io.kompose.service: fhirflare
+    {{- include "fhirflare-ig-toolkit.selectorLabels" . | nindent 4 }}

charts/fhirflare-ig-toolkit/values.yaml

@@ -1,302 +1,92 @@
-# -- number of replicas to deploy
+# Default values for fhirflare-ig-toolkit
 replicaCount: 1
 
 image:
-  # -- registry where the HAPI FHIR server image is hosted
+  repository: ghcr.io/jgsuess/fhirflare-ig-toolkit
-  registry: docker.io
+  pullPolicy: Always
-  # -- the path inside the repository
+  tag: "latest"
-  repository: hapiproject/hapi
-  # -- the image tag. As of v5.7.0, this is the `distroless` flavor by default, add `-tomcat` to use the Tomcat-based image.
-  tag: "v8.0.0-1@sha256:9fbac7b012b4be91ba481e7008f1353ede4598bc99a36f3902b8abf873e70ed8"
-  # -- image pullPolicy to use
-  pullPolicy: IfNotPresent
 
-# -- image pull secrets to use when pulling the image
 imagePullSecrets: []
-
-# -- override the chart name
 nameOverride: ""
-
-# -- override the chart fullname
 fullnameOverride: ""
 
-# -- annotations applied to the server deployment
+# FHIRflare specific configuration
-deploymentAnnotations: {}
+config:
+  appBaseUrl: "http://localhost:5000"
+  appMode: "lite"
+  flaskApp: "app.py"
+  flaskEnv: "development"
+  hapiFhirUrl: "http://localhost:8080/fhir"
+  nodePath: "/usr/lib/node_modules"
+
+service:
+  type: ClusterIP
+  port: 5000
+  nodePort: null
 
-# -- annotations applied to the server pod
 podAnnotations: {}
 
-# -- pod security context
+# podSecurityContext:
-podSecurityContext:
+#   fsGroup: 65532
-  fsGroupChangePolicy: OnRootMismatch
+#   fsGroupChangePolicy: OnRootMismatch
-  runAsNonRoot: true
+#   runAsNonRoot: true
-  runAsGroup: 65532
+#   runAsGroup: 65532
-  runAsUser: 65532
+#   runAsUser: 65532
-  fsGroup: 65532
+#   seccompProfile:
-  seccompProfile:
+#     type: RuntimeDefault
-    type: RuntimeDefault
 
-securityContext:
+# securityContext:
-  allowPrivilegeEscalation: false
+#   allowPrivilegeEscalation: false
-  capabilities:
+#   capabilities:
-    drop:
+#     drop:
-      - ALL
+#       - ALL
-  readOnlyRootFilesystem: true
+#   privileged: false
-  runAsNonRoot: true
+#   readOnlyRootFilesystem: true
-  runAsUser: 65532
+#   runAsGroup: 65532
-  runAsGroup: 65532
+#   runAsNonRoot: true
-  privileged: false
+#   runAsUser: 65532
-  seccompProfile:
+#   seccompProfile:
-    type: RuntimeDefault
+#     type: RuntimeDefault
 
-# service to expose the server
-service:
-  # -- service type
-  type: ClusterIP
-  # -- port where the server will be exposed at
-  port: 8080
-
-ingress:
-  # -- whether to create an Ingress to expose the FHIR server HTTP endpoint
-  enabled: false
-  # -- provide any additional annotations which may be required. Evaluated as a template.
-  annotations:
-    {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: fhir-server.127.0.0.1.nip.io
-      pathType: ImplementationSpecific
-      paths: ["/"]
-  # -- ingress TLS config
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-# -- set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge).
-# This is ignored if `resources` is set (`resources` is recommended for production).
-# More information: <https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15>
-resourcesPreset: "medium"
-
-# -- configure the FHIR server's resource requests and limits
 resources:
-  {}
+  limits:
-  # We usually recommend not to specify default resources and to leave this as a conscious
+    cpu: 500m
-  # choice for the user. This also increases chances charts run on environments with little
+    memory: 512Mi
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    ephemeral-storage: 1Gi
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  requests:
-  # limits:
+    cpu: 100m
-  #   cpu: 100m
+    memory: 128Mi
-  #   memory: 128Mi
+    ephemeral-storage: 100Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
 
-# -- node selector for the pod
-nodeSelector: {}
-
-# -- pod tolerations
-tolerations: []
-
-# -- pod affinity
-affinity: {}
-
-# -- pod topology spread configuration
-# see: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#api
-topologySpreadConstraints:
-  []
-  # - maxSkew: 1
-  #   topologyKey: topology.kubernetes.io/zone
-  #   whenUnsatisfiable: ScheduleAnyway
-  #   labelSelector:
-  #     matchLabels:
-  #       app.kubernetes.io/instance: hapi-fhir-jpaserver
-  #       app.kubernetes.io/name: hapi-fhir-jpaserver
-
-postgresql:
-  # -- enable an included PostgreSQL DB.
-  # see <https://github.com/bitnami/charts/tree/master/bitnami/postgresql> for details
-  # if set to `false`, the values under `externalDatabase` are used
-  enabled: true
-  auth:
-    # -- name for a custom database to create
-    database: "fhir"
-    # -- Name of existing secret to use for PostgreSQL credentials
-    # `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret
-    # The secret must contain the keys `postgres-password` (which is the password for "postgres" admin user),
-    # `password` (which is the password for the custom user to create when `auth.username` is set),
-    # and `replication-password` (which is the password for replication user).
-    # The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and
-    # picked from this secret in this case.
-    # The value is evaluated as a template.
-    existingSecret: ""
-
-# -- readiness probe
-# @ignored
-readinessProbe:
-  httpGet:
-    path: /readyz
-    port: http
-  failureThreshold: 5
-  initialDelaySeconds: 30
-  periodSeconds: 20
-  successThreshold: 1
-  timeoutSeconds: 20
-
-# -- liveness probe
-# @ignored
 livenessProbe:
   httpGet:
-    path: /livez
+    path: /
     port: http
-  failureThreshold: 5
   initialDelaySeconds: 30
-  periodSeconds: 20
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 6
   successThreshold: 1
-  timeoutSeconds: 30
 
-# -- startup probe
+readinessProbe:
-# @ignored
-startupProbe:
   httpGet:
-    path: /readyz
+    path: /
     port: http
-  failureThreshold: 10
+  initialDelaySeconds: 5
-  initialDelaySeconds: 30
+  periodSeconds: 10
-  periodSeconds: 30
+  timeoutSeconds: 5
+  failureThreshold: 6
   successThreshold: 1
-  timeoutSeconds: 30
 
-externalDatabase:
+nodeSelector: {}
-  # -- external database host used with `postgresql.enabled=false`
+tolerations: []
-  host: localhost
+affinity: {}
-  # -- database port number
-  port: 5432
-  # -- username for the external database
-  user: fhir
-  # -- database password
-  password: ""
-  # -- name of an existing secret resource containing the DB password in the `existingSecretKey` key
-  existingSecret: ""
-  # -- name of the key inside the `existingSecret`
-  existingSecretKey: "postgresql-password"
-  # -- database name
-  database: fhir
 
-# -- extra environment variables to set on the server container
+# HAPI FHIR server subchart configuration
-extraEnv:
+hapi-fhir-jpaserver:
-  []
+  # Add any HAPI FHIR specific values here to override defaults
-  # - name: SPRING_FLYWAY_BASELINE_ON_MIGRATE
+  enabled: true
-  #   value: "true"
+  postgresql:
-
+    enabled: true
-podDisruptionBudget:
+    auth:
-  # -- Enable PodDisruptionBudget for the server pods.
+      database: "fhir"
-  # uses policy/v1/PodDisruptionBudget thus requiring k8s 1.21+
-  enabled: false
-  # -- minimum available instances
-  minAvailable: 1
-  # -- maximum unavailable instances
-  maxUnavailable: ""
-
-serviceAccount:
-  # -- Specifies whether a service account should be created.
-  create: false
-  # -- Annotations to add to the service account
-  annotations: {}
-  # -- The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-  # -- Automatically mount a ServiceAccount's API credentials?
-  automount: true
-
-metrics:
-  serviceMonitor:
-    # -- if enabled, creates a ServiceMonitor instance for Prometheus Operator-based monitoring
-    enabled: false
-    # -- additional labels to apply to the ServiceMonitor object, e.g. `release: prometheus`
-    additionalLabels: {}
-    # namespace: monitoring
-    # interval: 30s
-    # scrapeTimeout: 10s
-  service:
-    port: 8081
-
-# @ignore
-restrictedContainerSecurityContext:
-  allowPrivilegeEscalation: false
-  readOnlyRootFilesystem: true
-  privileged: false
-  capabilities:
-    drop:
-      - ALL
-  runAsNonRoot: true
-  runAsUser: 65534
-  runAsGroup: 65534
-  seccompProfile:
-    type: RuntimeDefault
-
-# @ignored
-curl:
-  image:
-    registry: docker.io
-    repository: curlimages/curl
-    tag: 8.12.1@sha256:94e9e444bcba979c2ea12e27ae39bee4cd10bc7041a472c4727a558e213744e6
-
-tests:
-  # -- whether the service account token should be auto-mounted for the test pods
-  automountServiceAccountToken: false
-  # -- set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge).
-  # This is ignored if `resources` is set (`resources` is recommended for production).
-  # More information: <https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15>
-  resourcesPreset: "nano"
-  # -- configure the test pods resource requests and limits
-  resources: {}
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # @ignored
-  podSecurityContext:
-    fsGroupChangePolicy: OnRootMismatch
-    runAsNonRoot: true
-    runAsGroup: 65532
-    runAsUser: 65532
-    fsGroup: 65532
-    seccompProfile:
-      type: RuntimeDefault
-
-initContainers:
-  # -- set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge).
-  # This is ignored if `resources` is set (`resources` is recommended for production).
-  # More information: <https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15>
-  resourcesPreset: "nano"
-  # -- configure the init containers pods resource requests and limits
-  resources: {}
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-# -- additional Spring Boot application config. Mounted as a file and automatically loaded by the application.
-extraConfig:
-  ""
-  # # For example:
-  # |
-  # hapi:
-  #   fhir:
-  #     implementationguides:
-  #       gh_0_1_0:
-  #         url: https://build.fhir.org/ig/hl7-eu/gravitate-health/package.tgz
-  #         name: hl7.eu.fhir.gh
-  #         version: 0.1.0
-
-# -- Optionally specify extra list of additional volumes
-extraVolumes: []
-
-# -- Optionally specify extra list of additional volumeMounts
-extraVolumeMounts: []