# -- number of replicas to deploy replicaCount: 1 image: # -- registry where the HAPI FHIR server image is hosted registry: docker.io # -- the path inside the repository repository: hapiproject/hapi # -- the image tag. As of v5.7.0, this is the `distroless` flavor by default, add `-tomcat` to use the Tomcat-based image. tag: "v8.0.0-1@sha256:9fbac7b012b4be91ba481e7008f1353ede4598bc99a36f3902b8abf873e70ed8" # -- image pullPolicy to use pullPolicy: IfNotPresent # -- image pull secrets to use when pulling the image imagePullSecrets: [] # -- override the chart name nameOverride: "" # -- override the chart fullname fullnameOverride: "" # -- annotations applied to the server deployment deploymentAnnotations: {} # -- annotations applied to the server pod podAnnotations: {} # -- pod security context podSecurityContext: fsGroupChangePolicy: OnRootMismatch runAsNonRoot: true runAsGroup: 65532 runAsUser: 65532 fsGroup: 65532 seccompProfile: type: RuntimeDefault securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 65532 runAsGroup: 65532 privileged: false seccompProfile: type: RuntimeDefault # service to expose the server service: # -- service type type: ClusterIP # -- port where the server will be exposed at port: 8080 ingress: # -- whether to create an Ingress to expose the FHIR server HTTP endpoint enabled: false # -- provide any additional annotations which may be required. Evaluated as a template. annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: fhir-server.127.0.0.1.nip.io pathType: ImplementationSpecific paths: ["/"] # -- ingress TLS config tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local # -- set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). # This is ignored if `resources` is set (`resources` is recommended for production). # More information: resourcesPreset: "medium" # -- configure the FHIR server's resource requests and limits resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi # -- node selector for the pod nodeSelector: {} # -- pod tolerations tolerations: [] # -- pod affinity affinity: {} # -- pod topology spread configuration # see: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#api topologySpreadConstraints: [] # - maxSkew: 1 # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: ScheduleAnyway # labelSelector: # matchLabels: # app.kubernetes.io/instance: hapi-fhir-jpaserver # app.kubernetes.io/name: hapi-fhir-jpaserver postgresql: # -- enable an included PostgreSQL DB. # see for details # if set to `false`, the values under `externalDatabase` are used enabled: true auth: # -- name for a custom database to create database: "fhir" # -- Name of existing secret to use for PostgreSQL credentials # `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret # The secret must contain the keys `postgres-password` (which is the password for "postgres" admin user), # `password` (which is the password for the custom user to create when `auth.username` is set), # and `replication-password` (which is the password for replication user). # The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and # picked from this secret in this case. # The value is evaluated as a template. existingSecret: "" # -- readiness probe # @ignored readinessProbe: httpGet: path: /readyz port: http failureThreshold: 5 initialDelaySeconds: 30 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 20 # -- liveness probe # @ignored livenessProbe: httpGet: path: /livez port: http failureThreshold: 5 initialDelaySeconds: 30 periodSeconds: 20 successThreshold: 1 timeoutSeconds: 30 # -- startup probe # @ignored startupProbe: httpGet: path: /readyz port: http failureThreshold: 10 initialDelaySeconds: 30 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 30 externalDatabase: # -- external database host used with `postgresql.enabled=false` host: localhost # -- database port number port: 5432 # -- username for the external database user: fhir # -- database password password: "" # -- name of an existing secret resource containing the DB password in the `existingSecretKey` key existingSecret: "" # -- name of the key inside the `existingSecret` existingSecretKey: "postgresql-password" # -- database name database: fhir # -- extra environment variables to set on the server container extraEnv: [] # - name: SPRING_FLYWAY_BASELINE_ON_MIGRATE # value: "true" podDisruptionBudget: # -- Enable PodDisruptionBudget for the server pods. # uses policy/v1/PodDisruptionBudget thus requiring k8s 1.21+ enabled: false # -- minimum available instances minAvailable: 1 # -- maximum unavailable instances maxUnavailable: "" serviceAccount: # -- Specifies whether a service account should be created. create: false # -- Annotations to add to the service account annotations: {} # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" # -- Automatically mount a ServiceAccount's API credentials? automount: true metrics: serviceMonitor: # -- if enabled, creates a ServiceMonitor instance for Prometheus Operator-based monitoring enabled: false # -- additional labels to apply to the ServiceMonitor object, e.g. `release: prometheus` additionalLabels: {} # namespace: monitoring # interval: 30s # scrapeTimeout: 10s service: port: 8081 # @ignore restrictedContainerSecurityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true privileged: false capabilities: drop: - ALL runAsNonRoot: true runAsUser: 65534 runAsGroup: 65534 seccompProfile: type: RuntimeDefault # @ignored curl: image: registry: docker.io repository: curlimages/curl tag: 8.12.1@sha256:94e9e444bcba979c2ea12e27ae39bee4cd10bc7041a472c4727a558e213744e6 tests: # -- whether the service account token should be auto-mounted for the test pods automountServiceAccountToken: false # -- set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). # This is ignored if `resources` is set (`resources` is recommended for production). # More information: resourcesPreset: "nano" # -- configure the test pods resource requests and limits resources: {} # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi # @ignored podSecurityContext: fsGroupChangePolicy: OnRootMismatch runAsNonRoot: true runAsGroup: 65532 runAsUser: 65532 fsGroup: 65532 seccompProfile: type: RuntimeDefault initContainers: # -- set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). # This is ignored if `resources` is set (`resources` is recommended for production). # More information: resourcesPreset: "nano" # -- configure the init containers pods resource requests and limits resources: {} # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi # -- additional Spring Boot application config. Mounted as a file and automatically loaded by the application. extraConfig: "" # # For example: # | # hapi: # fhir: # implementationguides: # gh_0_1_0: # url: https://build.fhir.org/ig/hl7-eu/gravitate-health/package.tgz # name: hl7.eu.fhir.gh # version: 0.1.0 # -- Optionally specify extra list of additional volumes extraVolumes: [] # -- Optionally specify extra list of additional volumeMounts extraVolumeMounts: []