mirror of
https://github.com/Sudo-JHare/FHIRFLARE-IG-Toolkit.git
synced 2025-09-18 07:05:02 +00:00
303 lines
8.8 KiB
YAML
303 lines
8.8 KiB
YAML
# -- number of replicas to deploy
|
|
replicaCount: 1
|
|
|
|
image:
|
|
# -- registry where the HAPI FHIR server image is hosted
|
|
registry: docker.io
|
|
# -- the path inside the repository
|
|
repository: hapiproject/hapi
|
|
# -- the image tag. As of v5.7.0, this is the `distroless` flavor by default, add `-tomcat` to use the Tomcat-based image.
|
|
tag: "v8.0.0-1@sha256:9fbac7b012b4be91ba481e7008f1353ede4598bc99a36f3902b8abf873e70ed8"
|
|
# -- image pullPolicy to use
|
|
pullPolicy: IfNotPresent
|
|
|
|
# -- image pull secrets to use when pulling the image
|
|
imagePullSecrets: []
|
|
|
|
# -- override the chart name
|
|
nameOverride: ""
|
|
|
|
# -- override the chart fullname
|
|
fullnameOverride: ""
|
|
|
|
# -- annotations applied to the server deployment
|
|
deploymentAnnotations: {}
|
|
|
|
# -- annotations applied to the server pod
|
|
podAnnotations: {}
|
|
|
|
# -- pod security context
|
|
podSecurityContext:
|
|
fsGroupChangePolicy: OnRootMismatch
|
|
runAsNonRoot: true
|
|
runAsGroup: 65532
|
|
runAsUser: 65532
|
|
fsGroup: 65532
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
runAsUser: 65532
|
|
runAsGroup: 65532
|
|
privileged: false
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
|
|
# service to expose the server
|
|
service:
|
|
# -- service type
|
|
type: ClusterIP
|
|
# -- port where the server will be exposed at
|
|
port: 8080
|
|
|
|
ingress:
|
|
# -- whether to create an Ingress to expose the FHIR server HTTP endpoint
|
|
enabled: false
|
|
# -- provide any additional annotations which may be required. Evaluated as a template.
|
|
annotations:
|
|
{}
|
|
# kubernetes.io/ingress.class: nginx
|
|
# kubernetes.io/tls-acme: "true"
|
|
hosts:
|
|
- host: fhir-server.127.0.0.1.nip.io
|
|
pathType: ImplementationSpecific
|
|
paths: ["/"]
|
|
# -- ingress TLS config
|
|
tls: []
|
|
# - secretName: chart-example-tls
|
|
# hosts:
|
|
# - chart-example.local
|
|
|
|
# -- set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge).
|
|
# This is ignored if `resources` is set (`resources` is recommended for production).
|
|
# More information: <https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15>
|
|
resourcesPreset: "medium"
|
|
|
|
# -- configure the FHIR server's resource requests and limits
|
|
resources:
|
|
{}
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
# -- node selector for the pod
|
|
nodeSelector: {}
|
|
|
|
# -- pod tolerations
|
|
tolerations: []
|
|
|
|
# -- pod affinity
|
|
affinity: {}
|
|
|
|
# -- pod topology spread configuration
|
|
# see: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#api
|
|
topologySpreadConstraints:
|
|
[]
|
|
# - maxSkew: 1
|
|
# topologyKey: topology.kubernetes.io/zone
|
|
# whenUnsatisfiable: ScheduleAnyway
|
|
# labelSelector:
|
|
# matchLabels:
|
|
# app.kubernetes.io/instance: hapi-fhir-jpaserver
|
|
# app.kubernetes.io/name: hapi-fhir-jpaserver
|
|
|
|
postgresql:
|
|
# -- enable an included PostgreSQL DB.
|
|
# see <https://github.com/bitnami/charts/tree/master/bitnami/postgresql> for details
|
|
# if set to `false`, the values under `externalDatabase` are used
|
|
enabled: true
|
|
auth:
|
|
# -- name for a custom database to create
|
|
database: "fhir"
|
|
# -- Name of existing secret to use for PostgreSQL credentials
|
|
# `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret
|
|
# The secret must contain the keys `postgres-password` (which is the password for "postgres" admin user),
|
|
# `password` (which is the password for the custom user to create when `auth.username` is set),
|
|
# and `replication-password` (which is the password for replication user).
|
|
# The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and
|
|
# picked from this secret in this case.
|
|
# The value is evaluated as a template.
|
|
existingSecret: ""
|
|
|
|
# -- readiness probe
|
|
# @ignored
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /readyz
|
|
port: http
|
|
failureThreshold: 5
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 20
|
|
successThreshold: 1
|
|
timeoutSeconds: 20
|
|
|
|
# -- liveness probe
|
|
# @ignored
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /livez
|
|
port: http
|
|
failureThreshold: 5
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 20
|
|
successThreshold: 1
|
|
timeoutSeconds: 30
|
|
|
|
# -- startup probe
|
|
# @ignored
|
|
startupProbe:
|
|
httpGet:
|
|
path: /readyz
|
|
port: http
|
|
failureThreshold: 10
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 30
|
|
successThreshold: 1
|
|
timeoutSeconds: 30
|
|
|
|
externalDatabase:
|
|
# -- external database host used with `postgresql.enabled=false`
|
|
host: localhost
|
|
# -- database port number
|
|
port: 5432
|
|
# -- username for the external database
|
|
user: fhir
|
|
# -- database password
|
|
password: ""
|
|
# -- name of an existing secret resource containing the DB password in the `existingSecretKey` key
|
|
existingSecret: ""
|
|
# -- name of the key inside the `existingSecret`
|
|
existingSecretKey: "postgresql-password"
|
|
# -- database name
|
|
database: fhir
|
|
|
|
# -- extra environment variables to set on the server container
|
|
extraEnv:
|
|
[]
|
|
# - name: SPRING_FLYWAY_BASELINE_ON_MIGRATE
|
|
# value: "true"
|
|
|
|
podDisruptionBudget:
|
|
# -- Enable PodDisruptionBudget for the server pods.
|
|
# uses policy/v1/PodDisruptionBudget thus requiring k8s 1.21+
|
|
enabled: false
|
|
# -- minimum available instances
|
|
minAvailable: 1
|
|
# -- maximum unavailable instances
|
|
maxUnavailable: ""
|
|
|
|
serviceAccount:
|
|
# -- Specifies whether a service account should be created.
|
|
create: false
|
|
# -- Annotations to add to the service account
|
|
annotations: {}
|
|
# -- The name of the service account to use.
|
|
# If not set and create is true, a name is generated using the fullname template
|
|
name: ""
|
|
# -- Automatically mount a ServiceAccount's API credentials?
|
|
automount: true
|
|
|
|
metrics:
|
|
serviceMonitor:
|
|
# -- if enabled, creates a ServiceMonitor instance for Prometheus Operator-based monitoring
|
|
enabled: false
|
|
# -- additional labels to apply to the ServiceMonitor object, e.g. `release: prometheus`
|
|
additionalLabels: {}
|
|
# namespace: monitoring
|
|
# interval: 30s
|
|
# scrapeTimeout: 10s
|
|
service:
|
|
port: 8081
|
|
|
|
# @ignore
|
|
restrictedContainerSecurityContext:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
privileged: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
runAsNonRoot: true
|
|
runAsUser: 65534
|
|
runAsGroup: 65534
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
|
|
# @ignored
|
|
curl:
|
|
image:
|
|
registry: docker.io
|
|
repository: curlimages/curl
|
|
tag: 8.12.1@sha256:94e9e444bcba979c2ea12e27ae39bee4cd10bc7041a472c4727a558e213744e6
|
|
|
|
tests:
|
|
# -- whether the service account token should be auto-mounted for the test pods
|
|
automountServiceAccountToken: false
|
|
# -- set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge).
|
|
# This is ignored if `resources` is set (`resources` is recommended for production).
|
|
# More information: <https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15>
|
|
resourcesPreset: "nano"
|
|
# -- configure the test pods resource requests and limits
|
|
resources: {}
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# @ignored
|
|
podSecurityContext:
|
|
fsGroupChangePolicy: OnRootMismatch
|
|
runAsNonRoot: true
|
|
runAsGroup: 65532
|
|
runAsUser: 65532
|
|
fsGroup: 65532
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
|
|
initContainers:
|
|
# -- set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge).
|
|
# This is ignored if `resources` is set (`resources` is recommended for production).
|
|
# More information: <https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15>
|
|
resourcesPreset: "nano"
|
|
# -- configure the init containers pods resource requests and limits
|
|
resources: {}
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
# -- additional Spring Boot application config. Mounted as a file and automatically loaded by the application.
|
|
extraConfig:
|
|
""
|
|
# # For example:
|
|
# |
|
|
# hapi:
|
|
# fhir:
|
|
# implementationguides:
|
|
# gh_0_1_0:
|
|
# url: https://build.fhir.org/ig/hl7-eu/gravitate-health/package.tgz
|
|
# name: hl7.eu.fhir.gh
|
|
# version: 0.1.0
|
|
|
|
# -- Optionally specify extra list of additional volumes
|
|
extraVolumes: []
|
|
|
|
# -- Optionally specify extra list of additional volumeMounts
|
|
extraVolumeMounts: []
|