Updated helm chart with additional config settings (#566)

hapifhir · Jul 21, 2023 · 8ef5083 · 8ef5083
1 parent 5bd43b2
commit 8ef5083
Show file tree

Hide file tree

Showing 8 changed files with 125 additions and 79 deletions.
diff --git a/charts/hapi-fhir-jpaserver/Chart.yaml b/charts/hapi-fhir-jpaserver/Chart.yaml
@@ -11,15 +11,17 @@ dependencies:
     repository: oci://registry-1.docker.io/bitnamicharts
     condition: postgresql.enabled
 appVersion: 6.6.0
-version: 0.12.0
+version: 0.13.0
 annotations:
   artifacthub.io/license: Apache-2.0
   artifacthub.io/changes: |
     # When using the list of objects option the valid supported kinds are
     # added, changed, deprecated, removed, fixed, and security.
+    - kind: added
+      description: allow specifying application properties via yaml config
+    - kind: added
+      description: allow setting resource limits and requests for the Helm test pods
     - kind: changed
-      description: updated HAPI FHIR JPA Server app image version to v6.6.0
+      description: updated curl used by helm tests to version to v8.2.0
     - kind: changed
-      description: updated curl used by helm tests to version to v8.1.1
-    - kind: changed
-      description: updated postgresql sub-chart to v12.5.6
+      description: allow disabling the liveness-, readiness-, and startup-probes entirely
diff --git a/charts/hapi-fhir-jpaserver/README.md b/charts/hapi-fhir-jpaserver/README.md
@@ -1,6 +1,6 @@
 # HAPI FHIR JPA Server Starter Helm Chart
 
-![Version: 0.12.0](https://img.shields.io/badge/Version-0.12.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.6.0](https://img.shields.io/badge/AppVersion-6.6.0-informational?style=flat-square)
+![Version: 0.13.0](https://img.shields.io/badge/Version-0.13.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 6.6.0](https://img.shields.io/badge/AppVersion-6.6.0-informational?style=flat-square)
 
 This helm chart will help you install the HAPI FHIR JPA Server in a Kubernetes environment.
 
@@ -30,6 +30,7 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver
 | externalDatabase.password | string | `""` | database password |
 | externalDatabase.port | int | `5432` | database port number |
 | externalDatabase.user | string | `"fhir"` | username for the external database |
+| extraConfig | string | `""` | additional Spring Boot application config. Mounted as a file and automatically loaded by the application. |
 | extraEnv | list | `[]` | extra environment variables to set on the server container |
 | fullnameOverride | string | `""` | override the chart fullname |
 | image.pullPolicy | string | `"IfNotPresent"` | image pullPolicy to use |
@@ -43,11 +44,6 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver
 | ingress.hosts[0].pathType | string | `"ImplementationSpecific"` |  |
 | ingress.hosts[0].paths[0] | string | `"/"` |  |
 | ingress.tls | list | `[]` | ingress TLS config |
-| livenessProbe.failureThreshold | int | `5` |  |
-| livenessProbe.initialDelaySeconds | int | `30` |  |
-| livenessProbe.periodSeconds | int | `20` |  |
-| livenessProbe.successThreshold | int | `1` |  |
-| livenessProbe.timeoutSeconds | int | `30` |  |
 | metrics.service.port | int | `8081` |  |
 | metrics.serviceMonitor.additionalLabels | object | `{}` | additional labels to apply to the ServiceMonitor object, e.g. `release: prometheus` |
 | metrics.serviceMonitor.enabled | bool | `false` | if enabled, creates a ServiceMonitor instance for Prometheus Operator-based monitoring |
@@ -65,11 +61,6 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver
 | postgresql.primary.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` |  |
 | postgresql.primary.containerSecurityContext.runAsNonRoot | bool | `true` |  |
 | postgresql.primary.containerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
-| readinessProbe.failureThreshold | int | `5` |  |
-| readinessProbe.initialDelaySeconds | int | `30` |  |
-| readinessProbe.periodSeconds | int | `20` |  |
-| readinessProbe.successThreshold | int | `1` |  |
-| readinessProbe.timeoutSeconds | int | `20` |  |
 | replicaCount | int | `1` | number of replicas to deploy |
 | resources | object | `{}` | configure the FHIR server's resource requests and limits |
 | securityContext.allowPrivilegeEscalation | bool | `false` |  |
@@ -82,18 +73,14 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver
 | securityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
 | service.port | int | `8080` | port where the server will be exposed at |
 | service.type | string | `"ClusterIP"` | service type |
-| startupProbe.failureThreshold | int | `10` |  |
-| startupProbe.initialDelaySeconds | int | `30` |  |
-| startupProbe.periodSeconds | int | `30` |  |
-| startupProbe.successThreshold | int | `1` |  |
-| startupProbe.timeoutSeconds | int | `30` |  |
+| tests.resources | object | `{}` | configure the test pods resource requests and limits |
 | tolerations | list | `[]` | pod tolerations |
 | topologySpreadConstraints | list | `[]` | pod topology spread configuration see: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#api |
 
 ## Development
 
 To update the Helm chart when a new version of the `hapiproject/hapi` image is released, [values.yaml](values.yaml) `image.tag` and the [Chart.yaml](Chart.yaml)'s
-`version` and optionally the `appVersion` field on major releases need to be updated. Afterwards, re-generate the [README.md](README.md)
+`version` and optionally the `appVersion` field need to be updated. Afterwards, re-generate the [README.md](README.md)
 by running:
 
 ```sh

diff --git a/charts/hapi-fhir-jpaserver/README.md.gotmpl b/charts/hapi-fhir-jpaserver/README.md.gotmpl
@@ -18,7 +18,7 @@ helm install hapi-fhir-jpaserver hapifhir/hapi-fhir-jpaserver
 ## Development
 
 To update the Helm chart when a new version of the `hapiproject/hapi` image is released, [values.yaml](values.yaml) `image.tag` and the [Chart.yaml](Chart.yaml)'s
-`version` and optionally the `appVersion` field on major releases need to be updated. Afterwards, re-generate the [README.md](README.md)
+`version` and optionally the `appVersion` field need to be updated. Afterwards, re-generate the [README.md](README.md)
 by running:
 
 ```sh

diff --git a/charts/hapi-fhir-jpaserver/ci/extra-config-values.yaml b/charts/hapi-fhir-jpaserver/ci/extra-config-values.yaml
@@ -0,0 +1,17 @@
+extraConfig: |
+  hapi:
+    fhir:
+      cr_enabled: true
+      tester:
+        home:
+          name: Hello HAPI FHIR
+          server_address: "http://fhir-server.127.0.0.1.nip.io/fhir"
+          refuse_to_fetch_third_party_urls: true
+          fhir_version: R4
+
+ingress:
+  enabled: true
+  hosts:
+    - host: fhir-server.127.0.0.1.nip.io
+      pathType: ImplementationSpecific
+      paths: ["/"]
diff --git a/charts/hapi-fhir-jpaserver/templates/application-config.yaml b/charts/hapi-fhir-jpaserver/templates/application-config.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.extraConfig -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "hapi-fhir-jpaserver.fullname" . }}-application-config
+  labels:
+    {{- include "hapi-fhir-jpaserver.labels" . | nindent 4 }}
+data:
+  application-extra.yaml: |-
+    {{ .Values.extraConfig | nindent 4 }}
+{{- end }}
diff --git a/charts/hapi-fhir-jpaserver/templates/deployment.yaml b/charts/hapi-fhir-jpaserver/templates/deployment.yaml
@@ -63,38 +63,17 @@ spec:
             - name: http-metrics
               containerPort: 8081
               protocol: TCP
-          startupProbe:
-            httpGet:
-              path: /readyz
-              port: http
           {{- with .Values.startupProbe }}
-            initialDelaySeconds: {{ .initialDelaySeconds }}
-            periodSeconds: {{ .periodSeconds }}
-            timeoutSeconds: {{ .timeoutSeconds }}
-            successThreshold: {{ .successThreshold }}
-            failureThreshold: {{ .failureThreshold }}
-          {{- end }}
-          readinessProbe:
-            httpGet:
-              path: /readyz
-              port: http
-          {{- with .Values.readinessProbe }}
-            initialDelaySeconds: {{ .initialDelaySeconds }}
-            periodSeconds: {{ .periodSeconds }}
-            timeoutSeconds: {{ .timeoutSeconds }}
-            successThreshold: {{ .successThreshold }}
-            failureThreshold: {{ .failureThreshold }}
+          startupProbe:
+            {{- toYaml . | nindent 12 }}
           {{- end }}
-          livenessProbe:
-            httpGet:
-              path: /livez
-              port: http
           {{- with .Values.livenessProbe }}
-            initialDelaySeconds: {{ .initialDelaySeconds }}
-            periodSeconds: {{ .periodSeconds }}
-            timeoutSeconds: {{ .timeoutSeconds }}
-            successThreshold: {{ .successThreshold }}
-            failureThreshold: {{ .failureThreshold }}
+          livenessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.readinessProbe }}
+          readinessProbe:
+            {{- toYaml . | nindent 12 }}
           {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
@@ -118,6 +97,10 @@ spec:
               value: "true"
             - name: MANAGEMENT_SERVER_PORT
               value: "8081"
+            {{- if .Values.extraConfig }}
+            - name: SPRING_CONFIG_IMPORT
+              value: "/app/config/application-extra.yaml"
+            {{- end }}
             {{- if .Values.extraEnv }}
             {{ toYaml .Values.extraEnv | nindent 12 }}
             {{- end }}
@@ -126,6 +109,12 @@ spec:
               name: tmp-volume
             - mountPath: /app/target
               name: lucenefiles-volume
+          {{- if .Values.extraConfig }}
+            - name: application-extra-config
+              mountPath: /app/config/application-extra.yaml
+              readOnly: true
+              subPath: application-extra.yaml
+          {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -147,3 +136,8 @@ spec:
           emptyDir: {}
         - name: lucenefiles-volume
           emptyDir: {}
+      {{- if .Values.extraConfig }}
+        - name: application-extra-config
+          configMap:
+            name: {{ include "hapi-fhir-jpaserver.fullname" . }}-application-config
+      {{- end }}
diff --git a/charts/hapi-fhir-jpaserver/templates/tests/test-endpoints.yaml b/charts/hapi-fhir-jpaserver/templates/tests/test-endpoints.yaml
@@ -11,62 +11,53 @@ spec:
   restartPolicy: Never
   containers:
     - name: test-metadata-endpoint
-      image: docker.io/curlimages/curl:8.1.2@sha256:ef501f5efa67be41da985b441bd63130ef39d4d6a4f9c035d737884357438b6c
+      image: "{{ .Values.curl.image.registry }}/{{ .Values.curl.image.repository }}:{{ .Values.curl.image.tag }}"
       command: ["curl", "--fail-with-body"]
       args: ["http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.service.port }}/fhir/metadata?_summary=true"]
       {{- with .Values.restrictedContainerSecurityContext }}
       securityContext:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.tests.resources }}
       resources:
-        limits:
-          cpu: 100m
-          memory: 128Mi
-        requests:
-          cpu: 100m
-          memory: 128Mi
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       livenessProbe:
         exec:
           command: ["true"]
       readinessProbe:
         exec:
           command: ["true"]
     - name: test-patient-endpoint
-      image: docker.io/curlimages/curl:8.1.2@sha256:ef501f5efa67be41da985b441bd63130ef39d4d6a4f9c035d737884357438b6c
+      image: "{{ .Values.curl.image.registry }}/{{ .Values.curl.image.repository }}:{{ .Values.curl.image.tag }}"
       command: ["curl", "--fail-with-body"]
       args: ["http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.service.port }}/fhir/Patient?_count=1&_summary=true"]
       {{- with .Values.restrictedContainerSecurityContext }}
       securityContext:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.tests.resources }}
       resources:
-        limits:
-          cpu: 100m
-          memory: 128Mi
-        requests:
-          cpu: 100m
-          memory: 128Mi
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       livenessProbe:
         exec:
           command: ["true"]
       readinessProbe:
         exec:
           command: ["true"]
     - name: test-metrics-endpoint
-      image: docker.io/curlimages/curl:8.1.2@sha256:ef501f5efa67be41da985b441bd63130ef39d4d6a4f9c035d737884357438b6c
+      image: "{{ .Values.curl.image.registry }}/{{ .Values.curl.image.repository }}:{{ .Values.curl.image.tag }}"
       command: ["curl", "--fail-with-body"]
       args: ["http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.metrics.service.port }}/actuator/prometheus"]
       {{- with .Values.restrictedContainerSecurityContext }}
       securityContext:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.tests.resources }}
       resources:
-        limits:
-          cpu: 100m
-          memory: 128Mi
-        requests:
-          cpu: 100m
-          memory: 128Mi
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       livenessProbe:
         exec:
           command: ["true"]

diff --git a/charts/hapi-fhir-jpaserver/values.yaml b/charts/hapi-fhir-jpaserver/values.yaml
@@ -131,24 +131,39 @@ postgresql:
       seccompProfile:
         type: RuntimeDefault
 
+# -- readiness probe
+# @ignored
 readinessProbe:
+  httpGet:
+    path: /readyz
+    port: http
   failureThreshold: 5
   initialDelaySeconds: 30
   periodSeconds: 20
   successThreshold: 1
   timeoutSeconds: 20
 
-startupProbe:
-  failureThreshold: 10
+# -- liveness probe
+# @ignored
+livenessProbe:
+  httpGet:
+    path: /livez
+    port: http
+  failureThreshold: 5
   initialDelaySeconds: 30
-  periodSeconds: 30
+  periodSeconds: 20
   successThreshold: 1
   timeoutSeconds: 30
 
-livenessProbe:
-  failureThreshold: 5
+# -- startup probe
+# @ignored
+startupProbe:
+  httpGet:
+    path: /readyz
+    port: http
+  failureThreshold: 10
   initialDelaySeconds: 30
-  periodSeconds: 20
+  periodSeconds: 30
   successThreshold: 1
   timeoutSeconds: 30
 
@@ -208,3 +223,32 @@ restrictedContainerSecurityContext:
   runAsGroup: 65534
   seccompProfile:
     type: RuntimeDefault
+
+# @ignored
+curl:
+  image:
+    registry: docker.io
+    repository: curlimages/curl
+    tag: 8.2.0@sha256:daf3f46a2639c1613b25e85c9ee4193af8a1d538f92483d67f9a3d7f21721827
+
+tests:
+  # -- configure the test pods resource requests and limits
+  resources: {}
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+# -- additional Spring Boot application config. Mounted as a file and automatically loaded by the application.
+extraConfig: ""
+  # # For example:
+  # |
+  # hapi:
+  #   fhir:
+  #     implementationguides:
+  #       gh_0_1_0:
+  #         url: https://build.fhir.org/ig/hl7-eu/gravitate-health/package.tgz
+  #         name: hl7.eu.fhir.gh
+  #         version: 0.1.0