update config for projectathon

example-config/README-Minikube.md

@@ -1,6 +1,7 @@
 # Using Minikube for testing deployments
 
-Test your deployments with "Minikube" on your own machine. Instructions are for Ubuntu
+Test your deployments with "Minikube" on your own machine. Instructions are for OSX/Ubuntu, need to adapt for Windows,
+see [https://minikube.sigs.k8s.io/docs/start/](https://minikube.sigs.k8s.io/docs/start/) how to uses minkube.
 
 ## Install Docker 
 ````
@@ -10,12 +11,14 @@ sudo snap install docker
 ## Install Minikube 
 ````
 curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
-sudo install minikube-linux-amd64 /usr/local/bin/minikube
-sudo usermod -aG docker $USER && newgrp docker
-minikube start --driver=docker
+
+minikube start --driver=docker --ports=9090:30090 --ports=9091:30091
+
 minikube kubectl -- get pods -A
 ````
 
+if the ports are not done the first time you need to make minikube delete
+
 ## Operating Minikube
 Restart Minikube:
 ````
@@ -27,12 +30,14 @@ Open Dashboard in Browser:
 minikube dashboard
 ````
 
+then you can access the [dashboard](http://127.0.0.1:50188/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/)
+
 Get rid of Minikube
 ````
 minikube delete
 ````
 
-## Using Docker Image without uploading to registry
+## Using Docker Image without uploading to registry (2024: not tested yet)
 Execute in terminal window that you use for building the image:
 ````
 eval $(minikube docker-env)
@@ -53,12 +58,24 @@ you used `eval $(minikube docker-env)` before building the image in the last ste
 Instead of `kubectl <args>` always use `minikube kubectl -- <args>`
 ````
 minikube kubectl -- create configmap  mobile-access-gateway-configmap --from-file=application.yml=application.yml
-minikube kubectl -- create secret generic mobile-access-gateway-secret --from-file=client.jks=client-certificate.jks --from-file=server.p12=server-certificate.jks --from-file=idp.jks=client-certificate.jks
+minikube kubectl -- create secret generic mobile-access-gateway-secret --from-file=client.jks=client.jks --from-file=server.p12=server.p12
 minikube kubectl -- apply -f kubernetes-config.yml
 ````
 
+if you want to update the certificates
+minikube kubectl -- delete secret mobile-access-gateway-secret
+minikube kubectl -- delete configmap  mobile-access-gateway-configmap
+
+
 ## Using the Mobile Access Gateway service locally (in your browser etc...)
 ````
 minikube service mobile-access-gateway-service
 ````
 This will open your default browser with the correct URLs.
+
+-> use the port 9090 for localhost: http://localhost:9090/#/
+
+## setup
+
+---> localhost:9090 (http) ---> minikube NodePort 30090 --> port: 9090, targetPort (containerport): 9090
+---> localhost:9091 (https) ---> minikube NodePort 30091 --> port: 9091, targetPort (containerport): 9091

example-config/application.yml

@@ -2,13 +2,14 @@ mag:
   baseurl: http://localhost
   client-ssl:
     enabled: true
+# certificate from https://ehealthsuisse.ihe-europe.net/gss/certificate/view.seam?id=386
     key-store:
-      path: /secret/client.jks
-      password: a1b2c3
+      path: file:secret/client.jks
+      password: magpat
     truststore:
-      path: /secret/client.jks
-      password: a1b2c3
-    cert-alias: gateway
+      path: file:secret/client.jks
+      password: magpat
+    cert-alias: magpat
   xds:
     https: true
     iti-18:
@@ -36,12 +37,12 @@ mag:
     idp:
       name: idp-ehealthsuisse
       metadata-url: https://ehealthsuisse.ihe-europe.net/metadata/idp-metadata.xml
-      key-store: /secret/client.jks
-      key-store-password: a1b2c3
-      key-alias: gateway
-      key-password: a1b2c3
+      key-store: file:secret/client.jks
+      key-store-password: magpat
+      key-alias: magpat
+      key-password: magpat
     sp:
-      entity-id: mobileaccessgateway.pagekite.me
+      entity-id: mag.pagekite.me
     ap:
       url: https://ehealthsuisse.ihe-europe.net/STS
       wsdl: https://ehealthsuisse.ihe-europe.net/STS?wsdl
@@ -51,20 +52,20 @@ mag:
         redirect: https://oauthdebugger.com/debug
 
   audit:
-    audit-enabled: true
-    audit-tls-enabled: false
+    audit-enabled: false
+    audit-tls-enabled: true
     # in productive system audit-source-id must be same as audit-enterprise-site-id
     audit-enterprise-site-id: 1.3.6.1.4.1.21367.2017.2.7.109
-    audit-repository-host: 147.135.232.177
-    audit-repository-port: 3001
-    audit-repostiory-transport: UDP
-
-# https://docs.spring.io/spring-boot/docs/current/reference/html/appendix-application-properties.html#server-properties
+    audit-repository-host: ehealthsuisse.ihe-europe.net
+    audit-repository-port: 3202
+    audit-repostiory-transport: TLS
 
+# certificate from https://ehealthsuisse.ihe-europe.net/gss/certificate/view.seam?id=386
 server:
   max-http-header-size: 10000
   ssl:
+    key-alias: mag
+    key-password: magpat
     key-store: /secret/server.p12
-    key-store-password: a1b2c3
-    key-store-type: pkcs12
-    key-alias: bfh1
+    key-store-password: magpat
+    client-auth: NEED   

example-config/kubernetes-config.yml

@@ -21,7 +21,7 @@ spec:
           secretName: mobile-access-gateway-secret
       containers:
       - name: mobile-access-gateway
-        image: eu.gcr.io/fhir-ch/mag:v020        
+        image: europe-west6-docker.pkg.dev/ahdis-ch/ahdis/mag:v070        
         resources:
           requests:
             memory: "0.6Gi"
@@ -35,16 +35,16 @@ spec:
           mountPath: /secret
         livenessProbe:
           httpGet:
-            path: /fhir/metadata
+            path: /actuator/health
             port: 9090
-          initialDelaySeconds: 60
-          periodSeconds: 10
+          initialDelaySeconds: 20
+          periodSeconds: 2
         readinessProbe:
           httpGet:
-            path: /fhir/metadata
+            path: /actuator/health
             port: 9090
-          initialDelaySeconds: 90
-          periodSeconds: 10
+          initialDelaySeconds: 20
+          periodSeconds: 2
 ---
 apiVersion: v1
 kind: Service
@@ -55,10 +55,12 @@ spec:
   ports:
   - port: 9090
     name: http
-    targetPort: 9090    
+    targetPort: 9090
+    nodePort: 30090
   - port: 9091
     name: https
     targetPort: 9091
+    nodePort: 30091
   selector:
     app: mobile-access-gateway
 ---

example-config/test.http

@@ -0,0 +1,34 @@
+### PIXm Query with ERPSPID
+GET http://localhost:9090/fhir/Patient/$ihe-pix?sourceIdentifier=urn:oid:2.16.756.5.30.1.127.3.10.3|761337610411265304 HTTP/1.1
+Accept: application/fhir+json
+
+### PIXm Query with ERPSPID
+GET http://localhost:9090/fhir/Patient/$ihe-pix?sourceIdentifier=urn:oid:1.3.6.1.4.1.12559.11.25.1.19|PAM8776579876 HTTP/1.1
+Accept: application/fhir+json
+
+
+### PDQm with identifier
+GET http://localhost:9090/fhir/Patient?identifier=urn:oid:2.16.756.5.30.1.127.3.10.3|761337610411265304 HTTP/1.1
+Accept: application/fhir+json
+
+### PDQm with identifier
+GET http://localhost:9090/fhir/Patient?identifier=urn:oid:1.3.6.1.4.1.12559.11.25.1.19|PAM8776579876  HTTP/1.1
+Accept: application/fhir+json
+
+
+### registered also 1.3.6.1.4.1.12559.11.25.1.19 in our repository
+
+### certifactes used are from # certificate from https://ehealthsuisse.ihe-europe.net/gss/certificate/view.seam?id=386
+### verify that you have configured in restlcient the certificate for the host (rename der to cer)
+###
+###      "localhost:9091": {
+###        "cert": "/Users/oegger/Documents/github/k8s-fhir.ch/configurations/gazelle-ehealthsuisse/386.cer",
+###        "key":  "/Users/oegger/Documents/github/k8s-fhir.ch/configurations/gazelle-ehealthsuisse/386.key"
+###      }
+### Rest-client: Certificates
+### Certificate paths for different hosts. The path can be absolute path or relative path(relative to workspace or current http file)
+
+GET https://localhost:9091/fhir/Patient?identifier=urn:oid:1.3.6.1.4.1.12559.11.25.1.19|PAM8776579876  HTTP/1.1
+Accept: application/fhir+json
+
+### EPRS-SPID configured for ahdis xds tools repository   761337610411265304^^^SPID&2.16.756.5.30.1.127.3.10.3&ISO