diff --git a/charts/ohdsi/Chart.yaml b/charts/ohdsi/Chart.yaml index 2fd10751..60247811 100644 --- a/charts/ohdsi/Chart.yaml +++ b/charts/ohdsi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: ohdsi description: A Helm chart for deploying OHDSI ATLAS and WebAPI. type: application -version: 0.3.0 +version: 0.3.1 home: https://github.com/OHDSI keywords: - ohdsi diff --git a/charts/ohdsi/README.md b/charts/ohdsi/README.md index 5d127e6c..9eeb7df4 100644 --- a/charts/ohdsi/README.md +++ b/charts/ohdsi/README.md @@ -69,11 +69,11 @@ The following table lists the configurable parameters of the `ohdsi` chart and t | webApi.image.repository | | `chgl/ohdsi/webapi` | | webApi.image.tag | | `2.8.0-snapshot` | | webApi.image.pullPolicy | | `Always` | -| webApi.db.host | | `"db"` | -| webApi.db.port | | `5432` | -| webApi.db.database | | `"ohdsi"` | -| webApi.db.username | | `"postgres"` | -| webApi.db.password | | `"postgres"` | +| webApi.db.host | database hostname | `"host.example.com"` | +| webApi.db.port | port used to connect to the postgres DB | `5432` | +| webApi.db.database | name of the database inside. If postgresql.enabled=true, then postgresql.postgresqlDatabase is used | `"ohdsi"` | +| webApi.db.username | username used to connect to the DB. Note that this name is currently used even if postgresql.enabled=true | `"postgres"` | +| webApi.db.password | the database password. Only used if postgresql.enabled=false, otherwise the secret created by the postgresql chart is used | `"postgres"` | | webApi.db.existingSecret | name of an existing secret containing the password to the DB. | `""` | | webApi.db.existingSecretKey | name of the key in `webApi.db.existingSecret` to use as the password to the DB. | `"postgresql-postgres-password"` | | webApi.podAnnotations | annotations applied to the WebAPI pod | `{}` | diff --git a/charts/ohdsi/templates/achilles-cronjob.yaml b/charts/ohdsi/templates/achilles-cronjob.yaml index 229aa052..01a4b768 100644 --- a/charts/ohdsi/templates/achilles-cronjob.yaml +++ b/charts/ohdsi/templates/achilles-cronjob.yaml @@ -20,16 +20,22 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} automountServiceAccountToken: false + {{- with .podSecurityContext}} securityContext: - {{- toYaml .podSecurityContext | nindent 12 }} + {{- toYaml . | nindent 12 }} + {{- end }} containers: - name: achilles-cron - securityContext: - {{- toYaml .securityContext | nindent 16 }} image: "{{ .image.registry }}/{{ .image.repository }}:{{ .image.tag }}" imagePullPolicy: {{ .image.pullPolicy }} + {{- with .securityContext}} + securityContext: + {{- toYaml . | nindent 16 }} + {{- end }} + {{- with .resources}} resources: - {{- toYaml .resources | nindent 16 }} + {{- toYaml . | nindent 16 }} + {{- end }} env: - name: ACHILLES_DB_URI value: {{ include "ohdsi.webapi.jdbcUrl" $ | replace "jdbc:" ""}} diff --git a/charts/ohdsi/templates/atlas-deployment.yaml b/charts/ohdsi/templates/atlas-deployment.yaml index 86a4d64f..09498869 100644 --- a/charts/ohdsi/templates/atlas-deployment.yaml +++ b/charts/ohdsi/templates/atlas-deployment.yaml @@ -33,12 +33,16 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} automountServiceAccountToken: false + {{- with .podSecurityContext}} securityContext: - {{- toYaml .podSecurityContext | nindent 8 }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: atlas + {{- with .securityContext}} securityContext: - {{- toYaml .securityContext | nindent 12 }} + {{- toYaml . | nindent 12 }} + {{- end }} image: "{{ .image.registry }}/{{ .image.repository }}:{{ .image.tag }}" imagePullPolicy: {{ .image.pullPolicy }} ports: @@ -63,8 +67,10 @@ spec: timeoutSeconds: {{ .readinessProbe.timeoutSeconds }} successThreshold: {{ .readinessProbe.successThreshold }} failureThreshold: {{ .readinessProbe.failureThreshold }} + {{- with .resources}} resources: - {{- toYaml .resources | nindent 12 }} + {{- toYaml . | nindent 12 }} + {{- end }} env: {{- if .webApiUrl }} - name: WEBAPI_URL @@ -74,6 +80,8 @@ spec: {{- $host := (index $.Values.webApi.ingress.hosts 0) }} {{- $path := index (index $.Values.webApi.ingress.hosts 0).paths 0 }} value: http{{ if $.Values.webApi.ingress.tls }}s{{ end }}://{{ $host.host }}{{ $path }} + {{- else }} + [] {{- end }} {{- if .extraEnv }} {{- toYaml .extraEnv | nindent 12 }} diff --git a/charts/ohdsi/templates/cdm-init-job.yaml b/charts/ohdsi/templates/cdm-init-job.yaml index c99b639c..cafa40b8 100644 --- a/charts/ohdsi/templates/cdm-init-job.yaml +++ b/charts/ohdsi/templates/cdm-init-job.yaml @@ -30,8 +30,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} automountServiceAccountToken: false + {{- with .securityContext }} securityContext: - {{- toYaml .podSecurityContext | nindent 8 }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: cdm-init image: "{{ .image.registry }}/{{ .image.repository }}:{{ .image.tag }}" @@ -51,15 +53,27 @@ spec: - name: PGUSER value: {{ $.Values.webApi.db.username }} - name: PGHOST + {{- if $.Values.postgresql.enabled }} {{- $fullname := ( include "ohdsi.fullname" $ ) }} {{- $pgServiceName := ( printf "%s-%s" $fullname "postgresql") }} value: "{{ $pgServiceName }}" + {{- else }} + value: {{ $.Values.webApi.db.host }} + {{- end }} - name: PGPORT value: {{ $.Values.webApi.db.port | quote }} - name: PGDATABASE + {{- if $.Values.postgresql.enabled }} + value: {{ $.Values.postgresql.postgresqlDatabase }} + {{- else }} value: {{ $.Values.webApi.db.database }} + {{- end }} - name: WEBAPI_URL + {{- if $.Values.atlas.webApiUrl }} + value: {{ $.Values.atlas.webApiUrl }} + {{- else }} value: "http://{{ include "ohdsi.fullname" $ }}-webapi:{{ $.Values.webApi.service.port }}/WebAPI" + {{- end }} {{- if .extraEnv }} {{- toYaml .extraEnv | nindent 12 }} {{- end }} diff --git a/charts/ohdsi/templates/webapi-db-secret.yaml b/charts/ohdsi/templates/webapi-db-secret.yaml index 62650079..7cdefb32 100644 --- a/charts/ohdsi/templates/webapi-db-secret.yaml +++ b/charts/ohdsi/templates/webapi-db-secret.yaml @@ -1,5 +1,5 @@ {{- if .Values.webApi.enabled }} -{{- if not .Values.postgresql.enabled -}} +{{- if and (not .Values.postgresql.enabled) (not .Values.webApi.db.existingSecret) -}} apiVersion: v1 kind: Secret metadata: diff --git a/charts/ohdsi/values.yaml b/charts/ohdsi/values.yaml index 46cba09d..5be718bd 100644 --- a/charts/ohdsi/values.yaml +++ b/charts/ohdsi/values.yaml @@ -63,10 +63,15 @@ webApi: pullPolicy: Always db: - host: "db" + # database hostname + host: "host.example.com" + # port used to connect to the postgres DB port: 5432 + # name of the database inside. If postgresql.enabled=true, then postgresql.postgresqlDatabase is used database: "ohdsi" + # username used to connect to the DB. Note that this name is currently used even if postgresql.enabled=true username: "postgres" + # the database password. Only used if postgresql.enabled=false, otherwise the secret created by the postgresql chart is used password: "postgres" # name of an existing secret containing the password to the DB. existingSecret: ""