Issue/500 support for other engines

dsf-podman-dev-setup/bpe/kube.yaml

@@ -0,0 +1,300 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: dsf-fhir-db-passwords
+type: Opaque
+stringData:
+  db_liquibase.password: "PW99vXYyTbBTGzemQbCnVb4Bce7xuzcU77W5BUCVjYTjbwleVfpTXkQWtGFHYrT8"
+  db_user_engine.password: "dcPa7a9wTCaTxFk7BdjmCuQp8k29e2eL"
+  db_user.password: "8s4cGYqY41mrWqTmwhZ3beVQcz6wc3Yr"
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dsf-bpe-proxy
+  labels:
+    app: dsf-bpe-proxy
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dsf-bpe-proxy
+  template:
+    metadata:
+      labels:
+        app: dsf-bpe-proxy
+    spec:
+      restartPolicy: Always
+      containers:
+        - name: proxy
+          image: datasharingframework/bpe_proxy
+          env:
+            - name: TZ
+              value: "Europe/Berlin"
+            - name: HTTPS_SERVER_NAME_PORT
+              value: "localhost:443"
+            - name: APP_SERVER_IP
+              value: "dsf-bpe-app"
+            - name: SSL_CERTIFICATE_FILE
+              value: "/run/secrets/bpe.crt"
+            - name: SSL_CERTIFICATE_KEY_FILE
+              value: "/run/secrets/bpe.key.plain"
+            - name: SSL_CERTIFICATE_CHAIN_FILE
+              value: "/run/secrets/issuing_ca.crt"
+            - name: SSL_CA_CERTIFICATE_FILE
+              value: "/run/secrets/ca_chain.crt"
+            - name: SSL_CA_DN_REQUEST_FILE
+              value: "/run/secrets/issuing_ca.crt"
+            - name: SSL_EXPECTED_CLIENT_I_DN_CN_VALUES
+              value: "'DSF Dev Issuing CA'"
+          ports:
+            - containerPort: 80
+              hostPort: 8080
+              hostIP: 127.0.0.1
+            - containerPort: 443
+              hostPort: 8443
+              hostIP: 127.0.0.1
+          volumeMounts:
+            - name: bpe-crt
+              mountPath: /run/secrets/bpe.crt
+              subPath: bpe.crt
+              readOnly: true
+            - name: bpe-key-plain
+              mountPath: /run/secrets/bpe.key.plain
+              subPath: bpe.key.plain
+              readOnly: true
+            - name: issuing-ca-crt
+              mountPath: /run/secrets/issuing_ca.crt
+              subPath: issuing_ca.crt
+              readOnly: true
+            - name: ca-chain-crt
+              mountPath: /run/secrets/ca_chain.crt
+              subPath: ca_chain.crt
+              readOnly: true
+      volumes:
+        - name: bpe-crt
+          hostPath:
+            path: ./secrets/bpe.crt
+            type: File
+        - name: bpe-key-plain
+          hostPath:
+            path: ./secrets/bpe.key.plain
+            type: File
+        - name: issuing-ca-crt
+          hostPath:
+            path: ./secrets/issuing_ca.crt
+            type: File
+        - name: ca-chain-crt
+          hostPath:
+            path: ./secrets/ca_chain.crt
+            type: File
+---
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: dsf-bpe-app-config
+data:
+  application.yml: |
+    dev:
+      dsf:
+        log:
+          data:
+            file:
+              enabled: true
+        bpe:
+          db:
+            url: jdbc:postgresql://dsf-bpe-db/bpe
+            liquibase:
+              password:
+                file: /run/secrets/db_liquibase.password
+            user:
+              password:
+                file: /run/secrets/db_user.password
+              engine:
+                password:
+                  file: /run/secrets/db_user_engine.password
+          fhir:
+            client:
+              trust:
+                server:
+                  certificate:
+                    cas: /run/secrets/root_ca.crt
+            server:
+              base:
+                url: https://dsf-bpe-proxy:8443/bpe
+          server:
+            ui:
+              theme: dev
+            base:
+              url: https://dsf-bpe-proxy:8443/bpe
+            roleconfig: |
+              - webbrowser_test_user:
+                  thumbprint: ${WEBBROWSER_TEST_USER_THUMBPRINT}
+                  dsf-role:
+                    - ADMIN
+        server:
+          auth:
+            trust:
+              client:
+                certificate:
+                  cas: /run/secrets/ca_chain.crt
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dsf-bpe-app
+  labels:
+    app: dsf-bpe-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dsf-bpe-app
+  template:
+    metadata:
+      labels:
+        app: dsf-bpe-app
+    spec:
+      restartPolicy: Always
+      containers:
+        - name: app
+          image: datasharingframework/bpe
+          ports:
+            - containerPort: 5002
+              hostPort: 5002
+              hostIP: 127.0.0.1
+          env:
+            - name: TZ
+              value: "Europe/Berlin"
+            - name: EXTRA_JVM_ARGS
+              value: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5002"
+            - name: SPRING_CONFIG_ADDITIONAL_LOCATION
+              value: "file:/config/application.yml"
+            # conflict with dev.dsf.bpe.fhir.client.certificate.private.*
+            # (Scalar vs. nested key under the same parent) and therefore remain as ENV
+            - name: DEV_DSF_BPE_FHIR_CLIENT_CERTIFICATE
+              value: "/run/secrets/bpe.crt"
+            - name: DEV_DSF_BPE_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY
+              value: "/run/secrets/bpe.key"
+            - name: DEV_DSF_BPE_FHIR_CLIENT_CERTIFICATE_PRIVATE_KEY_PASSWORD
+              value: "password"
+          volumeMounts:
+            - name: spring-application-config
+              mountPath: /config
+              readOnly: true
+            - name: bpe-process
+              mountPath: /opt/bpe/process
+              readOnly: true
+            - name: bpe-log
+              mountPath: /opt/bpe/log
+            - name: db-passwords
+              mountPath: /run/secrets/db_liquibase.password
+              subPath: db_liquibase.password
+              readOnly: true
+            - name: db-passwords
+              mountPath: /run/secrets/db_user.password
+              subPath: db_user.password
+              readOnly: true
+            - name: db-passwords
+              mountPath: /run/secrets/db_user_engine.password
+              subPath: db_user_engine.password
+              readOnly: true
+            - name: root-ca-crt
+              mountPath: /run/secrets/root_ca.crt
+              subPath: root_ca.crt
+              readOnly: true
+            - name: bpe-crt
+              mountPath: /run/secrets/bpe.crt
+              subPath: bpe.crt
+              readOnly: true
+            - name: bpe-key
+              mountPath: /run/secrets/bpe.key
+              subPath: bpe.key
+              readOnly: true
+            - name: ca-chain-crt
+              mountPath: /run/secrets/ca_chain.crt
+              subPath: ca_chain.crt
+              readOnly: true
+      volumes:
+        - name: spring-application-config
+          configMap:
+            name: dsf-bpe-app-config
+        - name: bpe-process
+          hostPath:
+            path: ./process
+            type: Directory
+        - name: bpe-log
+          hostPath:
+            path: ./log
+            type: Directory
+        - name: db-passwords
+          secret:
+            secretName: dsf-fhir-db-passwords
+        - name: root-ca-crt
+          hostPath:
+            path: ./secrets/root_ca.crt
+            type: File
+        - name: bpe-crt
+          hostPath:
+            path: ./secrets/bpe.crt
+            type: File
+        - name: bpe-key
+          hostPath:
+            path: ./secrets/bpe.key
+            type: File
+        - name: ca-chain-crt
+          hostPath:
+            path: ./secrets/ca_chain.crt
+            type: File
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: dsf-bpe-db
+  labels:
+    app: dsf-bpe-db
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: dsf-bpe-db
+  template:
+    metadata:
+      labels:
+        app: dsf-bpe-db
+    spec:
+      restartPolicy: Always
+      containers:
+        - name: db
+          image: docker.io/library/postgres:18
+          env:
+            - name: TZ
+              value: "Europe/Berlin"
+            - name: POSTGRES_PASSWORD_FILE
+              value: "/run/secrets/db_liquibase.password"
+            - name: POSTGRES_USER
+              value: "liquibase_user"
+            - name: POSTGRES_DB
+              value: "bpe"
+          livenessProbe:
+            exec:
+              command:
+                - pg_isready
+                - -U
+                - liquibase_user
+                - -d
+                - bpe
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 5
+          volumeMounts:
+            - name: db-passwords
+              mountPath: /run/secrets/db_liquibase.password
+              subPath: db_liquibase.password
+              readOnly: true
+      volumes:
+        - name: db-passwords
+          secret:
+            secretName: dsf-fhir-db-passwords

dsf-podman-dev-setup/bpe/log/README.md

@@ -0,0 +1 @@
+Empty folder for log files

dsf-podman-dev-setup/bpe/process/README.md

@@ -0,0 +1 @@
+Empty folder for process jars

dsf-podman-dev-setup/bpe/secrets/db_liquibase.password

@@ -0,0 +1 @@
+PW99vXYyTbBTGzemQbCnVb4Bce7xuzcU77W5BUCVjYTjbwleVfpTXkQWtGFHYrT8

dsf-podman-dev-setup/bpe/secrets/db_user.password

@@ -0,0 +1 @@
+8s4cGYqY41mrWqTmwhZ3beVQcz6wc3Yr

dsf-podman-dev-setup/bpe/secrets/db_user_engine.password

@@ -0,0 +1 @@
+dcPa7a9wTCaTxFk7BdjmCuQp8k29e2eL