Create health namespace & add apps #489
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was
linked to
issues
Jul 25, 2024
--- kubernetes/flux Kustomization: flux-system/cluster HelmRepository: flux-system/ohif-viewer
+++ kubernetes/flux Kustomization: flux-system/cluster HelmRepository: flux-system/ohif-viewer
@@ -0,0 +1,13 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: ohif-viewer
+ namespace: flux-system
+spec:
+ interval: 2h
+ url: https://charts.kylesferrazza.com
+
--- kubernetes/apps Kustomization: flux-system/cluster-apps Namespace: flux-system/health
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Namespace: flux-system/health
@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ goldilocks.fairwinds.com/enabled: 'true'
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ kustomize.toolkit.fluxcd.io/prune: disabled
+ name: health
+
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/ohif-viewer
+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/ohif-viewer
@@ -0,0 +1,42 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: cluster-apps
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: ohif-viewer
+ namespace: flux-system
+spec:
+ commonMetadata:
+ labels:
+ app.kubernetes.io/name: ohif-viewer
+ decryption:
+ provider: sops
+ secretRef:
+ name: sops-age
+ interval: 2h
+ path: ./kubernetes/apps/health/ohif-viewer/app
+ postBuild:
+ substitute:
+ APP: ohif-viewer
+ substituteFrom:
+ - kind: ConfigMap
+ name: cluster-settings
+ - kind: Secret
+ name: cluster-secrets
+ - kind: ConfigMap
+ name: cluster-user-settings
+ optional: true
+ - kind: Secret
+ name: cluster-user-secrets
+ optional: true
+ prune: true
+ retryInterval: 1m
+ sourceRef:
+ kind: GitRepository
+ name: home-kubernetes
+ targetNamespace: health
+ timeout: 5m
+ wait: false
+
--- kubernetes/apps/health/ohif-viewer/app Kustomization: flux-system/ohif-viewer HelmRelease: health/dicom-viewer
+++ kubernetes/apps/health/ohif-viewer/app Kustomization: flux-system/ohif-viewer HelmRelease: health/dicom-viewer
@@ -0,0 +1,90 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ labels:
+ app.kubernetes.io/name: ohif-viewer
+ kustomize.toolkit.fluxcd.io/name: ohif-viewer
+ kustomize.toolkit.fluxcd.io/namespace: flux-system
+ name: dicom-viewer
+ namespace: health
+spec:
+ chart:
+ spec:
+ chart: ohif
+ sourceRef:
+ kind: HelmRepository
+ name: ohif-viewer
+ namespace: flux-system
+ version: 0.1.0
+ install:
+ createNamespace: true
+ remediation:
+ retries: 3
+ interval: 30m
+ maxHistory: 2
+ uninstall:
+ keepHistory: false
+ upgrade:
+ cleanupOnFail: true
+ remediation:
+ retries: 3
+ strategy: rollback
+ values:
+ controllers:
+ ghostfolio:
+ annotations:
+ reloader.stakater.com/auto: 'true'
+ containers:
+ app:
+ env:
+ NODE_ENV: production
+ REDIS_HOST: dragonfly.database.svc.cluster.local.
+ REDIS_PORT: 6379
+ envFrom:
+ - secretRef:
+ name: ghostfolio-secret
+ image:
+ repository: docker.io/ohif/viewer
+ tag: 3.8.3
+ resources:
+ requests:
+ cpu: 100m
+ memory: 256Mi
+ initContainers:
+ init-db:
+ envFrom:
+ - secretRef:
+ name: ghostfolio-secret
+ image:
+ repository: ghcr.io/volschin/postgres-init
+ tag: 16
+ strategy: RollingUpdate
+ ingress:
+ app:
+ annotations:
+ external-dns.alpha.kubernetes.io/target: internal...PLACEHOLDER..
+ gethomepage.dev/description: Portfolio Management
+ gethomepage.dev/enabled: 'true'
+ gethomepage.dev/group: Finanzen
+ gethomepage.dev/icon: ghostfolio.png
+ gethomepage.dev/name: Ghostfolio
+ className: internal
+ enabled: true
+ hosts:
+ - host: '{{ .Release.Name }}...PLACEHOLDER..'
+ paths:
+ - path: /
+ service:
+ identifier: app
+ port: http
+ tls:
+ - hosts:
+ - '{{ .Release.Name }}...PLACEHOLDER..'
+ service:
+ app:
+ controller: dicom-viewer
+ ports:
+ http:
+ port: 3333
+ |
--- HelmRelease: health/dicom-viewer ConfigMap: health/ohif-config
+++ HelmRelease: health/dicom-viewer ConfigMap: health/ohif-config
@@ -0,0 +1,791 @@
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: ohif-config
+data:
+ orthanc-json: |
+ {
+
+ /**
+ * General configuration of Orthanc
+ **/
+
+ // The logical name of this instance of Orthanc. This one is
+ // displayed in Orthanc Explorer and at the URI "/system".
+ "Name" : "Orthanc inside Docker",
+
+ // Path to the directory that holds the heavyweight files (i.e. the
+ // raw DICOM instances). Backslashes must be either escaped by
+ // doubling them, or replaced by forward slashes "/".
+ "StorageDirectory" : "/var/lib/orthanc/db",
+
+ // Path to the directory that holds the SQLite index (if unset, the
+ // value of StorageDirectory is used). This index could be stored on
+ // a RAM-drive or a SSD device for performance reasons.
+ "IndexDirectory" : "/var/lib/orthanc/db",
+
+ // Path to the directory where Orthanc stores its large temporary
+ // files. The content of this folder can be safely deleted if
+ // Orthanc once stopped. The folder must exist. The corresponding
+ // filesystem must be properly sized, given that for instance a ZIP
+ // archive of DICOM images created by a job can weight several GBs,
+ // and that there might be up to "min(JobsHistorySize,
+ // MediaArchiveSize)" archives to be stored simultaneously. If not
+ // set, Orthanc will use the default temporary folder of the
+ // operating system (such as "/tmp/" on UNIX-like systems, or
+ // "C:/Temp" on Microsoft Windows).
+ // "TemporaryDirectory" : "/tmp/Orthanc/",
+
+ // Enable the transparent compression of the DICOM instances
+ "StorageCompression" : false,
+
+ // Maximum size of the storage in MB (a value of "0" indicates no
+ // limit on the storage size)
+ "MaximumStorageSize" : 0,
+
+ // Maximum number of patients that can be stored at a given time
+ // in the storage (a value of "0" indicates no limit on the number
+ // of patients)
+ "MaximumPatientCount" : 0,
+
+ // List of paths to the custom Lua scripts that are to be loaded
+ // into this instance of Orthanc
+ "LuaScripts" : [
+ ],
+
+ // List of paths to the plugins that are to be loaded into this
+ // instance of Orthanc (e.g. "./libPluginTest.so" for Linux, or
+ // "./PluginTest.dll" for Windows). These paths can refer to
+ // folders, in which case they will be scanned non-recursively to
+ // find shared libraries. Backslashes must be either escaped by
+ // doubling them, or replaced by forward slashes "/".
+ "Plugins" : [
+ "/usr/share/orthanc/plugins", "/usr/local/share/orthanc/plugins"
+ ],
+
+ // Maximum number of processing jobs that are simultaneously running
+ // at any given time. A value of "0" indicates to use all the
+ // available CPU logical cores. To emulate Orthanc <= 1.3.2, set
+ // this value to "1".
+ "ConcurrentJobs" : 2,
+
+
+ /**
+ * Configuration of the HTTP server
+ **/
+
+ // Enable the HTTP server. If this parameter is set to "false",
+ // Orthanc acts as a pure DICOM server. The REST API and Orthanc
+ // Explorer will not be available.
+ "HttpServerEnabled" : true,
+
+ // HTTP port for the REST services and for the GUI
+ "HttpPort" : 8042,
+
+ // When the following option is "true", if an error is encountered
+ // while calling the REST API, a JSON message describing the error
+ // is put in the HTTP answer. This feature can be disabled if the
+ // HTTP client does not properly handles such answers.
+ "HttpDescribeErrors" : true,
+
+ // Enable HTTP compression to improve network bandwidth utilization,
+ // at the expense of more computations on the server. Orthanc
+ // supports the "gzip" and "deflate" HTTP encodings.
+ "HttpCompressionEnabled" : true,
+
+ // Enable the publication of the content of the Orthanc server as a
+ // WebDAV share (new in Orthanc 1.8.0). On the localhost, the WebDAV
+ // share is mapped as "http://localhost:8042/webdav/".
+ "WebDavEnabled" : true,
+
+ // Whether to allow deletions through the WebDAV share. This is
+ // disabled by default to avoid accidental loss of DICOM instances.
+ "WebDavDeleteAllowed" : false,
+
+ // Whether to allow uploads through the WebDAV share.
+ "WebDavUploadAllowed" : true,
+
+
+
+ /**
+ * Configuration of the DICOM server
+ **/
+
+ // Enable the DICOM server. If this parameter is set to "false",
+ // Orthanc acts as a pure REST server. It will not be possible to
+ // receive files or to do query/retrieve through the DICOM protocol.
+ "DicomServerEnabled" : true,
+
+ // The DICOM Application Entity Title (cannot be longer than 16
+ // characters)
+ "DicomAet" : "ORTHANC",
+
+ // Check whether the called AET corresponds to the AET of Orthanc
+ // during an incoming DICOM SCU request
+ "DicomCheckCalledAet" : false,
+
+ // The DICOM port
+ "DicomPort" : 4242,
+
+ // The default encoding that is assumed for DICOM files without
+ // "SpecificCharacterSet" DICOM tag, and that is used when answering
+ // C-Find requests (including worklists). The allowed values are
+ // "Ascii", "Utf8", "Latin1", "Latin2", "Latin3", "Latin4",
+ // "Latin5", "Cyrillic", "Windows1251", "Arabic", "Greek", "Hebrew",
+ // "Thai", "Japanese", "Chinese", "JapaneseKanji", "Korean", and
+ // "SimplifiedChinese".
+ "DefaultEncoding" : "Latin1",
+
+ // The transfer syntaxes that are accepted by Orthanc C-Store SCP
+ "DeflatedTransferSyntaxAccepted" : true,
+ "JpegTransferSyntaxAccepted" : true,
+ "Jpeg2000TransferSyntaxAccepted" : true,
+ "JpegLosslessTransferSyntaxAccepted" : true,
+ "JpipTransferSyntaxAccepted" : true,
+ "Mpeg2TransferSyntaxAccepted" : true,
+ "RleTransferSyntaxAccepted" : true,
+ "Mpeg4TransferSyntaxAccepted" : true, // New in Orthanc 1.6.0
+
+ // Whether Orthanc accepts to act as C-Store SCP for unknown storage
+ // SOP classes (aka. "promiscuous mode")
+ "UnknownSopClassAccepted" : false,
+
+ // Set the timeout (in seconds) after which the DICOM associations
+ // are closed by the Orthanc SCP (server) if no further DIMSE
+ // command is received from the SCU (client).
+ "DicomScpTimeout" : 30,
+
+
+
+ /**
+ * Security-related options for the HTTP server
+ **/
+
+ // Whether remote hosts can connect to the HTTP server
+ "RemoteAccessAllowed" : true,
+
+ // Whether or not SSL is enabled
+ "SslEnabled" : false,
+
+ // Path to the SSL certificate used by the HTTP server. The file
+ // must be stored in the PEM format, and must contain both the
+ // certificate and the private key. This option is only meaningful
+ // if "SslEnabled" is true.
+ "SslCertificate" : "certificate.pem",
+
+ // Whether or not peer client certificates shall be checked. This
+ // option is only meaningful if "SslEnabled" is true.
+ "SslVerifyPeers" : false,
+
+ // Path to a file containing the concatenation of the client SSL
+ // certificate(s) that are trusted to verify the identify of remote
+ // HTTP clients. The individual certificate(s) must be stored in the
+ // PEM format. This option is only meaningful if "SslVerifyPeers"
+ // is true.
+ "SslTrustedClientCertificates" : "trustedClientCertificates.pem",
+
+ // Whether or not the password protection is enabled (using HTTP
+ // basic access authentication). Starting with Orthanc 1.5.8, if
+ // "AuthenticationEnabled" is not explicitly set, authentication is
+ // enabled iff. remote access is allowed (i.e. the default value of
+ // "AuthenticationEnabled" equals that of "RemoteAccessAllowed").
+
+ "AuthenticationEnabled" : false,
+
+ // The list of the registered users. Because Orthanc uses HTTP
+ // Basic Authentication, the passwords are stored as plain text.
+ "RegisteredUsers" : {"admin":"admin"},
+
+ /**
+ * Network topology
+ **/
+
+ // The list of the known DICOM modalities
+ "DicomModalities" : {
+ /**
+ * Uncommenting the following line would enable Orthanc to
+ * connect to an instance of the "storescp" open-source DICOM
+ * store (shipped in the DCMTK distribution), as started by the
+ * command line "storescp 2000". The first parameter is the
+ * AET of the remote modality (cannot be longer than 16
+ * characters), the second one is the remote network address,
+ * and the third one is the TCP port number corresponding
+ * to the DICOM protocol on the remote modality (usually 104).
+ **/
+ // "sample" : [ "STORESCP", "127.0.0.1", 2000 ]
+
+ /**
+ * A fourth parameter is available to enable patches for
+ * specific PACS manufacturers. The allowed values are currently:
+ * - "Generic" (default value),
+ * - "GenericNoWildcardInDates" (to replace "*" by "" in date fields
+ * in outgoing C-Find requests originating from Orthanc),
+ * - "GenericNoUniversalWildcard" (to replace "*" by "" in all fields
+ * in outgoing C-Find SCU requests originating from Orthanc),
+ * - "Vitrea",
+ * - "GE" (Enterprise Archive, MRI consoles and Advantage Workstation
+ * from GE Healthcare).
+ *
+ * This parameter is case-sensitive.
+ **/
+ // "vitrea" : [ "VITREA", "192.168.1.1", 104, "Vitrea" ]
+
+ /**
+ * By default, the Orthanc SCP accepts all DICOM commands (C-ECHO,
+ * C-STORE, C-FIND, C-MOVE, C-GET and storage commitment) issued by the
+ * registered remote SCU modalities. Starting with Orthanc 1.5.0,
[Diff truncated by flux-local]
--- HelmRelease: health/dicom-viewer Service: health/ohif
+++ HelmRelease: health/dicom-viewer Service: health/ohif
@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: ohif
+spec:
+ type: ClusterIP
+ ports:
+ - port: 80
+ targetPort: 80
+ protocol: TCP
+ name: http
+ selector:
+ app: ohif
+
--- HelmRelease: health/dicom-viewer Service: health/pacs
+++ HelmRelease: health/dicom-viewer Service: health/pacs
@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: pacs
+spec:
+ type: ClusterIP
+ ports:
+ - port: 80
+ targetPort: 8042
+ protocol: TCP
+ name: http
+ selector:
+ app: ohif
+
--- HelmRelease: health/dicom-viewer Deployment: health/ohif
+++ HelmRelease: health/dicom-viewer Deployment: health/ohif
@@ -0,0 +1,44 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: ohif
+spec:
+ selector:
+ matchLabels:
+ app: ohif
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: ohif
+ spec:
+ containers:
+ - name: pacs
+ image: jodogne/orthanc-plugins:latest
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 8042
+ volumeMounts:
+ - name: ohif-config
+ subPath: orthanc-json
+ mountPath: /etc/orthanc/orthanc.json
+ - name: ohif-viewer
+ image: ohif/viewer
+ ports:
+ - containerPort: 80
+ env:
+ - name: APP_CONFIG
+ value: /usr/share/nginx/html/app-config.js
+ volumeMounts:
+ - name: ohif-config
+ subPath: viewer-config
+ mountPath: /usr/share/nginx/html/app-config.js
+ - name: ohif-config
+ subPath: viewer-nginx-conf
+ mountPath: /etc/nginx/conf.d/default.conf
+ volumes:
+ - name: ohif-config
+ configMap:
+ name: ohif-config
+ |
volschin
force-pushed
the
health
branch
2 times, most recently
from
106bb65
to
56ef038
Compare
…ealth/namespace.yaml
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.