adds k8s

[bwalsh]

PR Description

This PR moves the HAPI service to Google Kubernetes Engine (GKE) and POSTGRES database to Cloud SQL for PostgreSQL

Summary

This PR introduces the initial commit of the project files, including environment configuration, deployment scripts, and documentation. Note that these files are untested and may require further validation and adjustments.

Changes

1. Environment Variables:

   • Added .env-k8s-sample to define necessary environment variables for the project.

2. Shell Scripts:

   • create_hapi_k8s_postgres.sh:
     • Script to create a Cloud SQL instance and set up the PostgreSQL database.
   • create_hapi_k8s.sh:
     • Script to create a GKE instance to host HAPI server and use the PostgreSQL database.
   • deploy_hapi_k8s.sh:
     • Script to deploy the HAPI FHIR server and the PostgreSQL database on a Kubernetes cluster using Helm.

3. Documentation:

   • Added google-fhir-proxy/README.md to provide an overview of the Google FHIR Proxy, its functionality, and setup instructions.

Additional Notes

• These files are untested and may require further validation and adjustments.
• Future commits will include testing and validation of the provided scripts and configurations.

Known issues

• moving swag nginx to k8s as ingress?

[bwalsh]

@teslajoy @parkergray221 FYI. @lbeckman314 can you review?

[lbeckman314]

Testing Steps 🌀

0. Prerequisites

README-hapi-k8s.md#prerequisites

• A Google Cloud project with billing enabled.
• A GKE cluster created.
• A Cloud SQL for PostgreSQL instance created.
• A service account with the necessary permissions to access Cloud SQL.
• kubectl and helm installed and configured.
• The hapi-fhir-jpaserver Helm chart added to your Helm repositories. (If using the repo from examples, make sure its added)

gcloud CLI

https://cloud.google.com/sdk/docs/install

➜ which gcloud
$HOME/google-cloud-sdk/bin/gcloud

➜ gcloud version
Google Cloud SDK 507.0.0
bq 2.1.12
core 2025.01.17
gcloud-crc32c 1.0.0
gsutil 5.33

➜ gcloud auth login

➜ gcloud config set project bmeg-io

1. Checking Out PR #3

➜ git clone https://github.com/FHIR-Aggregator/cloud

➜ cd cloud

➜ gh pr checkout 3
branch 'feature/k8s' set up to track 'origin/feature/k8s'.
Switched to a new branch 'feature/k8s'

2. Updating Environmental Variables

➜ cp .env-k8s-sample .env

# Add password here
➜ vim .env

➜ cat .env
PROJECT_ID="bmeg-io"
REGION="us-west1"
CLUSTER_NAME="hapi-k8s"
NUM_NODES=3

ZONE="us-west1"
NAMESPACE="fhir"
CLOUD_SQL_INSTANCE="hapi-sql"
DATABASE_NAME="hapi"
DATABASE_USER="tester"
DATABASE_PASSWORD="<PASSWORD>"
CHART_REPO="https://hapifhir.github.io/hapi-fhir-jpaserver-starter/"
CHART_NAME="hapi-fhir-jpaserver"

# https://cloud.google.com/sql/docs/postgres/instance-settings#machine-type-2ndgen
# https://github.com/serverpod/serverpod/issues/2373#issuecomment-2166913141
DATABASE_TIER="db-custom-1-3840"

➜ source .env

3.Run Deployment Scripts ✅

create_hapi_k8s_postgres.sh ✅

Had to manually change password for the postgres user here: https://console.cloud.google.com/sql/instances/hapi-sql/users?project=bmeg-io

➜ ./create_hapi_k8s_postgres.sh

User is authenticated with gdcloud
Creating Cloud SQL instance for POSTGRES_14...done.
Created [https://sqladmin.googleapis.com/sql/v1beta4/projects/bmeg-io/instances/hapi-sql].
NAME      DATABASE_VERSION  LOCATION       TIER              PRIMARY_ADDRESS  PRIVATE_ADDRESS  STATUS
hapi-sql  POSTGRES_14       us-central1-a  db-custom-1-3840  34.68.58.136     -                RUNNABLE

To take a quick anonymous survey, run:
  $ gcloud survey

Creating Cloud SQL database...done.
Created database [hapi].
instance: hapi-sql
name: hapi
project: bmeg-io
Creating Cloud SQL user...done.
Created user [hapi_user].
Allowlisting your IP for incoming connection for 5 minutes...
.....done.
Connecting to database with SQL user [postgres].Password:
GRANT
backendType: SECOND_GEN
connectionName: bmeg-io:us-central1:hapi-sql
createTime: '2025-02-25T00:48:37.792Z'
databaseInstalledVersion: POSTGRES_14_15
...
state: RUNNABLE

create_hapi_k8s.sh ✅

➜ ./create_hapi_k8s.sh

./create_hapi_k8s.sh
To inspect the contents of your cluster, go to: https://console.cloud.google.com/kubernetes/workload_/gcloud/us-west1/hapi-k8s?project=bmeg-io

CRITICAL: ACTION REQUIRED: gke-gcloud-auth-plugin, which is needed for continued use of kubectl, was not found or is not executable. Install gke-gcloud-auth-plugin for use with kubectl by following https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-access-for-kubectl#install_plugin

kubeconfig entry generated for hapi-k8s.

NAME      LOCATION  MASTER_VERSION      MASTER_IP     MACHINE_TYPE  NODE_VERSION        NUM_NODES  STATUS
hapi-k8s  us-west1  1.31.5-gke.1068000  34.19.11.198  e2-medium     1.31.5-gke.1068000  9          RUNNING
Checking cluster status...
...
status: RUNNING
subnetwork: default
zone: us-west1
Cluster creation complete.  You can now connect to your cluster using:
gcloud container clusters get-credentials hapi-k8s --region us-west1 --project bmeg-io

deploy_hapi_k8s.sh ❌

➜ ./deploy_hapi_k8s.sh
error: failed to create secret Post "https://34.19.11.198/api/v1/namespaces/fhir/secrets?fieldManager=kubectl-create&fieldValidation=Strict": getting credentials: exec: exe
cutable gke-gcloud-auth-plugin not found

It looks like you are trying to use a client-go credential plugin that is not installed.

Additional Resources 📚

• README.md
• README-hapi-k8s.md
• PR #2 Test Steps

[lbeckman314]

Note to self: Still need to run create_hapi_k8s_postgres.sh once the Postgres database is created successfully...

[lbeckman314]

This line should be removed or commented out:

➜ ./create_hapi_k8s_postgres.sh
./create_hapi_k8s_postgres.sh: line 15: syntax error near unexpected token `('

[lbeckman314]

Changed --cluster-autoscaling to --enable-autoscaling to resolve this error:

➜ ./create_hapi_k8s.sh

ERROR: (gcloud.container.clusters.create) unrecognized arguments: --cluster-autoscaling (did you mean '--enable-autoscaling'?)