Skip to content

Kodjin Configuration

How to enable history functionality

History should be configured in common configuration file for all services - globals.yaml.gotmpl. The configuration file's path is - etc/kodjin/{environment}/globals.yaml.gotmpl

History will only start to record events after you enable it. It will not get filled with existing data. For this reason it is highly recommended to enable history before cluster creation

  1. Check Zookeeper worker group present, if not add it to the file:

etc/cluster/worker-groups.<environment>.auto.tfvars

worker_groups = [
# . . .
  {
    name                 = "zookeeper"
    instance_type        = "t3.small"
    additional_userdata  = "t3.small"
    asg_desired_capacity = 3
    asg_max_size         = 3
    asg_min_size         = 3
    ami_id               = "ami-0dd8af8522cf16846"
    kubelet_extra_args   = "--node-labels=db=zookeeper --register-with-taints=key=zookeeper:NoSchedule"
    root_volume_size     = "50"
    root_volume_type     = "gp3"
    enable_monitoring    = false
  },
]

AMI ID ami-0dd8af8522cf16846 is different per each region.

  1. Enable clickhouse and zookeeper releases in deps:

etc/deps/<environment>/releases.yaml

zookeeper:
  enabled: true
clickhouse:
  enabled: true
  1. Check whether the secrets exist and have the following format:

etc/deps/<environment>/secrets/clickhouse-operator.yaml

secret:
    username: ENC[username]
    password: ENC[password]
. . .

Ensure username and password are under secret, not operator.

  1. Enable the fhir-server-clickhouse-migrations release in kodjin:

etc/kodjin/<environment>/releases.yaml

fhir-server-clickhouse-migrations:
  enabled: true
  1. Enable the fhir-server-kafka-config-secrets-sync release in kodjin:

etc/kodjin/<environment>/releases.yaml

fhir-server-kafka-config-secrets-sync:
  enabled: true

This release should be enabled by default, anyway you should check it.

  1. Set HISTORY_ENABLED to true in kodjin globals:

etc/kodjin/<environment>/globals.yaml.gotmpl

envs:
  history:
    HISTORY_ENABLED: true

If HISTORY_ENABLED was set to true after cluster creation (which is not recommended) all the relevant releases should be deployed using rmk tool
rmk release sync

How to switch on Multi-tenancy on Kodjin cluster

Headers and access token claims should be configured in Kodjin's infrastructure configuration file.

The configuration file indicates whether multi-tenancy is enabled and also provides information about URLs excluded from the multi-tenancy logic. The configuration file's path is - etc/kodjin/<environment>/values/fhir-config/multitenancy.json

Example of the file

{
  "enabled": true,
  "required_metadata": {
    "tenant-id": {
      "rbac_claim": "practice_ids"
    },
    "owned-by": {
      "rbac_claim": "organization_id"
    }
  },
  "exclude_resources": [
    "CapabilityStatement",
    "ImplementationGuide",
    "SearchParameter",
    "ValueSet",
    "CodeSystem",
    "ConceptMap",
    "StructureDefinition"
  ]
}

Add to required_metadata one or two headers, based on your requirements. Here we used two as an example only

This configuration file should be delivered to Kodjin FHIR server services that support the multi-tenancy option. Kodjin's infrastructure configuration is pre-configured to deliver this configuration to services using a common configuration for all services - globals.yaml.gotmpl

Configuring bulk-export operation

To change the default value for time while exported resources are accessible for downloading (time-to-live or TTL) by bulk-export operation the Kodjin's cluster administrator should override the default value. The configuration file's path is: etc/kodjin/{environment}/values/fhir-server-search-export.yaml.gotmpl. Then add or modify value: OBJECT_TTL: 10

If OBJECTS_TTL value was changed after the cluster has been created all the fhir-server-search-export release should be deployed using rmk tool
rmk release -- -l app=fhir-server-search-export sync

How to enable/disable opentelemetry tracing

You can enable or disable tracing in your Kodjin environment. If you enable tracing it will use elastic search storage and will affect Kodjin performance.

Enable opentelemetry tracing

  1. Enable jaeger releases in deps:

etc/deps/<environment>/releases.yaml: 

jaeger:
  enabled: true

  1. Remove traefik.yaml config file from etc/deps/<environment>/values directory.

  2. Set OTEL_SDK_DISABLED to false in kodjin globals:

etc/kodjin/<environment>/globals.yaml.gotmpl: 

envs:
  opentelemetry:
    OTEL_SDK_DISABLED: false

Disable opentelemetry tracing

  1. Disable jaeger releases in deps:

etc/deps/<environment>/releases.yaml: 

jaeger:
  enabled: false

or remove lines from etc/deps/<environment>/releases.yaml:

jaeger:
  enabled: true
  1. Add new traefik.yaml config file to etc/deps/<environment>/values directory with content from corresponded config file from cache - .helmfile/cache/deps.bootstrap.infra-v<version>/etc/deps/<environment>/values/traefik.yaml. You need only additionalArguments key from source file. For example:
additionalArguments:
  - --entryPoints.web.forwardedHeaders.insecure=true
  - --entryPoints.websecure.forwardedHeaders.insecure=true
  - --tracing=true
  - --tracing.serviceName=traefik-edge
  - --tracing.jaeger=true
  - --tracing.jaeger.disableAttemptReconnecting=false
  - --tracing.jaeger.samplingServerURL=http://jaeger-ingress-agent.observability:5778/sampling
  - --tracing.jaeger.collector.endpoint=http://jaeger-collector.observability:14268/api/traces?format=jaeger.thrift

Then change tracing and tracing.jaeger arguments to false. Using the example above you will get content like this:

additionalArguments:
  - --entryPoints.web.forwardedHeaders.insecure=true
  - --entryPoints.websecure.forwardedHeaders.insecure=true
  - --tracing=false
  - --tracing.serviceName=traefik-edge
  - --tracing.jaeger=false
  - --tracing.jaeger.disableAttemptReconnecting=false
  - --tracing.jaeger.samplingServerURL=http://jaeger-ingress-agent.observability:5778/sampling
  - --tracing.jaeger.collector.endpoint=http://jaeger-collector.observability:14268/api/traces?format=jaeger.thrift

Save file.

  1. Set OTEL_SDK_DISABLED to true in kodjin globals:

etc/kodjin/<environment>/globals.yaml.gotmpl: 

envs:
  opentelemetry:
    OTEL_SDK_DISABLED: true

Note: Keep in mind that disabling tracing does not automatically remove traces from the storage. To delete information about tracks, you need to delete the corresponding indexes in elasticsearch by searching for them using the prefix “observability-jaeger-*”.