onco-analytics-on-fhir

This software is used to transform oncological basic data set (oBDS) XML files from tumor documentation systems to HL7® FHIR® and to a tabular format.

Modular Pipeline

[publication to be cited here]

Installation

Installation: Docker Compose Setup

Please follow along here: docker-compose/README.md

Installation: kubernetes setup

Prerequisites

• helm

Steps

Install K3S Cluster

curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION=v1.26.1+k3s1 sh -

# optional: modify the kube config to allow running kubectl commands as a non-root user
# alternatively, prefix each kubectl and helm command with `sudo`
mkdir ~/.kube
sudo k3s kubectl config view --raw > ~/.kube/config
chmod 600 ~/.kube/config

kubectl get nodes

# create a namespace to isolate the installation
export ONCO_ANALYTICS_NAMESPACE_NAME=bzkf-onco-analytics
kubectl create namespace ${ONCO_ANALYTICS_NAMESPACE_NAME} --dry-run=client -o yaml | kubectl apply -f -
kubectl config set-context --current --namespace=${ONCO_ANALYTICS_NAMESPACE_NAME}

Air-gapped

Download the air-gapped installer and move it to the deployment machine:

curl -L -O https://github.com/bzkf/onco-analytics-on-fhir/releases/download/v2.2.2/air-gapped-installer.tgz

Run the following steps on the deployment machine.

Extract the archive:

tar xvzf ./air-gapped-installer.tgz

Prepare the images directory and k3s binary:

mkdir -p /var/lib/rancher/k3s/agent/images/
cp ./dist/air-gapped/k3s/k3s-airgap-images-amd64.tar /var/lib/rancher/k3s/agent/images/

cp ./dist/air-gapped/bin/k3s /usr/local/bin/k3s

Run the install script:

chmod +x ./dist/air-gapped/bin/install.sh
INSTALL_K3S_SKIP_DOWNLOAD=true ./dist/air-gapped/bin/install.sh

Run the script to import all required images:

chmod +x ./dist/air-gapped/bin/import-images-into-k3s.sh
IMAGE_FOLDER=./dist/air-gapped/images ./dist/air-gapped/bin/import-images-into-k3s.sh

Install Strimzi Operator and Kafka

helm upgrade --install --wait --timeout=10m --version=2.2.2 prerequisites oci://ghcr.io/bzkf/onco-analytics-on-fhir/charts/prerequisites

kubectl apply -f k8s/kafka-cluster.yaml
kubectl wait kafka/bzkf-dizbox-cluster --for=condition=Ready --timeout=300s

# Optionally install KafkaBridge
kubectl apply -f k8s/kafka-bridge.yaml
kubectl wait kafkabridge/bzkf-dizbox-bridge --for=condition=Ready --timeout=300s

kubectl get all -A

Install onco-analytics-on-fhir

helm upgrade --install --wait --timeout=10m --version=2.2.2 onco-analytics-on-fhir oci://ghcr.io/bzkf/onco-analytics-on-fhir/charts/onco-analytics-on-fhir

# test the installation
helm test onco-analytics-on-fhir

kubectl wait deployment/onco-analytics-on-fhir-stream-processors-obds-to-fhir --for=condition=Available --timeout=300s
kubectl wait deployment/onco-analytics-on-fhir-stream-processors-fhir-to-server --for=condition=Available --timeout=300s

TODOs

• https://docs.k3s.io/security/hardening-guide
• set ACL for KafkaUsers to relevant topics
• hardening: change existing passwords; show how to add existing secrets via kubectl. kubectl create secret generic --from-literal='GPAS__AUTH__BASIC__PASSWORD=test' gpas-basic-auth