Skip to main content
Version: v0.1.0

Prerequisites

Complete list of prerequisites for developing, deploying, and running Ciyex EHR.

Development Prerequisites

Required Software

SoftwareMinimum VersionRecommendedPurposeDownload
Java2121.0.1+Backend runtimeAdoptium
Node.js20.022.0+Frontend runtimenodejs.org
pnpm8.0LatestPackage managernpm install -g pnpm
PostgreSQL15.016.0+Databasepostgresql.org
Git2.30LatestVersion controlgit-scm.com
Gradle8.08.5+Build tool (included in wrapper)gradle.org

Optional Development Tools

SoftwarePurposeDownload
DockerContainer runtimedocker.com
Docker ComposeMulti-container orchestrationIncluded with Docker Desktop
RedisCaching (optional for local dev)redis.io
VS CodeCode editorcode.visualstudio.com
IntelliJ IDEAJava IDEjetbrains.com
PostmanAPI testingpostman.com
pgAdminPostgreSQL GUIpgadmin.org

Production Prerequisites

Infrastructure

Kubernetes Cluster

ComponentMinimumRecommendedNotes
Kubernetes Version1.281.29+K3s or standard K8s
Control Plane Nodes13High availability
Worker Nodes23+Application workloads
CPU per Node4 cores8 cores
RAM per Node16GB32GB
Disk per Node100GB SSD200GB NVMe
Network1 Gbps10 Gbps

Database

ComponentMinimumRecommendedNotes
PostgreSQL Version15.016.0+
CPU4 cores8 cores
RAM8GB16GB+
Storage100GB SSD500GB NVMe
IOPS300010000+
Connections100200+

Storage

ComponentMinimumRecommendedPurpose
S3-Compatible Storage100GB500GB+Documents, images
Backup Storage200GB1TB+Database backups
Longhorn Storage100GB per node200GB per nodePersistent volumes

Required Services

Authentication

  • Keycloak Server
    • Version: 22.0+
    • Realm configured
    • Client created
    • Groups configured

External Services

ServicePurposeProvider Options
SMTP ServerEmail notificationsSendGrid, AWS SES, Mailgun
SMS GatewaySMS notificationsTwilio, Telnyx
Video ConferencingTelehealthJitsi Meet (self-hosted or cloud)
Payment ProcessingBillingStripe
Object StorageDocumentsAWS S3, OVH S3, MinIO

SSL/TLS Certificates

  • Domain Names - Registered domains for each environment
  • SSL Certificates - Let's Encrypt or commercial CA
  • Cert-Manager - Automated certificate management in Kubernetes

Deployment Tools

Required

ToolMinimum VersionPurposeDownload
Terraform1.5.0Infrastructure as Codeterraform.io
kubectl1.28Kubernetes CLIkubernetes.io
Helm3.12Kubernetes package managerhelm.sh

Optional

ToolPurposeDownload
k9sKubernetes TUIk9scli.io
kubectxContext switchinggithub.com
sternMulti-pod log tailinggithub.com
LensKubernetes IDEk8slens.dev

Access Requirements

Development

  • GitHub Access - Clone repositories
  • Local Admin - Install software
  • Database Access - Create databases and users

Production

Access TypePurposeRequired For
SSH AccessServer managementInfrastructure team
kubectl AccessKubernetes managementDevOps team
Database AccessDatabase administrationDBA team
Registry AccessPush/pull container imagesCI/CD pipeline
DNS ManagementConfigure domainsInfrastructure team
Cloud ProviderManage cloud resourcesInfrastructure team

Credentials & Secrets

Development

# Database
DB_USERNAME=ciyex
DB_PASSWORD=ciyex123

# Keycloak (optional for local)
KEYCLOAK_CLIENT_SECRET=local-secret

# S3 (optional for local)
AWS_ACCESS_KEY_ID=minioadmin
AWS_SECRET_ACCESS_KEY=minioadmin

Production

Required secrets (store in Kubernetes secrets or vault):

# Database
POSTGRES_PASSWORD=<secure-password>

# Keycloak
KEYCLOAK_CLIENT_SECRET=<client-secret>

# S3
AWS_ACCESS_KEY_ID=<access-key>
AWS_SECRET_ACCESS_KEY=<secret-key>

# SMTP
SMTP_PASSWORD=<smtp-password>

# SMS
TWILIO_AUTH_TOKEN=<auth-token>

# Stripe
STRIPE_SECRET_KEY=<secret-key>

# Jitsi
JITSI_APP_SECRET=<app-secret>

# Grafana
GRAFANA_ADMIN_PASSWORD=<admin-password>

Network Requirements

Ports

Development

PortServiceProtocolAccess
3000Next.js UIHTTPlocalhost
8080Spring Boot APIHTTPlocalhost
5432PostgreSQLTCPlocalhost
6379RedisTCPlocalhost (optional)

Production

PortServiceProtocolAccess
80HTTPHTTPPublic
443HTTPSHTTPSPublic
6443Kubernetes APIHTTPSPrivate
5432PostgreSQLTCPPrivate
6379RedisTCPPrivate

Firewall Rules

Inbound:

  • Allow 80/443 from internet (HTTPS traffic)
  • Allow 6443 from DevOps IPs (Kubernetes API)
  • Allow 22 from admin IPs (SSH)

Outbound:

  • Allow 443 to internet (API calls, updates)
  • Allow 25/587 to SMTP servers (Email)
  • Allow 5432 between nodes (Database replication)

DNS Records

# Production
app.example.com          → Load Balancer IP
api.example.com          → Load Balancer IP
fhir.example.com         → Load Balancer IP

# Staging
app-stage.example.com    → Staging Load Balancer IP
api-stage.example.com    → Staging Load Balancer IP

# Development
app-dev.example.com      → Dev Load Balancer IP
api-dev.example.com      → Dev Load Balancer IP

Resource Estimates

Small Practice (1-10 providers)

Infrastructure:

  • 3 Kubernetes nodes (4 CPU, 16GB RAM each)
  • 1 PostgreSQL instance (4 CPU, 8GB RAM, 100GB storage)
  • 100GB S3 storage

Monthly Cost: ~$300-500 (cloud) or ~$150-250 (bare metal)

Medium Practice (10-50 providers)

Infrastructure:

  • 5 Kubernetes nodes (8 CPU, 32GB RAM each)
  • 1 PostgreSQL instance (8 CPU, 16GB RAM, 500GB storage)
  • 500GB S3 storage

Monthly Cost: ~$800-1200 (cloud) or ~$400-600 (bare metal)

Large Practice (50+ providers)

Infrastructure:

  • 10+ Kubernetes nodes (16 CPU, 64GB RAM each)
  • PostgreSQL cluster (16 CPU, 32GB RAM, 1TB+ storage)
  • 2TB+ S3 storage

Monthly Cost: ~$2000-4000 (cloud) or ~$1000-2000 (bare metal)

Compliance Requirements

HIPAA

  • Business Associate Agreement - With cloud provider
  • Encryption - At rest and in transit
  • Audit Logging - ONC-compliant audit trails
  • Access Controls - Role-based access control
  • Backup & DR - Regular backups and disaster recovery plan

GDPR (if applicable)

  • Data Processing Agreement - With cloud provider
  • Right to Erasure - Patient data deletion capability
  • Data Portability - Export patient data
  • Consent Management - Track patient consent

Skill Requirements

Development Team

  • Backend Developer

    • Java 21
    • Spring Boot 4.0
    • PostgreSQL
    • REST API design
    • FHIR knowledge (optional)

  • Frontend Developer

    • React 18
    • Next.js 16
    • TypeScript
    • Tailwind CSS
    • Healthcare UI/UX

Operations Team

  • DevOps Engineer

    • Kubernetes
    • Terraform
    • CI/CD (Jenkins, GitHub Actions)
    • Monitoring (Prometheus, Grafana)
    • Linux administration

  • Database Administrator

    • PostgreSQL administration
    • Backup and recovery
    • Performance tuning
    • Replication setup

Security Team

  • Security Engineer
    • HIPAA compliance
    • Penetration testing
    • Security auditing
    • Incident response

Verification Checklist

Before starting development:

  • Java 21 installed and verified (java -version)
  • Node.js 20+ installed (node -v)
  • pnpm installed (pnpm -v)
  • PostgreSQL 15+ installed and running
  • Git configured with credentials
  • GitHub access to repositories
  • IDE installed and configured
  • Docker installed (optional)

Before deploying to production:

  • Kubernetes cluster provisioned
  • kubectl access configured
  • Helm installed
  • Terraform installed
  • Domain names registered
  • SSL certificates configured
  • Keycloak server setup
  • Database server provisioned
  • S3 storage configured
  • SMTP server configured
  • Monitoring setup (Prometheus/Grafana)
  • Backup solution configured
  • All secrets stored securely
  • Firewall rules configured
  • DNS records created
  • HIPAA compliance reviewed

Next Steps