diff --git a/.github/workflows/chart-ci.yaml b/.github/workflows/chart-ci.yaml index 2c8ee94..e82d5a8 100644 --- a/.github/workflows/chart-ci.yaml +++ b/.github/workflows/chart-ci.yaml @@ -7,9 +7,13 @@ on: - "dev" - "main" +permissions: + contents: write + security-events: write + jobs: aphp-chart-ci-workflow: - uses: aphp/ci-workflows/.github/workflows/chart-ci.yml@main + uses: aphp/ci-workflows/.github/workflows/chart-ci.yml@dev with: kubernetes-version: "1.24.2" chart-dir: "charts/redcap" diff --git a/NOTICE b/NOTICE index 6ea0bdd..15a35de 100644 --- a/NOTICE +++ b/NOTICE @@ -1,7 +1,7 @@ This software contains the following dependencies developed by Broadcom : - Helm Charts: - - mysql : https://github.com/bitnami/charts/tree/main/bitnami/mysql + - mariadb : https://github.com/CloudPirates-io/helm-charts/tree/main/charts/mariadb - logstash : https://github.com/bitnami/charts/tree/main/bitnami/logstash Those dependencies are present in the "bitnami/charts" github repository provided by Broadcom under the Apache 2.0 license, diff --git a/README.md b/README.md index 0425d59..ab86edc 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ [![redcap-helmchart-ci](https://github.com/aphp/redcap-helmchart/actions/workflows/chart-ci.yaml/badge.svg)](https://github.com/aphp/redcap-helmchart/actions/workflows/chart-ci.yaml) [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/aphp-redcap)](https://artifacthub.io/packages/search?repo=aphp-redcap) -## Presentation +## Presentation This repository hosts the REDCap Helm Chart developed by the Greater Paris University Hospitals (`APHP` in French - Assistance Publique des Hôpitaux de Paris). This Chart allows for a cloud-native and cloud-agnostic deployment of REDCap, a secure web application for building and managing online surveys and databases. @@ -21,7 +21,7 @@ The architecture of the REDCap stack deployed by this Chart is as follows : A minimal setup of this stack includes : - The HTTPd component - The PHP FPM Server hosting the REDCap Application -- The MySQL Database used by REDCap +- The MariaDB Database used by REDCap On top of that, you can also choose to deploy : - A Backup Cronjob, that can generate an archive containing a database dump, a dump of the `edocs` folder, and a dump of the folder containing the REDCap Application. @@ -45,7 +45,7 @@ Here are a few important notions to keep in mind to efficiently manage a REDCap If you choose to automatically install REDCap using your community credentials with this chart, an Kubernetes Job called `init-job` will be automatically fired during the chart's installation process: - The `StartupPrope` will call the `install.php` or `upgrade.php` script (depending if you're installing REDCap from scratch or upgrading from an existing installation) with the query parameter `auto=1` -- The `ReadinessProbe` will call a MySql script allowing to configure REDCap with the following parameter, extracted from the Chart values : +- The `ReadinessProbe` will call a MariaDB script allowing to configure REDCap with the following parameter, extracted from the Chart values : - REDCap Base URL - Institution Name - Organization Name diff --git a/charts/redcap/Chart.lock b/charts/redcap/Chart.lock index e1317f8..3060aea 100644 --- a/charts/redcap/Chart.lock +++ b/charts/redcap/Chart.lock @@ -1,9 +1,9 @@ dependencies: -- name: mysql - repository: https://charts.bitnami.com/bitnami - version: 13.0.2 +- name: mariadb + repository: oci://registry-1.docker.io/cloudpirates + version: 0.8.0 - name: logstash repository: https://charts.bitnami.com/bitnami version: 7.0.4 -digest: sha256:9acead3f00befe50145d27d120a6795203cc65d72bc6578d1903642884fe1a48 -generated: "2025-06-19T15:34:43.900600074+02:00" +digest: sha256:f08d201367526ff2189bcba7f2fa3ec712a842dabbd716490414560faeb7b935 +generated: "2025-12-08T16:16:04.913596174+01:00" diff --git a/charts/redcap/Chart.yaml b/charts/redcap/Chart.yaml index 74badd6..45b77d5 100644 --- a/charts/redcap/Chart.yaml +++ b/charts/redcap/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: redcap -version: 1.4.5 -appVersion: 14.5.25 +version: 1.5.0 +appVersion: 15.0.27 kubeVersion: '>= 1.24.0-0' description: A Helm chart to deploy REDCap on a Kubernetes cluster. type: application @@ -14,10 +14,10 @@ home: https://www.project-redcap.org/ sources: - https://github.com/aphp/redcap-helmchart dependencies: - - condition: mysql.enabled - name: mysql - repository: https://charts.bitnami.com/bitnami - version: 13.0.2 + - condition: mariadb.enabled + name: mariadb + repository: oci://registry-1.docker.io/cloudpirates + version: 0.8.0 - condition: audit.enabled name: logstash alias: audit diff --git a/charts/redcap/README.md b/charts/redcap/README.md index 67ea4ee..c09ba90 100644 --- a/charts/redcap/README.md +++ b/charts/redcap/README.md @@ -1,6 +1,6 @@ # redcap -![Version: 1.4.5](https://img.shields.io/badge/Version-1.4.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 14.5.25](https://img.shields.io/badge/AppVersion-14.5.25-informational?style=flat-square) +![Version: 1.5.0](https://img.shields.io/badge/Version-1.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 15.0.27](https://img.shields.io/badge/AppVersion-15.0.27-informational?style=flat-square) A Helm chart to deploy REDCap on a Kubernetes cluster. @@ -23,7 +23,7 @@ Kubernetes: `>= 1.24.0-0` | Repository | Name | Version | |------------|------|---------| | https://charts.bitnami.com/bitnami | audit(logstash) | 7.0.4 | -| https://charts.bitnami.com/bitnami | mysql | 13.0.2 | +| oci://registry-1.docker.io/cloudpirates | mariadb | 0.8.0 | ## Deployment Architecture @@ -49,7 +49,7 @@ helm install redcap aphp-redcap/redcap -f ./examples/basic-install.yaml |-----|------|---------|-------------| | httpd.enabled | bool | `true` | If `true`, activates the deployment of the Apache HTTPd proxy. | | httpd.image.repository | string | `"ghcr.io/aphp/redcap-httpd-shibd"` | Image repository for Apache HTTPd. | -| httpd.image.tag | string | `"1.2.0"` | Image tag for Apache HTTPd. | +| httpd.image.tag | string | `"1.2.1"` | Image tag for Apache HTTPd. | | httpd.image.pullPolicy | string | `"Always"` | PullPolicy for Apache HTTPd's image. | | httpd.tls.enabled | bool | `false` | If `true` activates TLS termination on the Apache HTTPd proxy. | | httpd.tls.certificate.existingSecret | string | `""` | Name of the existing Secret holding the certificate for the TLS termination. The secret must be of type `tls`. | @@ -82,12 +82,12 @@ helm install redcap aphp-redcap/redcap -f ./examples/basic-install.yaml | redcap.install.overrideInstallContainer | list | `[]` | Overrides the initContainers that downloads the REDCap application package. | | redcap.image.repository | string | `"ghcr.io/aphp/redcap-php-fpm"` | Image repository for REDCap PHP-FPM Image. | | redcap.image.pullPolicy | string | `"Always"` | PullPolicy for REDCap PHP-FPM Image. | -| redcap.image.tag | string | `"1.2.0"` | Tag for REDCap PHP-FPM Image. | +| redcap.image.tag | string | `"1.2.1"` | Tag for REDCap PHP-FPM Image. | | redcap.extraInitContainers | list | `[]` | Add additional init containers to the PHP-FPM container hosting the REDCap application. | | redcap.extraContainers | list | `[]` | Add additional containers to the PHP-FPM container hosting the REDCap application. | | redcap.extraVolumes | list | `[]` | Add additional volumes to the PHP-FPM container hosting the REDCap application. | | redcap.config.logAllErrors | string | `"FALSE"` | If set to `true`, will log all the errors on the stdout (NOT RECOMMENDED IN PRODUCTION). | -| redcap.config.externalURL | string | `"http://localhost/"` | The URL on which the application is exposed (useful if the application is behind a reverse-proxy). | +| redcap.config.externalURL | string | `"http://localhost"` | The URL on which the application is exposed (useful if the application is behind a reverse-proxy). | | redcap.config.institutionName | string | `"REDCap Local Institution"` | The name of the institution that is presented to the users. | | redcap.config.organizationName | string | `"REDCap Local Organization"` | The name of the origanization inside the institution that is presented to the users. | | redcap.config.adminName | string | `"REDCap Local Admin"` | The name of the administrator that is presented to the users. | @@ -98,7 +98,7 @@ helm install redcap aphp-redcap/redcap -f ./examples/basic-install.yaml | redcap.config.database.salt.value | string | `"UjtNfDs2ELs2v6p"` | The value of the salt used by the application to cypher sensitive data. | | redcap.config.database.salt.secretKeyRef.name | string | `""` | The name of the secret holding the value of the salt used by the application to cypher sensitive data. If set, the value of that secret will override the `redcap.config.database.salt.value` value. | | redcap.config.database.salt.secretKeyRef.key | string | `""` | The key of the secret holding the value of the salt used by the application to cypher sensitive data. If set, the value of that secret will override the `redcap.config.database.salt.value` value. | -| redcap.config.database.auth.hostname | string | `"redcap-mysql"` | The hostname of REDCap's database instance. | +| redcap.config.database.auth.hostname | string | `"redcap-mariadb"` | The hostname of REDCap's database instance. | | redcap.config.database.auth.databaseName | string | `"redcap"` | The name of REDCAP's database. | | redcap.config.database.auth.username | string | `"redcap"` | The username used to connect to REDCAP's database. | | redcap.config.database.auth.password.value | string | `""` | The password used to connect to REDCAP's database, as a clear string. Don't use the option for a production-grade deployment, refer to an external secret instead! | @@ -110,7 +110,7 @@ helm install redcap aphp-redcap/redcap -f ./examples/basic-install.yaml | redcap.config.mail.auth.starttls | bool | `false` | If `true`, will use StartTLS for the connection to the mail server. | | redcap.config.mail.auth.from | string | `""` | The sender name that will display on mails send by REDCap. | | redcap.config.mail.auth.username | string | `""` | The username used to connect to the mail server. | -| redcap.config.mail.auth.password.value | string | `""` | The password used to connect to the mail server. | +| redcap.config.mail.auth.password.value | string | `"Redcap*!"` | The password used to connect to the mail server. | | redcap.config.mail.auth.password.existingSecret | string | `""` | Reference to an existing secret holding the password used to connect to the mail server. If set, the value of that secret will override the `redcap.config.mail.auth.password.value` value. | | redcap.replicaCount | int | `1` | The number of replicas for REDCap's deployment. | | redcap.resources | object | `{}` | The resource request/limits for REDCap's deployment. | @@ -118,25 +118,24 @@ helm install redcap aphp-redcap/redcap -f ./examples/basic-install.yaml | redcap.tolerations | list | `[]` | The tolerations for REDCap's deployment. | | redcap.affinity | object | `{}` | The affinities for REDCap's deployment. | -### REDCap MySQL Database settings +### REDCap MariaDB Database settings | Key | Type | Default | Description | |-----|------|---------|-------------| -| mysql.fullnameOverride | string | `"redcap-mysql"` | Override of the full name of the MySQL Database deployment. Impacts the name of the services REDCap will use to connect to the Database. | -| mysql.enabled | bool | `true` | If set to `true`, enables the deployment of MySQL as REDCap's database. | -| mysql.architecture | string | `"standalone"` | Deployment type for the database, standalone or replicated. | -| mysql.initdbScriptsConfigMap | string | `""` | Name of a configmap holding an SQL script to initialize the database with. | -| mysql.networkPolicy.enabled | bool | `true` | Enable creation of NetworkPolicy resources | -| mysql.auth.createDatabase | bool | `true` | Automatically create a database at the first run. | -| mysql.auth.database | string | `"redcap"` | Name of the database automatically created at the first run, if `mysql.auth.createDatabase` has been set to `true` | -| mysql.auth.username | string | `"redcap"` | Name of the database user automatically created at the first run, if `mysql.auth.createDatabase` has been set to `true` | -| mysql.auth.password | string | `"Redcap*!"` | Name of the database user automatically created at the first run, if `mysql.auth.createDatabase` has been set to `true` Not secure in production, use secret reference instead! | -| mysql.primary.existingConfigmap | string | `"redcap-database-config"` | Name of existing ConfigMap with MySQL Primary configuration. | -| mysql.primary.podLabels."app.kubernetes.io/role" | string | `"redcap-mysql"` | Role to set for the networkPolicies. Not to be changed, unless you know exactly what you are doing! | -| mysql.primary.service.port.mysql | int | `3306` | Port exposed by the MySQL service. | -| mysql.primary.persistence.storageClass | string | `"standard"` | StorageClass used for database persistence. | -| mysql.primary.persistence.accessModes | list | `["ReadWriteOnce"]` | AccessMode used for database persistence. | -| mysql.primary.persistence.size | string | `"10G"` | Size of the storage used for database persistence. | +| mariadb.fullnameOverride | string | `"redcap-mariadb"` | Override of the full name of the MariaDB Database deployment. Impacts the name of the services REDCap will use to connect to the Database. | +| mariadb.enabled | bool | `true` | If set to `true`, enables the deployment of MariaDB as REDCap's database. | +| mariadb.networkPolicy.enabled | bool | `true` | Enable creation of NetworkPolicy resources | +| mariadb.auth.enabled | bool | `true` | Enbled authentification system in mariadb. | +| mariadb.auth.createDatabase | bool | `true` | Automatically create a database at the first run. | +| mariadb.auth.database | string | `"redcap"` | Name of the database automatically created at the first run, if `MariaDB.auth.createDatabase` has been set to `true` | +| mariadb.auth.username | string | `"redcap"` | Name of the database user automatically created at the first run, if `MariaDB.auth.createDatabase` has been set to `true` | +| mariadb.auth.password | string | `"Redcap*!"` | Name of the database user automatically created at the first run, if `MariaDB.auth.createDatabase` has been set to `true` Not secure in production, use secret reference instead! | +| mariadb.config.existingConfigMap | string | `"redcap-database-config"` | Name of existing ConfigMap with MariaDB Primary configuration. | +| mariadb.podLabels."app.kubernetes.io/role" | string | `"redcap-mariadb"` | Role to set for the networkPolicies. Not to be changed, unless you know exactly what you are doing! | +| mariadb.service.port | int | `3306` | Port exposed by the MariaDB service. | +| mariadb.persistence.storageClass | string | `"standard"` | StorageClass used for database persistence. | +| mariadb.persistence.accessModes | list | `["ReadWriteOnce"]` | AccessMode used for database persistence. | +| mariadb.persistence.size | string | `"10G"` | Size of the storage used for database persistence. | ### REDCap Backup Job's settings @@ -149,11 +148,8 @@ helm install redcap aphp-redcap/redcap -f ./examples/basic-install.yaml | backupJob.redcap.image.repository | string | `"busybox"` | Image repository for the REDCap application backup container. | | backupJob.redcap.image.tag | string | `"1"` | Image tag for the REDCap application backup container. | | backupJob.redcap.image.pullPolicy | string | `"Always"` | Image pullPolicy for the REDCap application backup container. | -| backupJob.database.image.repository | string | `"bitnami/mysql"` | Image repository for the REDCap database backup container. | -| backupJob.database.image.tag | string | `"9.3.0-debian-12-r1"` | Image tag for the REDCap database backup container. | -| backupJob.database.image.pullPolicy | string | `"Always"` | Image pullPolicy for the REDCap database backup container. | -| backupJob.uploader.image.repository | string | `"bitnami/rclone"` | Image repository for the REDCap backup uploader container. | -| backupJob.uploader.image.tag | string | `"1.69.3"` | Image tag for the REDCap backup uploader container. | +| backupJob.uploader.image.repository | string | `"rclone/rclone"` | Image repository for the REDCap backup uploader container. | +| backupJob.uploader.image.tag | string | `"drime"` | Image tag for the REDCap backup uploader container. | | backupJob.uploader.image.pullPolicy | string | `"Always"` | Image pullPolicy for the REDCap backup uploader container. | | backupJob.uploader.s3.backupPath | string | `"redcap-backup"` | Path of the REDcap backup archive on the S3 bucket. | | backupJob.uploader.s3.config.region | string | `""` | Region of the S3 bucket. | @@ -172,14 +168,8 @@ helm install redcap aphp-redcap/redcap -f ./examples/basic-install.yaml | restoreJob.imagePullSecrets | list | `[]` | ImagePullSecret used to pull the images for the restore pod's containers | | restoreJob.schedule | string | `"0 0 1 1 *"` | Schedule for the restore Cronjob. CronJob resources needs a valid schedule, but this one will never be used since it will always be suspended (see spec.suspend field). | | restoreJob.archiveName | string | `"redcap-backup.tar.gz"` | Name of the backup archive to restore. | -| restoreJob.redcap.image.repository | string | `"busybox"` | Image repository for the REDCap application restore container. | -| restoreJob.redcap.image.tag | string | `"1"` | Image tag for the REDCap application restore container. | -| restoreJob.redcap.image.pullPolicy | string | `"Always"` | Image pullPolicy for the REDCap application restore container. | -| restoreJob.database.image.repository | string | `"bitnami/mysql"` | Image repository for the REDCap database restore container. | -| restoreJob.database.image.tag | string | `"9.3.0-debian-12-r1"` | Image yag for the REDCap application restore container. | -| restoreJob.database.image.pullPolicy | string | `"Always"` | Image pullPolicy for the REDCap application restore container. | -| restoreJob.downloader.image.repository | string | `"bitnami/rclone"` | Image repository for the REDCap downloader container. | -| restoreJob.downloader.image.tag | string | `"1.69.3"` | Image tag for the REDCap downloader container. | +| restoreJob.downloader.image.repository | string | `"rclone/rclone"` | Image repository for the REDCap downloader container. | +| restoreJob.downloader.image.tag | string | `"drime"` | Image tag for the REDCap downloader container. | | restoreJob.downloader.image.pullPolicy | string | `"Always"` | Image pullPolicy for the REDCap downloader container. | | restoreJob.downloader.s3.backupPath | string | `"redcap-backup"` | Path of the REDcap backup archive on the S3 bucket. | | restoreJob.downloader.s3.config.region | string | `""` | Region of the S3 bucket. | @@ -188,6 +178,12 @@ helm install redcap aphp-redcap/redcap -f ./examples/basic-install.yaml | restoreJob.downloader.s3.config.auth.accessKeyID | string | `""` | AccessKeyID needed for authentication on the S3 bucket. | | restoreJob.downloader.s3.config.auth.secretAccessKey | string | `""` | SecretAccessKey needed for authentication on the S3 bucket. | | restoreJob.downloader.s3.config.auth.existingSecret | string | `""` | Reference to an existing secret holding the AccessKeyID and SecretAccessKey needed for authentication on the S3 bucket. If set, overrides the AccessKeyID and SecretAccessKey values. | +| restoreJob.file.image.repository | string | `"busybox"` | Image repository for the REDCap application restore container. | +| restoreJob.file.image.tag | string | `"1"` | Image tag for the REDCap files application container. | +| restoreJob.file.image.pullPolicy | string | `"Always"` | Image pullPolicy for the REDCap application restore container. | +| restoreJob.redcap.image.repository | string | `"alpine/curl"` | Image repository for the REDCap application restore container. | +| restoreJob.redcap.image.tag | string | `"8.12.1"` | Image tag for the REDCap application restore container. | +| restoreJob.redcap.image.pullPolicy | string | `"Always"` | Image pullPolicy for the REDCap application restore container. | | restoreJob.resources | object | `{}` | Resources for backup job's pod. | ### REDCap Audit Log Shipper settings @@ -195,18 +191,21 @@ helm install redcap aphp-redcap/redcap -f ./examples/basic-install.yaml | Key | Type | Default | Description | |-----|------|---------|-------------| | audit.enabled | bool | `false` | If set to `true`, enables the audit log-shipping solution. | +| audit.global.security.allowInsecureImages | bool | `true` | Set to true to enable bitnami charts to use insecure images like bitmani legacy images. | +| audit.image.repository | string | `"bitnamilegacy/logstash"` | Image repository for Logstash. | +| audit.image.tag | string | `"9.1.2-debian-12-r0"` | Image tag for Logstash. | | audit.podLabels."app.kubernetes.io/role" | string | `"redcap-audit"` | Role to set for the networkPolicies. Not to be changed, unless you know exactly what you are doing! | -| audit.initContainers[0] | object | A simple container to download the jar JDBC driver on a volume shared with Logstash. | Init container in charge of downloading the JDBC driver needed to connect to the MySQL database. | +| audit.initContainers[0] | object | A simple container to download the jar JDBC driver on a volume shared with Logstash. | Init container in charge of downloading the JDBC driver needed to connect to the MariaDB database. | | audit.initContainers[0].image | string | `"alpine:3.21.3"` | Image used for the pod downloading the driver. | | audit.initContainers[0].imagePullPolicy | string | `"Always"` | Image pullPolicy used for the pod downloading the driver. | | audit.initContainers[0].env[0] | object | URL of the JDBC driver to download. | Env var to set the URL of the JDBC driver to download. | -| audit.initContainers[0].env[0].value | string | `"https://downloads.mysql.com/archives/get/p/3/file/mysql-connector-j-8.4.0.tar.gz"` | URL of the JDBC driver to download. | +| audit.initContainers[0].env[0].value | string | `"https://downloads.MariaDB.com/archives/get/p/3/file/MariaDB-connector-j-8.4.0.tar.gz"` | URL of the JDBC driver to download. | | audit.initContainers[0].command | list | Using `wget` do download the driver, and moving it to the shared persistent volume. | Command to be run to download and extract the JDBC driver. | | audit.initContainers[0].volumeMounts[0] | object | Mounted to `/driver` | Definition of the volumeMount used to persist the JDBC driver. | | audit.initContainers[0].volumeMounts[0].mountPath | string | `"/driver"` | Mount path of the volume used to persist the JDBC driver. | | audit.enableMultiplePipelines | bool | `true` | If set to `true`, allows the use of multiple pipelines. Needed for audit concurrent pipelines for performance reasons. | -| audit.existingConfiguration | string | `"redcap-mysql-audit-logstash-pipeline"` | Name of an existing ConfigMap holding the pipeline(s)'s configuration. | -| audit.extraEnvVars[0] | object | Empty external secret reference to REDCap DB password | Extra environment variables related to REDCap MySQL DB's password. | +| audit.existingConfiguration | string | `"redcap-mariadb-audit-logstash-pipeline"` | Name of an existing ConfigMap holding the pipeline(s)'s configuration. | +| audit.extraEnvVars[0] | object | Empty external secret reference to REDCap DB password | Extra environment variables related to REDCap MariaDB DB's password. | | audit.extraEnvVars[1] | object | Empty external secret reference to the API token to reach the audit stack API | Extra environment variables related to the API token to reach the audit stack API. | | audit.persistence.enabled | bool | `true` | If set to `true`, enables persistence for Logstash. Useful for disaster recovery purposes, as the pipeline(s)'s cache is stored persisted by Logstash. | | audit.persistence.storageClass | string | `"standard"` | Storage class used for Logstash's persistence. | @@ -300,7 +299,21 @@ helm install redcap aphp-redcap/redcap -f ./examples/basic-install.yaml | Key | Type | Default | Description | |-----|------|---------|-------------| -| redcap.config.database.auth.password | object | `{"secretKeyRef":{"key":"","name":""},"value":""}` | The password used to connect to REDCAP's database. Automatically retrieved from the default mysql secret name if you enbaled the MySQL database embedded in this chart. If you specified a reference to an secret for your MySQL database password, you have to set it here also, in the `secretKeyRef` section. | +| redcap.config.database.auth.password | object | `{"secretKeyRef":{"key":"","name":""},"value":""}` | The password used to connect to REDCAP's database. Automatically retrieved from the default MariaDB secret name if you enbaled the MariaDB database embedded in this chart. If you specified a reference to an secret for your MariaDB database password, you have to set it here also, in the `secretKeyRef` section. | +| mariadb.image.registry | string | `"docker.io"` | | +| mariadb.image.repository | string | `"mariadb"` | | +| mariadb.image.tag | string | `"12.1.2@sha256:e1bcd6f85781f4a875abefb11c4166c1d79e4237c23de597bf0df81fec225b40"` | | +| mariadb.image.imagePullPolicy | string | `"Always"` | | +| backupJob.database.image.registry | string | `"docker.io"` | | +| backupJob.database.image.repository | string | `"mariadb"` | | +| backupJob.database.image.tag | string | `"12.1.2@sha256:e1bcd6f85781f4a875abefb11c4166c1d79e4237c23de597bf0df81fec225b40"` | | +| backupJob.database.image.imagePullPolicy | string | `"Always"` | | +| restoreJob.database.image.registry | string | `"docker.io"` | | +| restoreJob.database.image.repository | string | `"mariadb"` | | +| restoreJob.database.image.tag | string | `"12.1.2@sha256:e1bcd6f85781f4a875abefb11c4166c1d79e4237c23de597bf0df81fec225b40"` | | +| restoreJob.database.image.imagePullPolicy | string | `"Always"` | | | persistence.app.annotations."helm.sh/resource-policy" | string | `"keep"` | | | persistence.modules.annotations."helm.sh/resource-policy" | string | `"keep"` | | +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/charts/redcap/charts/.helm_ls_cache/mysql/templates/secondary/configmap.yaml b/charts/redcap/charts/.helm_ls_cache/mysql/templates/secondary/configmap.yaml index dd9fdd1..9d4544d 100644 --- a/charts/redcap/charts/.helm_ls_cache/mysql/templates/secondary/configmap.yaml +++ b/charts/redcap/charts/.helm_ls_cache/mysql/templates/secondary/configmap.yaml @@ -3,14 +3,14 @@ Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} -{{- if (include "mysql.secondary.createConfigmap" .) }} +{{- if (include "mariadb.secondary.createConfigmap" .) }} apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "mysql.secondary.fullname" . }} + name: {{ include "mariadb.secondary.fullname" . }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: mysql + app.kubernetes.io/part-of: mariadb app.kubernetes.io/component: secondary {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} diff --git a/charts/redcap/charts/.helm_ls_cache/mysql/templates/tls-secret.yaml b/charts/redcap/charts/.helm_ls_cache/mysql/templates/tls-secret.yaml index f5fef25..813303c 100644 --- a/charts/redcap/charts/.helm_ls_cache/mysql/templates/tls-secret.yaml +++ b/charts/redcap/charts/.helm_ls_cache/mysql/templates/tls-secret.yaml @@ -5,11 +5,11 @@ SPDX-License-Identifier: APACHE-2.0 {{- $secretName := printf "%s-crt" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} {{- if and .Values.tls.enabled (eq .Values.tls.autoGenerated.engine "helm") }} -{{- $ca := genCA "mysql-ca" 365 }} +{{- $ca := genCA "mariadb-ca" 365 }} {{- $releaseNamespace := include "common.names.namespace" . }} {{- $clusterDomain := .Values.clusterDomain }} -{{- $primaryServiceName := include "mysql.primary.fullname" . }} -{{- $secondaryServiceName := include "mysql.secondary.fullname" . }} +{{- $primaryServiceName := include "mariadb.primary.fullname" . }} +{{- $secondaryServiceName := include "mariadb.secondary.fullname" . }} {{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} {{- $altNames := list (printf "*.%s.%s.svc.%s" $primaryServiceName $secondaryServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $secondaryServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (include "common.names.fullname" .) "localhost" "127.0.0.1" }} {{- $cert := genSignedCert $primaryServiceName nil $altNames 365 $ca }} @@ -19,8 +19,8 @@ metadata: name: {{ $secretName }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: mysql - app.kubernetes.io/component: mysql + app.kubernetes.io/part-of: mariadb + app.kubernetes.io/component: mariadb {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} @@ -36,8 +36,8 @@ metadata: name: {{ $secretName }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: mysql - app.kubernetes.io/component: mysql + app.kubernetes.io/part-of: mariadb + app.kubernetes.io/component: mariadb {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} diff --git a/charts/redcap/charts/.helm_ls_cache/mysql/templates/update-password/previous-secret.yaml b/charts/redcap/charts/.helm_ls_cache/mysql/templates/update-password/previous-secret.yaml index dc76999..8319986 100644 --- a/charts/redcap/charts/.helm_ls_cache/mysql/templates/update-password/previous-secret.yaml +++ b/charts/redcap/charts/.helm_ls_cache/mysql/templates/update-password/previous-secret.yaml @@ -3,7 +3,7 @@ Copyright Broadcom, Inc. All Rights Reserved. SPDX-License-Identifier: APACHE-2.0 */}} -{{- if and .Values.passwordUpdateJob.enabled (eq ( include "mysql.createPreviousSecret" . ) "true") }} +{{- if and .Values.passwordUpdateJob.enabled (eq ( include "mariadb.createPreviousSecret" . ) "true") }} {{- $rootPassword := .Values.passwordUpdateJob.previousPasswords.rootPassword }} {{- $password := .Values.passwordUpdateJob.previousPasswords.password }} {{- $replicationPassword := .Values.passwordUpdateJob.previousPasswords.replicationPassword }} @@ -13,17 +13,17 @@ metadata: name: {{ printf "%s-previous-secret" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }} - app.kubernetes.io/part-of: mysql + app.kubernetes.io/part-of: mariadb {{- $defaultAnnotations := dict "helm.sh/hook" "pre-upgrade" "helm.sh/hook-delete-policy" "hook-succeeded" }} {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.commonAnnotations $defaultAnnotations ) "context" . ) }} annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }} type: Opaque data: - mysql-root-password: {{ required "The previous root password is required!" $rootPassword | b64enc | quote }} + mariadb-root-password: {{ required "The previous root password is required!" $rootPassword | b64enc | quote }} {{- if .Values.auth.username }} - mysql-password: {{ required "The previous user password is required!" $password | b64enc | quote }} + mariadb-password: {{ required "The previous user password is required!" $password | b64enc | quote }} {{- end }} {{- if eq .Values.architecture "replication" }} - mysql-replication-password: {{ required "The previous replication password is required!" $replicationPassword | b64enc | quote }} + mariadb-replication-password: {{ required "The previous replication password is required!" $replicationPassword | b64enc | quote }} {{- end }} {{- end }} diff --git a/charts/redcap/charts/mariadb-0.8.0.tgz b/charts/redcap/charts/mariadb-0.8.0.tgz new file mode 100644 index 0000000..942aa3c Binary files /dev/null and b/charts/redcap/charts/mariadb-0.8.0.tgz differ diff --git a/charts/redcap/charts/mysql-13.0.2.tgz b/charts/redcap/charts/mysql-13.0.2.tgz deleted file mode 100644 index e25e645..0000000 Binary files a/charts/redcap/charts/mysql-13.0.2.tgz and /dev/null differ diff --git a/charts/redcap/ci/ct-values.yaml b/charts/redcap/ci/ct-values.yaml index 317e2af..2dc2d90 100644 --- a/charts/redcap/ci/ct-values.yaml +++ b/charts/redcap/ci/ct-values.yaml @@ -11,7 +11,7 @@ redcap: install: enabled: false -mysql: +mariadb: primary: resources: requests: diff --git a/charts/redcap/configuration/audit/redcap-log-event.conf b/charts/redcap/configuration/audit/redcap-log-event.conf index 9c7a05d..fdbc819 100644 --- a/charts/redcap/configuration/audit/redcap-log-event.conf +++ b/charts/redcap/configuration/audit/redcap-log-event.conf @@ -1,9 +1,9 @@ input { jdbc { - jdbc_driver_library => "/driver/mysql-connector-j-8.4.0.jar" - jdbc_driver_class => "com.mysql.jdbc.Driver" - jdbc_connection_string => "jdbc:mysql://{{ .Values.redcap.config.database.auth.hostname }}:{{ default 3306 .Values.mysql.primary.service.ports.mysql }}/{{ .Values.redcap.config.database.auth.databaseName }}" + jdbc_driver_library => "/driver/mariadb-connector-j-8.4.0.jar" + jdbc_driver_class => "com.mariadb.jdbc.Driver" + jdbc_connection_string => "jdbc:mariadb://{{ .Values.redcap.config.database.auth.hostname }}:{{ default 3306 .Values.mariadb.service.port }}/{{ .Values.redcap.config.database.auth.databaseName }}" jdbc_user => "{{ .Values.redcap.config.database.auth.username }}" jdbc_password => "{{ default .Values.redcap.config.database.auth.password `${MYSQL_PASSWD}` }}" schedule => "{{ .Values.audit.logsApi.config.pollingSchedule }}" diff --git a/charts/redcap/configuration/audit/redcap-log-event2.conf b/charts/redcap/configuration/audit/redcap-log-event2.conf index bd6fa03..f43b9cb 100644 --- a/charts/redcap/configuration/audit/redcap-log-event2.conf +++ b/charts/redcap/configuration/audit/redcap-log-event2.conf @@ -1,9 +1,9 @@ input { jdbc { - jdbc_driver_library => "/driver/mysql-connector-j-8.4.0.jar" - jdbc_driver_class => "com.mysql.jdbc.Driver" - jdbc_connection_string => "jdbc:mysql://{{ .Values.redcap.config.database.auth.hostname }}:{{ default 3306 .Values.mysql.primary.service.ports.mysql }}/{{ .Values.redcap.config.database.auth.databaseName }}" + jdbc_driver_library => "/driver/mariadb-connector-j-8.4.0.jar" + jdbc_driver_class => "com.mariadb.jdbc.Driver" + jdbc_connection_string => "jdbc:mariadb://{{ .Values.redcap.config.database.auth.hostname }}:{{ default 3306 .Values.mariadb.service.port }}/{{ .Values.redcap.config.database.auth.databaseName }}" jdbc_user => "{{ .Values.redcap.config.database.auth.username }}" jdbc_password => "{{ default .Values.redcap.config.database.auth.password `${MYSQL_PASSWD}` }}" schedule => "{{ .Values.audit.logsApi.config.pollingSchedule }}" diff --git a/charts/redcap/configuration/audit/redcap-log-event3.conf b/charts/redcap/configuration/audit/redcap-log-event3.conf index 050369b..0878ddd 100644 --- a/charts/redcap/configuration/audit/redcap-log-event3.conf +++ b/charts/redcap/configuration/audit/redcap-log-event3.conf @@ -1,9 +1,9 @@ input { jdbc { - jdbc_driver_library => "/driver/mysql-connector-j-8.4.0.jar" - jdbc_driver_class => "com.mysql.jdbc.Driver" - jdbc_connection_string => "jdbc:mysql://{{ .Values.redcap.config.database.auth.hostname }}:{{ default 3306 .Values.mysql.primary.service.ports.mysql }}/{{ .Values.redcap.config.database.auth.databaseName }}" + jdbc_driver_library => "/driver/mariadb-connector-j-8.4.0.jar" + jdbc_driver_class => "com.mariadb.jdbc.Driver" + jdbc_connection_string => "jdbc:mariadb://{{ .Values.redcap.config.database.auth.hostname }}:{{ default 3306 .Values.mariadb.service.port }}/{{ .Values.redcap.config.database.auth.databaseName }}" jdbc_user => "{{ .Values.redcap.config.database.auth.username }}" jdbc_password => "{{ default .Values.redcap.config.database.auth.password `${MYSQL_PASSWD}` }}" schedule => "{{ .Values.audit.logsApi.config.pollingSchedule }}" diff --git a/charts/redcap/configuration/audit/redcap-log-event4.conf b/charts/redcap/configuration/audit/redcap-log-event4.conf index 5e1a7d8..a135cbb 100644 --- a/charts/redcap/configuration/audit/redcap-log-event4.conf +++ b/charts/redcap/configuration/audit/redcap-log-event4.conf @@ -1,9 +1,9 @@ input { jdbc { - jdbc_driver_library => "/driver/mysql-connector-j-8.4.0.jar" - jdbc_driver_class => "com.mysql.jdbc.Driver" - jdbc_connection_string => "jdbc:mysql://{{ .Values.redcap.config.database.auth.hostname }}:{{ default 3306 .Values.mysql.primary.service.ports.mysql }}/{{ .Values.redcap.config.database.auth.databaseName }}" + jdbc_driver_library => "/driver/mariadb-connector-j-8.4.0.jar" + jdbc_driver_class => "com.mariadb.jdbc.Driver" + jdbc_connection_string => "jdbc:mariadb://{{ .Values.redcap.config.database.auth.hostname }}:{{ default 3306 .Values.mariadb.service.port }}/{{ .Values.redcap.config.database.auth.databaseName }}" jdbc_user => "{{ .Values.redcap.config.database.auth.username }}" jdbc_password => "{{ default .Values.redcap.config.database.auth.password `${MYSQL_PASSWD}` }}" schedule => "{{ .Values.audit.logsApi.config.pollingSchedule }}" diff --git a/charts/redcap/configuration/audit/redcap-log-event5.conf b/charts/redcap/configuration/audit/redcap-log-event5.conf index 388cb59..8cb843f 100644 --- a/charts/redcap/configuration/audit/redcap-log-event5.conf +++ b/charts/redcap/configuration/audit/redcap-log-event5.conf @@ -1,9 +1,9 @@ input { jdbc { - jdbc_driver_library => "/driver/mysql-connector-j-8.4.0.jar" - jdbc_driver_class => "com.mysql.jdbc.Driver" - jdbc_connection_string => "jdbc:mysql://{{ .Values.redcap.config.database.auth.hostname }}:{{ default 3306 .Values.mysql.primary.service.ports.mysql }}/{{ .Values.redcap.config.database.auth.databaseName }}" + jdbc_driver_library => "/driver/mariadb-connector-j-8.4.0.jar" + jdbc_driver_class => "com.mariadb.jdbc.Driver" + jdbc_connection_string => "jdbc:mariadb://{{ .Values.redcap.config.database.auth.hostname }}:{{ default 3306 .Values.mariadb.service.port }}/{{ .Values.redcap.config.database.auth.databaseName }}" jdbc_user => "{{ .Values.redcap.config.database.auth.username }}" jdbc_password => "{{ default .Values.redcap.config.database.auth.password `${MYSQL_PASSWD}` }}" schedule => "{{ .Values.audit.logsApi.config.pollingSchedule }}" diff --git a/charts/redcap/configuration/audit/redcap-log-event6.conf b/charts/redcap/configuration/audit/redcap-log-event6.conf index 7b78053..cb5eb5b 100644 --- a/charts/redcap/configuration/audit/redcap-log-event6.conf +++ b/charts/redcap/configuration/audit/redcap-log-event6.conf @@ -1,9 +1,9 @@ input { jdbc { - jdbc_driver_library => "/driver/mysql-connector-j-8.4.0.jar" - jdbc_driver_class => "com.mysql.jdbc.Driver" - jdbc_connection_string => "jdbc:mysql://{{ .Values.redcap.config.database.auth.hostname }}:{{ default 3306 .Values.mysql.primary.service.ports.mysql }}/{{ .Values.redcap.config.database.auth.databaseName }}" + jdbc_driver_library => "/driver/mariadb-connector-j-8.4.0.jar" + jdbc_driver_class => "com.mariadb.jdbc.Driver" + jdbc_connection_string => "jdbc:mariadb://{{ .Values.redcap.config.database.auth.hostname }}:{{ default 3306 .Values.mariadb.service.port }}/{{ .Values.redcap.config.database.auth.databaseName }}" jdbc_user => "{{ .Values.redcap.config.database.auth.username }}" jdbc_password => "{{ default .Values.redcap.config.database.auth.password `${MYSQL_PASSWD}` }}" schedule => "{{ .Values.audit.logsApi.config.pollingSchedule }}" diff --git a/charts/redcap/configuration/audit/redcap-log-event7.conf b/charts/redcap/configuration/audit/redcap-log-event7.conf index bf75fcc..305e2db 100644 --- a/charts/redcap/configuration/audit/redcap-log-event7.conf +++ b/charts/redcap/configuration/audit/redcap-log-event7.conf @@ -1,9 +1,9 @@ input { jdbc { - jdbc_driver_library => "/driver/mysql-connector-j-8.4.0.jar" - jdbc_driver_class => "com.mysql.jdbc.Driver" - jdbc_connection_string => "jdbc:mysql://{{ .Values.redcap.config.database.auth.hostname }}:{{ default 3306 .Values.mysql.primary.service.ports.mysql }}/{{ .Values.redcap.config.database.auth.databaseName }}" + jdbc_driver_library => "/driver/mariadb-connector-j-8.4.0.jar" + jdbc_driver_class => "com.mariadb.jdbc.Driver" + jdbc_connection_string => "jdbc:mariadb://{{ .Values.redcap.config.database.auth.hostname }}:{{ default 3306 .Values.mariadb.service.port }}/{{ .Values.redcap.config.database.auth.databaseName }}" jdbc_user => "{{ .Values.redcap.config.database.auth.username }}" jdbc_password => "{{ default .Values.redcap.config.database.auth.password `${MYSQL_PASSWD}` }}" schedule => "{{ .Values.audit.logsApi.config.pollingSchedule }}" diff --git a/charts/redcap/configuration/audit/redcap-log-event8.conf b/charts/redcap/configuration/audit/redcap-log-event8.conf index 10a0418..c504269 100644 --- a/charts/redcap/configuration/audit/redcap-log-event8.conf +++ b/charts/redcap/configuration/audit/redcap-log-event8.conf @@ -1,9 +1,9 @@ input { jdbc { - jdbc_driver_library => "/driver/mysql-connector-j-8.4.0.jar" - jdbc_driver_class => "com.mysql.jdbc.Driver" - jdbc_connection_string => "jdbc:mysql://{{ .Values.redcap.config.database.auth.hostname }}:{{ default 3306 .Values.mysql.primary.service.ports.mysql }}/{{ .Values.redcap.config.database.auth.databaseName }}" + jdbc_driver_library => "/driver/mariadb-connector-j-8.4.0.jar" + jdbc_driver_class => "com.mariadb.jdbc.Driver" + jdbc_connection_string => "jdbc:mariadb://{{ .Values.redcap.config.database.auth.hostname }}:{{ default 3306 .Values.mariadb.service.port }}/{{ .Values.redcap.config.database.auth.databaseName }}" jdbc_user => "{{ .Values.redcap.config.database.auth.username }}" jdbc_password => "{{ default .Values.redcap.config.database.auth.password `${MYSQL_PASSWD}` }}" schedule => "{{ .Values.audit.logsApi.config.pollingSchedule }}" diff --git a/charts/redcap/configuration/audit/redcap-log-event9.conf b/charts/redcap/configuration/audit/redcap-log-event9.conf index eaf0630..1c4c89e 100644 --- a/charts/redcap/configuration/audit/redcap-log-event9.conf +++ b/charts/redcap/configuration/audit/redcap-log-event9.conf @@ -1,9 +1,9 @@ input { jdbc { - jdbc_driver_library => "/driver/mysql-connector-j-8.4.0.jar" - jdbc_driver_class => "com.mysql.jdbc.Driver" - jdbc_connection_string => "jdbc:mysql://{{ .Values.redcap.config.database.auth.hostname }}:{{ default 3306 .Values.mysql.primary.service.ports.mysql }}/{{ .Values.redcap.config.database.auth.databaseName }}" + jdbc_driver_library => "/driver/mariadb-connector-j-8.4.0.jar" + jdbc_driver_class => "com.mariadb.jdbc.Driver" + jdbc_connection_string => "jdbc:mariadb://{{ .Values.redcap.config.database.auth.hostname }}:{{ default 3306 .Values.mariadb.service.port }}/{{ .Values.redcap.config.database.auth.databaseName }}" jdbc_user => "{{ .Values.redcap.config.database.auth.username }}" jdbc_password => "{{ default .Values.redcap.config.database.auth.password `${MYSQL_PASSWD}` }}" schedule => "{{ .Values.audit.logsApi.config.pollingSchedule }}" diff --git a/charts/redcap/configuration/audit/redcap-log-view.conf b/charts/redcap/configuration/audit/redcap-log-view.conf index 70e6b61..14f7ba7 100644 --- a/charts/redcap/configuration/audit/redcap-log-view.conf +++ b/charts/redcap/configuration/audit/redcap-log-view.conf @@ -1,9 +1,9 @@ input { jdbc { - jdbc_driver_library => "/driver/mysql-connector-j-8.4.0.jar" - jdbc_driver_class => "com.mysql.jdbc.Driver" - jdbc_connection_string => "jdbc:mysql://{{ .Values.redcap.config.database.auth.hostname }}:{{ default 3306 .Values.mysql.primary.service.ports.mysql }}/{{ .Values.redcap.config.database.auth.databaseName }}" + jdbc_driver_library => "/driver/mariadb-connector-j-8.4.0.jar" + jdbc_driver_class => "com.mariadb.jdbc.Driver" + jdbc_connection_string => "jdbc:mariadb://{{ .Values.redcap.config.database.auth.hostname }}:{{ default 3306 .Values.mariadb.service.port }}/{{ .Values.redcap.config.database.auth.databaseName }}" jdbc_user => "{{ .Values.redcap.config.database.auth.username }}" jdbc_password => "{{ default .Values.redcap.config.database.auth.password `${MYSQL_PASSWD}` }}" schedule => "{{ .Values.audit.logsApi.config.pollingSchedule }}" diff --git a/charts/redcap/configuration/httpd/httpd.conf b/charts/redcap/configuration/httpd/httpd.conf index 0b416ac..ee53600 100644 --- a/charts/redcap/configuration/httpd/httpd.conf +++ b/charts/redcap/configuration/httpd/httpd.conf @@ -122,7 +122,7 @@ PidFile /var/run/supervisor/httpd.pid # as error documents. e.g. admin@your-domain.com # ServerAdmin {{ .Values.redcap.config.adminMail }} -ServerName {{ .Values.redcap.config.externalURL }} +ServerName {{ include `httpd.externalDomain` . }} # # ServerName gives the name and port that the server uses to identify itself. @@ -377,8 +377,9 @@ EnableSendfile on # Maps the fastcgi server to the root URL space + DirectorySlash On ProxyPassMatch "^/(.*\.php(/.*)?)$" "fcgi://{{ include `redcap.serviceName` . }}:{{ .Values.services.redcap.port }}/var/www/redcap/$1" timeout=3600 enablereuse=on - DirectoryIndex /index.php index.php + DirectoryIndex index.php #/index.php diff --git a/charts/redcap/configuration/mysql/my.cnf b/charts/redcap/configuration/mysql/my.cnf index ae31175..23955de 100644 --- a/charts/redcap/configuration/mysql/my.cnf +++ b/charts/redcap/configuration/mysql/my.cnf @@ -1,22 +1,15 @@ -[mysqld] -skip_name_resolve -explicit_defaults_for_timestamp -basedir=/opt/bitnami/mysql -port=3306 -tmpdir=/opt/bitnami/mysql/tmp -socket=/opt/bitnami/mysql/tmp/mysql.sock -pid_file=/opt/bitnami/mysql/tmp/mysqld.pid -max_allowed_packet=16M -bind_address=0.0.0.0 -log_error=/opt/bitnami/mysql/logs/mysqld.log -slow_query_log=0 -long_query_time=10.0 -character_set_server=utf8mb4 -plugin_dir=/opt/bitnami/mysql/lib/plugin -datadir=/bitnami/mysql/data +[mariadbd] -# REDCap recommendations +# REDCap recommendations : Maximum paquet size during communication with client (client must have the same value) max_allowed_packet=1G +# REDCap recommendations : Optimize some querrys with index: https://mariadb.com/docs/server/ha-and-performance/optimization-and-tuning/query-optimizations/rowid-filtering-optimization +optimizer_switch='rowid_filter=off' +# REDCap recommendations : Store result of select command. +query_cache_size=16777216 +# REDCap recommendations : Enabling cache type : https://mariadb.com/docs/server/server-management/variables-and-modes/server-system-variables#query_cache_type +query_cache_type=1 +query_cache_limit=16777216 + sort_buffer_size=1M read-rnd-buffer-size=1M @@ -27,15 +20,3 @@ max_connections=400 innodb_flush_log_at_trx_commit=1 sync_binlog=0 - -[client] -port=3306 -socket=/opt/bitnami/mysql/tmp/mysql.sock -default_character_set=utf8mb4 -plugin_dir=/opt/bitnami/mysql/lib/plugin - - -[manager] -port=3306 -socket=/opt/bitnami/mysql/tmp/mysql.sock -pid_file=/opt/bitnami/mysql/tmp/mysqld.pid diff --git a/charts/redcap/configuration/redcap/backup/backup-upload.sh b/charts/redcap/configuration/redcap/backup/backup-upload.sh index bd14f6b..190deb3 100644 --- a/charts/redcap/configuration/redcap/backup/backup-upload.sh +++ b/charts/redcap/configuration/redcap/backup/backup-upload.sh @@ -3,7 +3,7 @@ # Name: backup-upload.sh # Version: 1.0 # Author: Kévin ZGRZENDEK for APHP EDS -# Description : Compresses and uploads REDCap backup dir (containing the redcap app dir, the edocs dir & MySQL db dump) +# Description : Compresses and uploads REDCap backup dir (containing the redcap app dir, the edocs dir & MariaDB dump) echo "[INFO] Starting REDCap backup script v1.0" diff --git a/charts/redcap/configuration/redcap/database-conf/creds/credentials.php b/charts/redcap/configuration/redcap/database-conf/creds/credentials.php index 60dfe13..42b3a3d 100644 --- a/charts/redcap/configuration/redcap/database-conf/creds/credentials.php +++ b/charts/redcap/configuration/redcap/database-conf/creds/credentials.php @@ -1,8 +1,8 @@ .so' and ; 'extension='php_.dll') is supported for legacy reasons and may be @@ -928,12 +928,12 @@ default_socket_timeout = 60 ;extension=ldap ;extension=mbstring ;extension=exif ; Must be after mbstring as it depends on it -;extension=mysqli +;extension=mariadbi ;extension=oci8_12c ; Use with Oracle Database 12c Instant Client ;extension=odbc ;extension=openssl ;extension=pdo_firebird -;extension=pdo_mysql +;extension=pdo_mariadb ;extension=pdo_oci ;extension=pdo_odbc ;extension=pdo_pgsql @@ -1055,10 +1055,10 @@ cli_server.color = On ;pdo_odbc.db2_instance_name -[Pdo_mysql] +[Pdo_mariadb] ; Default socket name for local MySQL connects. If empty, uses the built-in ; MySQL defaults. -pdo_mysql.default_socket= +pdo_mariadb.default_socket= [Phar] ; http://php.net/phar.readonly @@ -1141,85 +1141,85 @@ odbc.defaultbinmode = 1 [MySQLi] ; Maximum number of persistent links. -1 means no limit. -; http://php.net/mysqli.max-persistent -mysqli.max_persistent = -1 +; http://php.net/mariadbi.max-persistent +mariadbi.max_persistent = -1 ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements -; http://php.net/mysqli.allow_local_infile -;mysqli.allow_local_infile = On +; http://php.net/mariadbi.allow_local_infile +;mariadbi.allow_local_infile = On ; Allow or prevent persistent links. -; http://php.net/mysqli.allow-persistent -mysqli.allow_persistent = On +; http://php.net/mariadbi.allow-persistent +mariadbi.allow_persistent = On ; Maximum number of links. -1 means no limit. -; http://php.net/mysqli.max-links -mysqli.max_links = -1 +; http://php.net/mariadbi.max-links +mariadbi.max_links = -1 -; Default port number for mysqli_connect(). If unset, mysqli_connect() will use -; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the +; Default port number for mariadbi_connect(). If unset, mariadbi_connect() will use +; the $MYSQL_TCP_PORT or the mariadb-tcp entry in /etc/services or the ; compile-time value defined MYSQL_PORT (in that order). Win32 will only look ; at MYSQL_PORT. -; http://php.net/mysqli.default-port -mysqli.default_port = 3306 +; http://php.net/mariadbi.default-port +mariadbi.default_port = 3306 ; Default socket name for local MySQL connects. If empty, uses the built-in ; MySQL defaults. -; http://php.net/mysqli.default-socket -mysqli.default_socket = +; http://php.net/mariadbi.default-socket +mariadbi.default_socket = -; Default host for mysqli_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-host -mysqli.default_host = +; Default host for mariadbi_connect() (doesn't apply in safe mode). +; http://php.net/mariadbi.default-host +mariadbi.default_host = -; Default user for mysqli_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-user -mysqli.default_user = +; Default user for mariadbi_connect() (doesn't apply in safe mode). +; http://php.net/mariadbi.default-user +mariadbi.default_user = -; Default password for mysqli_connect() (doesn't apply in safe mode). +; Default password for mariadbi_connect() (doesn't apply in safe mode). ; Note that this is generally a *bad* idea to store passwords in this file. -; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") +; *Any* user with PHP access can run 'echo get_cfg_var("mariadbi.default_pw") ; and reveal this password! And of course, any users with read access to this ; file will be able to reveal the password as well. -; http://php.net/mysqli.default-pw -mysqli.default_pw = +; http://php.net/mariadbi.default-pw +mariadbi.default_pw = ; Allow or prevent reconnect -mysqli.reconnect = Off +mariadbi.reconnect = Off -[mysqlnd] -; Enable / Disable collection of general statistics by mysqlnd which can be +[mariadbnd] +; Enable / Disable collection of general statistics by mariadbnd which can be ; used to tune and monitor MySQL operations. -mysqlnd.collect_statistics = Off +mariadbnd.collect_statistics = Off -; Enable / Disable collection of memory usage statistics by mysqlnd which can be +; Enable / Disable collection of memory usage statistics by mariadbnd which can be ; used to tune and monitor MySQL operations. -mysqlnd.collect_memory_statistics = Off +mariadbnd.collect_memory_statistics = Off -; Records communication from all extensions using mysqlnd to the specified log +; Records communication from all extensions using mariadbnd to the specified log ; file. -; http://php.net/mysqlnd.debug -;mysqlnd.debug = +; http://php.net/mariadbnd.debug +;mariadbnd.debug = ; Defines which queries will be logged. -;mysqlnd.log_mask = 0 +;mariadbnd.log_mask = 0 -; Default size of the mysqlnd memory pool, which is used by result sets. -;mysqlnd.mempool_default_size = 16000 +; Default size of the mariadbnd memory pool, which is used by result sets. +;mariadbnd.mempool_default_size = 16000 ; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. -;mysqlnd.net_cmd_buffer_size = 2048 +;mariadbnd.net_cmd_buffer_size = 2048 ; Size of a pre-allocated buffer used for reading data sent by the server in ; bytes. -;mysqlnd.net_read_buffer_size = 32768 +;mariadbnd.net_read_buffer_size = 32768 ; Timeout for network requests in seconds. -;mysqlnd.net_read_timeout = 31536000 +;mariadbnd.net_read_timeout = 31536000 ; SHA-256 Authentication Plugin related. File with the MySQL server public RSA ; key. -;mysqlnd.sha256_server_public_key = +;mariadbnd.sha256_server_public_key = [OCI8] diff --git a/charts/redcap/templates/NOTES.txt b/charts/redcap/templates/NOTES.txt index a646fb3..0fc8dc6 100644 --- a/charts/redcap/templates/NOTES.txt +++ b/charts/redcap/templates/NOTES.txt @@ -1,4 +1,13 @@ You can access REDCap homepage URL by running these commands: + +{{- if .Values.mariadb.enabled }} +# MariaDB is enabled +The chart has been deployed with MariaDB. Please ensure that any configurations specific to MySQL are updated for MariaDB. +{{- else }} +# MySQL is enabled +The chart is using MySQL as the database. If you wish to migrate to MariaDB, please disable MySQL and enable MariaDB in your `values.yaml` file. +{{- end }} + {{- if .Values.ingress.enabled }} {{- range $host := .Values.ingress.hosts }} {{- range .paths }} diff --git a/charts/redcap/templates/_helpers.tpl b/charts/redcap/templates/_helpers.tpl index 6cd4041..6aa81a2 100644 --- a/charts/redcap/templates/_helpers.tpl +++ b/charts/redcap/templates/_helpers.tpl @@ -235,12 +235,12 @@ Secrets names {{ .Release.Name }}-db-audit-credentials {{- end }} -{{- define "mysql.secrets.password.name" -}} -{{ .Release.Name }}-mysql +{{- define "mariadb.secrets.password.name" -}} +{{ .Release.Name }}-mariadb {{- end }} -{{- define "mysql.secrets.password.key" -}} -mysql-password +{{- define "mariadb.secrets.password.key" -}} +mariadb-password {{- end }} {{/* @@ -276,9 +276,14 @@ Create the name of the service to use {{ include "redcap.fullname" . }}-svc {{- end }} -{{/* -Create the name of the service to use -*/}} +http://{{ include `httpd.serviceName` . }}:1080 {{- define "httpd.serviceName" -}} {{ include "httpd.fullname" . }}-svc {{- end }} + +{{/* +Create the url that redcap will use as redcap_base_url +*/}} +{{- define "httpd.externalDomain" -}} +{{- printf "%s" ( .Values.redcap.config.externalURL | urlParse ).host | splitList ":" | first }} +{{- end }} diff --git a/charts/redcap/templates/configmaps/mysql/mysql-config.yaml b/charts/redcap/templates/configmaps/mysql/mysql-config.yaml index 8936dba..1fb5ae3 100644 --- a/charts/redcap/templates/configmaps/mysql/mysql-config.yaml +++ b/charts/redcap/templates/configmaps/mysql/mysql-config.yaml @@ -1,6 +1,6 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Values.mysql.primary.existingConfigmap }} + name: {{ .Values.mariadb.config.existingConfigMap }} data: {{ tpl (.Files.Glob "configuration/mysql/my.cnf").AsConfig . | nindent 2 }} \ No newline at end of file diff --git a/charts/redcap/templates/configmaps/redcap/mail-conf.yaml b/charts/redcap/templates/configmaps/redcap/mail-conf.yaml index 6085f81..be70f87 100644 --- a/charts/redcap/templates/configmaps/redcap/mail-conf.yaml +++ b/charts/redcap/templates/configmaps/redcap/mail-conf.yaml @@ -3,4 +3,4 @@ kind: ConfigMap metadata: name: {{ .Release.Name }}-mail-conf data: -{{ tpl (.Files.Glob "configuration/redcap/mail-conf/*").AsConfig . | nindent 2 }} \ No newline at end of file +{{ tpl (.Files.Glob "configuration/redcap/mail-conf/creds/*").AsConfig . | nindent 2 }} \ No newline at end of file diff --git a/charts/redcap/templates/cronjobs/backup-cronjob.yaml b/charts/redcap/templates/cronjobs/backup-cronjob.yaml index 64ae1b5..2818ec3 100644 --- a/charts/redcap/templates/cronjobs/backup-cronjob.yaml +++ b/charts/redcap/templates/cronjobs/backup-cronjob.yaml @@ -47,6 +47,11 @@ spec: securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 999 + runAsGroup: 999 + runAsNonRoot: true + volumeMounts: - name: edocs @@ -75,7 +80,7 @@ spec: - "sh" - "-c" - "mkdir -v /backup-data/redcap-db && \ - mysqldump \ + mariadb-dump \ --host={{ .Values.redcap.config.database.auth.hostname }} \ --user={{ .Values.redcap.config.database.auth.username }} \ --password=${DB_PASSWD} \ @@ -88,6 +93,11 @@ spec: securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 999 + runAsGroup: 999 + runAsNonRoot: true + volumeMounts: - name: backup-data @@ -127,7 +137,7 @@ spec: - mountPath: /backup-data name: backup-data - name: rclone-conf - mountPath: /.rclone.conf + mountPath: /config/rclone/rclone.conf subPath: rclone.conf - name: upload-script mountPath: /tmp/backup-upload.sh diff --git a/charts/redcap/templates/cronjobs/restore-cronjob.yaml b/charts/redcap/templates/cronjobs/restore-cronjob.yaml index 03c1a24..3e377c2 100644 --- a/charts/redcap/templates/cronjobs/restore-cronjob.yaml +++ b/charts/redcap/templates/cronjobs/restore-cronjob.yaml @@ -66,22 +66,22 @@ spec: - mountPath: /backup-data name: backup-data - name: rclone-conf - mountPath: /.rclone.conf + mountPath: /config/rclone/rclone.conf subPath: rclone.conf - name: download-script mountPath: /tmp/backup-download.sh subPath: backup-download.sh - name: files-restore - image: "{{ .Values.restoreJob.redcap.image.repository }}:{{ .Values.restoreJob.redcap.image.tag }}" - imagePullPolicy: {{ .Values.restoreJob.redcap.image.pullPolicy }} + image: "{{ .Values.restoreJob.files.image.repository }}:{{ .Values.restoreJob.files.image.tag }}" + imagePullPolicy: {{ .Values.restoreJob.files.image.pullPolicy }} command: - "sh" - "-c" - # Purging the edocs (user's uploaded files) and redcap (application codebase, except database.php which is a custom mount from a secret) befre restoring them, to have idempotent backups + # Purging the edocs (user's uploaded files) and redcap (application codebase) - "rm -f -r -v /edocs/* && \ cp -f -r -v /backup-data/redcap-edocs/* /edocs && \ - find /redcap -mindepth 1 -name \"*\" -not \\( -name \"database.php\" \\) -prune -exec rm -r -f -v {} \\; && \ + rm -f -r -v /redcap/* && \ cp -f -r -v /backup-data/redcap-app/* /redcap" securityContext: @@ -90,12 +90,11 @@ spec: volumeMounts: - name: edocs mountPath: /edocs - - name: redcap-code + - name: redcap-app mountPath: /redcap - name: backup-data mountPath: /backup-data - containers: - name: db-restore image: "{{ .Values.restoreJob.database.image.repository }}:{{ .Values.restoreJob.database.image.tag }}" imagePullPolicy: {{ .Values.restoreJob.database.image.pullPolicy }} @@ -114,7 +113,7 @@ spec: command: - "sh" - "-c" - - "mysql \ + - "mariadb \ --host={{ .Values.redcap.config.database.auth.hostname }} \ --database={{ .Values.redcap.config.database.auth.databaseName }} \ --user={{ .Values.redcap.config.database.auth.username }} \ @@ -132,8 +131,66 @@ spec: - name: backup-data mountPath: /backup-data + + containers: + - name: redcap-restore + image: "{{ .Values.restoreJob.redcap.image.repository }}:{{ .Values.restoreJob.redcap.image.tag }}" + imagePullPolicy: {{ .Values.restoreJob.redcap.image.pullPolicy }} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 2000 + runAsGroup: 2000 + + env: + - name: XDG_CONFIG_HOME + value: "/var/run/secrets" + - name : REDCAP_VERSION + value: {{ .Values.redcap.install.version }} + - name : REDCAP_INSTALL_PATH + value: "/app/redcap" + - name: REDCAP_COMMUNITY_USERNAME + valueFrom: + secretKeyRef: + name: {{ default (include "redcap.secrets.community.creds.name" .) .Values.redcap.install.communityAuth.existingSecret }} + key: USERNAME + - name: REDCAP_COMMUNITY_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "redcap.secrets.community.creds.name" .) .Values.redcap.install.communityAuth.existingSecret }} + key: PASSWORD + - name: DB_PASSWD + valueFrom: + secretKeyRef: + name: {{ default (include "mariadb.secrets.password.name" .) .Values.redcap.config.database.auth.password.secretKeyRef.name }} + key: {{ default (include "mariadb.secrets.password.key" .) .Values.redcap.config.database.auth.password.secretKeyRef.key }} + + command: + - sh + - -c + - > + /tmp/scripts/redcap-install.sh + + volumeMounts: + - name: redcap-archive-cache + mountPath: /tmp/redcap + - name: redcap-app + mountPath: /app/redcap + - name: database-conf + mountPath: /tmp/conf/database.php + subPath: database.php + - name: redcap-install-script + mountPath: /tmp/scripts/redcap-install.sh + subPath: redcap-install.sh + # - name: redcap-setup-script + # mountPath: /tmp/scripts/redcap-setup.sh + # subPath: redcap-setup.sh + volumes: - - name: redcap-code + - name: redcap-archive-cache + emptyDir: + sizeLimit: 500Mi + - name: redcap-app persistentVolumeClaim: claimName: {{ .Release.Name }}-app-pvc - name: edocs @@ -148,6 +205,21 @@ spec: - name: rclone-conf secret: secretName: {{ include "redcap.secrets.restore.rclone.conf.name" . }} + - name: database-conf + configMap: + name: {{ .Release.Name }}-database-conf + - name: redcap-install-script + configMap: + name: {{ .Release.Name }}-init-install-script + defaultMode: 0777 + - name: redcap-setup-script + configMap: + name: {{ .Release.Name }}-init-setup-script + defaultMode: 0777 + - name: redcap-config-script + configMap: + name: {{ .Release.Name }}-init-config-script + defaultMode: 0777 {{- with .Values.redcap.nodeSelector }} diff --git a/charts/redcap/templates/deployments/redcap.yaml b/charts/redcap/templates/deployments/redcap.yaml index d14adfd..f51c494 100644 --- a/charts/redcap/templates/deployments/redcap.yaml +++ b/charts/redcap/templates/deployments/redcap.yaml @@ -50,8 +50,6 @@ spec: env: - name : REDCAP_INSTALL_PATH value: "/app/redcap" - - name : OVERRIDE_INSTALL - value: {{ .Values.redcap.install.override | toString | quote }} - name : REDCAP_VERSION value: {{ .Values.redcap.install.version }} - name: REDCAP_COMMUNITY_USERNAME @@ -89,22 +87,22 @@ spec: {{- end }} - name: wait-for-db - image: "{{ .Values.mysql.image.repository }}:{{ .Values.mysql.image.tag }}" - imagePullPolicy: {{ .Values.mysql.image.pullPolicy }} + image: "{{ .Values.mariadb.image.repository }}:{{ .Values.mariadb.image.tag }}" + imagePullPolicy: {{ .Values.mariadb.image.pullPolicy }} env: - name: DB_PASSWD valueFrom: secretKeyRef: - name: {{ default (include "mysql.secrets.password.name" .) .Values.redcap.config.database.auth.password.secretKeyRef.name }} - key: {{ default (include "mysql.secrets.password.key" .) .Values.redcap.config.database.auth.password.secretKeyRef.key }} + name: {{ default (include "mariadb.secrets.password.name" .) .Values.redcap.config.database.auth.password.secretKeyRef.name }} + key: {{ default (include "mariadb.secrets.password.key" .) .Values.redcap.config.database.auth.password.secretKeyRef.key }} command: - "sh" - "-c" - - "mysql \ + - "mariadb \ --host={{ .Values.redcap.config.database.auth.hostname }} \ - --port={{ default 3306 .Values.mysql.primary.service.ports.mysql }} + --port={{ default 3306 .Values.mariadb.service.port }} --user={{ .Values.redcap.config.database.auth.username }} \ --password=${DB_PASSWD} \ --database={{ .Values.redcap.config.database.auth.databaseName }} \ @@ -115,6 +113,10 @@ spec: securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true + runAsUser: 999 + runAsGroup: 999 + runAsNonRoot: true + - name: msmtp-config-injector image: "busybox:1" @@ -158,8 +160,8 @@ spec: - name: DB_PASSWD valueFrom: secretKeyRef: - name: {{ default (include "mysql.secrets.password.name" .) .Values.redcap.config.database.auth.password.secretKeyRef.name }} - key: {{ default (include "mysql.secrets.password.key" .) .Values.redcap.config.database.auth.password.secretKeyRef.key }} + name: {{ default (include "mariadb.secrets.password.name" .) .Values.redcap.config.database.auth.password.secretKeyRef.name }} + key: {{ default (include "mariadb.secrets.password.key" .) .Values.redcap.config.database.auth.password.secretKeyRef.key }} {{- if .Values.redcap.install.enabled }} startupProbe: @@ -221,7 +223,7 @@ spec: mountPath: /app/redcap/temp - name: server-tmp mountPath: /tmp - - name: redcap-mysql-creds + - name: redcap-mariadb-creds mountPath: /var/run/secrets/credentials.php subPath: credentials.php - name: redcap-config-script @@ -231,7 +233,7 @@ spec: mountPath: /tmp/redcap-setup.sh subPath: redcap-setup.sh {{- if .Values.redcap.config.database.auth.password.secretKeyRef.key }} - - name: mysql-password + - name: mariadb-password mountPath: /var/run/secrets/DB_PASSWD subPath: {{ .Values.redcap.config.database.auth.password.secretKeyRef.key }} {{- end }} @@ -316,11 +318,11 @@ spec: - name: database-conf configMap: name: {{ .Release.Name }}-database-conf - - name: redcap-mysql-creds + - name: redcap-mariadb-creds secret: secretName: {{ include "redcap.secrets.database.creds.name" . }} {{- if .Values.redcap.config.database.auth.password.secretKeyRef.name }} - - name: mysql-password + - name: mariadb-password secret: secretName: {{ .Values.redcap.config.database.auth.password.secretKeyRef.name }} {{- end }} diff --git a/charts/redcap/templates/networkpolicies/app-egress.yaml b/charts/redcap/templates/networkpolicies/app-egress.yaml index 0daad6d..e376afa 100644 --- a/charts/redcap/templates/networkpolicies/app-egress.yaml +++ b/charts/redcap/templates/networkpolicies/app-egress.yaml @@ -25,12 +25,12 @@ spec: - to: - podSelector: matchLabels: - {{- range $labelKey, $labelValue := .Values.mysql.primary.podLabels }} + {{- range $labelKey, $labelValue := .Values.mariadb.podLabels }} {{ $labelKey | nindent 12 }}: {{ $labelValue }} {{- end }} ports: - protocol: TCP - port: {{ default 3306 .Values.mysql.primary.service.ports.mysql }} + port: {{ default 3306 .Values.mariadb.service.port }} # allow DNS resolution - to: diff --git a/charts/redcap/templates/networkpolicies/audit-egress.yaml b/charts/redcap/templates/networkpolicies/audit-egress.yaml index 14c8a58..633f73b 100644 --- a/charts/redcap/templates/networkpolicies/audit-egress.yaml +++ b/charts/redcap/templates/networkpolicies/audit-egress.yaml @@ -26,12 +26,12 @@ spec: - to: - podSelector: matchLabels: - {{- range $labelKey, $labelValue := .Values.mysql.primary.podLabels }} + {{- range $labelKey, $labelValue := .Values.mariadb.podLabels }} {{ $labelKey | nindent 12 }}: {{ $labelValue }} {{- end }} ports: - protocol: TCP - port: {{ default 3306 .Values.mysql.primary.service.ports.mysql }} + port: {{ default 3306 .Values.mariadb.service.port }} # allow DNS resolution - to: diff --git a/charts/redcap/templates/networkpolicies/backup-job-egress .yaml b/charts/redcap/templates/networkpolicies/backup-job-egress .yaml index 9ad089b..f09b3ed 100644 --- a/charts/redcap/templates/networkpolicies/backup-job-egress .yaml +++ b/charts/redcap/templates/networkpolicies/backup-job-egress .yaml @@ -17,12 +17,12 @@ spec: - to: - podSelector: matchLabels: - {{- range $labelKey, $labelValue := .Values.mysql.primary.podLabels }} + {{- range $labelKey, $labelValue := .Values.mariadb.podLabels }} {{ $labelKey | nindent 12 }}: {{ $labelValue }} {{- end }} ports: - protocol: TCP - port: {{ default 3306 .Values.mysql.primary.service.ports.mysql }} + port: {{ default 3306 .Values.mariadb.service.port }} # allow DNS resolution - to: diff --git a/charts/redcap/templates/networkpolicies/db-ingress.yaml b/charts/redcap/templates/networkpolicies/db-ingress.yaml index e0b921d..10746d7 100644 --- a/charts/redcap/templates/networkpolicies/db-ingress.yaml +++ b/charts/redcap/templates/networkpolicies/db-ingress.yaml @@ -6,7 +6,7 @@ metadata: spec: podSelector: matchLabels: - {{- range $labelKey, $labelValue := .Values.mysql.primary.podLabels }} + {{- range $labelKey, $labelValue := .Values.mariadb.podLabels }} {{ $labelKey | nindent 6 }}: {{ $labelValue }} {{- end }} policyTypes: @@ -39,5 +39,5 @@ spec: ports: - protocol: TCP - port: {{ default 3306 .Values.mysql.primary.service.ports.mysql }} + port: {{ default 3306 .Values.mariadb.service.port }} {{- end }} \ No newline at end of file diff --git a/charts/redcap/templates/networkpolicies/restore-job-egress.yaml b/charts/redcap/templates/networkpolicies/restore-job-egress.yaml index 7fda8cd..8f528ce 100644 --- a/charts/redcap/templates/networkpolicies/restore-job-egress.yaml +++ b/charts/redcap/templates/networkpolicies/restore-job-egress.yaml @@ -17,12 +17,12 @@ spec: - to: - podSelector: matchLabels: - {{- range $labelKey, $labelValue := .Values.mysql.primary.podLabels }} + {{- range $labelKey, $labelValue := .Values.mariadb.podLabels }} {{ $labelKey | nindent 12 }}: {{ $labelValue }} {{- end }} ports: - protocol: TCP - port: {{ default 3306 .Values.mysql.primary.service.ports.mysql }} + port: {{ default 3306 .Values.mariadb.service.port }} # allow DNS resolution - to: diff --git a/charts/redcap/templates/secrets/mysql/database-password.yaml b/charts/redcap/templates/secrets/mysql/database-password.yaml index b87e6b0..d8edc04 100644 --- a/charts/redcap/templates/secrets/mysql/database-password.yaml +++ b/charts/redcap/templates/secrets/mysql/database-password.yaml @@ -1,9 +1,9 @@ -{{- if and (not .Values.mysql.enabled) (empty .Values.redcap.config.database.auth.password.secretKeyRef.name ) }} +{{- if and (not .Values.mariadb.enabled) (empty .Values.redcap.config.database.auth.password.secretKeyRef.name ) }} apiVersion: v1 kind: Secret metadata: - name: {{ include "mysql.secrets.password.name" . }} + name: {{ include "mariadb.secrets.password.name" . }} type: Opaque data: - {{ include "mysql.secrets.password.key" . }}: {{ required "You need to specify REDCap database password, as you didn't enabled the MySQL database embedded in this chart, nor provided a reference to an external Secret containing your database password!" .Values.redcap.config.database.auth.password.value }} + {{ include "mariadb.secrets.password.key" . }}: {{ required "You need to specify REDCap database password, as you didn't enabled the MariaDB database embedded in this chart, nor provided a reference to an external Secret containing your database password!" .Values.redcap.config.database.auth.password.value }} {{- end }} diff --git a/charts/redcap/tests/values.yaml b/charts/redcap/tests/values.yaml index f100afd..43750d2 100644 --- a/charts/redcap/tests/values.yaml +++ b/charts/redcap/tests/values.yaml @@ -70,10 +70,10 @@ redcap: affinity: {} -mysql: +mariadb: enabled: true primary: - existingConfigmap: "redcap-ext-qual-database-config" + existingConfigMap: "redcap-ext-qual-database-config" persistence: annotations: helm.sh/resource-policy: keep @@ -163,7 +163,7 @@ audit: valueFrom: secretKeyRef: name: "test" - key: "mysql-password" + key: "mariadb-password" - name: AUDIT_TOKEN valueFrom: secretKeyRef: diff --git a/charts/redcap/values.schema.json b/charts/redcap/values.schema.json index 24f821a..d164a6b 100644 --- a/charts/redcap/values.schema.json +++ b/charts/redcap/values.schema.json @@ -1,7 +1,9 @@ { "$schema": "https://json-schema.org/draft/2020-12/schema", + "type": "object", "properties": { "audit": { + "type": "object", "properties": { "enableMultiplePipelines": { "type": "boolean" @@ -13,14 +15,18 @@ "type": "string" }, "extraEnvVars": { + "type": "array", "items": { + "type": "object", "properties": { "name": { "type": "string" }, "valueFrom": { + "type": "object", "properties": { "secretKeyRef": { + "type": "object", "properties": { "key": { "type": "string" @@ -28,19 +34,17 @@ "name": { "type": "string" } - }, - "type": "object" + } } - }, - "type": "object" + } } - }, - "type": "object" - }, - "type": "array" + } + } }, "extraVolumeMounts": { + "type": "array", "items": { + "type": "object", "properties": { "mountPath": { "type": "string" @@ -48,52 +52,78 @@ "name": { "type": "string" }, - "subpath": { + "subPath": { "type": "string" } - }, - "type": "object" - }, - "type": "array" + } + } }, "extraVolumes": { + "type": "array", "items": { + "type": "object", "properties": { "emptyDir": { + "type": "object", "properties": { "sizeLimit": { "type": "string" } - }, - "type": "object" + } }, "name": { "type": "string" }, "secret": { + "type": "object", "properties": { "secretName": { "type": "string" } - }, - "type": "object" + } } + } + } + }, + "global": { + "type": "object", + "properties": { + "security": { + "type": "object", + "properties": { + "allowInsecureImages": { + "type": "boolean" + } + } + } + } + }, + "image": { + "type": "object", + "properties": { + "repository": { + "type": "string" }, - "type": "object" - }, - "type": "array" + "tag": { + "type": "string" + } + } }, "initContainers": { + "type": "array", "items": { + "type": "object", "properties": { "command": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "env": { + "type": "array", "items": { + "type": "object", "properties": { "name": { "type": "string" @@ -101,10 +131,8 @@ "value": { "type": "string" } - }, - "type": "object" - }, - "type": "array" + } + } }, "image": { "type": "string" @@ -116,6 +144,7 @@ "type": "string" }, "securityContext": { + "type": "object", "properties": { "allowPrivilegeEscalation": { "type": "boolean" @@ -129,11 +158,12 @@ "runAsUser": { "type": "integer" } - }, - "type": "object" + } }, "volumeMounts": { + "type": "array", "items": { + "type": "object", "properties": { "mountPath": { "type": "string" @@ -141,19 +171,17 @@ "name": { "type": "string" } - }, - "type": "object" - }, - "type": "array" + } + } } - }, - "type": "object" - }, - "type": "array" + } + } }, "logsApi": { + "type": "object", "properties": { "config": { + "type": "object", "properties": { "caPath": { "type": "string" @@ -167,19 +195,18 @@ "port": { "type": "integer" } - }, - "type": "object" + } } - }, - "type": "object" + } }, "persistence": { + "type": "object", "properties": { "accessModes": { + "type": "array", "items": { "type": "string" - }, - "type": "array" + } }, "enabled": { "type": "boolean" @@ -190,21 +217,20 @@ "storageClass": { "type": "string" } - }, - "type": "object" + } }, "podLabels": { + "type": "object", "properties": { "app.kubernetes.io/role": { "type": "string" } - }, - "type": "object" + } } - }, - "type": "object" + } }, "autoscaling": { + "type": "object", "properties": { "enabled": { "type": "boolean" @@ -221,19 +247,24 @@ "targetMemoryUtilizationPercentage": { "type": "integer" } - }, - "type": "object" + } }, "backupJob": { + "type": "object", "properties": { "archiveName": { "type": "string" }, "database": { + "type": "object", "properties": { "image": { + "type": "object", "properties": { - "pullPolicy": { + "imagePullPolicy": { + "type": "string" + }, + "registry": { "type": "string" }, "repository": { @@ -242,11 +273,9 @@ "tag": { "type": "string" } - }, - "type": "object" + } } - }, - "type": "object" + } }, "enabled": { "type": "boolean" @@ -255,8 +284,10 @@ "type": "array" }, "redcap": { + "type": "object", "properties": { "image": { + "type": "object", "properties": { "pullPolicy": { "type": "string" @@ -267,22 +298,21 @@ "tag": { "type": "string" } - }, - "type": "object" + } } - }, - "type": "object" + } }, "resources": { - "properties": {}, "type": "object" }, "schedule": { "type": "string" }, "uploader": { + "type": "object", "properties": { "image": { + "type": "object", "properties": { "pullPolicy": { "type": "string" @@ -293,17 +323,19 @@ "tag": { "type": "string" } - }, - "type": "object" + } }, "s3": { + "type": "object", "properties": { "backupPath": { "type": "string" }, "config": { + "type": "object", "properties": { "auth": { + "type": "object", "properties": { "accessKeyID": { "type": "string" @@ -314,8 +346,7 @@ "secretAccessKey": { "type": "string" } - }, - "type": "object" + } }, "endpoint": { "type": "string" @@ -326,28 +357,25 @@ "region": { "type": "string" } - }, - "type": "object" + } } - }, - "type": "object" + } } - }, - "type": "object" + } } - }, - "type": "object" + } }, "httpd": { + "type": "object", "properties": { "affinity": { - "properties": {}, "type": "object" }, "enabled": { "type": "boolean" }, "image": { + "type": "object", "properties": { "pullPolicy": { "type": "string" @@ -358,33 +386,34 @@ "tag": { "type": "string" } - }, - "type": "object" + } }, "nodeSelector": { - "properties": {}, "type": "object" }, "replicaCount": { "type": "integer" }, "resources": { - "properties": {}, "type": "object" }, "shibboleth": { + "type": "object", "properties": { "enabled": { "type": "boolean" }, "idp": { + "type": "object", "properties": { "entityID": { "type": "string" }, "metadata": { + "type": "object", "properties": { "secretKeyRef": { + "type": "object", "properties": { "key": { "type": "string" @@ -392,44 +421,43 @@ "name": { "type": "string" } - }, - "type": "object" + } } - }, - "type": "object" + } } - }, - "type": "object" + } }, "sp": { + "type": "object", "properties": { "entityID": { "type": "string" }, "metadata": { + "type": "object", "properties": { "certificate": { + "type": "object", "properties": { "existingSecret": { "type": "string" } - }, - "type": "object" + } } - }, - "type": "object" + } } - }, - "type": "object" + } } - }, - "type": "object" + } }, "tls": { + "type": "object", "properties": { "caChain": { + "type": "object", "properties": { "secretKeyRef": { + "type": "object", "properties": { "key": { "type": "string" @@ -437,36 +465,32 @@ "name": { "type": "string" } - }, - "type": "object" + } } - }, - "type": "object" + } }, "certificate": { + "type": "object", "properties": { "existingSecret": { "type": "string" } - }, - "type": "object" + } }, "enabled": { "type": "boolean" } - }, - "type": "object" + } }, "tolerations": { "type": "array" } - }, - "type": "object" + } }, "ingress": { + "type": "object", "properties": { "annotations": { - "properties": {}, "type": "object" }, "className": { @@ -481,15 +505,13 @@ "tls": { "type": "array" } - }, - "type": "object" + } }, - "mysql": { + "mariadb": { + "type": "object", "properties": { - "architecture": { - "type": "string" - }, "auth": { + "type": "object", "properties": { "createDatabase": { "type": "boolean" @@ -497,14 +519,24 @@ "database": { "type": "string" }, + "enabled": { + "type": "boolean" + }, "password": { "type": "string" }, "username": { "type": "string" } - }, - "type": "object" + } + }, + "config": { + "type": "object", + "properties": { + "existingConfigMap": { + "type": "string" + } + } }, "enabled": { "type": "boolean" @@ -512,96 +544,98 @@ "fullnameOverride": { "type": "string" }, - "initdbScriptsConfigMap": { - "type": "string" + "image": { + "type": "object", + "properties": { + "imagePullPolicy": { + "type": "string" + }, + "registry": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } }, "networkPolicy": { + "type": "object", "properties": { "enabled": { "type": "boolean" } - }, - "type": "object" + } }, - "primary": { + "persistence": { + "type": "object", "properties": { - "existingConfigmap": { - "type": "string" - }, - "persistence": { - "properties": { - "accessModes": { - "items": { - "type": "string" - }, - "type": "array" - }, - "size": { - "type": "string" - }, - "storageClass": { - "type": "string" - } - }, - "type": "object" + "accessModes": { + "type": "array", + "items": { + "type": "string" + } }, - "podLabels": { - "properties": { - "app.kubernetes.io/role": { - "type": "string" - } - }, - "type": "object" + "size": { + "type": "string" }, - "service": { - "properties": { - "port": { - "properties": { - "mysql": { - "type": "integer" - } - }, - "type": "object" - } - }, - "type": "object" + "storageClass": { + "type": "string" } - }, - "type": "object" + } + }, + "podLabels": { + "type": "object", + "properties": { + "app.kubernetes.io/role": { + "type": "string" + } + } + }, + "service": { + "type": "object", + "properties": { + "port": { + "type": "integer" + } + } } - }, - "type": "object" + } }, "networkPolicies": { + "type": "object", "properties": { "enabled": { "type": "boolean" } - }, - "type": "object" + } }, "persistence": { + "type": "object", "properties": { "app": { + "type": "object", "properties": { "accessMode": { "type": "string" }, "annotations": { + "type": "object", "properties": { "helm.sh/resource-policy": { "type": "string" } - }, - "type": "object" + } }, "existingClaim": { + "type": "object", "properties": { "name": { "type": "string" } - }, - "type": "object" + } }, "size": { "type": "string" @@ -609,29 +643,29 @@ "storageClass": { "type": "string" } - }, - "type": "object" + } }, "edocs": { + "type": "object", "properties": { "accessMode": { "type": "string" }, "annotations": { + "type": "object", "properties": { "helm.sh/resource-policy": { "type": "string" } - }, - "type": "object" + } }, "existingClaim": { + "type": "object", "properties": { "name": { "type": "string" } - }, - "type": "object" + } }, "size": { "type": "string" @@ -639,29 +673,29 @@ "storageClass": { "type": "string" } - }, - "type": "object" + } }, "modules": { + "type": "object", "properties": { "accessMode": { "type": "string" }, "annotations": { + "type": "object", "properties": { "helm.sh/resource-policy": { "type": "string" } - }, - "type": "object" + } }, "existingClaim": { + "type": "object", "properties": { "name": { "type": "string" } - }, - "type": "object" + } }, "size": { "type": "string" @@ -669,19 +703,18 @@ "storageClass": { "type": "string" } - }, - "type": "object" + } } - }, - "type": "object" + } }, "redcap": { + "type": "object", "properties": { "affinity": { - "properties": {}, "type": "object" }, "config": { + "type": "object", "properties": { "adminMail": { "type": "string" @@ -690,8 +723,10 @@ "type": "string" }, "database": { + "type": "object", "properties": { "auth": { + "type": "object", "properties": { "databaseName": { "type": "string" @@ -700,8 +735,10 @@ "type": "string" }, "password": { + "type": "object", "properties": { "secretKeyRef": { + "type": "object", "properties": { "key": { "type": "string" @@ -709,24 +746,23 @@ "name": { "type": "string" } - }, - "type": "object" + } }, "value": { "type": "string" } - }, - "type": "object" + } }, "username": { "type": "string" } - }, - "type": "object" + } }, "salt": { + "type": "object", "properties": { "secretKeyRef": { + "type": "object", "properties": { "key": { "type": "string" @@ -734,17 +770,14 @@ "name": { "type": "string" } - }, - "type": "object" + } }, "value": { "type": "string" } - }, - "type": "object" + } } - }, - "type": "object" + } }, "externalURL": { "type": "string" @@ -756,13 +789,16 @@ "type": "string" }, "mail": { + "type": "object", "properties": { "auth": { + "type": "object", "properties": { "from": { "type": "string" }, "password": { + "type": "object", "properties": { "existingSecret": { "type": "string" @@ -770,8 +806,7 @@ "value": { "type": "string" } - }, - "type": "object" + } }, "port": { "type": "integer" @@ -788,11 +823,9 @@ "username": { "type": "string" } - }, - "type": "object" + } } - }, - "type": "object" + } }, "organizationName": { "type": "string" @@ -801,10 +834,13 @@ "type": "boolean" }, "tls": { + "type": "object", "properties": { "curlCA": { + "type": "object", "properties": { "secretKeyRef": { + "type": "object", "properties": { "key": { "type": "string" @@ -812,17 +848,13 @@ "name": { "type": "string" } - }, - "type": "object" + } } - }, - "type": "object" + } } - }, - "type": "object" + } } - }, - "type": "object" + } }, "extraContainers": { "type": "array" @@ -834,6 +866,7 @@ "type": "array" }, "image": { + "type": "object", "properties": { "pullPolicy": { "type": "string" @@ -844,12 +877,13 @@ "tag": { "type": "string" } - }, - "type": "object" + } }, "install": { + "type": "object", "properties": { "communityAuth": { + "type": "object", "properties": { "existingSecret": { "type": "string" @@ -860,13 +894,13 @@ "username": { "type": "string" } - }, - "type": "object" + } }, "enabled": { "type": "boolean" }, "image": { + "type": "object", "properties": { "pullPolicy": { "type": "string" @@ -877,8 +911,7 @@ "tag": { "type": "string" } - }, - "type": "object" + } }, "overrideInstallContainer": { "type": "array" @@ -886,36 +919,38 @@ "version": { "type": "string" } - }, - "type": "object" + } }, "nodeSelector": { - "properties": {}, "type": "object" }, "replicaCount": { "type": "integer" }, "resources": { - "properties": {}, "type": "object" }, "tolerations": { "type": "array" } - }, - "type": "object" + } }, "restoreJob": { + "type": "object", "properties": { "archiveName": { "type": "string" }, "database": { + "type": "object", "properties": { "image": { + "type": "object", "properties": { - "pullPolicy": { + "imagePullPolicy": { + "type": "string" + }, + "registry": { "type": "string" }, "repository": { @@ -924,15 +959,15 @@ "tag": { "type": "string" } - }, - "type": "object" + } } - }, - "type": "object" + } }, "downloader": { + "type": "object", "properties": { "image": { + "type": "object", "properties": { "pullPolicy": { "type": "string" @@ -943,17 +978,19 @@ "tag": { "type": "string" } - }, - "type": "object" + } }, "s3": { + "type": "object", "properties": { "backupPath": { "type": "string" }, "config": { + "type": "object", "properties": { "auth": { + "type": "object", "properties": { "accessKeyID": { "type": "string" @@ -964,8 +1001,7 @@ "secretAccessKey": { "type": "string" } - }, - "type": "object" + } }, "endpoint": { "type": "string" @@ -976,24 +1012,20 @@ "region": { "type": "string" } - }, - "type": "object" + } } - }, - "type": "object" + } } - }, - "type": "object" + } }, "enabled": { "type": "boolean" }, - "imagePullSecrets": { - "type": "array" - }, - "redcap": { + "files": { + "type": "object", "properties": { "image": { + "type": "object", "properties": { "pullPolicy": { "type": "string" @@ -1004,49 +1036,44 @@ "tag": { "type": "string" } - }, - "type": "object" + } } - }, - "type": "object" + } }, - "resources": { + "imagePullSecrets": { + "type": "array" + }, + "redcap": { + "type": "object", "properties": { - "limits": { + "image": { + "type": "object", "properties": { - "cpu": { + "pullPolicy": { "type": "string" }, - "memory": { - "type": "string" - } - }, - "type": "object" - }, - "requests": { - "properties": { - "cpu": { + "repository": { "type": "string" }, - "memory": { + "tag": { "type": "string" } - }, - "type": "object" + } } - }, + } + }, + "resources": { "type": "object" }, "schedule": { "type": "string" } - }, - "type": "object" + } }, "serviceAccount": { + "type": "object", "properties": { "annotations": { - "properties": {}, "type": "object" }, "create": { @@ -1055,15 +1082,15 @@ "name": { "type": "string" } - }, - "type": "object" + } }, "services": { + "type": "object", "properties": { "httpd": { + "type": "object", "properties": { "annotations": { - "properties": {}, "type": "object" }, "enabled": { @@ -1078,13 +1105,12 @@ "type": { "type": "string" } - }, - "type": "object" + } }, "redcap": { + "type": "object", "properties": { "annotations": { - "properties": {}, "type": "object" }, "enabled": { @@ -1105,12 +1131,9 @@ "type": { "type": "string" } - }, - "type": "object" + } } - }, - "type": "object" + } } - }, - "type": "object" + } } diff --git a/charts/redcap/values.yaml b/charts/redcap/values.yaml index 20f0a65..e64b855 100644 --- a/charts/redcap/values.yaml +++ b/charts/redcap/values.yaml @@ -11,7 +11,7 @@ httpd: repository: "ghcr.io/aphp/redcap-httpd-shibd" # -- Image tag for Apache HTTPd. # @section -- HTTPd module settings - tag: "1.2.0" + tag: "1.2.1" # -- PullPolicy for Apache HTTPd's image. # @section -- HTTPd module settings pullPolicy: "Always" @@ -122,7 +122,7 @@ redcap: pullPolicy: "Always" # -- Tag for REDCap PHP-FPM Image. # @section -- REDCap settings - tag: "1.2.0" + tag: "1.2.1" # -- Add additional init containers to the PHP-FPM container hosting the REDCap application. # @section -- REDCap settings @@ -142,7 +142,7 @@ redcap: logAllErrors: "FALSE" # -- The URL on which the application is exposed (useful if the application is behind a reverse-proxy). # @section -- REDCap settings - externalURL: "http://localhost/" + externalURL: "http://localhost" # -- The name of the institution that is presented to the users. # @section -- REDCap settings institutionName: "REDCap Local Institution" @@ -190,15 +190,15 @@ redcap: auth: # -- The hostname of REDCap's database instance. # @section -- REDCap settings - hostname: "redcap-mysql" + hostname: "redcap-mariadb" # -- The name of REDCAP's database. # @section -- REDCap settings databaseName: "redcap" # -- The username used to connect to REDCAP's database. # @section -- REDCap settings username: "redcap" - # -- The password used to connect to REDCAP's database. Automatically retrieved from the default mysql secret name if you enbaled - # the MySQL database embedded in this chart. If you specified a reference to an secret for your MySQL database password, you + # -- The password used to connect to REDCAP's database. Automatically retrieved from the default MariaDB secret name if you enbaled + # the MariaDB database embedded in this chart. If you specified a reference to an secret for your MariaDB database password, you # have to set it here also, in the `secretKeyRef` section. password: # -- The password used to connect to REDCAP's database, as a clear string. Don't use the option for a production-grade deployment, @@ -238,7 +238,7 @@ redcap: password: # -- The password used to connect to the mail server. # @section -- REDCap settings - value: "" + value: "Redcap*!" # -- Reference to an existing secret holding the password used to connect to the mail server. # If set, the value of that secret will override the `redcap.config.mail.auth.password.value` value. # @section -- REDCap settings @@ -261,71 +261,83 @@ redcap: affinity: {} -# REDCap MySQL Database settings -# @default -- Settings for a standalone MySQL deployment compatible with REDCap. -# See original documentation @ https://github.com/bitnami/charts/tree/main/bitnami/mysql -# @section -- REDCap MySQL Database settings -mysql: - # -- Override of the full name of the MySQL Database deployment. +# REDCap MariaDB Database settings +# @default -- Settings for a standalone MariaDB deployment compatible with REDCap. +# See original documentation @ https://github.com/CloudPirates-io/helm-charts/tree/main/charts/mariadb +# @section -- REDCap MariaDB Database settings +mariadb: + + image: + # -- Image repository for MariaDB image. + # @section -- REDCap MariaDB Database settings + ## @param image.registry MariaDB image registry + registry: docker.io + ## @param image.repository MariaDB image repository + repository: mariadb + # -- Image tag for MariaDB image. + # @section -- REDCap MariaDB Database settings + ## @param image.tag MariaDB image tag (immutable tags are recommended) + tag: "12.1.2@sha256:e1bcd6f85781f4a875abefb11c4166c1d79e4237c23de597bf0df81fec225b40" + ## @param image.pullPolicy MariaDB image pull policy + imagePullPolicy: Always + + # -- Override of the full name of the MariaDB Database deployment. # Impacts the name of the services REDCap will use to connect to the Database. - # @section -- REDCap MySQL Database settings - fullnameOverride: "redcap-mysql" - # -- If set to `true`, enables the deployment of MySQL as REDCap's database. - # @section -- REDCap MySQL Database settings + # @section -- REDCap MariaDB Database settings + fullnameOverride: "redcap-mariadb" + # -- If set to `true`, enables the deployment of MariaDB as REDCap's database. + # @section -- REDCap MariaDB Database settings enabled: true - # -- Deployment type for the database, standalone or replicated. - # @section -- REDCap MySQL Database settings - architecture: "standalone" - # -- Name of a configmap holding an SQL script to initialize the database with. - # @section -- REDCap MySQL Database settings - initdbScriptsConfigMap: "" networkPolicy: # -- Enable creation of NetworkPolicy resources - # @section -- REDCap MySQL Database settings + # @section -- REDCap MariaDB Database settings enabled: true auth: + # -- Enbled authentification system in mariadb. + # @section -- REDCap MariaDB Database settings + enabled: true # -- Automatically create a database at the first run. - # @section -- REDCap MySQL Database settings + # @section -- REDCap MariaDB Database settings createDatabase: true - # -- Name of the database automatically created at the first run, if `mysql.auth.createDatabase` has been set to `true` - # @section -- REDCap MySQL Database settings + # -- Name of the database automatically created at the first run, if `MariaDB.auth.createDatabase` has been set to `true` + # @section -- REDCap MariaDB Database settings database: "redcap" - # -- Name of the database user automatically created at the first run, if `mysql.auth.createDatabase` has been set to `true` - # @section -- REDCap MySQL Database settings + # -- Name of the database user automatically created at the first run, if `MariaDB.auth.createDatabase` has been set to `true` + # @section -- REDCap MariaDB Database settings username: "redcap" - # -- Name of the database user automatically created at the first run, if `mysql.auth.createDatabase` has been set to `true` + # -- Name of the database user automatically created at the first run, if `MariaDB.auth.createDatabase` has been set to `true` # Not secure in production, use secret reference instead! - # @section -- REDCap MySQL Database settings + # @section -- REDCap MariaDB Database settings password: "Redcap*!" + config: + # -- Name of existing ConfigMap with MariaDB Primary configuration. + # @section -- REDCap MariaDB Database settings + existingConfigMap: "redcap-database-config" + + + podLabels: + # -- Role to set for the networkPolicies. Not to be changed, unless you know exactly what you are doing! + # @section -- REDCap MariaDB Database settings + app.kubernetes.io/role: redcap-mariadb + + service: + # -- Port exposed by the MariaDB service. + # @section -- REDCap MariaDB Database settings + port: 3306 - primary: - # -- Name of existing ConfigMap with MySQL Primary configuration. - # @section -- REDCap MySQL Database settings - existingConfigmap: "redcap-database-config" - podLabels: - # -- Role to set for the networkPolicies. Not to be changed, unless you know exactly what you are doing! - # @section -- REDCap MySQL Database settings - app.kubernetes.io/role: redcap-mysql - - service: - port: - # -- Port exposed by the MySQL service. - # @section -- REDCap MySQL Database settings - mysql: 3306 - - persistence: - # -- StorageClass used for database persistence. - # @section -- REDCap MySQL Database settings - storageClass: "standard" - # -- AccessMode used for database persistence. - # @section -- REDCap MySQL Database settings - accessModes: - - "ReadWriteOnce" - # -- Size of the storage used for database persistence. - # @section -- REDCap MySQL Database settings - size: "10G" + persistence: + # -- StorageClass used for database persistence. + # @section -- REDCap MariaDB Database settings + storageClass: "standard" + # -- AccessMode used for database persistence. + # @section -- REDCap MariaDB Database settings + accessModes: + - "ReadWriteOnce" + # -- Size of the storage used for database persistence. + # @section -- REDCap MariaDB Database settings + size: "10G" # REDCap Backup Job's settings # @section -- REDCap Backup Job's settings @@ -357,24 +369,27 @@ backupJob: database: image: - # -- Image repository for the REDCap database backup container. - # @section -- REDCap Backup Job's settings - repository: "bitnami/mysql" - # -- Image tag for the REDCap database backup container. - # @section -- REDCap Backup Job's settings - tag: "9.3.0-debian-12-r1" - # -- Image pullPolicy for the REDCap database backup container. - # @section -- REDCap Backup Job's settings - pullPolicy: "Always" + # -- Image repository for MariaDB image. + # @section -- REDCap MariaDB Database settings + ## @param image.registry MariaDB image registry + registry: docker.io + ## @param image.repository MariaDB image repository + repository: mariadb + # -- Image tag for MariaDB image. + # @section -- REDCap MariaDB Database settings + ## @param image.tag MariaDB image tag (immutable tags are recommended) + tag: "12.1.2@sha256:e1bcd6f85781f4a875abefb11c4166c1d79e4237c23de597bf0df81fec225b40" + ## @param image.pullPolicy MariaDB image pull policy + imagePullPolicy: Always uploader: image: # -- Image repository for the REDCap backup uploader container. # @section -- REDCap Backup Job's settings - repository: "bitnami/rclone" + repository: "rclone/rclone" # -- Image tag for the REDCap backup uploader container. # @section -- REDCap Backup Job's settings - tag: "1.69.3" + tag: "drime" # -- Image pullPolicy for the REDCap backup uploader container. # @section -- REDCap Backup Job's settings pullPolicy: "Always" @@ -426,38 +441,15 @@ restoreJob: # -- Name of the backup archive to restore. # @section -- REDCap Restore Job's settings archiveName: "redcap-backup.tar.gz" - redcap: - image: - # -- Image repository for the REDCap application restore container. - # @section -- REDCap Restore Job's settings - repository: "busybox" - # -- Image tag for the REDCap application restore container. - # @section -- REDCap Restore Job's settings - tag: "1" - # -- Image pullPolicy for the REDCap application restore container. - # @section -- REDCap Restore Job's settings - pullPolicy: "Always" - - database: - image: - # -- Image repository for the REDCap database restore container. - # @section -- REDCap Restore Job's settings - repository: "bitnami/mysql" - # -- Image yag for the REDCap application restore container. - # @section -- REDCap Restore Job's settings - tag: "9.3.0-debian-12-r1" - # -- Image pullPolicy for the REDCap application restore container. - # @section -- REDCap Restore Job's settings - pullPolicy: "Always" downloader: image: # -- Image repository for the REDCap downloader container. # @section -- REDCap Restore Job's settings - repository: "bitnami/rclone" + repository: "rclone/rclone" # -- Image tag for the REDCap downloader container. # @section -- REDCap Restore Job's settings - tag: "1.69.3" + tag: "drime" # -- Image pullPolicy for the REDCap downloader container. # @section -- REDCap Restore Job's settings pullPolicy: "Always" @@ -489,6 +481,45 @@ restoreJob: # @section -- REDCap Restore Job's settings existingSecret: "" + files: + image: + # -- Image repository for the REDCap application restore container. + # @section -- REDCap Restore Job's settings + repository: "busybox" + # -- Image tag for the REDCap files application container. + # @section -- REDCap Restore Job's settings + tag: "1" + # -- Image pullPolicy for the REDCap application restore container. + # @section -- REDCap Restore Job's settings + pullPolicy: "Always" + + database: + image: + # -- Image repository for MariaDB image. + # @section -- REDCap MariaDB Database settings + ## @param image.registry MariaDB image registry + registry: docker.io + ## @param image.repository MariaDB image repository + repository: mariadb + # -- Image tag for MariaDB image. + # @section -- REDCap MariaDB Database settings + ## @param image.tag MariaDB image tag (immutable tags are recommended) + tag: "12.1.2@sha256:e1bcd6f85781f4a875abefb11c4166c1d79e4237c23de597bf0df81fec225b40" + ## @param image.pullPolicy MariaDB image pull policy + imagePullPolicy: Always + + redcap: + image: + # -- Image repository for the REDCap application restore container. + # @section -- REDCap Restore Job's settings + repository: "alpine/curl" + # -- Image tag for the REDCap application restore container. + # @section -- REDCap Restore Job's settings + tag: "8.12.1" + # -- Image pullPolicy for the REDCap application restore container. + # @section -- REDCap Restore Job's settings + pullPolicy: "Always" + # -- Resources for backup job's pod. # @section -- REDCap Restore Job's settings resources: {} @@ -503,13 +534,30 @@ audit: # @section -- REDCap Audit Log Shipper settings enabled: false + + + global: + security: + # -- Set to true to enable bitnami charts to use insecure images like bitmani legacy images. + # @section -- REDCap Audit Log Shipper settings + allowInsecureImages: true + + + image: + # -- Image repository for Logstash. + # @section -- REDCap Audit Log Shipper settings + repository: bitnamilegacy/logstash + # -- Image tag for Logstash. + # @section -- REDCap Audit Log Shipper settings + tag: 9.1.2-debian-12-r0 + podLabels: # -- Role to set for the networkPolicies. Not to be changed, unless you know exactly what you are doing! # @section -- REDCap Audit Log Shipper settings app.kubernetes.io/role: "redcap-audit" initContainers: - # -- Init container in charge of downloading the JDBC driver needed to connect to the MySQL database. + # -- Init container in charge of downloading the JDBC driver needed to connect to the MariaDB database. # @default -- A simple container to download the jar JDBC driver on a volume shared with Logstash. # @section -- REDCap Audit Log Shipper settings - name: "init-driver-download" @@ -527,7 +575,7 @@ audit: - name: "JDBC_DRIVER_URL" # -- URL of the JDBC driver to download. # @section -- REDCap Audit Log Shipper settings - value: "https://downloads.mysql.com/archives/get/p/3/file/mysql-connector-j-8.4.0.tar.gz" + value: "https://downloads.MariaDB.com/archives/get/p/3/file/MariaDB-connector-j-8.4.0.tar.gz" # -- Command to be run to download and extract the JDBC driver. # @default -- Using `wget` do download the driver, and moving it to the shared persistent volume. @@ -536,11 +584,11 @@ audit: - "sh" - "-c" - "cd driver/ && \ - wget -O - ${JDBC_DRIVER_URL} | tar xzvf - mysql-connector-j-8.4.0/mysql-connector-j-8.4.0.jar && \ - mv mysql-connector-j-8.4.0/mysql-connector-j-8.4.0.jar . && \ - chown 1001:1001 mysql-connector-j-8.4.0.jar && \ - chmod 755 mysql-connector-j-8.4.0.jar && \ - rm -rf mysql-connector-j-8.4.0/" + wget -O - ${JDBC_DRIVER_URL} | tar xzvf - MariaDB-connector-j-8.4.0/MariaDB-connector-j-8.4.0.jar && \ + mv MariaDB-connector-j-8.4.0/MariaDB-connector-j-8.4.0.jar . && \ + chown 1001:1001 MariaDB-connector-j-8.4.0.jar && \ + chmod 755 MariaDB-connector-j-8.4.0.jar && \ + rm -rf MariaDB-connector-j-8.4.0/" securityContext: runAsUser: 1001 @@ -562,12 +610,12 @@ audit: enableMultiplePipelines: true # -- Name of an existing ConfigMap holding the pipeline(s)'s configuration. # @section -- REDCap Audit Log Shipper settings - existingConfiguration: "redcap-mysql-audit-logstash-pipeline" + existingConfiguration: "redcap-mariadb-audit-logstash-pipeline" extraEnvVars: - # -- Extra environment variables related to REDCap MySQL DB's password. + # -- Extra environment variables related to REDCap MariaDB DB's password. # @section -- REDCap Audit Log Shipper settings # @default -- Empty external secret reference to REDCap DB password - - name: "MYSQL_PASSWD" + - name: "MariaDB_PASSWD" valueFrom: secretKeyRef: name: "" @@ -621,7 +669,7 @@ audit: # @default -- Mounted on `/var/run/secret/api-ca.pem` - name: "api-ca" mountPath: /var/run/secret/api-ca.pem - subpath: "" + subPath: "" # Configuration of the endpoint of the audit stack the logs are send to. logsApi: diff --git a/examples/local/values.yaml b/examples/local/values.yaml index d52a8af..561db5e 100644 --- a/examples/local/values.yaml +++ b/examples/local/values.yaml @@ -34,7 +34,7 @@ redcap: memory: "4Gi" cpu: "2" -mysql: +mariadb: primary: resources: requests: diff --git a/examples/production/README.md b/examples/production/README.md index 216bcb9..0e4a77b 100644 --- a/examples/production/README.md +++ b/examples/production/README.md @@ -32,7 +32,7 @@ kubectl -n redcap create secret generic redcap-prod-database-salt --from-literal ``` - Database credentials : ```sh -kubectl -n redcap create secret generic redcap-prod-mysql-passwd --from-literal mysql-password='generated-mysql-password' +kubectl -n redcap create secret generic redcap-prod-mariadb-passwd --from-literal mariadb-password='generated-mariadb-password' ``` - Email server password: ```sh diff --git a/examples/production/values.yaml b/examples/production/values.yaml index 884607b..700a8e2 100644 --- a/examples/production/values.yaml +++ b/examples/production/values.yaml @@ -39,13 +39,13 @@ redcap: key: "salt" auth: - hostname: "redcap-prod-mysql" + hostname: "redcap-prod-mariadb" databaseName: "redcap" username: "redcap" password: secretKeyRef: - name: "redcap-prod-mysql-passwd" - key: "mysql-password" + name: "redcap-prod-mariadb-passwd" + key: "mariadb-password" mail: auth: @@ -68,17 +68,17 @@ redcap: cpu: "10" -mysql: +mariadb: enabled: true - fullnameOverride: "redcap-prod-mysql" + fullnameOverride: "redcap-prod-mariadb" architecture: "standalone" auth: createDatabase: true database: redcap username: redcap - existingSecret: "redcap-prod-mysql-passwd" + existingSecret: "redcap-prod-mariadb-passwd" primary: - existingConfigmap: "redcap-prod-database-config" + existingConfigMap: "redcap-prod-database-config" persistence: annotations: helm.sh/resource-policy: keep @@ -163,8 +163,8 @@ audit: - name: MYSQL_PASSWD valueFrom: secretKeyRef: - name: "redcap-prod-mysql-passwd" - key: "mysql-password" + name: "redcap-prod-mariadb-passwd" + key: "mariadb-password" - name: AUDIT_TOKEN valueFrom: secretKeyRef: