diff --git a/README.md b/README.md index 9b17505..563a366 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,9 @@ ## Presentation -This repository hosts the REDCap Helm Chart developped by the Greater Paris University Hospitals (`APHP` in French - Assistance Publique des Hôpitaux de Paris). This Chart allows for a cloud-natuve and cloud-agnostic deployment of REDCap, a secure web application for building and managing online surveys and databases. +This repository hosts the REDCap Helm Chart developed by the Greater Paris University Hospitals (`APHP` in French - Assistance Publique des Hôpitaux de Paris). This Chart allows for a cloud-native and cloud-agnostic deployment of REDCap, a secure web application for building and managing online surveys and databases. -REDCap is developped by the Vanderbilt University and **is not provided by this Chart or any of its dependencies.** +REDCap is developed by the Vanderbilt University and **is not provided by this Chart or any of its dependencies.** If you wish to use REDCap and are not sure where to start, you may visit the dedicated [REDCap Community Site](https://projectredcap.org/resources/community/). This Chart aims to provide with an easy way to retrieve the REDcap application from the official server (using your consortium member's credentials), and deploying it in a standard Kubernetes cluster, be it on-premise or in a managed cloud environment. @@ -32,7 +32,7 @@ The documentation of the Chart can be found in its [README file](./charts/redcap ## How can I test it? In the [example directory](./examples/), there several subdirectories containing documented examples according to your needs. -- If you want to quicly boot-up a local/test environement, you can start by looking at the [local example](./examples/local/) +- If you want to quickly boot-up a local/test environment, you can start by looking at the [local example](./examples/local/) - If you want to start deploying a more stable and secure environment, you can have a look at the [production example](./examples/production/) ## Lifecycle management @@ -41,13 +41,13 @@ Here are a few important notions to keep in mind to efficiently manage a REDCap ### Init Job -If you choose to automatically install REDCap using your community credentials whith this chart, an Kubernetes Job called `init-job` will be automatically fired during the chart's installation process, in order to call the `/install.php` script, with the `auto=1` parameter. This is a convenience script allowing a fresh REDCap installation to be readily available once the chart is installed. +If you choose to automatically install REDCap using your community credentials with this chart, an Kubernetes Job called `init-job` will be automatically fired during the chart's installation process, in order to call the `/install.php` script, with the `auto=1` parameter. This is a convenience script allowing a fresh REDCap installation to be readily available once the chart is installed. **Note** : The auto-install feature doesn't fully configure the REDCap installation, hence you'll need to do those post-installation actions in the REDCap Control Center as soon as possible : - Set the `REDCap base URL` - Set the `Local Server File Storage` path to `/edocs` - Set an authentication method -- Checks that the CronJobs were called (you can manually lauch one if the Kubernetes CronJob dedicated to this task hasn't run yet) +- Checks that the CronJobs were called (you can manually launch one if the Kubernetes CronJob dedicated to this task hasn't run yet) - Launch the `Configuration Check` ### Administration Cronjob @@ -82,7 +82,7 @@ kubectl -n redcap create job manual-backup-job --from cronjob/redcap-backup-job The name of your namespace as well as the name of the jobs may vary depending your installation's configuration and the name you gave to your Helm release. -**Note** : The backup process has not been validated by the maintainers of REDCap. Now that this chart is wildly available, we would be glad to work with them to enhance this process. Until then, kepe in mind that this process is not official and may contains flaws or limitations, alhough it has been battle-tested on our end several times. +**Note** : The backup process has not been validated by the maintainers of REDCap. Now that this chart is wildly available, we would be glad to work with them to enhance this process. Until then, keep in mind that this process is not official and may contains flaws or limitations, although it has been battle-tested on our end several times. ### Restoration Job @@ -91,7 +91,7 @@ With the backup process, a restoration job has also been set up. It does the rev - Restores the `redcap` directory, which contains the application - Restores the database dump -In order to have a job template ready to be fired on-demand, a dedicated Kubernetes CronJob has been created to this end, called `restore-cronjob`. It never runs (you woudn't want to have your data periodically erased by a restore process ;)), but it allows to run a restore process from the latest backup at any time, just with the `kubectl` command : +In order to have a job template ready to be fired on-demand, a dedicated Kubernetes CronJob has been created to this end, called `restore-cronjob`. It never runs (you wouldn't want to have your data periodically erased by a restore process ;)), but it allows to run a restore process from the latest backup at any time, just with the `kubectl` command : ```sh kubectl -n redcap create job manual-restore-job --from cronjob/redcap-restore-job @@ -101,7 +101,7 @@ The name of your namespace as well as the name of the jobs may vary depending yo You'll need to enable and configure the CronJob in the chart's parameters in order to use it (see the [chart's documentation](./charts/redcap/README.md)). -**Note** : The restore process has not been validated by the maintainers of REDCap. Now that this chart is wildly available, we would be glad to work with them to enhance this process. Until then, kepe in mind that this process is not official and may contains flaws or limitations, alhough it has been battle-tested on our end several times. +**Note** : The restore process has not been validated by the maintainers of REDCap. Now that this chart is wildly available, we would be glad to work with them to enhance this process. Until then, kepe in mind that this process is not official and may contains flaws or limitations, although it has been battle-tested on our end several times. ## General questions @@ -111,7 +111,7 @@ You'll need to enable and configure the CronJob in the chart's parameters in ord - *What REDCap feature can I use?* - This Chart aims to deploy REDCap in an evironment that looks 'familiar' for the application, so you should be able to use any feature you'd use in a more traditional context. + This Chart aims to deploy REDCap in an environment that looks 'familiar' for the application, so you should be able to use any feature you'd use in a more traditional context. At the Greater Paris University Hospitals, we're using this chart in production for more than a year on several projects. It is possible though that with time, new versions of REDCap will need extra dependencies to be available on the PHP FPM server. If it's the case, the corresponding container image will be released. - *How secure is it?* @@ -120,7 +120,7 @@ You'll need to enable and configure the CronJob in the chart's parameters in ord - *How can I update it?* - We recommend to setup your REDCap installtion using the default method stated [in the examples](./examples/), that is to provide the chart with your REDCap Community credentials via a Secret. You can then simply use the REDCap "one click update" feature to update your installation via the Control Center. + We recommend to setup your REDCap installation using the default method stated [in the examples](./examples/), that is to provide the chart with your REDCap Community credentials via a Secret. You can then simply use the REDCap "one click update" feature to update your installation via the Control Center. - *How can I manage backups?* @@ -130,14 +130,14 @@ You'll need to enable and configure the CronJob in the chart's parameters in ord You can override the initContainer in charge of retrieving the REDCap application, and add as many other initContainers you like to build your own retrieval logic. It might take some time to get into the logic, but you can help yourself with the few snippets presents [in the example directory](./examples/snippets/). -## Continous Integration / Continous Delivery +## Continuous Integration / Continuous Delivery This project contains a Github Workflow, which will : -- Lint the Chart unsing `helm ct` +- Lint the Chart using `helm ct` - Verify the generated Kubernetes resources using `Kubeconform` -- Scan the Chart for anti-patterns and securoty issues using `Polaris` +- Scan the Chart for anti-patterns and security issues using `Polaris` - Validates the Chart deployment on `KinD` using `helm ct` -- Package en release the chart on Hithub using `helm-cr` +- Package en release the chart on Github using `helm-cr` ## How can I contribute? diff --git a/charts/redcap/README.md b/charts/redcap/README.md index ef1395b..a0dab42 100644 --- a/charts/redcap/README.md +++ b/charts/redcap/README.md @@ -128,7 +128,7 @@ helm install redcap aphp-redcap/redcap -f ./examples/basic-install.yaml | Key | Type | Default | Description | |-----|------|---------|-------------| | redcap.adminJob | object | `{"image":{"imagePullSecrets":[],"pullPolicy":"Always","repository":"ghcr.io/aphp/redcap-fastcgi-client","tag":"1.1.0"},"resources":{},"schedule":"0 * * * *"}` | REDCap Administration Job's settings | -| redcap.adminJob.schedule | string | `"0 * * * *"` | Schedule of the Admin Job, which runs every hours by default. This job is nedded to refresh REDCap administrative's data. | +| redcap.adminJob.schedule | string | `"* * * * *"` | Schedule of the Admin Job, which runs every minute by default. This job is nedded to refresh REDCap administrative's data. | | redcap.adminJob.image.repository | string | `"ghcr.io/aphp/redcap-fastcgi-client"` | Image of the Admin Job. Must be and FCGI Client capable to query REDCap's pod(s). | | redcap.adminJob.image.tag | string | `"1.1.0"` | Tag of the Admin Job's image. | | redcap.adminJob.image.pullPolicy | string | `"Always"` | PullPolicy of the Admin Job's image. | diff --git a/charts/redcap/templates/cronjobs/admin-cronjob.yaml b/charts/redcap/templates/cronjobs/admin-cronjob.yaml index 585f796..2fc0df5 100644 --- a/charts/redcap/templates/cronjobs/admin-cronjob.yaml +++ b/charts/redcap/templates/cronjobs/admin-cronjob.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "redcap.adminJob.labels" . | nindent 4 }} spec: - schedule: {{ .Values.redcap.adminJob.schedule }} + schedule: {{ .Values.redcap.adminJob.schedule | quote }} successfulJobsHistoryLimit: 3 failedJobsHistoryLimit: 1 jobTemplate: diff --git a/charts/redcap/templates/cronjobs/backup-cronjob.yaml b/charts/redcap/templates/cronjobs/backup-cronjob.yaml index 191dfd8..b24877e 100644 --- a/charts/redcap/templates/cronjobs/backup-cronjob.yaml +++ b/charts/redcap/templates/cronjobs/backup-cronjob.yaml @@ -6,7 +6,7 @@ metadata: labels: {{- include "redcap.backupJob.labels" . | nindent 4 }} spec: - schedule: {{ .Values.backupJob.schedule }} + schedule: {{ .Values.backupJob.schedule | quote }} successfulJobsHistoryLimit: 3 failedJobsHistoryLimit: 1 jobTemplate: diff --git a/charts/redcap/templates/cronjobs/restore-cronjob.yaml b/charts/redcap/templates/cronjobs/restore-cronjob.yaml index f30fe43..8a7b636 100644 --- a/charts/redcap/templates/cronjobs/restore-cronjob.yaml +++ b/charts/redcap/templates/cronjobs/restore-cronjob.yaml @@ -6,7 +6,7 @@ metadata: labels: {{- include "redcap.restoreJob.labels" . | nindent 4 }} spec: - schedule: {{ .Values.restoreJob.schedule }} + schedule: {{ .Values.restoreJob.schedule | quote }} suspend: true # We don't want the restore Job to run on a scheduled basis, but we still want the convenience to have that job templated correctly, ready to be manually fired from the JobTemplate inside that Cronjob. successfulJobsHistoryLimit: 3 failedJobsHistoryLimit: 1 diff --git a/charts/redcap/values.yaml b/charts/redcap/values.yaml index 1abcc5b..2dc6194 100644 --- a/charts/redcap/values.yaml +++ b/charts/redcap/values.yaml @@ -262,7 +262,7 @@ redcap: # -- The nodeSelector for REDCap's deployment. # @section -- REDCap settings nodeSelector: {} - # -- The toleraions for REDCap's deployment. + # -- The tolerations for REDCap's deployment. # @section -- REDCap settings tolerations: [] # -- The affinities for REDCap's deployment. @@ -272,7 +272,7 @@ redcap: # -- REDCap Administration Job's settings # @section -- REDCap Administration Job's settings adminJob: - # -- Schedule of the Admin Job, which runs every minute by default. This job is nedded to refresh REDCap administrative's data. + # -- Schedule of the Admin Job, which runs every minute by default. This job is needed to refresh REDCap administrative's data. # @section -- REDCap Administration Job's settings schedule: "* * * * *" image: @@ -533,7 +533,7 @@ restoreJob: # REDCap Audit Log Shipper settings -# @default -- A configuration made for OVH's Log Data Platform (Logstah + Graylog + OpenSearch). +# @default -- A configuration made for OVH's Log Data Platform (Logstash + Graylog + OpenSearch). # See original documentation @ https://github.com/bitnami/charts/tree/main/bitnami/logstash # @section -- REDCap Audit Log Shipper settings audit: @@ -567,7 +567,7 @@ audit: value: "https://downloads.mysql.com/archives/get/p/3/file/mysql-connector-j-8.4.0.tar.gz" # -- Command to be run to download and extract the JDBC driver. - # @default -- Using `wget` do download the driver, and miving it to the shared persitent volume. + # @default -- Using `wget` do download the driver, and moving it to the shared persistent volume. # @section -- REDCap Audit Log Shipper settings command: - "sh" @@ -638,7 +638,7 @@ audit: - name: "driver-dir" emptyDir: sizeLimit: 50Mi - # -- Volume handling the CA used to validate the HTTPS conenxion to the audit stack the logs are send to. + # -- Volume handling the CA used to validate the HTTPS connexions to the audit stack the logs are send to. # @section -- REDCap Audit Log Shipper settings - name: "api-ca" secret: @@ -661,7 +661,7 @@ audit: # @section -- REDCap Audit Log Shipper settings logsApi: config: - # -- Scheduling of the rate at whichh Logstash will query REDCap database for nez event. Must be in `cron` format. + # -- Scheduling of the rate at which Logstash will query REDCap database for nez event. Must be in `cron` format. # @section -- REDCap Audit Log Shipper settings pollingSchedule: "" # -- Path to the certificate used to validate the audit stack endpoint's certificate. @@ -802,17 +802,17 @@ persistence: edocs: annotations: helm.sh/resource-policy: "keep" - # -- Size of the volume used to persist documents uplpoaded by REDCap users. + # -- Size of the volume used to persist documents uploaded by REDCap users. # @section -- Persistence settings size: "8Gi" - # -- StorageClass of the volume used to persist documents uplpoaded by REDCap users. - # @section -- Persistence settings + # -- StorageClass of the volume used to persist documents uploaded by REDCap users. + # @section -- Persistence uploaded storageClass: "standard" - # -- AccessMode of the volume used to persist documents uplpoaded by REDCap users. + # -- AccessMode of the volume used to persist documents uploaded by REDCap users. # @section -- Persistence settings accessMode: "ReadWriteOnce" existingClaim: - # -- Name of an existing PVC used to persist documents uplpoaded by REDCap users. + # -- Name of an existing PVC used to persist documents uploaded by REDCap users. # If set, overrides the previous settings, as no PVC will be created for that purpose. # @section -- Persistence settings name: "" diff --git a/examples/production/README.md b/examples/production/README.md index 3a9de3d..d7f0c0c 100644 --- a/examples/production/README.md +++ b/examples/production/README.md @@ -51,7 +51,7 @@ kubectl -n redcap create secret generic redcap-prod-audit-token--from-literal TO Take the `values.yaml` file in this directory as an example, and review it according to your needs. After ensuring that everything is OK, proceed with the next step. -**Note** : If you're not using the features tagged as [OPTIONAL] in this documentation, you can disable them by marking `enbaled: false` : +**Note** : If you're not using the features tagged as [OPTIONAL] in this documentation, you can disable them by marking `enabled: false` : - Line 113 for the Backup Cronjob - Line 137 for the Restore Job - Line 164 for the Audit component @@ -83,7 +83,7 @@ The auto-install feature doesn't fully configure the REDCap installation, hence - Set the `REDCap base URL` - Set the `Local Server File Storage` path to `/edocs` - Set an authentication method -- Checks that the CronJobs were called (you can manually lauch one if the Kubernetes CronJob dedicated to this task hasn't run yet) +- Checks that the CronJobs were called (you can manually launch one if the Kubernetes CronJob dedicated to this task hasn't run yet) - Launch the `Configuration Check` Then, finish the configuration of your REDCap installation according to your needs. \ No newline at end of file