From 11b25a5df61272f6349fdb275b3d4ed78fa699ff Mon Sep 17 00:00:00 2001 From: sido Date: Mon, 10 Sep 2018 16:53:58 +0200 Subject: [PATCH 01/25] added initialDelay --- molgenis/templates/deployment.yaml | 4 ++++ molgenis/values.yaml | 23 +++++++++++++++++------ 2 files changed, 21 insertions(+), 6 deletions(-) diff --git a/molgenis/templates/deployment.yaml b/molgenis/templates/deployment.yaml index f809088..a718bba 100644 --- a/molgenis/templates/deployment.yaml +++ b/molgenis/templates/deployment.yaml @@ -53,10 +53,14 @@ spec: httpGet: path: / port: 8080 + initialDelaySeconds: 180 + periodSeconds: 5 readinessProbe: httpGet: path: /api/v2/version port: 8080 + initialDelaySeconds: 180 + periodSeconds: 5 resources: {{ toYaml .resources | indent 12 }} {{- end }} diff --git a/molgenis/values.yaml b/molgenis/values.yaml index 873ef8b..9aa9e21 100644 --- a/molgenis/values.yaml +++ b/molgenis/values.yaml @@ -24,12 +24,21 @@ molgenis: adminPassword: admin javaOpts: "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled" resources: - limits: - cpu: 1 - memory: 1250Mi - requests: - cpu: 200m - memory: 1Gi + limits: + cpu: 1 + memory: 1250Mi + requests: + cpu: 200m + memory: 1Gi + persistence: + enabled: false + name: molgenis-nexus-data + storageClass: nfs-class + size: 30G + reclaimPolicy: Retain + server: 192.168.64.12 + accessMode: ReadWriteMany + mountPath: /gcc/molgenis/nexus services: opencpu: host: localhost @@ -57,6 +66,8 @@ elasticsearch: cpu: 100m memory: 1Gi + + nodeSelector: {} tolerations: [] From cf47b432e25e14a0adbc92d1e9addaa196bf67ec Mon Sep 17 00:00:00 2001 From: sido Date: Mon, 10 Sep 2018 16:59:14 +0200 Subject: [PATCH 02/25] added persistence to questions --- molgenis/questions.yml | 7 +++++++ molgenis/values.yaml | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/molgenis/questions.yml b/molgenis/questions.yml index 475c8bd..bd95e94 100644 --- a/molgenis/questions.yml +++ b/molgenis/questions.yml @@ -94,3 +94,10 @@ questions: - "-Xmx2g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled" group: "Resources" label: Java memory options +- variable: molgenis.resources.persistence.enabled + default: false + description: "Do you want to use persistance" + type: boolean + required: true + group: "Resources" + label: Persistence diff --git a/molgenis/values.yaml b/molgenis/values.yaml index 9aa9e21..2f452fa 100644 --- a/molgenis/values.yaml +++ b/molgenis/values.yaml @@ -28,8 +28,8 @@ molgenis: cpu: 1 memory: 1250Mi requests: - cpu: 200m - memory: 1Gi + cpu: 200m + memory: 1Gi persistence: enabled: false name: molgenis-nexus-data From 14b27fc043237212d6d4ae892258e114d3031bf7 Mon Sep 17 00:00:00 2001 From: sido Date: Mon, 10 Sep 2018 17:05:10 +0200 Subject: [PATCH 03/25] updated persistence configuration --- molgenis/questions.yml | 4 ++-- molgenis/values.yaml | 20 +++++++++----------- 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/molgenis/questions.yml b/molgenis/questions.yml index bd95e94..cd0c528 100644 --- a/molgenis/questions.yml +++ b/molgenis/questions.yml @@ -94,10 +94,10 @@ questions: - "-Xmx2g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled" group: "Resources" label: Java memory options -- variable: molgenis.resources.persistence.enabled +- variable: molgenis.persistence.enabled default: false description: "Do you want to use persistance" type: boolean required: true - group: "Resources" + group: "Persistence" label: Persistence diff --git a/molgenis/values.yaml b/molgenis/values.yaml index 2f452fa..bc931b4 100644 --- a/molgenis/values.yaml +++ b/molgenis/values.yaml @@ -30,15 +30,15 @@ molgenis: requests: cpu: 200m memory: 1Gi - persistence: - enabled: false - name: molgenis-nexus-data - storageClass: nfs-class - size: 30G - reclaimPolicy: Retain - server: 192.168.64.12 - accessMode: ReadWriteMany - mountPath: /gcc/molgenis/nexus + persistence: + enabled: false + name: molgenis-nexus-data + storageClass: nfs-class + size: 30G + reclaimPolicy: Retain + server: 192.168.64.12 + accessMode: ReadWriteMany + mountPath: /gcc/molgenis/nexus services: opencpu: host: localhost @@ -66,8 +66,6 @@ elasticsearch: cpu: 100m memory: 1Gi - - nodeSelector: {} tolerations: [] From a836ab4e6eabe0b0875ea8c208726fe958a1a5e7 Mon Sep 17 00:00:00 2001 From: Fleur Kelpin Date: Mon, 10 Sep 2018 17:13:55 +0200 Subject: [PATCH 04/25] chore (molgenis-jenkins): Retrieve pipeline secrets from vault when possible. --- molgenis-jenkins/README.md | 87 +++---- .../molgenis-jenkins-dockerhub-secret.yaml | 6 +- .../molgenis-jenkins-github-secret.yaml | 6 +- .../molgenis-jenkins-gogs-secret.yaml | 6 +- .../molgenis-jenkins-nexus-secret.yaml | 16 -- .../molgenis-jenkins-registry-secret.yaml | 17 ++ .../molgenis-jenkins-saucelabs-secret.yaml | 16 -- .../molgenis-pipeline-env-secret.yaml | 18 -- .../molgenis-pipeline-file-secret.yaml | 15 -- .../molgenis-pipeline-vault-secret.yaml | 8 +- molgenis-jenkins/values.yaml | 227 ++++-------------- 11 files changed, 117 insertions(+), 305 deletions(-) delete mode 100644 molgenis-jenkins/templates/molgenis-jenkins-nexus-secret.yaml create mode 100644 molgenis-jenkins/templates/molgenis-jenkins-registry-secret.yaml delete mode 100644 molgenis-jenkins/templates/molgenis-jenkins-saucelabs-secret.yaml delete mode 100644 molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml delete mode 100644 molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml diff --git a/molgenis-jenkins/README.md b/molgenis-jenkins/README.md index a2d1866..48c0a53 100644 --- a/molgenis-jenkins/README.md +++ b/molgenis-jenkins/README.md @@ -40,57 +40,62 @@ You can use [all configuration values of the jenkins subchart](https://github.co ### GitHub Authentication delegation You need to setup a MOLGENIS - Jenkins GitHub OAuth App. You can do this by accessing this url: [add new OAuth app](https://github.com/settings/applications/new). -### Additional configuration -There is one additional group of configuration items specific for this chart, so not prefixed with `jenkins`: +### Secrets -* PipelineSecrets - - When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins and mounted in the jenkins - build pods. The secrets, like the rest of the deployment, is namespaced so multiple instances can run beside - each other with their own secrets. + When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins. You can override the values at deploy time but otherwise also configure them [in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl. -* Vault +#### Vault - New vault token to be used by the pods to retrieve their tokens from the vault. +The vault secret gets mounted in the vault pod so pipeline scripts can retrieve secrets from the vault. + +| Parameter | Description | Default | +| ------------------------- | ------------------------------------------ | ---------------------------------------------- | +| `secret.vault.token` | Token to log into the hashicorp vault | `xxxx` | +| `secret.vault.addr` | Address of the vault | `https:vault-operator.vault-operator.svc:8200` | +| `secret.vault.skipVerify` | Skip verification of the https connection | `1` | + +#### GitHub + +Token used by Jenkins to authenticate on GitHub. + +| Parameter | Description | Default | +| --------------------- | ------------------------ | ------------------ | +| `secret.gitHub.user` | username for the account | `molgenis-jenkins` | +| `secret.gitHub.token` | token for the account | `xxxx` | + +#### Gogs + +Token used by Jenkins to authenticate on the [RuG Webhosting Gogs](https://git.webhosting.rug.nl). + +| Parameter | Description | Default | +| ------------------- | ------------------------ | --------- | +| `secret.gogs.user` | username for the account | `p281392` | +| `secret.gogs.token` | token for the account | `xxxx` | + +#### Legacy: + +##### Docker Hub - | Parameter | Description | Default | - | ---------------------------------- | ------------------------------------------ | ---------------------------------------------- | - | `PipelineSecrets.Vault.Replace` | Replace the molgenis-pipeline-vault secret | `true` | - | `PipelineSecrets.Vault.Token` | Token to log into the hashicorp vault | `xxxx` | - | `PipelineSecrets.Vault.Addr` | Address of the vault | `https:vault-operator.vault-operator.svc:8200` | - | `PipelineSecrets.Vault.SkipVerify` | Skip verification of the https connection | `1` | +Account used in pipeline builds to push docker images to `hub.docker.com`. +> They should read `secret/gcc/account/dockerhub` from vault instead! -* Env +| Parameter | Description | Default | +| --------------------------- | ------------------------ | --------------- | +| `secret.dockerHub.user` | username for the account | `molgenisci` | +| `secret.dockerHub.password` | password for the account | `xxxx` | + +##### Registry - Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables - in the slave pods. +Account used in pipeline builds to push docker images to `registry.molgenis.org`. +> They should read `secret/ops/account/nexus` from vault instead! - | Parameter | Description | Default | - | --------------------------------------- | ----------------------------------------- | --------------- | - | `PipelineSecrets.Env.Replace` | Replace molgenis-pipeline-env secret | `true` | - | `PipelineSecrets.Env.PGPPassphrase` | passphrase for the pgp signing key | `literal:xxxx` | - | `PipelineSecrets.Env.CodecovToken` | token for codecov.io | `xxxx` | - | `PipelineSecrets.Env.GitHubToken` | token for GH molgenis-jenkins user | `xxxx` | - | `PipelineSecrets.Env.NexusPassword` | token for molgenis-jenkins user in NEXUS | `xxxx` | - | `PipelineSecrets.Env.DockerHubPassword` | token for molgenis user in hub.docker.com | `xxxx` | - | `PipelineSecrets.Env.SonarToken` | token for sonarcloud.io | `xxxx` | - | `PipelineSecrets.Env.NpmToken` | token for npmjs.org | `xxxx` | - | `PipelineSecrets.Env.SauceAccessKey` | token for saucelabs.com | `xxxx` | - -* File - - Environment variables stored in molgenis-pipeline-file secret, to be mounted as files - in the `/root/.m2` directory of the slave pods. - > The settings.xml file references the - - | Parameter | Description | Default | - | -------------------------------------- | ------------------------------------- | ------------------------------------------------------------------------------- | - | `PipelineSecrets.File.Replace` | Replace molgenis-pipeline-file secret | `true` | - | `PipelineSecrets.File.PGPPrivateKeyAsc`| pgp signing key in ascii form | `-----BEGIN PGP PRIVATE KEY BLOCK-----xxxxx-----END PGP PRIVATE KEY BLOCK-----` | - | `PipelineSecrets.File.MavenSettingsXML`| Maven settings.xml file | `[...]` (see actual [values.yaml](values.yaml)) | +| Parameter | Description | Default | +| --------------------------- | ------------------------ | --------- | +| `secret.dockerHub.user` | username for the account | `admin` | +| `secret.dockerHub.password` | password for the account | `xxxx` | ## Command line use Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. diff --git a/molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml b/molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml index e5a6214..5c35b46 100644 --- a/molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml +++ b/molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml @@ -8,9 +8,9 @@ metadata: "jenkins.io/credentials-type": "usernamePassword" annotations: { # description - can not be a label as spaces are not allowed - "jenkins.io/credentials-description" : "user to authenticate against Docker Hub (hub.docker.com)" + "jenkins.io/credentials-description" : "(deprecated by vault) Account used in pipeline builds to push docker images to Docker Hub (hub.docker.com)" } type: Opaque data: - username: {{ "molgenisci" | b64enc | quote }} - password: {{ .Values.PipelineSecrets.Env.DockerHubPassword | b64enc | quote }} \ No newline at end of file + username: {{ .Values.secret.registry.user | b64enc | quote }} + password: {{ .Values.secret.registry.password | b64enc | quote }} \ No newline at end of file diff --git a/molgenis-jenkins/templates/molgenis-jenkins-github-secret.yaml b/molgenis-jenkins/templates/molgenis-jenkins-github-secret.yaml index 2e7eba7..dc2b8df 100644 --- a/molgenis-jenkins/templates/molgenis-jenkins-github-secret.yaml +++ b/molgenis-jenkins/templates/molgenis-jenkins-github-secret.yaml @@ -8,9 +8,9 @@ metadata: "jenkins.io/credentials-type": "usernamePassword" annotations: { # description - can not be a label as spaces are not allowed - "jenkins.io/credentials-description" : "oauth token for the molgenis-jenkins github user" + "jenkins.io/credentials-description" : "Oauth token for the {{.Values.secret.gitHub.user}} GitHub user" } type: Opaque data: - username: {{ "molgenis-jenkins" | b64enc | quote }} - password: {{ .Values.PipelineSecrets.Env.GitHubToken | b64enc | quote }} \ No newline at end of file + username: {{ .Values.secret.gitHub.user | b64enc | quote }} + password: {{ .Values.secret.gitHub.token | b64enc | quote }} \ No newline at end of file diff --git a/molgenis-jenkins/templates/molgenis-jenkins-gogs-secret.yaml b/molgenis-jenkins/templates/molgenis-jenkins-gogs-secret.yaml index a16303d..ff6ae17 100644 --- a/molgenis-jenkins/templates/molgenis-jenkins-gogs-secret.yaml +++ b/molgenis-jenkins/templates/molgenis-jenkins-gogs-secret.yaml @@ -8,9 +8,9 @@ metadata: "jenkins.io/credentials-type": "usernamePassword" annotations: { # description - can not be a label as spaces are not allowed - "jenkins.io/credentials-description" : "user to authenticate against GOGS (git.webhosting.rug.nl)" + "jenkins.io/credentials-description" : "Account used to authenticate against RuG Webhosting Gogs." } type: Opaque data: - username: {{ "p281392" | b64enc | quote }} - password: {{ .Values.PipelineSecrets.Env.GogsToken | b64enc | quote }} \ No newline at end of file + username: {{ .Values.secret.gogs.user | b64enc | quote }} + password: {{ .Values.secret.gogs.token | b64enc | quote }} \ No newline at end of file diff --git a/molgenis-jenkins/templates/molgenis-jenkins-nexus-secret.yaml b/molgenis-jenkins/templates/molgenis-jenkins-nexus-secret.yaml deleted file mode 100644 index 4518e15..0000000 --- a/molgenis-jenkins/templates/molgenis-jenkins-nexus-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: -# this is the jenkins id. - name: "molgenis-jenkins-nexus-secret" - labels: -# so we know what type it is. - "jenkins.io/credentials-type": "usernamePassword" - annotations: { -# description - can not be a label as spaces are not allowed - "jenkins.io/credentials-description" : "user to authenticate against NEXUS" - } -type: Opaque -data: - username: {{ "admin" | b64enc | quote }} - password: {{ .Values.PipelineSecrets.Env.NexusPassword | b64enc | quote }} \ No newline at end of file diff --git a/molgenis-jenkins/templates/molgenis-jenkins-registry-secret.yaml b/molgenis-jenkins/templates/molgenis-jenkins-registry-secret.yaml new file mode 100644 index 0000000..b853055 --- /dev/null +++ b/molgenis-jenkins/templates/molgenis-jenkins-registry-secret.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Secret +metadata: + name: molgenis-jenkins-registry-secret + labels: + app: {{ template "jenkins.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: { +# description - can not be a label as spaces are not allowed + "jenkins.io/credentials-description" : "(deprecated by vault) Account used in pipeline builds to push docker images to registry.molgenis.org." + } +type: Opaque +data: + username: {{ .Values.secret.registry.user | b64enc | quote }} + password: {{ .Values.secret.registry.password | b64enc | quote }} \ No newline at end of file diff --git a/molgenis-jenkins/templates/molgenis-jenkins-saucelabs-secret.yaml b/molgenis-jenkins/templates/molgenis-jenkins-saucelabs-secret.yaml deleted file mode 100644 index 382ba17..0000000 --- a/molgenis-jenkins/templates/molgenis-jenkins-saucelabs-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: -# this is the jenkins id. - name: "molgenis-jenkins-saucelabs-secret" - labels: -# so we know what type it is. - "jenkins.io/credentials-type": "usernamePassword" - annotations: { -# description - can not be a label as spaces are not allowed - "jenkins.io/credentials-description" : "user to authenticate against Saucelabs (saucelabs.com)" - } -type: Opaque -data: - username: {{ "molgenis-jenkins" | b64enc | quote }} - password: {{ .Values.PipelineSecrets.Env.SauceAccessKey | b64enc | quote }} \ No newline at end of file diff --git a/molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml b/molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml deleted file mode 100644 index ffdfd64..0000000 --- a/molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.PipelineSecrets.Env.Replace }} -apiVersion: v1 -kind: Secret -metadata: - name: molgenis-pipeline-env-secret - labels: - app: {{ template "jenkins.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -type: Opaque -data: - pgpPassphrase: {{ .Values.PipelineSecrets.Env.PGPPassphrase | b64enc | quote }} - codecovToken: {{ .Values.PipelineSecrets.Env.CodecovToken | b64enc | quote }} - githubToken: {{ .Values.PipelineSecrets.Env.GitHubToken | b64enc | quote }} - sonarToken: {{ .Values.PipelineSecrets.Env.SonarToken | b64enc | quote }} - npmToken: {{ .Values.PipelineSecrets.Env.NpmToken | b64enc | quote }} -{{- end }} \ No newline at end of file diff --git a/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml b/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml deleted file mode 100644 index 65ac30b..0000000 --- a/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.PipelineSecrets.File.Replace }} -apiVersion: v1 -kind: Secret -metadata: - name: molgenis-pipeline-file-secret - labels: - app: {{ template "jenkins.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -type: Opaque -data: - key.asc: {{ .Values.PipelineSecrets.File.PGPPrivateKeyAsc | b64enc | quote }} - settings.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }} -{{- end }} diff --git a/molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml b/molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml index aa50fe7..da4598b 100644 --- a/molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml +++ b/molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml @@ -1,4 +1,3 @@ -{{- if .Values.PipelineSecrets.Vault.Replace }} apiVersion: v1 kind: Secret metadata: @@ -10,7 +9,6 @@ metadata: heritage: "{{ .Release.Service }}" type: Opaque data: - token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }} - addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }} - skipVerify: {{ .Values.PipelineSecrets.Vault.SkipVerify | b64enc | quote }} -{{- end }} \ No newline at end of file + token: {{ .Values.secret.vault.token | b64enc | quote }} + addr: {{ .Values.secret.vault.addr | b64enc | quote }} + skipVerify: {{ .Values.secret.vault.skipVerify | b64enc | quote }} \ No newline at end of file diff --git a/molgenis-jenkins/values.yaml b/molgenis-jenkins/values.yaml index a5ac886..6962082 100644 --- a/molgenis-jenkins/values.yaml +++ b/molgenis-jenkins/values.yaml @@ -368,8 +368,8 @@ jenkins: install: true Pods: molgenis: - Label: molgenisv2 - NodeUsageMode: EXCLUSIVE + Label: molgenis + NodeUsageMode: NORMAL volumes: - type: HostPath hostPath: "/var/run/docker.sock" @@ -417,39 +417,6 @@ jenkins: secretName: molgenis-pipeline-vault-secret secretKey: addr NodeSelector: {} - molgenis-legacy: - InheritFrom: molgenis - Label: molgenis - NodeUsageMode: NORMAL - volumes: - - type: Secret - secretName: molgenis-pipeline-file-secret - mountPath: "/home/jenkins/.m2" - Containers: - EnvVars: - - type: Secret - key: PGP_PASSPHRASE - secretName: molgenis-pipeline-env-secret - secretKey: pgpPassphrase - - type: KeyValue - key: PGP_SECRETKEY - value: "keyfile:/home.jenkins/.m2/key.asc" - - type: KeyValue - key: npm_config_registry - value: "http://nexus.molgenis-nexus:8081/repository/npm-central/" - - type: Secret - key: SONAR_TOKEN - secretName: molgenis-pipeline-env-secret - secretKey: sonarToken - - type: Secret - key: CODECOV_TOKEN - secretName: molgenis-pipeline-env-secret - secretKey: codecovToken - - type: Secret - key: GITHUB_TOKEN - secretName: molgenis-pipeline-env-secret - secretKey: githubToken - NodeSelector: {} node: Label: node-carbon NodeUsageMode: EXCLUSIVE @@ -461,155 +428,45 @@ jenkins: Command: cat WorkingDir: /home/jenkins TTY: true - EnvVars: - - type: KeyValue - key: npm_config_registry - value: "http://nexus.molgenis-nexus:8081/repository/npm-central/" - - type: Secret - key: CODECOV_TOKEN - secretName: molgenis-pipeline-env-secret - secretKey: codecovToken - - type: Secret - key: GITHUB_TOKEN - secretName: molgenis-pipeline-env-secret - secretKey: githubToken - - type: Secret - key: NPM_TOKEN - secretName: molgenis-pipeline-env-secret - secretKey: npmToken - NodeSelector: {} - molgenis-it: - InheritFrom: molgenis - Label: molgenis-it - NodeUsageMode: EXCLUSIVE - Containers: - elasticsearch: - Image: docker.elastic.co/elasticsearch/elasticsearch - ImageTag: 5.5.3 - resources: - requests: - cpu: "100m" - memory: "1Gi" - limits: - cpu: "1" - memory: "1500Mi" + vault: + Image: "vault" + Command: cat + WorkingDir: /home/jenkins + TTY: true EnvVars: - - type: KeyValue - key: ES_JAVA_OPTS - value: "-Xms512m -Xmx512m" - - type: KeyValue - key: cluster.name - value: molgenis - - type: KeyValue - key: bootstrap.memory_lock - value: "true" - - type: KeyValue - key: xpack.security.enabled - value: "false" - - type: KeyValue - key: discovery.type - value: single-node - postgres: - Image: postgres - ImageTag: 9.6-alpine - resources: - requests: - cpu: "100m" - memory: "250Mi" - limits: - cpu: "1" - memory: "250Mi" - EnvVars: - - type: KeyValue - key: POSTGRES_USER - value: molgenis - - type: KeyValue - key: POSTGRES_PASSWORD - value: molgenis - - type: KeyValue - key: POSTGRES_DB - value: molgenis - opencpu: - Image: molgenis/opencpu - AlwaysPullImage: true - resources: - requests: - cpu: "100m" - memory: "256Mi" - limits: - cpu: "1" - memory: "512Mi" + - type: Secret + key: VAULT_TOKEN + secretName: molgenis-pipeline-vault-secret + secretKey: token + - type: Secret + key: VAULT_SKIP_VERIFY + secretName: molgenis-pipeline-vault-secret + secretKey: skipVerify + - type: Secret + key: VAULT_ADDR + secretName: molgenis-pipeline-vault-secret + secretKey: addr NodeSelector: {} -PipelineSecrets: - Vault: - Replace: true - Token: xxxx - Addr: "https://vault-operator.vault-operator.svc:8200" - SkipVerify: 1 - Env: - # Set to false to keep existing secret - Replace: true - # Passphrase for the pgp private key file, prefixed with literal: - PGPPassphrase: literal:xxxx - # Token for codecov.io service - CodecovToken: xxxx - # Token for github bot account - GitHubToken: xxxx - # Token for github bot account - GogsToken: xxxx - # Token for sonarcloud.io - SonarToken: xxxx - # Token for npmjs.org - NpmToken: xxxx - # Password Local NEXUS - NexusPassword: xxxx - # Password hub.docker.com - DockerHubPassword: xxxx - # Access key for saucelabs.com - SauceAccessKey: xxxx - File: - # Set to false to keep existing secret - Replace: true - # PGP Private key in ascii format used to sign artifacts - PGPPrivateKeyAsc: |- - -----BEGIN PGP PRIVATE KEY BLOCK----- - xxxxx - -----END PGP PRIVATE KEY BLOCK----- - # maven.settings file - MavenSettingsXML: |- - - ${user.home}/.mvnrepository - false - - - nexus - external:* - http://nexus.molgenis-nexus:8081/repository/maven-central/ - - - - - - sonatype-nexus-staging - molgenis - xxxx - - - local-nexus - http://nexus.molgenis-nexus:8081/repository/maven-snapshots/ - admin - xxxxx - - - - registry.molgenis.org - admin - xxxx - - - registry.hub.docker.com - molgenisci - xxxx - - - \ No newline at end of file +#secret contains configuration for the kubernetes secrets that jenkins can access +secret: + # vault configures the vault secret + vault: + token: xxxx + addr: "https://vault-operator.vault-operator.svc:8200" + skipVerify: "1" + # githubToken contains access token for jenkins bot account on github.com + gitHub: + user: "molgenis-jenkins" + token: xxxx + # gogs contains access token for jenkins bot account on RuG GoGs + gogs: + user: p281392 + token: xxxx + # registry contains credentials for registry.molgenis.org + registry: + user: admin + password: xxxx + # dockerHubPassword contains password for hub.docker.com + dockerHub: + user: molgenisci + password: xxxx \ No newline at end of file From d9053b656c62153683af7b10739dcc645957bde2 Mon Sep 17 00:00:00 2001 From: sido Date: Mon, 10 Sep 2018 17:37:50 +0200 Subject: [PATCH 05/25] updated volume claims --- molgenis/templates/deployment.yaml | 8 ++++++++ .../persistence/molgenisPersistenceClaim.yaml | 15 +++++++++++++++ molgenis/values.yaml | 4 +++- 3 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 molgenis/templates/persistence/molgenisPersistenceClaim.yaml diff --git a/molgenis/templates/deployment.yaml b/molgenis/templates/deployment.yaml index a718bba..5aeeff0 100644 --- a/molgenis/templates/deployment.yaml +++ b/molgenis/templates/deployment.yaml @@ -49,6 +49,10 @@ spec: value: {{ .javaOpts }} ports: - containerPort: 8080 + volumeMounts: + - name: molgenis-nfs + mountPath: "/home/molgenis" + restartPolicy: "Never" livenessProbe: httpGet: path: / @@ -63,6 +67,10 @@ spec: periodSeconds: 5 resources: {{ toYaml .resources | indent 12 }} + volumes: + - name: molgenis-nfs + persistentVolumeClaim: + claimName: molgenis-nfs-claim {{- end }} - name: elasticsearch diff --git a/molgenis/templates/persistence/molgenisPersistenceClaim.yaml b/molgenis/templates/persistence/molgenisPersistenceClaim.yaml new file mode 100644 index 0000000..8c02e3d --- /dev/null +++ b/molgenis/templates/persistence/molgenisPersistenceClaim.yaml @@ -0,0 +1,15 @@ +{{- if .Values.molgenis.persistence.enabled -}} +apiVersion: extensions/v1beta1 +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: molgenis-nfs-claim + annotations: + volume.beta.kubernetes.io/storage-class: "nfs-provisioner" +spec: + accessModes: + - ReadWriteMany + resources: + requests: +storage: 1Gi +{{- end }} \ No newline at end of file diff --git a/molgenis/values.yaml b/molgenis/values.yaml index bc931b4..6aa4016 100644 --- a/molgenis/values.yaml +++ b/molgenis/values.yaml @@ -66,7 +66,9 @@ elasticsearch: cpu: 100m memory: 1Gi -nodeSelector: {} +nodeSelector: { + deployPod: "true" +} tolerations: [] From 5a98e35273dde059e12c90b15253128cd622dcdc Mon Sep 17 00:00:00 2001 From: sido Date: Mon, 10 Sep 2018 21:41:54 +0200 Subject: [PATCH 06/25] added persistence properties to values and deployment --- molgenis/questions.yml | 7 +++++++ molgenis/templates/deployment.yaml | 9 ++++++--- molgenis/templates/persistence/molgenisPVC.yaml | 15 +++++++++++++++ .../persistence/molgenisPersistenceClaim.yaml | 15 --------------- molgenis/values.yaml | 7 +------ 5 files changed, 29 insertions(+), 24 deletions(-) create mode 100644 molgenis/templates/persistence/molgenisPVC.yaml delete mode 100644 molgenis/templates/persistence/molgenisPersistenceClaim.yaml diff --git a/molgenis/questions.yml b/molgenis/questions.yml index cd0c528..278368a 100644 --- a/molgenis/questions.yml +++ b/molgenis/questions.yml @@ -101,3 +101,10 @@ questions: required: true group: "Persistence" label: Persistence + show_subquestion_if: true + - variable: molgenis.persistence.size + default: "10Gi" + description: "Size of MOLGENIS filestore (not the database size)" + type: string + label: Size filestore + diff --git a/molgenis/templates/deployment.yaml b/molgenis/templates/deployment.yaml index 5aeeff0..06708a9 100644 --- a/molgenis/templates/deployment.yaml +++ b/molgenis/templates/deployment.yaml @@ -49,10 +49,11 @@ spec: value: {{ .javaOpts }} ports: - containerPort: 8080 + {{- if .persistence.enabled }} volumeMounts: - name: molgenis-nfs - mountPath: "/home/molgenis" - restartPolicy: "Never" + mountPath: /home/molgenis + {{- end }} livenessProbe: httpGet: path: / @@ -67,10 +68,12 @@ spec: periodSeconds: 5 resources: {{ toYaml .resources | indent 12 }} + {{- if .persistence.enabled }} volumes: - name: molgenis-nfs persistentVolumeClaim: - claimName: molgenis-nfs-claim + claimName: {{ .Values.persistence.name }} + {{- end }} {{- end }} - name: elasticsearch diff --git a/molgenis/templates/persistence/molgenisPVC.yaml b/molgenis/templates/persistence/molgenisPVC.yaml new file mode 100644 index 0000000..65c07ba --- /dev/null +++ b/molgenis/templates/persistence/molgenisPVC.yaml @@ -0,0 +1,15 @@ +{{- if .Values.molgenis.persistence.enabled }} +apiVersion: extensions/v1beta1 +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ .Values.molgenis.persistence.name }} + annotations: + volume.beta.kubernetes.io/storage-class: "nfs-provisioner" + spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.molgenis.persistence.size }} +{{- end }} \ No newline at end of file diff --git a/molgenis/templates/persistence/molgenisPersistenceClaim.yaml b/molgenis/templates/persistence/molgenisPersistenceClaim.yaml deleted file mode 100644 index 8c02e3d..0000000 --- a/molgenis/templates/persistence/molgenisPersistenceClaim.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.molgenis.persistence.enabled -}} -apiVersion: extensions/v1beta1 -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: molgenis-nfs-claim - annotations: - volume.beta.kubernetes.io/storage-class: "nfs-provisioner" -spec: - accessModes: - - ReadWriteMany - resources: - requests: -storage: 1Gi -{{- end }} \ No newline at end of file diff --git a/molgenis/values.yaml b/molgenis/values.yaml index 6aa4016..a0151d7 100644 --- a/molgenis/values.yaml +++ b/molgenis/values.yaml @@ -32,13 +32,8 @@ molgenis: memory: 1Gi persistence: enabled: false - name: molgenis-nexus-data - storageClass: nfs-class + name: molgenis-nfs-claim size: 30G - reclaimPolicy: Retain - server: 192.168.64.12 - accessMode: ReadWriteMany - mountPath: /gcc/molgenis/nexus services: opencpu: host: localhost From 0c9548069c2e89f2517cfc62fbaa85eb604a8d71 Mon Sep 17 00:00:00 2001 From: sido Date: Mon, 10 Sep 2018 21:44:34 +0200 Subject: [PATCH 07/25] add subquestion heading --- molgenis/questions.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/molgenis/questions.yml b/molgenis/questions.yml index 278368a..bbccea2 100644 --- a/molgenis/questions.yml +++ b/molgenis/questions.yml @@ -102,6 +102,7 @@ questions: group: "Persistence" label: Persistence show_subquestion_if: true + subquestions: - variable: molgenis.persistence.size default: "10Gi" description: "Size of MOLGENIS filestore (not the database size)" From a2922c4d49ae60529df5a7b5505c46fb39043f87 Mon Sep 17 00:00:00 2001 From: sido Date: Mon, 10 Sep 2018 21:47:12 +0200 Subject: [PATCH 08/25] persistence keys in deploymeny --- molgenis/questions.yml | 2 +- molgenis/templates/deployment.yaml | 2 +- molgenis/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/molgenis/questions.yml b/molgenis/questions.yml index bbccea2..b5f40e5 100644 --- a/molgenis/questions.yml +++ b/molgenis/questions.yml @@ -104,7 +104,7 @@ questions: show_subquestion_if: true subquestions: - variable: molgenis.persistence.size - default: "10Gi" + default: "30Gi" description: "Size of MOLGENIS filestore (not the database size)" type: string label: Size filestore diff --git a/molgenis/templates/deployment.yaml b/molgenis/templates/deployment.yaml index 06708a9..7895b0d 100644 --- a/molgenis/templates/deployment.yaml +++ b/molgenis/templates/deployment.yaml @@ -72,7 +72,7 @@ spec: volumes: - name: molgenis-nfs persistentVolumeClaim: - claimName: {{ .Values.persistence.name }} + claimName: {{ .persistence.name }} {{- end }} {{- end }} diff --git a/molgenis/values.yaml b/molgenis/values.yaml index a0151d7..c2c2974 100644 --- a/molgenis/values.yaml +++ b/molgenis/values.yaml @@ -33,7 +33,7 @@ molgenis: persistence: enabled: false name: molgenis-nfs-claim - size: 30G + size: 30Gi services: opencpu: host: localhost From 846df81522c0e7d171d44f4b3d0aadc76bf16e35 Mon Sep 17 00:00:00 2001 From: sido Date: Mon, 10 Sep 2018 21:49:12 +0200 Subject: [PATCH 09/25] udpated structure --- molgenis/templates/persistence/molgenisPVC.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/molgenis/templates/persistence/molgenisPVC.yaml b/molgenis/templates/persistence/molgenisPVC.yaml index 65c07ba..4de137a 100644 --- a/molgenis/templates/persistence/molgenisPVC.yaml +++ b/molgenis/templates/persistence/molgenisPVC.yaml @@ -4,12 +4,12 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ .Values.molgenis.persistence.name }} - annotations: - volume.beta.kubernetes.io/storage-class: "nfs-provisioner" - spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: {{ .Values.molgenis.persistence.size }} +annotations: + volume.beta.kubernetes.io/storage-class: "nfs-provisioner" +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.molgenis.persistence.size }} {{- end }} \ No newline at end of file From a660aff3553443382d60f7210f403ca9b90ee888 Mon Sep 17 00:00:00 2001 From: sido Date: Mon, 10 Sep 2018 21:53:29 +0200 Subject: [PATCH 10/25] udpated structure --- molgenis/templates/persistence/molgenisPVC.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/molgenis/templates/persistence/molgenisPVC.yaml b/molgenis/templates/persistence/molgenisPVC.yaml index 4de137a..1ae03f0 100644 --- a/molgenis/templates/persistence/molgenisPVC.yaml +++ b/molgenis/templates/persistence/molgenisPVC.yaml @@ -4,8 +4,8 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ .Values.molgenis.persistence.name }} -annotations: - volume.beta.kubernetes.io/storage-class: "nfs-provisioner" + annotations: + volume.beta.kubernetes.io/storage-class: "nfs-provisioner" spec: accessModes: - ReadWriteMany From 59d99deab574db7f335f066385cea0287dcaaca9 Mon Sep 17 00:00:00 2001 From: sido Date: Mon, 10 Sep 2018 21:57:39 +0200 Subject: [PATCH 11/25] restrcuture deployment --- molgenis/templates/deployment.yaml | 8 ++++---- molgenis/templates/persistence/molgenisPVC.yaml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/molgenis/templates/deployment.yaml b/molgenis/templates/deployment.yaml index 7895b0d..0205efb 100644 --- a/molgenis/templates/deployment.yaml +++ b/molgenis/templates/deployment.yaml @@ -68,11 +68,11 @@ spec: periodSeconds: 5 resources: {{ toYaml .resources | indent 12 }} - {{- if .persistence.enabled }} + {{- if .persistence.enabled -}} volumes: - - name: molgenis-nfs - persistentVolumeClaim: - claimName: {{ .persistence.name }} + - name: molgenis-nfs + persistentVolumeClaim: + claimName: {{ .persistence.name }} {{- end }} {{- end }} diff --git a/molgenis/templates/persistence/molgenisPVC.yaml b/molgenis/templates/persistence/molgenisPVC.yaml index 1ae03f0..a10d9de 100644 --- a/molgenis/templates/persistence/molgenisPVC.yaml +++ b/molgenis/templates/persistence/molgenisPVC.yaml @@ -1,4 +1,4 @@ -{{- if .Values.molgenis.persistence.enabled }} +{{- if .Values.molgenis.persistence.enabled -}} apiVersion: extensions/v1beta1 kind: PersistentVolumeClaim apiVersion: v1 From bfb2e458776b77f1ff1a6776ba99c11bb6e85810 Mon Sep 17 00:00:00 2001 From: sido Date: Mon, 10 Sep 2018 22:00:51 +0200 Subject: [PATCH 12/25] added volumes --- molgenis/templates/deployment.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/molgenis/templates/deployment.yaml b/molgenis/templates/deployment.yaml index 0205efb..ed63b5c 100644 --- a/molgenis/templates/deployment.yaml +++ b/molgenis/templates/deployment.yaml @@ -68,13 +68,13 @@ spec: periodSeconds: 5 resources: {{ toYaml .resources | indent 12 }} - {{- if .persistence.enabled -}} - volumes: - - name: molgenis-nfs - persistentVolumeClaim: - claimName: {{ .persistence.name }} - {{- end }} {{- end }} + {{- if .persistence.enabled }} + volumes: + - name: molgenis-nfs + persistentVolumeClaim: + claimName: {{ .persistence.name }} + {{- end }} - name: elasticsearch {{- with .Values.elasticsearch }} From ed948c40aa38c050e2550566d79cf4e336f4529a Mon Sep 17 00:00:00 2001 From: sido Date: Mon, 10 Sep 2018 22:02:18 +0200 Subject: [PATCH 13/25] referred to right config values.yaml --- molgenis/templates/deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/molgenis/templates/deployment.yaml b/molgenis/templates/deployment.yaml index ed63b5c..a9c3008 100644 --- a/molgenis/templates/deployment.yaml +++ b/molgenis/templates/deployment.yaml @@ -69,11 +69,11 @@ spec: resources: {{ toYaml .resources | indent 12 }} {{- end }} - {{- if .persistence.enabled }} + {{- if .Values.molgenis.persistence.enabled }} volumes: - name: molgenis-nfs persistentVolumeClaim: - claimName: {{ .persistence.name }} + claimName: {{ .Values.molgenis.persistence.name }} {{- end }} - name: elasticsearch From 947e389b92eca11087f990244bf7a17b2d1c767c Mon Sep 17 00:00:00 2001 From: sido Date: Mon, 10 Sep 2018 22:06:20 +0200 Subject: [PATCH 14/25] moved volumes down below in deployment --- molgenis/templates/deployment.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/molgenis/templates/deployment.yaml b/molgenis/templates/deployment.yaml index a9c3008..59cd27a 100644 --- a/molgenis/templates/deployment.yaml +++ b/molgenis/templates/deployment.yaml @@ -69,12 +69,6 @@ spec: resources: {{ toYaml .resources | indent 12 }} {{- end }} - {{- if .Values.molgenis.persistence.enabled }} - volumes: - - name: molgenis-nfs - persistentVolumeClaim: - claimName: {{ .Values.molgenis.persistence.name }} - {{- end }} - name: elasticsearch {{- with .Values.elasticsearch }} @@ -98,6 +92,12 @@ spec: {{ toYaml .resources | indent 12 }} {{- end }} +{{- if .Values.molgenis.persistence.enabled }} + volumes: + - name: molgenis-nfs + persistentVolumeClaim: + claimName: {{ .Values.molgenis.persistence.name }} +{{- end }} {{- with .Values.nodeSelector }} nodeSelector: From 04bd9cd653d0f08c3681bb5f8f1ff620fb2ab05c Mon Sep 17 00:00:00 2001 From: sido Date: Tue, 11 Sep 2018 13:51:58 +0200 Subject: [PATCH 15/25] added persistence to questions and bumped chart --- molgenis/Chart.yaml | 2 +- molgenis/questions.yml | 18 ++++++++++++++++-- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/molgenis/Chart.yaml b/molgenis/Chart.yaml index e60f8cc..42ec519 100644 --- a/molgenis/Chart.yaml +++ b/molgenis/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "1.0" description: MOLGENIS - helm stack (in BETA) name: molgenis-beta -version: 0.1.0 +version: 0.2.0 sources: - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis/catalogIcon-molgenis.svg \ No newline at end of file diff --git a/molgenis/questions.yml b/molgenis/questions.yml index 27dbee5..572ac39 100644 --- a/molgenis/questions.yml +++ b/molgenis/questions.yml @@ -81,7 +81,7 @@ questions: - variable: molgenis.resources.requests.memory label: Container memory reservation default: 1250Mi - description: "Memory reservation for this MOLGENIS container" + description: "Memory reservation for this MOLGENIS container (must fit in the selected memory limit for the container)" type: enum options: - "1250Mi" @@ -96,4 +96,18 @@ questions: options: - "1g" - "2g" - group: "Resources" \ No newline at end of file + group: "Resources" +- variable: molgenis.persistence.enabled + default: false + description: "Do you want to use persistence" + type: boolean + required: true + group: "Persistence" + label: Persistence + show_subquestion_if: true + subquestions: + - variable: molgenis.persistence.size + default: "30Gi" + description: "Size of MOLGENIS filestore (not the database size)" + type: string + label: Size filestore \ No newline at end of file From e5cbcdf9333b9ace92ede47e28640371b79f1ddc Mon Sep 17 00:00:00 2001 From: sido Date: Tue, 11 Sep 2018 15:48:56 +0200 Subject: [PATCH 16/25] added retainability for pv's --- molgenis/questions.yml | 7 ++++++- molgenis/templates/persistence/molgenisPVC.yaml | 12 +++++++++--- molgenis/values.yaml | 1 + 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/molgenis/questions.yml b/molgenis/questions.yml index 572ac39..cb4dc26 100644 --- a/molgenis/questions.yml +++ b/molgenis/questions.yml @@ -110,4 +110,9 @@ questions: default: "30Gi" description: "Size of MOLGENIS filestore (not the database size)" type: string - label: Size filestore \ No newline at end of file + label: Size filestore + - variable: molgenis.persistence.retain + default: false + description: "Do you want to retain the persistence volume" + type: boolean + label: Retain volume \ No newline at end of file diff --git a/molgenis/templates/persistence/molgenisPVC.yaml b/molgenis/templates/persistence/molgenisPVC.yaml index a10d9de..1335adb 100644 --- a/molgenis/templates/persistence/molgenisPVC.yaml +++ b/molgenis/templates/persistence/molgenisPVC.yaml @@ -1,15 +1,21 @@ -{{- if .Values.molgenis.persistence.enabled -}} +{{- with .Values.molgenis.persistence }} +{{- if .enabled -}} apiVersion: extensions/v1beta1 kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: {{ .Values.molgenis.persistence.name }} + name: {{ .name }} annotations: + {{- if .retain }} + volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain" + {{- else }} volume.beta.kubernetes.io/storage-class: "nfs-provisioner" + {{- end }} spec: accessModes: - ReadWriteMany resources: requests: - storage: {{ .Values.molgenis.persistence.size }} + storage: {{ .size }} +{{- end }} {{- end }} \ No newline at end of file diff --git a/molgenis/values.yaml b/molgenis/values.yaml index 747106a..6b6d5ee 100644 --- a/molgenis/values.yaml +++ b/molgenis/values.yaml @@ -33,6 +33,7 @@ molgenis: memory: 1250Mi persistence: enabled: false + retain: false name: molgenis-nfs-claim size: 30Gi services: From 61d550512692ef88a91e594a581992256526f727 Mon Sep 17 00:00:00 2001 From: sido Date: Tue, 11 Sep 2018 16:56:27 +0200 Subject: [PATCH 17/25] updated persistence README.md --- molgenis/README.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/molgenis/README.md b/molgenis/README.md index c85b200..4c81c8e 100644 --- a/molgenis/README.md +++ b/molgenis/README.md @@ -79,5 +79,26 @@ Specify memory usage for Java JVM: Select the resources you need dependant on the customer you need to serve. +## Persistence +You can define your own volume by enabling persistence on your MOLGENIS instance. You can also choose to retain the volume of the NFS and specify the size of the volume. +The following properties will setup the persistence for you. + +- ```molgenis.persistence.enabled``` +- ```molgenis.persistence.retain``` +- ```molgenis.persistence.size``` + +### Resolve you persistent volume +You do not know which volume is attached to your MOLGENIS instance. You can resolve this by executing: + +``` +kubectl get pv +``` + +You can now view the persistent volume claims and the attached volumes. + +| NAME | CAPACITY | ACCESS | MODES | RECLAIM | POLICY | STATUS | CLAIM | STORAGECLASS | REASON | AGE | +| ---- | -------- | ------ | ----- | ------- | ------ | ------ | ----- | ------------ | ------ | --- | +| pvc-45988f55-900f-11e8-a0b4-005056a51744 | 30G | RWX | | Retain | Bound | molgenis-solverd/molgenis-nfs-claim | nfs-provisioner | | 33d | + ## Firewall Is defined at cluster level. This chart does not facilitate firewall configuration. From 5fd05f505a6aee763ece5eac09263940258940a7 Mon Sep 17 00:00:00 2001 From: sido Date: Tue, 11 Sep 2018 16:59:40 +0200 Subject: [PATCH 18/25] updated docs --- molgenis/README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/molgenis/README.md b/molgenis/README.md index 4c81c8e..2f56de4 100644 --- a/molgenis/README.md +++ b/molgenis/README.md @@ -98,7 +98,11 @@ You can now view the persistent volume claims and the attached volumes. | NAME | CAPACITY | ACCESS | MODES | RECLAIM | POLICY | STATUS | CLAIM | STORAGECLASS | REASON | AGE | | ---- | -------- | ------ | ----- | ------- | ------ | ------ | ----- | ------------ | ------ | --- | -| pvc-45988f55-900f-11e8-a0b4-005056a51744 | 30G | RWX | | Retain | Bound | molgenis-solverd/molgenis-nfs-claim | nfs-provisioner | | 33d | +| pvc-45988f55-900f-11e8-a0b4-005056a51744 | 30G | RWX | | Retain | Bound | molgenis-solverd/molgenis-nfs-claim | nfs-provisioner-retain | | | 33d | +| pvc-3984723d-220f-14e8-a98a-skjhf88823kk | 30G | RWO | | Delete | Bound | molgenis-test/molgenis-nfs-claim | nfs-provisioner | | | 33d | + +You see the ```molgenis-test/molgenis-nfs-claim``` is bound to the volume: ```pvc-3984723d-220f-14e8-a98a-skjhf88823kk```. +When you want to view the data in the this volume you can go to the nfs-provisioning pod and execute the shell. Go to the directory ```export``` and lookup the directory ```pvc-3984723d-220f-14e8-a98a-skjhf88823kk```. ## Firewall Is defined at cluster level. This chart does not facilitate firewall configuration. From d7ccab34c431f3609501ef761ff8a69a81a594da Mon Sep 17 00:00:00 2001 From: sido Date: Tue, 11 Sep 2018 17:07:14 +0200 Subject: [PATCH 19/25] version bump and enumerized values for sizing volumes --- molgenis/Chart.yaml | 2 +- molgenis/questions.yml | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/molgenis/Chart.yaml b/molgenis/Chart.yaml index 42ec519..d72e338 100644 --- a/molgenis/Chart.yaml +++ b/molgenis/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "1.0" description: MOLGENIS - helm stack (in BETA) name: molgenis-beta -version: 0.2.0 +version: 0.3.0 sources: - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis/catalogIcon-molgenis.svg \ No newline at end of file diff --git a/molgenis/questions.yml b/molgenis/questions.yml index cb4dc26..f9309cf 100644 --- a/molgenis/questions.yml +++ b/molgenis/questions.yml @@ -107,9 +107,14 @@ questions: show_subquestion_if: true subquestions: - variable: molgenis.persistence.size - default: "30Gi" + default: "50Gi" description: "Size of MOLGENIS filestore (not the database size)" - type: string + type: enum + options: + - "50Gi" + - "100Gi" + - "200Gi" + - "300Gi" label: Size filestore - variable: molgenis.persistence.retain default: false From 34c8f048b927f88fff701fbe1ce166bd698cd087 Mon Sep 17 00:00:00 2001 From: sido Date: Tue, 11 Sep 2018 17:08:44 +0200 Subject: [PATCH 20/25] also upgraded the default value in values.yaml --- molgenis/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molgenis/values.yaml b/molgenis/values.yaml index 6b6d5ee..aa0b197 100644 --- a/molgenis/values.yaml +++ b/molgenis/values.yaml @@ -35,7 +35,7 @@ molgenis: enabled: false retain: false name: molgenis-nfs-claim - size: 30Gi + size: 50Gi services: opencpu: host: localhost From d17c137dd59cbe3cc0d2e5da2bdad772fbe92978 Mon Sep 17 00:00:00 2001 From: sido Date: Wed, 12 Sep 2018 08:04:59 +0200 Subject: [PATCH 21/25] added elasticsearch persistence --- molgenis/README.md | 22 +++++++++++++--- molgenis/questions.yml | 26 ++++++++++++------- molgenis/templates/deployment.yaml | 16 +++++++++--- .../persistence/elasticsearchPVC.yaml | 20 ++++++++++++++ .../templates/persistence/molgenisPVC.yaml | 9 +++---- molgenis/values.yaml | 13 +++++++--- 6 files changed, 81 insertions(+), 25 deletions(-) create mode 100644 molgenis/templates/persistence/elasticsearchPVC.yaml diff --git a/molgenis/README.md b/molgenis/README.md index 2f56de4..03e8b2e 100644 --- a/molgenis/README.md +++ b/molgenis/README.md @@ -80,13 +80,27 @@ Specify memory usage for Java JVM: Select the resources you need dependant on the customer you need to serve. ## Persistence -You can define your own volume by enabling persistence on your MOLGENIS instance. You can also choose to retain the volume of the NFS and specify the size of the volume. -The following properties will setup the persistence for you. +You can enable persistence on your MOLGENIS stack by specifying the following property. -- ```molgenis.persistence.enabled``` -- ```molgenis.persistence.retain``` +- ```persistence.enabled``` + +You can also choose to retain the volume of the NFS. +- ```persistence.retain``` + +The size and claim name can be specified per service. There are now two services that can be persist. + +- MOLGENIS +- ElasticSearch + +MOLGENIS persistent properties. +- ```molgenis.persistence.claim``` - ```molgenis.persistence.size``` +ElasticSearch persistent properties. +- ```elasticsearch.persistence.claim``` +- ```elasticsearch.persistence.size``` + + ### Resolve you persistent volume You do not know which volume is attached to your MOLGENIS instance. You can resolve this by executing: diff --git a/molgenis/questions.yml b/molgenis/questions.yml index f9309cf..1dca426 100644 --- a/molgenis/questions.yml +++ b/molgenis/questions.yml @@ -97,7 +97,7 @@ questions: - "1g" - "2g" group: "Resources" -- variable: molgenis.persistence.enabled +- variable: persistence.enabled default: false description: "Do you want to use persistence" type: boolean @@ -106,18 +106,26 @@ questions: label: Persistence show_subquestion_if: true subquestions: + - variable: persistence.retain + default: false + description: "Do you want to retain the persistent volume" + type: boolean + label: Retain volume - variable: molgenis.persistence.size + default: "30Gi" + description: "Size of MOLGENIS filestore" + type: enum + options: + - "30Gi" + - "50Gi" + - "100Gi" + label: Size filestore + - variable: elasticsearch.persistence.size default: "50Gi" - description: "Size of MOLGENIS filestore (not the database size)" + description: "Size of ElasticSearch data" type: enum options: - "50Gi" - "100Gi" - "200Gi" - - "300Gi" - label: Size filestore - - variable: molgenis.persistence.retain - default: false - description: "Do you want to retain the persistence volume" - type: boolean - label: Retain volume \ No newline at end of file + label: Size for ElasticSearch data \ No newline at end of file diff --git a/molgenis/templates/deployment.yaml b/molgenis/templates/deployment.yaml index 5ecf512..c14d714 100644 --- a/molgenis/templates/deployment.yaml +++ b/molgenis/templates/deployment.yaml @@ -49,7 +49,7 @@ spec: value: "-Xmx{{ .javaOpts.maxHeapSpace }} -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled" ports: - containerPort: 8080 - {{- if .persistence.enabled }} + {{- if $.Values.persistence.enabled }} volumeMounts: - name: molgenis-nfs mountPath: /home/molgenis @@ -92,15 +92,25 @@ spec: ports: - containerPort: 9200 - containerPort: 9300 + {{- if $.Values.persistence.enabled }} + volumeMounts: + - name: elastic-nfs + mountPath: /usr/share/elasticsearch/data + {{- end }} + resources: {{ toYaml .resources | indent 12 }} {{- end }} -{{- if .Values.molgenis.persistence.enabled }} +{{- if .Values.persistence.enabled }} volumes: - name: molgenis-nfs persistentVolumeClaim: - claimName: {{ .Values.molgenis.persistence.name }} + claimName: {{ .Values.molgenis.persistence.claim }} + volumes: + - name: elasticsearch-nfs + persistentVolumeClaim: + claimName: {{ .Values.elasticsearch.persistence.claim }} {{- end }} {{- with .Values.nodeSelector }} diff --git a/molgenis/templates/persistence/elasticsearchPVC.yaml b/molgenis/templates/persistence/elasticsearchPVC.yaml new file mode 100644 index 0000000..54103b8 --- /dev/null +++ b/molgenis/templates/persistence/elasticsearchPVC.yaml @@ -0,0 +1,20 @@ +{{- if .Values.persistence.enabled -}} +apiVersion: extensions/v1beta1 +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ .Values.elasticsearch.persistence.claim }} + annotations: + {{- if .Values.persistence.retain }} + volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain" + {{- else }} + volume.beta.kubernetes.io/storage-class: "nfs-provisioner" + {{- end }} +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.elasticsearch.persistence.size }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/molgenis/templates/persistence/molgenisPVC.yaml b/molgenis/templates/persistence/molgenisPVC.yaml index 1335adb..9968273 100644 --- a/molgenis/templates/persistence/molgenisPVC.yaml +++ b/molgenis/templates/persistence/molgenisPVC.yaml @@ -1,12 +1,11 @@ -{{- with .Values.molgenis.persistence }} -{{- if .enabled -}} +{{- if .Values.persistence.enabled -}} apiVersion: extensions/v1beta1 kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: {{ .name }} + name: {{ .Values.molgenis.persistence.claim }} annotations: - {{- if .retain }} + {{- if .Values.persistence.retain }} volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain" {{- else }} volume.beta.kubernetes.io/storage-class: "nfs-provisioner" @@ -16,6 +15,6 @@ spec: - ReadWriteMany resources: requests: - storage: {{ .size }} + storage: {{ .Values.molgenis.persistence.size }} {{- end }} {{- end }} \ No newline at end of file diff --git a/molgenis/values.yaml b/molgenis/values.yaml index aa0b197..44b9f27 100644 --- a/molgenis/values.yaml +++ b/molgenis/values.yaml @@ -32,10 +32,8 @@ molgenis: cpu: 200m memory: 1250Mi persistence: - enabled: false - retain: false - name: molgenis-nfs-claim - size: 50Gi + claim: molgenis-nfs-claim + size: 30Gi services: opencpu: host: localhost @@ -62,6 +60,13 @@ elasticsearch: requests: cpu: 100m memory: 1Gi + persistence: + claim: elasticsearch-nfs-claim + size: 50Gi + +persistence: + enabled: false + retain: false nodeSelector: { deployPod: "true" From 321af8f2f2d4e9bfe19eaee2524043f086f36db0 Mon Sep 17 00:00:00 2001 From: sido Date: Wed, 12 Sep 2018 08:13:33 +0200 Subject: [PATCH 22/25] updated labels and desc --- molgenis/questions.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/molgenis/questions.yml b/molgenis/questions.yml index 1dca426..69c106a 100644 --- a/molgenis/questions.yml +++ b/molgenis/questions.yml @@ -113,16 +113,16 @@ questions: label: Retain volume - variable: molgenis.persistence.size default: "30Gi" - description: "Size of MOLGENIS filestore" + description: "Size of MOLGENIS filestore (PostgreSQL and ElasticSearch excluded)" type: enum options: - "30Gi" - "50Gi" - "100Gi" - label: Size filestore + label: Size MOLGENIS filestore - variable: elasticsearch.persistence.size default: "50Gi" - description: "Size of ElasticSearch data" + description: "Size of ElasticSearch data (directory that is persist: /usr/share/elasticsearch/data)" type: enum options: - "50Gi" From c28f08bedd589c4c013b0c364ef8793c60745bed Mon Sep 17 00:00:00 2001 From: sido Date: Wed, 12 Sep 2018 08:15:38 +0200 Subject: [PATCH 23/25] one end to much --- molgenis/templates/persistence/elasticsearchPVC.yaml | 1 - molgenis/templates/persistence/molgenisPVC.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/molgenis/templates/persistence/elasticsearchPVC.yaml b/molgenis/templates/persistence/elasticsearchPVC.yaml index 54103b8..6c8bef7 100644 --- a/molgenis/templates/persistence/elasticsearchPVC.yaml +++ b/molgenis/templates/persistence/elasticsearchPVC.yaml @@ -16,5 +16,4 @@ spec: resources: requests: storage: {{ .Values.elasticsearch.persistence.size }} -{{- end }} {{- end }} \ No newline at end of file diff --git a/molgenis/templates/persistence/molgenisPVC.yaml b/molgenis/templates/persistence/molgenisPVC.yaml index 9968273..6ec2f93 100644 --- a/molgenis/templates/persistence/molgenisPVC.yaml +++ b/molgenis/templates/persistence/molgenisPVC.yaml @@ -16,5 +16,4 @@ spec: resources: requests: storage: {{ .Values.molgenis.persistence.size }} -{{- end }} {{- end }} \ No newline at end of file From 7305d54630cb495dd4ae2a8a9212eec6a6d46315 Mon Sep 17 00:00:00 2001 From: sido Date: Wed, 12 Sep 2018 08:17:34 +0200 Subject: [PATCH 24/25] updated volume name --- molgenis/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molgenis/templates/deployment.yaml b/molgenis/templates/deployment.yaml index c14d714..206f670 100644 --- a/molgenis/templates/deployment.yaml +++ b/molgenis/templates/deployment.yaml @@ -94,7 +94,7 @@ spec: - containerPort: 9300 {{- if $.Values.persistence.enabled }} volumeMounts: - - name: elastic-nfs + - name: elasticsearch-nfs mountPath: /usr/share/elasticsearch/data {{- end }} From 501982ca53652559a76ff4a72f32a400127aec70 Mon Sep 17 00:00:00 2001 From: sido Date: Wed, 12 Sep 2018 08:19:48 +0200 Subject: [PATCH 25/25] removed redunant volume entry in deployment --- molgenis/templates/deployment.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/molgenis/templates/deployment.yaml b/molgenis/templates/deployment.yaml index 206f670..b40a284 100644 --- a/molgenis/templates/deployment.yaml +++ b/molgenis/templates/deployment.yaml @@ -107,7 +107,6 @@ spec: - name: molgenis-nfs persistentVolumeClaim: claimName: {{ .Values.molgenis.persistence.claim }} - volumes: - name: elasticsearch-nfs persistentVolumeClaim: claimName: {{ .Values.elasticsearch.persistence.claim }}