P129679
/
molgenis-ops-docker-helm
1
0
Fork 0
Code Releases Activity

refactor: Move charts to charts directory

This commit is contained in:
Fleur Kelpin 2018-09-29 14:32:02 +02:00
parent 72ea0f9424
commit e0d15dcef7
11 changed files with 5 additions and 1137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
charts/molgenis-nexus/README.md
View File

@ -61,4 +61,9 @@ To test if your hem chart works and:
To deploy it on the cluster. To deploy it on the cluster.
```curl -L -u xxxx:xxxx http://registry.molgenis.org/repository/helm/ --upload-file molgenis-x.x.x.tgz```
To push it to the registry

8
molgenis-jenkins/Chart.yaml
View File

@ -1,8 +0,0 @@
name: molgenis-jenkins
home: https://jenkins.io/
version: 0.8.0
appVersion: 2.121
description: Molgenis installation for the jenkins chart.
sources:
- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-jenkins/catalogIcon-molgenis-jenkins.svg

115
molgenis-jenkins/README.md
View File

@ -1,115 +0,0 @@
# Molgenis Jenkins Helm Chart
Jenkins master and slave cluster utilizing the Jenkins Kubernetes plugin.
Wraps [the kuberenetes jenkins chart](https://github.com/kubernetes/charts/tree/master/stable/jenkins), see documentation there!
## Chart Details
This chart will do the following:
* 1 x Jenkins Master with port 8080 exposed on an external ClusterIP
* All using Kubernetes Deployments
## Installing the Chart
Usually, you'll be deploying this to the molgenis cluster.
In the [Rancher Catalog](https://rancher.molgenis.org:7443/g/catalog), add the latest version of this repository.
In the [molgenis cluster management page](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/apps), choose the
catalog, pick the molgenis-jenkins app from the catalog and deploy it.
## Configuration
When deploying, you can paste values into the Rancher Answers to override the defaults in this chart.
Array values can be added as {value, value, value}.
```
jenkins.Master.HostName=jenkins.molgenis.org
jenkins.Master.AdminPassword=pa$$word
jenkins.Persistence.Enabled=false
jenkins.Master.InstallPlugins={kubernetes:1.8.4, workflow-aggregator:2.5, workflow-job:2.21, credentials-binding:1.16, git:3.9.1, blueocean:1.6.2, github-oauth:0.29}
jenkins.Master.Security.UseGitHub=false
## if UseGitHub=true
jenkins.Master.Security.GitHub.ClientID=id
jenkins.Master.Security.GitHub.ClientSecret=S3cr3t
## end UseGitHub=true
PipelineSecrets.Env.PGPPassphrase=literal:S3cr3t
```
You can use [all configuration values of the jenkins subchart](https://github.com/kubernetes/charts/tree/master/stable/jenkins).
> Because we use jenkins as a sub-chart, you should prefix all value keys with `jenkins`!
### GitHub Authentication delegation
You need to setup a MOLGENIS - Jenkins GitHub OAuth App. You can do this by accessing this url: [add new OAuth app](https://github.com/settings/applications/new).
### Secrets
When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins.
You can override the values at deploy time but otherwise also configure them
[in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
#### Vault
The vault secret gets mounted in the vault pod so pipeline scripts can retrieve secrets from the vault.
| Parameter | Description | Default |
| ------------------------- | ------------------------------------------ | ---------------------------------------------- |
| `secret.vault.token` | Token to log into the hashicorp vault | `xxxx` |
| `secret.vault.addr` | Address of the vault | `https:vault-operator.vault-operator.svc:8200` |
| `secret.vault.skipVerify` | Skip verification of the https connection | `1` |
#### GitHub
Token used by Jenkins to authenticate on GitHub.
| Parameter | Description | Default |
| --------------------- | ------------------------ | ------------------ |
| `secret.gitHub.user` | username for the account | `molgenis-jenkins` |
| `secret.gitHub.token` | token for the account | `xxxx` |
#### Gogs
Token used by Jenkins to authenticate on the [RuG Webhosting Gogs](https://git.webhosting.rug.nl).
| Parameter | Description | Default |
| ------------------- | ------------------------ | --------- |
| `secret.gogs.user` | username for the account | `p281392` |
| `secret.gogs.token` | token for the account | `xxxx` |
#### Slack
The Slack integration is done mostly in the Jenkinsfile of each project. It is sufficient to only add the plugin to the Jenkins configuration in Helm.
#### Legacy:
##### Docker Hub
Account used in pipeline builds to push docker images to `hub.docker.com`.
> They should read `secret/gcc/account/dockerhub` from vault instead!
| Parameter | Description | Default |
| --------------------------- | ------------------------ | --------------- |
| `secret.dockerHub.user` | username for the account | `molgenisci` |
| `secret.dockerHub.password` | password for the account | `xxxx` |
##### Registry
Account used in pipeline builds to push docker images to `registry.molgenis.org`.
> They should read `secret/ops/account/nexus` from vault instead!
| Parameter | Description | Default |
| --------------------------- | ------------------------ | --------- |
| `secret.dockerHub.user` | username for the account | `admin` |
| `secret.dockerHub.password` | password for the account | `xxxx` |
## Command line use
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart.
For example,
```bash
$ helm install --name jenkins -f values.yaml molgenis-jenkins
```
> **Tip**: You can use the default [values.yaml](values.yaml)

8
molgenis-jenkins/resources/README.md
View File

@ -1,8 +0,0 @@
# Helm in Jenkins
To be able to run helm inside a jenkins pod, you'll need to
* create a role in the namespace where tiller is installed
* bind that role to the user that jenkins pods run as
This directory contains yaml for these resources.
See also https://github.com/helm/helm/blob/master/docs/rbac.md

617
molgenis-jenkins/values.yaml
View File

@ -1,617 +0,0 @@
jenkins:
Master:
NodeSelector:
deployPod: "true"
HostName: jenkins.molgenis.org
ServiceType: ClusterIP
InstallPlugins:
- kubernetes:1.12.6
- workflow-aggregator:2.5
- workflow-job:2.25
- credentials-binding:1.16
- git:3.9.1
- github-branch-source:2.3.6
- kubernetes-credentials-provider:0.10
- blueocean:1.8.3
- github-oauth:0.29
- gogs-webhook:1.0.14
- github-scm-trait-commit-skip:0.1.1
- slack:2.3
Security:
UseGitHub: false
GitHub:
ClientID: ""
ClienSecret: ""
DefaultView: dev
Views:
dev:
- molgenis
ops:
- molgenis-ops-docker-httpd
- molgenis-ops-docker-maven
- molgenis-ops-docker-node
- molgenis-ops-tools
- molgenis-ops-tomcat
Jobs: |-
molgenis: |-
<?xml version='1.1' encoding='UTF-8'?>
<jenkins.branch.OrganizationFolder plugin="branch-api@2.0.20">
<actions/>
<description></description>
<properties>
<org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
<dockerLabel></dockerLabel>
<registry plugin="docker-commons@1.13"/>
</org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
<jenkins.branch.NoTriggerOrganizationFolderProperty>
<branches>.*</branches>
</jenkins.branch.NoTriggerOrganizationFolderProperty>
</properties>
<folderViews class="jenkins.branch.OrganizationFolderViewHolder">
<owner reference="../.."/>
</folderViews>
<healthMetrics>
<com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
<nonRecursive>false</nonRecursive>
</com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
</healthMetrics>
<icon class="jenkins.branch.MetadataActionFolderIcon">
<owner class="jenkins.branch.OrganizationFolder" reference="../.."/>
</icon>
<orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
<pruneDeadBranches>true</pruneDeadBranches>
<daysToKeep>-1</daysToKeep>
<numToKeep>-1</numToKeep>
</orphanedItemStrategy>
<triggers>
<com.cloudbees.hudson.plugins.folder.computed.PeriodicFolderTrigger plugin="cloudbees-folder@6.5.1">
<spec>H H * * *</spec>
<interval>86400000</interval>
</com.cloudbees.hudson.plugins.folder.computed.PeriodicFolderTrigger>
</triggers>
<disabled>false</disabled>
<navigators>
<org.jenkinsci.plugins.github__branch__source.GitHubSCMNavigator plugin="github-branch-source@2.3.6">
<repoOwner>molgenis</repoOwner>
<credentialsId>molgenis-jenkins-github-secret</credentialsId>
<traits>
<org.jenkinsci.plugins.github__branch__source.BranchDiscoveryTrait>
<strategyId>1</strategyId>
</org.jenkinsci.plugins.github__branch__source.BranchDiscoveryTrait>
<org.jenkinsci.plugins.github__branch__source.OriginPullRequestDiscoveryTrait>
<strategyId>1</strategyId>
</org.jenkinsci.plugins.github__branch__source.OriginPullRequestDiscoveryTrait>
<org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
<strategyId>1</strategyId>
<trust class="org.jenkinsci.plugins.github_branch_source.ForkPullRequestDiscoveryTrait$TrustPermission"/>
</org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
<org.jenkinsci.plugins.scm__filter.GitHubCommitSkipTrait plugin="github-scm-trait-commit-skip@0.1.1"/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits>
</org.jenkinsci.plugins.github__branch__source.GitHubSCMNavigator>
</navigators>
<projectFactories>
<org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProjectFactory plugin="workflow-multibranch@2.19">
<scriptPath>Jenkinsfile</scriptPath>
</org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProjectFactory>
</projectFactories>
<buildStrategies/>
</jenkins.branch.OrganizationFolder>
molgenis-ops-docker-httpd: |-
<?xml version='1.1' encoding='UTF-8'?>
<org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch@2.19">
<actions/>
<description>HTTPD server that can be used for redirection and proxieing</description>
<displayName>molgenis-ops-docker-httpd</displayName>
<properties>
<org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
<dockerLabel></dockerLabel>
<registry plugin="docker-commons@1.13"/>
</org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
</properties>
<folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api@2.0.20">
<owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
</folderViews>
<healthMetrics>
<com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
<nonRecursive>false</nonRecursive>
</com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
</healthMetrics>
<icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api@2.0.20">
<owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
</icon>
<orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
<pruneDeadBranches>true</pruneDeadBranches>
<daysToKeep>-1</daysToKeep>
<numToKeep>-1</numToKeep>
</orphanedItemStrategy>
<triggers/>
<disabled>false</disabled>
<sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api@2.0.20">
<data>
<jenkins.branch.BranchSource>
<source class="jenkins.plugins.git.GitSCMSource" plugin="git@3.9.1">
<id>a756941d-6c9d-4492-bcf9-327041764be6</id>
<remote>https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-httpd.git</remote>
<credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
<traits>
<jenkins.plugins.git.traits.BranchDiscoveryTrait/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits>
</source>
<strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
<properties class="empty-list"/>
</strategy>
</jenkins.branch.BranchSource>
</data>
<owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
</sources>
<factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
<owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
<scriptPath>Jenkinsfile</scriptPath>
</factory>
</org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
molgenis-ops-docker-node: |-
<?xml version='1.1' encoding='UTF-8'?>
<org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch@2.19">
<actions/>
<description>NodeJS build container with Curl</description>
<displayName>molgenis-ops-docker-node</displayName>
<properties>
<org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
<dockerLabel></dockerLabel>
<registry plugin="docker-commons@1.13"/>
</org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
</properties>
<folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api@2.0.20">
<owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
</folderViews>
<healthMetrics>
<com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
<nonRecursive>false</nonRecursive>
</com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
</healthMetrics>
<icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api@2.0.20">
<owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
</icon>
<orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
<pruneDeadBranches>true</pruneDeadBranches>
<daysToKeep>-1</daysToKeep>
<numToKeep>-1</numToKeep>
</orphanedItemStrategy>
<triggers/>
<disabled>false</disabled>
<sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api@2.0.20">
<data>
<jenkins.branch.BranchSource>
<source class="jenkins.plugins.git.GitSCMSource" plugin="git@3.9.1">
<id>a756941d-6c9d-4492-bcf9-327041764be6</id>
<remote>https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-node.git</remote>
<credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
<traits>
<jenkins.plugins.git.traits.BranchDiscoveryTrait/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits>
</source>
<strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
<properties class="empty-list"/>
</strategy>
</jenkins.branch.BranchSource>
</data>
<owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
</sources>
<factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
<owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
<scriptPath>Jenkinsfile</scriptPath>
</factory>
</org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
molgenis-ops-docker-maven: |-
<?xml version='1.1' encoding='UTF-8'?>
<org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch@2.19">
<actions/>
<description>MAVEN build container with RPMbuild and Curl</description>
<displayName>molgenis-ops-docker-maven</displayName>
<properties>
<org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
<dockerLabel></dockerLabel>
<registry plugin="docker-commons@1.13"/>
</org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
</properties>
<folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api@2.0.20">
<owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
</folderViews>
<healthMetrics>
<com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
<nonRecursive>false</nonRecursive>
</com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
</healthMetrics>
<icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api@2.0.20">
<owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
</icon>
<orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
<pruneDeadBranches>true</pruneDeadBranches>
<daysToKeep>-1</daysToKeep>
<numToKeep>-1</numToKeep>
</orphanedItemStrategy>
<triggers/>
<disabled>false</disabled>
<sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api@2.0.20">
<data>
<jenkins.branch.BranchSource>
<source class="jenkins.plugins.git.GitSCMSource" plugin="git@3.9.1">
<id>4702479a-6988-4a85-b4b7-e77fa2d05ffa</id>
<remote>https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-maven.git</remote>
<credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
<traits>
<jenkins.plugins.git.traits.BranchDiscoveryTrait/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits>
</source>
<strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
<properties class="empty-list"/>
</strategy>
</jenkins.branch.BranchSource>
</data>
<owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
</sources>
<factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
<owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
<scriptPath>Jenkinsfile</scriptPath>
</factory>
</org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
molgenis-ops-tomcat: |-
<?xml version='1.1' encoding='UTF-8'?>
<org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch@2.19">
<actions/>
<description>MOLGENIS tomcat package to manage tomcat version on CentOS</description>
<displayName>molgenis-ops-tomcat</displayName>
<properties>
<org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
<dockerLabel></dockerLabel>
<registry plugin="docker-commons@1.13"/>
</org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
</properties>
<folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api@2.0.20">
<owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
</folderViews>
<healthMetrics>
<com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
<nonRecursive>false</nonRecursive>
</com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
</healthMetrics>
<icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api@2.0.20">
<owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
</icon>
<orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
<pruneDeadBranches>true</pruneDeadBranches>
<daysToKeep>-1</daysToKeep>
<numToKeep>-1</numToKeep>
</orphanedItemStrategy>
<triggers/>
<disabled>false</disabled>
<sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api@2.0.20">
<data>
<jenkins.branch.BranchSource>
<source class="jenkins.plugins.git.GitSCMSource" plugin="git@3.9.1">
<id>4702479a-6988-4a85-b4b7-e77fa2d05ffa</id>
<remote>https://git.webhosting.rug.nl/molgenis/molgenis-ops-tomcat.git</remote>
<credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
<traits>
<jenkins.plugins.git.traits.BranchDiscoveryTrait/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits>
</source>
<strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
<properties class="empty-list"/>
</strategy>
</jenkins.branch.BranchSource>
</data>
<owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
</sources>
<factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
<owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
<scriptPath>Jenkinsfile</scriptPath>
</factory>
</org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
molgenis-ops-tools: |-
<?xml version='1.1' encoding='UTF-8'?>
<org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch@2.19">
<actions/>
<description>MOLGENIS operations tools-package to configure firewall, apache, sudoers, etc.</description>
<displayName>molgenis-ops-tools</displayName>
<properties>
<org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
<dockerLabel></dockerLabel>
<registry plugin="docker-commons@1.13"/>
</org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
</properties>
<folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api@2.0.20">
<owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
</folderViews>
<healthMetrics>
<com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
<nonRecursive>false</nonRecursive>
</com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
</healthMetrics>
<icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api@2.0.20">
<owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
</icon>
<orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
<pruneDeadBranches>true</pruneDeadBranches>
<daysToKeep>-1</daysToKeep>
<numToKeep>-1</numToKeep>
</orphanedItemStrategy>
<triggers/>
<disabled>false</disabled>
<sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api@2.0.20">
<data>
<jenkins.branch.BranchSource>
<source class="jenkins.plugins.git.GitSCMSource" plugin="git@3.9.1">
<id>4702479a-6988-4a85-b4b7-e77fa2d05ffa</id>
<remote>https://git.webhosting.rug.nl/molgenis/molgenis-ops-tools.git</remote>
<credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
<traits>
<jenkins.plugins.git.traits.BranchDiscoveryTrait/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits>
</source>
<strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
<properties class="empty-list"/>
</strategy>
</jenkins.branch.BranchSource>
</data>
<owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
</sources>
<factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
<owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
<scriptPath>Jenkinsfile</scriptPath>
</factory>
</org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
# Kubernetes secret that contains a 'credentials.xml' for Jenkins
# CredentialsXmlSecret: jenkins-credentials
# Kubernetes secret that contains files to be put in the Jenkins 'secrets' directory,
# useful to manage encryption keys used for credentials.xml for instance (such as
# master.key and hudson.util.Secret)
# SecretsFilesSecret: jenkins-secrets
CustomConfigMap: true
rbac:
install: true
Pods:
molgenis:
Label: molgenis
NodeUsageMode: NORMAL
volumes:
- type: HostPath
hostPath: "/var/run/docker.sock"
mountPath: "/var/run/docker.sock"
Containers:
maven:
Image: "registry.webhosting.rug.nl/molgenis/maven"
ImageTag: lts
AlwaysPullImage: true
Command: cat
WorkingDir: /home/jenkins
TTY: true
resources:
requests:
cpu: "1"
memory: "4Gi"
EnvVars:
- type: KeyValue
key: MAVEN_OPTS
value: "-Duser.home=/home/jenkins"
- type: KeyValue
key: MAVEN_CONFIG
value: "/home/jenkins/.m2"
alpine:
Image: "spotify/alpine"
Command: cat
WorkingDir: /home/jenkins
TTY: true
vault:
Image: "vault"
Command: cat
WorkingDir: /home/jenkins
TTY: true
EnvVars:
- type: Secret
key: VAULT_TOKEN
secretName: molgenis-pipeline-vault-secret
secretKey: token
- type: Secret
key: VAULT_SKIP_VERIFY
secretName: molgenis-pipeline-vault-secret
secretKey: skipVerify
- type: Secret
key: VAULT_ADDR
secretName: molgenis-pipeline-vault-secret
secretKey: addr
helm:
Image: "lachlanevenson/k8s-helm"
ImageTag: "v2.10.0"
Command: cat
WorkingDir: /home/jenkins
TTY: true
NodeSelector: {
deployPod: "true"
}
node:
Label: node-carbon
NodeUsageMode: EXCLUSIVE
Containers:
node:
Image: "registry.webhosting.rug.nl/molgenis/node"
ImageTag: lts
AlwaysPullImage: true
Command: cat
WorkingDir: /home/jenkins
TTY: true
vault:
Image: "vault"
Command: cat
WorkingDir: /home/jenkins
TTY: true
EnvVars:
- type: Secret
key: VAULT_TOKEN
secretName: molgenis-pipeline-vault-secret
secretKey: token
- type: Secret
key: VAULT_SKIP_VERIFY
secretName: molgenis-pipeline-vault-secret
secretKey: skipVerify
- type: Secret
key: VAULT_ADDR
secretName: molgenis-pipeline-vault-secret
secretKey: addr
NodeSelector: {
deployPod: "true"
}
molgenis-it:
InheritFrom: molgenis
Label: molgenis-it
NodeUsageMode: EXCLUSIVE
Containers:
elasticsearch:
Image: docker.elastic.co/elasticsearch/elasticsearch
ImageTag: 5.5.3
resources:
requests:
cpu: "100m"
memory: "1Gi"
limits:
cpu: "1"
memory: "1500Mi"
EnvVars:
- type: KeyValue
key: ES_JAVA_OPTS
value: "-Xms512m -Xmx512m"
- type: KeyValue
key: cluster.name
value: molgenis
- type: KeyValue
key: bootstrap.memory_lock
value: "true"
- type: KeyValue
key: xpack.security.enabled
value: "false"
- type: KeyValue
key: discovery.type
value: single-node
postgres:
Image: postgres
ImageTag: 9.6-alpine
resources:
requests:
cpu: "100m"
memory: "250Mi"
limits:
cpu: "1"
memory: "250Mi"
EnvVars:
- type: KeyValue
key: POSTGRES_USER
value: molgenis
- type: KeyValue
key: POSTGRES_PASSWORD
value: molgenis
- type: KeyValue
key: POSTGRES_DB
value: molgenis
opencpu:
Image: molgenis/opencpu
AlwaysPullImage: true
resources:
requests:
cpu: "100m"
memory: "256Mi"
limits:
cpu: "1"
memory: "512Mi"
NodeSelector: {
deployPod: "true"
}
#secret contains configuration for the kubernetes secrets that jenkins can access
secret:
# vault configures the vault secret
vault:
token: xxxx
addr: "https://vault-operator.vault-operator.svc:8200"
skipVerify: "1"
# githubToken contains access token for jenkins bot account on github.com
gitHub:
user: "molgenis-jenkins"
token: xxxx
# gogs contains access token for jenkins bot account on RuG GoGs
gogs:
user: p281392
token: xxxx
# registry contains credentials for registry.molgenis.org
registry:
user: admin
password: xxxx
# dockerHubPassword contains password for hub.docker.com
dockerHub:
user: molgenisci
password: xxxx

69
molgenis-nexus/README.md
View File

@ -1,69 +0,0 @@
# MOLGENIS - NEXUS Helm Chart
NEXUS repository for kubernetes to deploy on a kubernetes cluster with NFS-share
## Chart Details
This chart will deploy:
- 1 NEXUS-nfs initialization container
We need this container to avoid permission issues on the NEXUS docker
- 1 NEXUS container
- 1 MOLGENIS-httpd container (to proxy the registry and docker to one domain)
## Backup restore
There are two steps in restoring the NEXUS.
- Database
- Blobstore
### Restore the database
Go to the commandline:
```bash
kubectl get pv
```
```bash
| NAME | CAPACITY | ACCESS | MODES | RECLAIM | POLICY | STATUS | CLAIM | STORAGECLASS | REASON | AGE |
| ---- | -------- | ------ | ----- | ------- | ------ | ------ | ----- | ------------ | ------ | --- |
| pvc-45988f55-900f-11e8-a0b4-005056a51744 | 30G | RWX | | Retain | Bound | molgenis-nexus/molgenis-nfs-claim | nfs-provisioner-retain | | | 33d |
| pvc-3984723d-220f-14e8-a98a-skjhf88823kk | 30G | RWO | | Delete | Bound | molgenis-test/molgenis-nfs-claim | nfs-provisioner | | | 33d |
```
The persistent volume is the one in the molgenis-nexus namespace.
Go to the NFS-provisioner to the path of the persistent volume:
```bash
ls -t --full-time | head -7 | xargs cp ../restore-from-backup/
```
### Restore the blobstore
You can copy the directory ```blobs``` to the target persistent volume ```/ blobs```.
You can now bring the NEXUS back up.
## Installing the Chart
You can test in install the chart by executing:
```helm lint .```
To test if your helm chart-syntax is right and:
```helm install . --dry-run --debug```
To test if your hem chart works and:
```helm install .```
To deploy it on the cluster.
```curl -L -u xxxx:xxxx http://registry.molgenis.org/repository/helm/ --upload-file molgenis-x.x.x.tgz```
To push it to the registry

37
molgenis-opencpu/templates/deployment.yaml
View File

@ -1,37 +0,0 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
{{- with .Values.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
name: {{ template "opencpu.fullname" . }}
labels:
app: {{ template "opencpu.name" . }}
chart: {{ template "opencpu.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: {{ template "opencpu.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "opencpu.name" . }}
release: {{ .Release.Name }}
spec:
containers:
{{- with .Values.opencpu }}
- name: {{ .name }}
image: "{{ .image.repository }}/{{ .image.name }}:{{ .image.tag }}"
imagePullPolicy: {{ .image.pullPolicy }}
ports:
- containerPort: {{ .service.port }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}

43
molgenis-opencpu/values.yaml
View File

@ -1,43 +0,0 @@
# Default values for nexus.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
environment: production
opencpu:
name: opencpu
strategy:
type: Recreate
restartPolicy: Always
image:
repository: registry.hub.docker.com
name: molgenis/opencpu
tag: stable
pullPolicy: Always
service:
name: opencpu
type: LoadBalancer
port: 8004
firewall:
- 145.100.224.1/24
ingress:
enabled: false
annotations: {
kubernetes.io/ingress.class: "nginx",
nginx.ingress.kubernetes.io/proxy-body-size: "0"
}
path: /
hosts:
- name: opencpu.molgenis.org
tls: []
nodeSelector: {
deployPod: "true"
}
tolerations: []
affinity: {}

52
molgenis-vault/README.md
View File

@ -1,52 +0,0 @@
# MOLGENIS Vault helm chart
This chart creates a vault operator, but NO vault.
The vault operator defines a new custom resource named `vault` that you can use to create vaults.
After launching the operator, create the molgenis vault manually:
`kubectl create -f resources/vault.yaml`
That creates a new vault with two vault pods.
See https://github.com/coreos/vault-operator/blob/master/doc/user/vault.md
## Parameters
### Azure cloud credentials
Define credentials for backup to the Azure Blob Store.
See [etcd-operator documentation](https://github.com/coreos/etcd-operator/blob/master/doc/user/abs_backup.md).
| Parameter | Description | Default |
| --------------- | ----------------------------- | ------------------ |
| `abs.account` | name of storage account | `fdlkops` |
| `abs.accessKey` | access key of storage account | `xxxx` |
| `abs.cloud` | name of cloud environment | `AzurePublicCloud` |
### Backup job
Define the schedule of the backup job
| Parameter | Description | Default |
| -------------------- | ---------------------------- | ------------- |
| `backupJob.enable` | Enable backup cronjob | `true` |
| `backupJob.schedule` | cron schedule for the backup | `0 12 * * 1` |
### UI
Parameter | Description | Default
--------- | ----------- | -------
`ui.replicaCount` | desired number of Vault UI pod | `1`
`ui.image.repository` | Vault UI container image repository | `djenriquez/vault-ui`
`ui.image.tag` | Vault UI container image tag | `latest`
`ui.resources` | Vault UI pod resource requests & limits | `{}`
`ui.nodeSelector` | node labels for Vault UI pod assignment | `{deployPod: "true"}`
`ui.ingress.enabled` | If true, Vault UI Ingress will be created | `true`
`ui.ingress.annotations` | Vault UI Ingress annotations | `{}`
`ui.ingress.host` | Vault UI Ingress hostname | `vault.molgenis.org`
`ui.ingress.tls` | Vault UI Ingress TLS configuration (YAML) | `[]`
`ui.vault.url` | Vault UI default vault url | `https://vault.vault-operator:8200`
`ui.vault.auth` | Vault UI login method | `GITHUB`
`ui.service.name` | Vault UI service name | `vault-ui`
`ui.service.type` | type of ui service to create | `ClusterIP`
`ui.service.externalPort` | Vault UI service target port | `8000`
`ui.service.internalPort` | Vault UI container port | `8000`
`ui.service.nodePort` | Port to be used as the service NodePort (ignored if `server.service.type` is not `NodePort`) | `0`

86
molgenis-vault/values.yaml
View File

@ -1,86 +0,0 @@
# Default values for molgenis-vault.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# abs gives details of the credentials to reach the azure backup storage
abs:
# account is the name of the Storage account
account: fdlkops
# access key for the Storage account
accessKey: xxxx
# default cloud
cloud: AzurePublicCloud
# backupjob describes the backup cronjob
backupJob:
# enable enables the backup job
enable: true
# schedule gives the cron schedule for the backup job
schedule: "0 12 * * 1"
vault-operator:
nodeSelector:
deployPod: "true"
###
# All of the config variables related to setting up the etcd-operator
# If you want more information about the variables exposed, please visit:
# https://github.com/kubernetes/charts/tree/master/stable/etcd-operator#configuration
###
etcd-operator:
deployments:
etcdOperator: true
backupOperator: true
restoreOperator: true
serviceAccount:
etcdOperatorServiceAccount:
create: true
backupOperatorServiceAccount:
create: true
restoreOperatorServiceAccount:
create: true
etcdOperator:
image:
tag: v0.9.2
backupOperator:
image:
tag: v0.9.2
restoreOperator:
image:
tag: v0.9.2
nodeSelector:
deployPod: "true"
ui:
name: "vault-ui"
replicaCount: 1
image:
repository: djenriquez/vault-ui
tag: latest
service:
name: vault-ui
type: ClusterIP
externalPort: 8000
internalPort: 8000
# nodePort: 32001
ingress:
enabled: true
# Used to create Ingress record (should used with service.type: ClusterIP).
host: vault.molgenis.org
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
#requests:
# cpu: 100m
# memory: 128Mi
nodeSelector:
deployPod: "true"
vault:
auth: GITHUB
url: https://vault.vault-operator:8200

102
molgenis/values.yaml
View File

@ -1,102 +0,0 @@
# Default values for molgenis.
replicaCount: 1
service:
type: LoadBalancer
firewall:
enabled: false
kind: "umcg"
umcg:
rules:
- 127.0.0.1/32
cluster:
rules:
- 127.0.0.1/32
port: 8080
ingress:
enabled: true
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
path: /
hosts:
- name: test.molgenis.org
tls: []
molgenis:
image:
repository: registry.hub.docker.com
name: molgenis/molgenis-app
tag: stable
pullPolicy: Always
adminPassword:
javaOpts:
maxHeapSpace: "1g"
resources:
limits:
cpu: 1
memory: 1250Mi
requests:
cpu: 200m
memory: 1250Mi
persistence:
claim: molgenis-nfs-claim
size: 5Gi
services:
opencpu:
host: localhost
elasticsearch:
transportAddresses: localhost:9300
clusterName: molgenis
postgres:
embedded: false
host: localhost
scheme: molgenis
user: molgenis
password: molgenis
elasticsearch:
image:
repository: docker.elastic.co/elasticsearch/elasticsearch
tag: 5.5.3
pullPolicy: IfNotPresent
javaOpts: "-Xms1g -Xmx1g"
clusterName: molgenis
resources:
limits:
cpu: 2
memory: 3Gi
requests:
cpu: 100m
memory: 1Gi
persistence:
claim: elasticsearch-nfs-claim
size: 5Gi
postgres:
image:
repository: postgres
tag: 9.6-alpine
pullPolicy: IfNotPresent
resources:
limits:
cpu: 1
memory: 250Mi
requests:
cpu: 100m
memory: 250Mi
persistence:
claim: postgres-nfs-claim
size: 5Gi
persistence:
enabled: true
retain: false
nodeSelector:
deployPod: "true"
tolerations: []
affinity: {}