updated production chart and removed preview chart

molgenis/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
 appVersion: "1.0"
 description: MOLGENIS - helm stack (in BETA)
-name: molgenis-beta
-version: 0.3.0
+name: molgenis
+version: 0.4.0
 sources:
 - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
 icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis/catalogIcon-molgenis.svg

molgenis/README.md

@@ -21,6 +21,19 @@ The three properties you need to specify are:
 Besides determining which image you want to pull, you also have to set an administrator password. You can do this by specifying the following property. 
 - ```molgenis.adminPassword```
 
+### Firewall
+Is defined at service level you can specify this attribute in the values:
+
+- ```molgenis.firewall.enabled``` default 'false' 
+
+If set to 'true' the following options are available. One of the options below has to be set.
+
+- ```molgenis.firewall.umcg.enabled``` default 'false'  
+- ```molgenis.firewall.cluster.enabled``` default 'false'
+
+UMCG = only available within the UMCG.
+Cluster = only available within the GCC cluster environment.
+
 ## Services
 When you start MOLGENIS you need:
 - an elasticsearch instance (5.5.6) 
@@ -82,15 +95,16 @@ Select the resources you need dependant on the customer you need to serve.
 ## Persistence
 You can enable persistence on your MOLGENIS stack by specifying the following property.
 
-- ```persistence.enabled```
+- ```persistence.enabled``` default 'true'
 
 You can also choose to retain the volume of the NFS.
-- ```persistence.retain```
+- ```persistence.retain``` default 'false'
 
 The size and claim name can be specified per service. There are now two services that can be persist.
 
 - MOLGENIS
 - ElasticSearch
+- PostgreSQL **(optional)**
 
 MOLGENIS persistent properties.
 - ```molgenis.persistence.claim```
@@ -100,6 +114,9 @@ ElasticSearch persistent properties.
 - ```elasticsearch.persistence.claim```
 - ```elasticsearch.persistence.size```
 
+PostgreSQL persistent properties.
+- ```postgres.persistence.claim```
+- ```postgres.persistence.size```
 
 ### Resolve you persistent volume
 You do not know which volume is attached to your MOLGENIS instance. You can resolve this by executing:
@@ -116,7 +133,4 @@ You can now view the persistent volume claims and the attached volumes.
 | pvc-3984723d-220f-14e8-a98a-skjhf88823kk | 30G | RWO | | Delete | Bound | molgenis-test/molgenis-nfs-claim | nfs-provisioner | | | 33d |
 
 You see the ```molgenis-test/molgenis-nfs-claim``` is bound to the volume: ```pvc-3984723d-220f-14e8-a98a-skjhf88823kk```.
-When you want to view the data in the this volume you can go to the nfs-provisioning pod and execute the shell. Go to the directory ```export``` and lookup the directory ```pvc-3984723d-220f-14e8-a98a-skjhf88823kk```. 
-
-## Firewall
-Is defined at cluster level. This chart does not facilitate firewall configuration.
+When you want to view the data in the this volume you can go to the nfs-provisioning pod and execute the shell. Go to the directory ```export``` and lookup the directory ```pvc-3984723d-220f-14e8-a98a-skjhf88823kk```. 

molgenis/questions.yml

@@ -8,7 +8,7 @@ questions:
   description: "Hostname for your stack"
   type: hostname
   required: true
-  group: "Load Balancing"
+  group: "Load balancing"
 - variable: molgenis.image.repository
   label: Registry
   default: "registry.hub.docker.com"
@@ -33,6 +33,25 @@ questions:
   type: password
   required: true
   group: "Provisioning"
+- variable: service.firewall.enabled
+  label: Firewall enabled
+  default: false
+  description: "Firewall enabled (can be cluster or UMCG scoped)"
+  type: boolean
+  required: true
+  group: "Provisioning"
+  show_subquestion_if: true
+  subquestions:
+  - variable: service.firewall.umcg.enabled
+    default: false
+    description: "Firewall within the UMCG environment"
+    type: boolean
+    label: Firewall UMCG enabled
+  - variable: service.firewall.cluster.enabled
+    default: false
+    description: "Firewall within the cluster environment"
+    type: boolean
+    label: Firewall cluster enabled
 - variable: molgenis.services.opencpu.host
   label: OpenCPU cluster
   default: "localhost"
@@ -40,34 +59,43 @@ questions:
   type: string
   required: true
   group: "Services"
-- variable: molgenis.services.postgres.host
-  label: Postgres cluster location
-  default: "postgresql.molgenis-postgresql.svc"
-  description: "Set the location of the postgres cluster"
-  type: string
-  required: true
-  group: "Services"
-- variable: molgenis.services.postgres.scheme
-  label: Database scheme
-  default: "molgenis"
-  description: "Set the database scheme"
-  type: string
-  required: true
-  group: "Services"
-- variable: molgenis.services.postgres.user
-  label: Database username
-  default: "molgenis"
-  description: "Set user of the database scheme"
-  type: string
-  required: true
-  group: "Services"
-- variable: molgenis.services.postgres.password
-  label: Database password
-  default: "molgenis"
-  description: "Set the password of the database scheme"
-  type: string
+- variable: molgenis.services.postgres.embedded
+  label: Postgres embedded
+  default: false
+  description: "Do you want an embedded postgres"
+  type: boolean
   required: true
   group: "Services"
+  show_subquestion_if: false
+  subquestions:
+  - variable: molgenis.services.postgres.host
+    label: Postgres cluster location
+    default: ""
+    description: "Set the location of the postgres cluster. This can be localhost when the postgres is enabled else you need to specify a cluster location if you do not want a embedded postgres instance)"
+    type: string
+    required: true
+    group: "Services"
+  - variable: molgenis.services.postgres.scheme
+    label: Database scheme
+    default: "molgenis"
+    description: "Set the database scheme"
+    type: string
+    required: true
+    group: "Services"
+  - variable: molgenis.services.postgres.user
+    label: Database username
+    default: "molgenis"
+    description: "Set user of the database scheme"
+    type: string
+    required: true
+    group: "Services"
+  - variable: molgenis.services.postgres.password
+    label: Database password
+    default: "molgenis"
+    description: "Set the password of the database scheme"
+    type: string
+    required: true
+    group: "Services"
 - variable: molgenis.resources.limits.memory
   label: Container memory limit
   default: 1250Mi
@@ -98,7 +126,7 @@ questions:
   - "2g"
   group: "Resources"
 - variable: persistence.enabled
-  default: false
+  default: true
   description: "Do you want to use persistence"
   type: boolean
   required: true
@@ -112,20 +140,29 @@ questions:
     type: boolean
     label: Retain volume
   - variable: molgenis.persistence.size
-    default: "30Gi"
+    default: "5Gi"
     description: "Size of MOLGENIS filestore (PostgreSQL and ElasticSearch excluded)"
     type: enum
     options:
-    - "30Gi"
-    - "50Gi"
-    - "100Gi"
+    - "5Gi"
+    - "10Gi"
+    - "20Gi"
     label: Size MOLGENIS filestore
   - variable: elasticsearch.persistence.size
-    default: "50Gi"
+    default: "5Gi"
     description: "Size of ElasticSearch data (directory that is persist: /usr/share/elasticsearch/data)"
     type: enum
     options:
+    - "5Gi"
+    - "10Gi"
     - "50Gi"
-    - "100Gi"
-    - "200Gi"
-    label: Size for ElasticSearch data
+    label: Size for ElasticSearch data
+  - variable: postgres.persistence.size
+    default: "5Gi"
+    description: "Size of PostgreSQL data (directory that is persist: /var/lib/postgresql/data/pgdata)"
+    type: enum
+    options:
+    - "5Gi"
+    - "10Gi"
+    - "50Gi"
+    label: Size for PostgreSQL data

molgenis/templates/deployment.yaml

@@ -97,11 +97,31 @@ spec:
           - name: elasticsearch-nfs
             mountPath: /usr/share/elasticsearch/data
           {{- end }}
-
           resources:
 {{ toYaml .resources | indent 12 }}
         {{- end }}
 
+        - name: postgres
+        {{- with .Values.postgres }}
+          image: "{{ .image.repository }}:{{ .image.tag }}"
+          imagePullPolicy: {{ .image.pullPolicy }}
+          env:
+            - name: POSTGRES_USER
+              value: {{ $.Values.molgenis.services.postgres.user }}
+            - name: POSTGRES_PASSWORD
+              value: {{ $.Values.molgenis.services.postgres.password }}
+            - name: POSTGRES_DB
+              value: {{ $.Values.molgenis.services.postgres.scheme }}
+          ports:
+            - containerPort: 5432
+          resources:
+{{ toYaml .resources | indent 12 }}
+          volumeMounts:
+          - name: postgres-nfs
+            mountPath: /var/lib/postgresql/data
+        {{- end }}
+
+
 {{- if .Values.persistence.enabled }}
       volumes:
         - name: molgenis-nfs
@@ -110,6 +130,9 @@ spec:
         - name: elasticsearch-nfs
           persistentVolumeClaim:
             claimName: {{ .Values.elasticsearch.persistence.claim }}
+        - name: postgres-nfs
+          persistentVolumeClaim:
+            claimName: {{ .Values.postgres.persistence.claim }}
 {{- end }}
 
     {{- with .Values.nodeSelector }}

molgenis/templates/ingress.yaml

@@ -4,7 +4,7 @@
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
-  name: {{ $fullName }}
+  name: "{{ $.Release.Name }}-ingress"
   labels:
     app: {{ template "molgenis.name" . }}
     chart: {{ template "molgenis.chart" . }}
@@ -33,6 +33,6 @@ spec:
           - path: {{ $ingressPath }}
             backend:
               serviceName: {{ $fullName }}
-              servicePort: 8080
+              servicePort: {{ $.Values.service.port }}
   {{- end }}
 {{- end }}

molgenis/templates/persistence/postgresPVC.yaml

@@ -0,0 +1,19 @@
+{{- if .Values.molgenis.services.postgres.embedded -}}
+apiVersion: extensions/v1beta1
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ .Values.postgres.persistence.claim }}
+  annotations:
+    {{- if .Values.persistence.retain }}
+    volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain"
+    {{- else }}
+    volume.beta.kubernetes.io/storage-class: "nfs-provisioner"
+    {{- end }}
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .Values.postgres.persistence.size }}
+{{- end }}

molgenis/templates/service.yaml

@@ -9,6 +9,19 @@ metadata:
     heritage: {{ .Release.Service }}
 spec:
   type: {{ .Values.service.type }}
+{{- if .Values.service.firewall.enabled }}
+  loadBalancerSourceRanges:
+{{- if .Values.service.firewall.umcg.enabled }}
+    {{- range $index, $rule := .Values.service.firewall.umcg.rules }}
+    - {{ $rule }}
+    {{- end }}
+{{- if .Values.service.firewall.cluster.enabled }}
+    {{- range $index, $rule := .Values.service.firewall.cluster.rules }}
+    - {{ $rule }}
+    {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
   ports:
     - name: molgenis
       port: {{ .Values.service.port }}

molgenis/values.yaml

@@ -4,6 +4,16 @@ replicaCount: 1
 
 service:
   type: LoadBalancer
+  firewall:
+    enabled: false
+    umcg:
+      enabled: false
+      rules:
+      - 127.0.0.1/32
+    cluster:
+      enabled: false
+      rules:
+      - 127.0.0.1/32
   port: 8080
 
 ingress:
@@ -33,7 +43,7 @@ molgenis:
       memory: 1250Mi
   persistence:
     claim: molgenis-nfs-claim
-    size: 30Gi
+    size: 5Gi
   services:
     opencpu:
       host: localhost
@@ -41,6 +51,7 @@ molgenis:
       transportAddresses: localhost:9300
       clusterName: molgenis
     postgres:
+      embedded: false
       host: localhost
       scheme: molgenis
       user: molgenis
@@ -62,10 +73,26 @@ elasticsearch:
     memory: 1Gi
   persistence:
     claim: elasticsearch-nfs-claim
-    size: 50Gi
+    size: 5Gi
+
+postgres:
+  image:
+    repository: postgres
+    tag: 9.6-alpine
+    pullPolicy: IfNotPresent
+  resources:
+    limits:
+      cpu: 1
+      memory: 250Mi
+    requests:
+      cpu: 100m
+      memory: 250Mi
+  persistence:
+    claim: postgres-nfs-claim
+    size: 5Gi
 
 persistence:
-  enabled: false
+  enabled: true
   retain: false
 
 nodeSelector: {