P129679/molgenis-ops-docker-helm
1
0
Fork 0
Code Releases Activity

Compare commits

base: P129679:008fd5261e1f90c4114663803510f7b8a6b8a673
Branches Tags
P129679:master P129679:fix/links P129679:chore/pipeline P129679:revert/nodeSelector P129679:chore/nodeSelector P129679:chore/jenkins-gitsource P129679:fix/75 P129679:chore/upgrade-jenkins P129679:feature/molgenis-it P129679:feat/helm-in-jenkins P129679:doc/helm-role P129679:feature/helm-role P129679:feature/s3 P129679:chore/remove-secrets P129679:feature/vault P129679:deploy-test
..
compare: P129679:chore/jenkins-gitsource
Branches Tags
P129679:fix/links P129679:master P129679:chore/pipeline P129679:revert/nodeSelector P129679:chore/nodeSelector P129679:chore/jenkins-gitsource P129679:fix/75 P129679:chore/upgrade-jenkins P129679:feature/molgenis-it P129679:feat/helm-in-jenkins P129679:doc/helm-role P129679:feature/helm-role P129679:feature/s3 P129679:chore/remove-secrets P129679:feature/vault P129679:deploy-test

79 Commits
008fd5261e ... chore/jenk

Author SHA1 Message Date
Fleur Kelpin
a9571dbdcb Merge branch 'master' of https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm into chore/jenkins-gitsource 2018-09-27 16:20:41 +02:00
Sido Haakma
364fe53114 Merge branch 'chore/upgrade-jenkins' of P129679/molgenis-ops-docker-helm into master 2018-09-27 16:10:52 +02:00
Sido Haakma
4f9c9866cf Merge branch 'fix/75' of P129679/molgenis-ops-docker-helm into master 2018-09-27 16:10:03 +02:00
Fleur Kelpin
525847fdf5 fix(molgenis): Recreate pods upon upgrade 
The default upgrade strategy would cause multiple instances of MOLGENIS to run on the same database.
Use Recreate strategy instead.

Fixes #75
 2018-09-27 11:46:11 +02:00
Fleur Kelpin
3ae115c429 chore(molgenis-jenkins): Upgrade chart version 2018-09-27 11:26:25 +02:00
Fleur Kelpin
76b39cc236 chore(molgenis-jenkins): Upgrade plugins 2018-09-27 11:21:34 +02:00
Fleur Kelpin
0a328dd9d3 chore(molgenis-jenkins): Upgrade jenkins to 0.18.0 2018-09-27 11:01:41 +02:00
Fleur Kelpin
5760171c4b Merge branch 'use-molgenis-prod-in-helm' of p281392/molgenis-ops-docker-helm into master 2018-09-26 18:05:06 +02:00
Fleur Kelpin
e192f5819a Merge branch 'add-skip-build-config' of p281392/molgenis-ops-docker-helm into master 2018-09-26 18:00:56 +02:00
sido
aaad66b40f updated pvc creation of postgres 2018-09-26 17:39:47 +02:00
sido
b201117f9a updated pvc initialization 2018-09-26 17:27:45 +02:00
sido
74a87892fb bumped patch version 2018-09-26 17:18:33 +02:00
Fleur Kelpin
1b84f5ab6f chore(molgenis-jenkins): Configure extra traits for molgenis github source 2018-09-26 17:18:00 +02:00
sido
6f995f45bd updated postgres instances and firewall configuration 2018-09-26 16:52:06 +02:00
Fleur Kelpin
35c7fd79af Merge branch 'implement-nfs-provisioning-nexus' of p281392/molgenis-ops-docker-helm into master 2018-09-26 16:34:34 +02:00
sido
039c9993f6 fix for postgres volume mount, not available when persistence is not enabled 2018-09-26 16:30:33 +02:00
sido
d4d9d5931d added embedded containers 2018-09-26 16:09:20 +02:00
sido
f10b8d7ea8 updated production chart and removed preview chart 2018-09-26 16:04:22 +02:00
Fleur Kelpin
95dc0acabd Merge branch 'add-opencpu-chart' of p281392/molgenis-ops-docker-helm into master 2018-09-26 10:34:48 +02:00
Sido Haakma
36e2c25f94 Merge branch 'feature/molgenis-it' of P129679/molgenis-ops-docker-helm into master 2018-09-26 10:30:58 +02:00
sido
1ed41d6c36 updated chart to enable and disable ingress on demand 2018-09-25 23:32:25 +02:00
Fleur Kelpin
a74507cafb chore(molgenis-jenkins): Add molgenis-it pod template 2018-09-25 13:00:34 +02:00
Sido Haakma
4c2f9bc035 Merge branch 'feat/helm-in-jenkins' of P129679/molgenis-ops-docker-helm into master 2018-09-24 14:11:44 +02:00
Sido Haakma
63a08f2264 Merge branch 'doc/helm-role' of P129679/molgenis-ops-docker-helm into master 2018-09-24 13:09:54 +02:00
Fleur Kelpin
95d4a1e13e chore(molgenis-jenkins): Add helm container to molgenis pod template. 2018-09-24 11:55:53 +02:00
Fleur Kelpin
9dedfc1690 doc: How to configure helm role 2018-09-21 15:17:14 +02:00
sido
bed36a7dd2 added opencpu stack 2018-09-20 20:42:35 +02:00
sido
a4c4d19fe2 renamed service again 2018-09-20 16:54:34 +02:00
sido
d0c9c91ff3 updated nexus to connect to nfs provisioning 2018-09-20 16:50:46 +02:00
Fleur Kelpin
16f2701fd2 Merge branch 'add-pvs-to-molgenis' of p281392/molgenis-ops-docker-helm into master 2018-09-12 09:50:34 +02:00
sido
501982ca53 removed redunant volume entry in deployment 2018-09-12 08:19:48 +02:00
sido
7305d54630 updated volume name 2018-09-12 08:17:34 +02:00
sido
c28f08bedd one end to much 2018-09-12 08:15:38 +02:00
sido
321af8f2f2 updated labels and desc 2018-09-12 08:13:33 +02:00
sido
d17c137dd5 added elasticsearch persistence 2018-09-12 08:04:59 +02:00
Sido Haakma
6f0262d2d9 Merge branch 'chore/remove-secrets' of P129679/molgenis-ops-docker-helm into master 2018-09-11 17:10:10 +02:00
sido
34c8f048b9 also upgraded the default value in values.yaml 2018-09-11 17:08:44 +02:00
sido
d7ccab34c4 version bump and enumerized values for sizing volumes 2018-09-11 17:07:14 +02:00
sido
5fd05f505a updated docs 2018-09-11 16:59:40 +02:00
sido
61d5505126 updated persistence README.md 2018-09-11 16:56:27 +02:00
sido
e5cbcdf933 added retainability for pv's 2018-09-11 15:48:56 +02:00
sido
04bd9cd653 added persistence to questions and bumped chart 2018-09-11 13:51:58 +02:00
sido
88134dbccb Merge branch 'master' of https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm into add-pvs-to-molgenis 2018-09-11 13:46:37 +02:00
Fleur Kelpin
8d81b873b7 Merge branch 'add-molgenis-production' of p281392/molgenis-ops-docker-helm into master 2018-09-11 13:41:10 +02:00
sido
dc270c1f65 updated threshold to 25 because instant rebooting 2018-09-11 13:30:43 +02:00
sido
69d3698efb set password required 2018-09-11 13:05:45 +02:00
sido
f1d4a6ee3b specify administrator password 2018-09-11 13:04:28 +02:00
sido
bf770cc05e added thresholds to readiness and liveness probes 2018-09-11 12:57:40 +02:00
sido
6f4f98c091 updated questions 2018-09-11 12:41:56 +02:00
sido
71e59f7639 bumped version to 0.1.0 2018-09-11 12:38:21 +02:00
sido
36f6a242c6 updated memory reservation of MOLGENIS container and updated notation of memory elastic 2018-09-11 12:36:57 +02:00
sido
fc7c564e44 optimized memory limits and removed cpu limit 2018-09-11 12:25:28 +02:00
sido
947e389b92 moved volumes down below in deployment 2018-09-10 22:06:20 +02:00
sido
ed948c40aa referred to right config values.yaml 2018-09-10 22:02:18 +02:00
sido
bfb2e45877 added volumes 2018-09-10 22:00:51 +02:00
sido
59d99deab5 restrcuture deployment 2018-09-10 21:57:39 +02:00
sido
a660aff355 udpated structure 2018-09-10 21:53:29 +02:00
sido
846df81522 udpated structure 2018-09-10 21:49:12 +02:00
sido
a2922c4d49 persistence keys in deploymeny 2018-09-10 21:47:12 +02:00
sido
0c9548069c add subquestion heading 2018-09-10 21:44:34 +02:00
sido
5a98e35273 added persistence properties to values and deployment 2018-09-10 21:41:54 +02:00
sido
9d807d28fc updated start times of liveness probe 2018-09-10 17:38:50 +02:00
sido
d9053b656c updated volume claims 2018-09-10 17:37:50 +02:00
Fleur Kelpin
a836ab4e6e chore (molgenis-jenkins): Retrieve pipeline secrets from vault when possible. 2018-09-10 17:28:42 +02:00
sido
581655fe92 Merge branch 'master' of https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm into add-molgenis-production 2018-09-10 17:13:12 +02:00
sido
14b27fc043 updated persistence configuration 2018-09-10 17:05:10 +02:00
sido
cf47b432e2 added persistence to questions 2018-09-10 16:59:14 +02:00
sido
11b25a5df6 added initialDelay 2018-09-10 16:53:58 +02:00
sido
38f89721e7 preview rbac config deleted 2018-09-10 16:46:13 +02:00
sido
e0f5d40084 added postgrescluster to chart 2018-09-10 15:23:12 +02:00
sido
4de20d9bd6 add liveness probes 2018-09-10 15:21:10 +02:00
sido
5eea95cfbc added elasticsearch 2018-09-10 13:51:09 +02:00
sido
b383cc4517 added default value for opencpu cluster 2018-09-10 11:38:51 +02:00
sido
d4307ab3b2 updated version to BETA status 2018-09-10 11:34:51 +02:00
sido
793cf80820 updated README and questions.yml 2018-09-10 11:32:14 +02:00
sido
3d93546b47 updated production chart 2018-09-07 16:51:41 +02:00
sido
31567c281a Merge branch 'master' of https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm into add-molgenis-production 2018-09-07 09:50:35 +02:00
sido
89b1639449 added molgenis production chart 2018-09-07 09:50:03 +02:00
sido
7c9a7a143b add plugin for skipping build after release 2018-08-10 08:20:46 +02:00
56 changed files with 1166 additions and 681 deletions
Expand all files Collapse all files

21
README.md
View File

@ -104,6 +104,7 @@ This repository is serves also as a catalogue for Rancher. We have serveral apps
- [Jenkins](molgenis-jenkins/README.md)
- [NEXUS](molgenis-nexus/README.md)
- [HTTPD](molgenis-httpd/README.md)
- [MOLGENIS](molgenis/README.md)
- [MOLGENIS preview](molgenis-preview/README.md)
- [MOLGENIS vault](molgenis-vault/README.md)
@ -122,6 +123,26 @@ You can you need to know to easily develop and deploy helm-charts
Do it in the root of the project where the Chart.yaml is located
It installs a release of a kubernetes stack. You also store this as an artifact in a kubernetes repository
- ```helm package .```
You can create a package which can be uploaded in the molgenis helm repository
- ```helm publish```
You still have to create an ```index.yaml``` for the chart. You can do this by executing this command: ```helm repo index #directory name of helm chart#```
Then you can upload it by executing:
- ```curl -v --user #username#:#password# --upload-file index.yaml https://registry.molgenis.org/repository/helm/#chart name#/index.yml```
- ```curl -v --user #username#:#password# --upload-file #chart name#-#version#.tgz https://registry.molgenis.org/repository/helm/#chart name#/#chart name#-#version#.tgz```
Now you have to add the repository locally to use in your ```requirements.yaml```.
- ```helm repo add #repository name# https://registry.molgenis.org/repository/helm/molgenis```
- ```helm dep build```
You can build your dependencies (create a ```charts``` directory and install the chart in it) of the helm-chart.
- ```helm list```
Lists all installed releases

2
molgenis-jenkins/Chart.yaml
View File

@ -1,6 +1,6 @@
name: molgenis-jenkins
home: https://jenkins.io/
version: 0.7.0
version: 0.7.1
appVersion: 2.121
description: Molgenis installation for the jenkins chart.
sources:

87
molgenis-jenkins/README.md
View File

@ -40,57 +40,62 @@ You can use [all configuration values of the jenkins subchart](https://github.co
### GitHub Authentication delegation
You need to setup a MOLGENIS - Jenkins GitHub OAuth App. You can do this by accessing this url: [add new OAuth app](https://github.com/settings/applications/new).
### Additional configuration
There is one additional group of configuration items specific for this chart, so not prefixed with `jenkins`:
### Secrets
* PipelineSecrets
When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins and mounted in the jenkins
build pods. The secrets, like the rest of the deployment, is namespaced so multiple instances can run beside
each other with their own secrets.
When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins.
You can override the values at deploy time but otherwise also configure them
[in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
* Vault
#### Vault
New vault token to be used by the pods to retrieve their tokens from the vault.
The vault secret gets mounted in the vault pod so pipeline scripts can retrieve secrets from the vault.
| Parameter | Description | Default |
| ------------------------- | ------------------------------------------ | ---------------------------------------------- |
| `secret.vault.token` | Token to log into the hashicorp vault | `xxxx` |
| `secret.vault.addr` | Address of the vault | `https:vault-operator.vault-operator.svc:8200` |
| `secret.vault.skipVerify` | Skip verification of the https connection | `1` |
#### GitHub
Token used by Jenkins to authenticate on GitHub.
| Parameter | Description | Default |
| --------------------- | ------------------------ | ------------------ |
| `secret.gitHub.user` | username for the account | `molgenis-jenkins` |
| `secret.gitHub.token` | token for the account | `xxxx` |
#### Gogs
Token used by Jenkins to authenticate on the [RuG Webhosting Gogs](https://git.webhosting.rug.nl).
| Parameter | Description | Default |
| ------------------- | ------------------------ | --------- |
| `secret.gogs.user` | username for the account | `p281392` |
| `secret.gogs.token` | token for the account | `xxxx` |
#### Legacy:
##### Docker Hub
| Parameter | Description | Default |
| ---------------------------------- | ------------------------------------------ | ---------------------------------------------- |
| `PipelineSecrets.Vault.Replace` | Replace the molgenis-pipeline-vault secret | `true` |
| `PipelineSecrets.Vault.Token` | Token to log into the hashicorp vault | `xxxx` |
| `PipelineSecrets.Vault.Addr` | Address of the vault | `https:vault-operator.vault-operator.svc:8200` |
| `PipelineSecrets.Vault.SkipVerify` | Skip verification of the https connection | `1` |
Account used in pipeline builds to push docker images to `hub.docker.com`.
> They should read `secret/gcc/account/dockerhub` from vault instead!
* Env
| Parameter | Description | Default |
| --------------------------- | ------------------------ | --------------- |
| `secret.dockerHub.user` | username for the account | `molgenisci` |
| `secret.dockerHub.password` | password for the account | `xxxx` |
##### Registry
Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
in the slave pods.
Account used in pipeline builds to push docker images to `registry.molgenis.org`.
> They should read `secret/ops/account/nexus` from vault instead!
| Parameter | Description | Default |
| --------------------------------------- | ----------------------------------------- | --------------- |
| `PipelineSecrets.Env.Replace` | Replace molgenis-pipeline-env secret | `true` |
| `PipelineSecrets.Env.PGPPassphrase` | passphrase for the pgp signing key | `literal:xxxx` |
| `PipelineSecrets.Env.CodecovToken` | token for codecov.io | `xxxx` |
| `PipelineSecrets.Env.GitHubToken` | token for GH molgenis-jenkins user | `xxxx` |
| `PipelineSecrets.Env.NexusPassword` | token for molgenis-jenkins user in NEXUS | `xxxx` |
| `PipelineSecrets.Env.DockerHubPassword` | token for molgenis user in hub.docker.com | `xxxx` |
| `PipelineSecrets.Env.SonarToken` | token for sonarcloud.io | `xxxx` |
| `PipelineSecrets.Env.NpmToken` | token for npmjs.org | `xxxx` |
| `PipelineSecrets.Env.SauceAccessKey` | token for saucelabs.com | `xxxx` |
* File
Environment variables stored in molgenis-pipeline-file secret, to be mounted as files
in the `/root/.m2` directory of the slave pods.
> The settings.xml file references the
| Parameter | Description | Default |
| -------------------------------------- | ------------------------------------- | ------------------------------------------------------------------------------- |
| `PipelineSecrets.File.Replace` | Replace molgenis-pipeline-file secret | `true` |
| `PipelineSecrets.File.PGPPrivateKeyAsc`| pgp signing key in ascii form | `-----BEGIN PGP PRIVATE KEY BLOCK-----xxxxx-----END PGP PRIVATE KEY BLOCK-----` |
| `PipelineSecrets.File.MavenSettingsXML`| Maven settings.xml file | `<settings>[...]</settings>` (see actual [values.yaml](values.yaml)) |
| Parameter | Description | Default |
| --------------------------- | ------------------------ | --------- |
| `secret.dockerHub.user` | username for the account | `admin` |
| `secret.dockerHub.password` | password for the account | `xxxx` |
## Command line use
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.

BIN
molgenis-jenkins/charts/jenkins-0.16.4.tgz
View File

Binary file not shown.

BIN
molgenis-jenkins/charts/jenkins-0.18.0.tgz Normal file
View File

Binary file not shown.

4
molgenis-jenkins/requirements.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: jenkins
repository: https://kubernetes-charts.storage.googleapis.com/
version: 0.16.4
version: 0.18.0
digest: sha256:39f694515489598fa545c9a5a4f1347749e8f2a8d7fae6ccae3e2acae1564685
generated: 2018-06-27T14:36:23.172954738+02:00
generated: 2018-09-27T11:00:15.795416984+02:00

6
molgenis-jenkins/resources/README.md Normal file
View File

@ -0,0 +1,6 @@
To be able to run helm inside a jenkins pod, you'll need to
* create a role in the namespace where tiller is installed
* bind that role to the user that jenkins pods run as
This directory contains yaml for these resources.
See also https://github.com/helm/helm/blob/master/docs/rbac.md

13
molgenis-jenkins/resources/jenkins-default-tiller-user-rolebinding.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: tiller-jenkins-binding
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: tiller-user
subjects:
- kind: ServiceAccount
name: default
namespace: molgenis-jenkins

18
molgenis-jenkins/resources/tiller-user-role.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: tiller-user
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- pods/portforward
verbs:
- create
- apiGroups:
- ""
resources:
- pods
verbs:
- list

6
molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml
View File

@ -8,9 +8,9 @@ metadata:
"jenkins.io/credentials-type": "usernamePassword"
annotations: {
# description - can not be a label as spaces are not allowed
"jenkins.io/credentials-description" : "user to authenticate against Docker Hub (hub.docker.com)"
"jenkins.io/credentials-description" : "(deprecated by vault) Account used in pipeline builds to push docker images to Docker Hub (hub.docker.com)"
}
type: Opaque
data:
username: {{ "molgenisci" | b64enc | quote }}
password: {{ .Values.PipelineSecrets.Env.DockerHubPassword | b64enc | quote }}
username: {{ .Values.secret.registry.user | b64enc | quote }}
password: {{ .Values.secret.registry.password | b64enc | quote }}

6
molgenis-jenkins/templates/molgenis-jenkins-github-secret.yaml
View File

@ -8,9 +8,9 @@ metadata:
"jenkins.io/credentials-type": "usernamePassword"
annotations: {
# description - can not be a label as spaces are not allowed
"jenkins.io/credentials-description" : "oauth token for the molgenis-jenkins github user"
"jenkins.io/credentials-description" : "Oauth token for the {{.Values.secret.gitHub.user}} GitHub user"
}
type: Opaque
data:
username: {{ "molgenis-jenkins" | b64enc | quote }}
password: {{ .Values.PipelineSecrets.Env.GitHubToken | b64enc | quote }}
username: {{ .Values.secret.gitHub.user | b64enc | quote }}
password: {{ .Values.secret.gitHub.token | b64enc | quote }}

6
molgenis-jenkins/templates/molgenis-jenkins-gogs-secret.yaml
View File

@ -8,9 +8,9 @@ metadata:
"jenkins.io/credentials-type": "usernamePassword"
annotations: {
# description - can not be a label as spaces are not allowed
"jenkins.io/credentials-description" : "user to authenticate against GOGS (git.webhosting.rug.nl)"
"jenkins.io/credentials-description" : "Account used to authenticate against RuG Webhosting Gogs."
}
type: Opaque
data:
username: {{ "p281392" | b64enc | quote }}
password: {{ .Values.PipelineSecrets.Env.GogsToken | b64enc | quote }}
username: {{ .Values.secret.gogs.user | b64enc | quote }}
password: {{ .Values.secret.gogs.token | b64enc | quote }}

16
molgenis-jenkins/templates/molgenis-jenkins-nexus-secret.yaml
View File

@ -1,16 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
# this is the jenkins id.
name: "molgenis-jenkins-nexus-secret"
labels:
# so we know what type it is.
"jenkins.io/credentials-type": "usernamePassword"
annotations: {
# description - can not be a label as spaces are not allowed
"jenkins.io/credentials-description" : "user to authenticate against NEXUS"
}
type: Opaque
data:
username: {{ "admin" | b64enc | quote }}
password: {{ .Values.PipelineSecrets.Env.NexusPassword | b64enc | quote }}

17
molgenis-jenkins/templates/molgenis-jenkins-registry-secret.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: Secret
metadata:
name: molgenis-jenkins-registry-secret
labels:
app: {{ template "jenkins.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
annotations: {
# description - can not be a label as spaces are not allowed
"jenkins.io/credentials-description" : "(deprecated by vault) Account used in pipeline builds to push docker images to registry.molgenis.org."
}
type: Opaque
data:
username: {{ .Values.secret.registry.user | b64enc | quote }}
password: {{ .Values.secret.registry.password | b64enc | quote }}

16
molgenis-jenkins/templates/molgenis-jenkins-saucelabs-secret.yaml
View File

@ -1,16 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
# this is the jenkins id.
name: "molgenis-jenkins-saucelabs-secret"
labels:
# so we know what type it is.
"jenkins.io/credentials-type": "usernamePassword"
annotations: {
# description - can not be a label as spaces are not allowed
"jenkins.io/credentials-description" : "user to authenticate against Saucelabs (saucelabs.com)"
}
type: Opaque
data:
username: {{ "molgenis-jenkins" | b64enc | quote }}
password: {{ .Values.PipelineSecrets.Env.SauceAccessKey | b64enc | quote }}

18
molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml
View File

@ -1,18 +0,0 @@
{{- if .Values.PipelineSecrets.Env.Replace }}
apiVersion: v1
kind: Secret
metadata:
name: molgenis-pipeline-env-secret
labels:
app: {{ template "jenkins.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
pgpPassphrase: {{ .Values.PipelineSecrets.Env.PGPPassphrase | b64enc | quote }}
codecovToken: {{ .Values.PipelineSecrets.Env.CodecovToken | b64enc | quote }}
githubToken: {{ .Values.PipelineSecrets.Env.GitHubToken | b64enc | quote }}
sonarToken: {{ .Values.PipelineSecrets.Env.SonarToken | b64enc | quote }}
npmToken: {{ .Values.PipelineSecrets.Env.NpmToken | b64enc | quote }}
{{- end }}

15
molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
View File

@ -1,15 +0,0 @@
{{- if .Values.PipelineSecrets.File.Replace }}
apiVersion: v1
kind: Secret
metadata:
name: molgenis-pipeline-file-secret
labels:
app: {{ template "jenkins.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
key.asc: {{ .Values.PipelineSecrets.File.PGPPrivateKeyAsc | b64enc | quote }}
settings.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }}
{{- end }}

8
molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml
View File

@ -1,4 +1,3 @@
{{- if .Values.PipelineSecrets.Vault.Replace }}
apiVersion: v1
kind: Secret
metadata:
@ -10,7 +9,6 @@ metadata:
heritage: "{{ .Release.Service }}"
type: Opaque
data:
token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }}
addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
skipVerify: {{ .Values.PipelineSecrets.Vault.SkipVerify | b64enc | quote }}
{{- end }}
token: {{ .Values.secret.vault.token | b64enc | quote }}
addr: {{ .Values.secret.vault.addr | b64enc | quote }}
skipVerify: {{ .Values.secret.vault.skipVerify | b64enc | quote }}

251
molgenis-jenkins/values.yaml
View File

@ -3,17 +3,17 @@ jenkins:
HostName: jenkins.molgenis.org
ServiceType: ClusterIP
InstallPlugins:
- kubernetes:1.12.0
- kubernetes:1.12.6
- workflow-aggregator:2.5
- workflow-job:2.21
- workflow-job:2.25
- credentials-binding:1.16
- git:3.9.1
- github-branch-source:2.3.6
- kubernetes-credentials-provider:0.9
- blueocean:1.6.2
- kubernetes-credentials-provider:0.10
- blueocean:1.8.3
- github-oauth:0.29
- gogs-webhook:1.0.14
- sauce-ondemand:1.176
- github-scm-trait-commit-skip:0.1.1
Security:
UseGitHub: false
GitHub:
@ -82,6 +82,18 @@ jenkins:
<strategyId>1</strategyId>
<trust class="org.jenkinsci.plugins.github_branch_source.ForkPullRequestDiscoveryTrait$TrustPermission"/>
</org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
<org.jenkinsci.plugins.scm__filter.GitHubCommitSkipTrait plugin="github-scm-trait-commit-skip@0.1.1"/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits>
</org.jenkinsci.plugins.github__branch__source.GitHubSCMNavigator>
</navigators>
@ -131,6 +143,17 @@ jenkins:
<credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
<traits>
<jenkins.plugins.git.traits.BranchDiscoveryTrait/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits>
</source>
<strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@ -184,6 +207,17 @@ jenkins:
<credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
<traits>
<jenkins.plugins.git.traits.BranchDiscoveryTrait/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits>
</source>
<strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@ -237,6 +271,17 @@ jenkins:
<credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
<traits>
<jenkins.plugins.git.traits.BranchDiscoveryTrait/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits>
</source>
<strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@ -290,6 +335,17 @@ jenkins:
<credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
<traits>
<jenkins.plugins.git.traits.BranchDiscoveryTrait/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits>
</source>
<strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@ -343,6 +399,17 @@ jenkins:
<credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
<traits>
<jenkins.plugins.git.traits.BranchDiscoveryTrait/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits>
</source>
<strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@ -368,8 +435,8 @@ jenkins:
install: true
Pods:
molgenis:
Label: molgenisv2
NodeUsageMode: EXCLUSIVE
Label: molgenis
NodeUsageMode: NORMAL
volumes:
- type: HostPath
hostPath: "/var/run/docker.sock"
@ -416,39 +483,12 @@ jenkins:
key: VAULT_ADDR
secretName: molgenis-pipeline-vault-secret
secretKey: addr
NodeSelector: {}
molgenis-legacy:
InheritFrom: molgenis
Label: molgenis
NodeUsageMode: NORMAL
volumes:
- type: Secret
secretName: molgenis-pipeline-file-secret
mountPath: "/home/jenkins/.m2"
Containers:
EnvVars:
- type: Secret
key: PGP_PASSPHRASE
secretName: molgenis-pipeline-env-secret
secretKey: pgpPassphrase
- type: KeyValue
key: PGP_SECRETKEY
value: "keyfile:/home.jenkins/.m2/key.asc"
- type: KeyValue
key: npm_config_registry
value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
- type: Secret
key: SONAR_TOKEN
secretName: molgenis-pipeline-env-secret
secretKey: sonarToken
- type: Secret
key: CODECOV_TOKEN
secretName: molgenis-pipeline-env-secret
secretKey: codecovToken
- type: Secret
key: GITHUB_TOKEN
secretName: molgenis-pipeline-env-secret
secretKey: githubToken
helm:
Image: "lachlanevenson/k8s-helm"
ImageTag: "v2.10.0"
Command: cat
WorkingDir: /home/jenkins
TTY: true
NodeSelector: {}
node:
Label: node-carbon
@ -461,22 +501,24 @@ jenkins:
Command: cat
WorkingDir: /home/jenkins
TTY: true
EnvVars:
- type: KeyValue
key: npm_config_registry
value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
- type: Secret
key: CODECOV_TOKEN
secretName: molgenis-pipeline-env-secret
secretKey: codecovToken
- type: Secret
key: GITHUB_TOKEN
secretName: molgenis-pipeline-env-secret
secretKey: githubToken
- type: Secret
key: NPM_TOKEN
secretName: molgenis-pipeline-env-secret
secretKey: npmToken
vault:
Image: "vault"
Command: cat
WorkingDir: /home/jenkins
TTY: true
EnvVars:
- type: Secret
key: VAULT_TOKEN
secretName: molgenis-pipeline-vault-secret
secretKey: token
- type: Secret
key: VAULT_SKIP_VERIFY
secretName: molgenis-pipeline-vault-secret
secretKey: skipVerify
- type: Secret
key: VAULT_ADDR
secretName: molgenis-pipeline-vault-secret
secretKey: addr
NodeSelector: {}
molgenis-it:
InheritFrom: molgenis
@ -540,76 +582,27 @@ jenkins:
cpu: "1"
memory: "512Mi"
NodeSelector: {}
PipelineSecrets:
Vault:
Replace: true
Token: xxxx
Addr: "https://vault-operator.vault-operator.svc:8200"
SkipVerify: 1
Env:
# Set to false to keep existing secret
Replace: true
# Passphrase for the pgp private key file, prefixed with literal:
PGPPassphrase: literal:xxxx
# Token for codecov.io service
CodecovToken: xxxx
# Token for github bot account
GitHubToken: xxxx
# Token for github bot account
GogsToken: xxxx
# Token for sonarcloud.io
SonarToken: xxxx
# Token for npmjs.org
NpmToken: xxxx
# Password Local NEXUS
NexusPassword: xxxx
# Password hub.docker.com
DockerHubPassword: xxxx
# Access key for saucelabs.com
SauceAccessKey: xxxx
File:
# Set to false to keep existing secret
Replace: true
# PGP Private key in ascii format used to sign artifacts
PGPPrivateKeyAsc: |-
-----BEGIN PGP PRIVATE KEY BLOCK-----
xxxxx
-----END PGP PRIVATE KEY BLOCK-----
# maven.settings file
MavenSettingsXML: |-
<settings>
<localRepository>${user.home}/.mvnrepository</localRepository>
<interactiveMode>false</interactiveMode>
<mirrors>
<mirror>
<id>nexus</id>
<mirrorOf>external:*</mirrorOf>
<url>http://nexus.molgenis-nexus:8081/repository/maven-central/</url>
</mirror>
</mirrors>
<servers>
<!-- for snapshot builds of the master -->
<server>
<id>sonatype-nexus-staging</id>
<username>molgenis</username>
<password>xxxx</password>
</server>
<server>
<id>local-nexus</id>
<url>http://nexus.molgenis-nexus:8081/repository/maven-snapshots/</url>
<username>admin</username>
<password>xxxxx</password>
</server>
<!-- for docker images-->
<server>
<id>registry.molgenis.org</id>
<username>admin</username>
<password>xxxx</password>
</server>
<server>
<id>registry.hub.docker.com</id>
<username>molgenisci</username>
<password>xxxx</password>
</server>
</servers>
</settings>
#secret contains configuration for the kubernetes secrets that jenkins can access
secret:
# vault configures the vault secret
vault:
token: xxxx
addr: "https://vault-operator.vault-operator.svc:8200"
skipVerify: "1"
# githubToken contains access token for jenkins bot account on github.com
gitHub:
user: "molgenis-jenkins"
token: xxxx
# gogs contains access token for jenkins bot account on RuG GoGs
gogs:
user: p281392
token: xxxx
# registry contains credentials for registry.molgenis.org
registry:
user: admin
password: xxxx
# dockerHubPassword contains password for hub.docker.com
dockerHub:
user: molgenisci
password: xxxx

34
molgenis-nexus/templates/deployments/httpd-deployment.yaml
View File

@ -1,34 +0,0 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
creationTimestamp: null
name: {{ .Values.httpd.name }}
labels:
app: {{ .Values.httpd.name }}
environment: {{ .Values.environment }}
spec:
replicas: {{ .Values.replicaCount }}
strategy:
type: {{ .Values.httpd.strategy.type }}
selector:
matchLabels:
app: {{ .Values.httpd.selector }}
template:
metadata:
labels:
app: {{ .Values.httpd.name }}
creationTimestamp: null
spec:
restartPolicy: {{ .Values.httpd.restartPolicy }}
containers:
- name: {{ .Values.httpd.name }}
image: "{{ .Values.httpd.image.repository }}:{{ .Values.httpd.image.tag }}"
imagePullPolicy: {{ .Values.httpd.image.pullPolicy }}
env:
- name: PROXY_SERVICE
value: "{{ .Values.nexus.name }}:{{ .Values.nexus.port.ui }},{{ .Values.nexus.name }}:{{ .Values.nexus.port.docker }}:{{ .Values.nexus.path.dockerV2 }}"
- name: SERVER_NAME
value: {{ .Values.httpd.hostname }}
ports:
- containerPort: {{ .Values.httpd.port }}
resources: {}

54
molgenis-nexus/templates/deployments/nexus-deployment.yaml
View File

@ -19,26 +19,40 @@ spec:
app: {{ .Values.nexus.name }}
creationTimestamp: null
spec:
volumes:
- name: {{ .Values.persistence.name }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.name }}
restartPolicy: {{ .Values.nexus.restartPolicy }}
initContainers:
- name: volume-mount-nexus
image: busybox
command: ["sh", "-c", "chown -R 200:200 {{ .Values.persistence.mountPath }}"]
volumeMounts:
- name: {{ .Values.persistence.name }}
mountPath: "{{ .Values.persistence.mountPath }}"
containers:
- name: {{ .Values.nexus.name }}
image: "{{ .Values.nexus.image.repository }}:{{ .Values.nexus.image.tag }}"
imagePullPolicy: {{ .Values.nexus.image.pullPolicy }}
ports:
- containerPort: {{ .Values.nexus.port.ui }}
- containerPort: {{ .Values.nexus.port.docker }}
volumeMounts:
- name: {{ .Values.persistence.name }}
mountPath: "/nexus-data"
- name: {{ .Values.nexus.name }}
image: "{{ .Values.nexus.image.repository }}:{{ .Values.nexus.image.tag }}"
imagePullPolicy: {{ .Values.nexus.image.pullPolicy }}
ports:
- containerPort: {{ .Values.nexus.port.ui }}
- containerPort: {{ .Values.nexus.port.docker }}
volumeMounts:
- name: molgenis-nexus-nfs
mountPath: "/nexus-data"
livenessProbe:
httpGet:
path: /
port: {{ .Values.nexus.port.ui }}
initialDelaySeconds: 90
periodSeconds: 20
failureThreshold: 5
successThreshold: 1
readinessProbe:
httpGet:
path: /
port: {{ .Values.nexus.port.ui }}
initialDelaySeconds: 90
periodSeconds: 5
failureThreshold: 5
successThreshold: 1
volumes:
- name: molgenis-nexus-nfs
persistentVolumeClaim:
claimName: {{ .Values.persistence.claim }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}

55
molgenis-nexus/templates/deployments/nexusProxy-deployment.yaml Normal file
View File

@ -0,0 +1,55 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
creationTimestamp: null
name: {{ .Values.nexusProxy.name }}
labels:
app: {{ .Values.nexusProxy.name }}
environment: {{ .Values.environment }}
spec:
replicas: {{ .Values.replicaCount }}
strategy:
type: {{ .Values.nexusProxy.strategy.type }}
selector:
matchLabels:
app: {{ .Values.nexusProxy.selector }}
template:
metadata:
labels:
app: {{ .Values.nexusProxy.name }}
creationTimestamp: null
spec:
restartPolicy: {{ .Values.nexusProxy.restartPolicy }}
containers:
- name: {{ .Values.nexusProxy.name }}
image: "{{ .Values.nexusProxy.image.repository }}:{{ .Values.nexusProxy.image.tag }}"
imagePullPolicy: {{ .Values.nexusProxy.image.pullPolicy }}
env:
- name: PROXY_SERVICE
value: "{{ .Values.nexus.name }}:{{ .Values.nexus.port.ui }},{{ .Values.nexus.name }}:{{ .Values.nexus.port.docker }}:{{ .Values.nexus.path.dockerV2 }}"
- name: SERVER_NAME
value: {{ .Values.nexusProxy.hostname }}
ports:
- containerPort: {{ .Values.nexusProxy.port }}
resources: {}
livenessProbe:
httpGet:
path: /
port: {{ .Values.nexusProxy.port }}
initialDelaySeconds: 90
periodSeconds: 5
failureThreshold: 5
successThreshold: 1
readinessProbe:
httpGet:
path: /
port: {{ .Values.nexusProxy.port }}
initialDelaySeconds: 90
periodSeconds: 5
failureThreshold: 5
successThreshold: 1
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}

4
molgenis-nexus/templates/ingress.yaml
View File

@ -25,8 +25,8 @@ spec:
paths:
- path: {{ default "/" .path }}
backend:
serviceName: httpd
servicePort: 80
serviceName: {{ $.Values.nexusProxy.name }}
servicePort: {{ $.Values.nexusProxy.port }}
{{- if .tls }}
tls:
- hosts:

15
molgenis-nexus/templates/persistence/nexusPVC.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if .Values.persistence.enabled -}}
apiVersion: extensions/v1beta1
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ .Values.persistence.claim }}
annotations:
volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain"
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: {{ .Values.persistence.size }}
{{- end }}

13
molgenis-nexus/templates/services/httpd-service.yaml
View File

@ -1,13 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.httpd.name }}
labels:
app: {{ .Values.httpd.name }}
spec:
type: {{ .Values.httpd.service.type }}
ports:
- name: {{ .Values.httpd.name }}
port: {{ .Values.httpd.port }}
selector:
app: {{ .Values.httpd.selector }}

13
molgenis-nexus/templates/services/nexusProxy-service.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.nexusProxy.name }}
labels:
app: {{ .Values.nexusProxy.name }}
spec:
type: {{ .Values.nexusProxy.service.type }}
ports:
- name: {{ .Values.nexusProxy.name }}
port: {{ .Values.nexusProxy.port }}
selector:
app: {{ .Values.nexusProxy.selector }}

16
molgenis-nexus/templates/volumes/nexus-pv.yaml
View File

@ -1,16 +0,0 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ .Values.persistence.name }}
labels:
name: nfs2
spec:
storageClassName: {{ .Values.persistence.storageClass }}
capacity:
storage: {{ .Values.persistence.size }}
accessModes:
- {{ .Values.persistence.accessMode }}
persistentVolumeReclaimPolicy: {{ .Values.persistence.reclaimPolicy }}
nfs:
server: {{ .Values.persistence.server }}
path: {{ .Values.persistence.mountPath }}

11
molgenis-nexus/templates/volumes/nexus-pvc.yaml
View File

@ -1,11 +0,0 @@
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ .Values.persistence.name }}
spec:
storageClassName: {{ .Values.persistence.storageClass }}
accessModes:
- {{ .Values.persistence.accessMode }}
resources:
requests:
storage: {{ .Values.persistence.size }}

35
molgenis-nexus/values.yaml
View File

@ -24,12 +24,12 @@ nexus:
service:
type: ClusterIP
httpd:
name: httpd
nexusProxy:
name: nexus-proxy
hostname: registry.molgenis.org
strategy:
type: Recreate
selector: httpd
selector: nexus-proxy
restartPolicy: Always
image:
repository: registry.webhosting.rug.nl/molgenis/httpd
@ -43,39 +43,22 @@ httpd:
ingress:
enabled: true
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
path: /
hosts:
- name: registry.molgenis.org
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
persistence:
name: molgenis-nexus-data
storageClass: nfs-class
size: 30G
reclaimPolicy: Retain
server: 192.168.64.12
accessMode: ReadWriteMany
mountPath: /gcc/molgenis/nexus
enabled: true
claim: molgenis-nexus
size: 500Gi
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
nodeSelector: {
deployPod: "true"
}
tolerations: []

0
molgenis-preview/.helmignore → molgenis-opencpu/.helmignore
View File

8
molgenis-opencpu/Chart.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: v1
appVersion: "1.0"
description: Opencpu stack for MOLGENIS
name: molgenis-opencpu
version: 0.1.1
sources:
- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-opencpu/catalogIcon-molgenis-opencpu.svg

38
molgenis-opencpu/README.md Normal file
View File

@ -0,0 +1,38 @@
# MOLGENIS - OpenCPU Helm Chart
NEXUS repository for kubernetes to deploy on a kubernetes cluster with NFS-share
## Containers
This chart will deploy the following containers:
- OpenCPU
- MOLGENIS-httpd (to proxy the registry and docker to one domain)
## Provisioning
You can choose for the OpenCPU image from which repository you want to pull. Experimental builds are pushed to registry.molgenis.org and the stable builds to hub.docker.com.
You need to fill out 2 properties to determine which repository you are going to use.
- ```opencpu.image.repository```
- ```opencpu.image.tag```
You can do this in the questions in Rancher or in the ```values.yaml```.
## Development
You can test in install the chart by executing:
```helm lint .```
To test if your helm chart-syntax is right and:
```helm install . --dry-run --debug```
To test if your hem chart works and:
```helm install .```
To deploy it on the cluster.

1
molgenis-opencpu/catalog-molgenis-opencpu.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 245 KiB

28
molgenis-opencpu/questions.yml Normal file
View File

@ -0,0 +1,28 @@
categories:
- MOLGENIS
questions:
- variable: ingress.enabled
label: Enable ingress
default: false
description: "Enable ingress"
type: boolean
required: true
group: "Load balancing"
- variable: opencpu.image.repository
label: Registry
default: "registry.hub.docker.com"
description: "Select a registry to pull from"
type: enum
options:
- "registry.hub.docker.com"
- "registry.molgenis.org"
required: true
group: "Provisioning"
- variable: opencpu.image.tag
label: Version
default: ""
description: "Select a OpenCPU version (check the registry.molgenis.org or hub.docker.com for released tags)"
type: string
required: true
group: "Provisioning"

32
molgenis-opencpu/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,32 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "opencpu.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "opencpu.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "opencpu.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

35
molgenis-opencpu/templates/deployment.yaml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
{{- with .Values.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
name: {{ template "opencpu.fullname" . }}
labels:
app: {{ template "opencpu.name" . }}
chart: {{ template "opencpu.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: {{ template "opencpu.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "opencpu.name" . }}
release: {{ .Release.Name }}
spec:
containers:
{{- with .Values.opencpu }}
- name: {{ .name }}
image: "{{ .image.repository }}/{{ .image.name }}:{{ .image.tag }}"
imagePullPolicy: {{ .image.pullPolicy }}
ports:
- containerPort: {{ .service.port }}
{{- end }}

36
molgenis-opencpu/templates/ingress.yaml Normal file
View File

@ -0,0 +1,36 @@
{{- if .Values.ingress.enabled }}
{{- range .Values.ingress.hosts }}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "{{ $.Release.Name }}-ingress"
labels:
app: {{ $.Values.opencpu.name }}
chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}"
release: "{{ $.Release.Name }}"
heritage: "{{ $.Release.Service }}"
annotations:
{{- if .tls }}
ingress.kubernetes.io/secure-backends: "true"
{{- end }}
{{- range $key, $value := .annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
rules:
- host: {{ .name }}
http:
paths:
- path: {{ default "/" .path }}
backend:
serviceName: {{ $.Values.opencpu.service.name }}
servicePort: {{ $.Values.opencpu.service.port }}
{{- if .tls }}
tls:
- hosts:
- {{ .name }}
secretName: {{ .tlsSecret }}
{{- end }}
---
{{- end }}
{{- end }}

20
molgenis-opencpu/templates/service.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.opencpu.service.name }}
labels:
app: {{ .Values.opencpu.service.name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
type: {{ .Values.opencpu.service.type }}
loadBalancerSourceRanges:
{{- range $index, $rule := .Values.opencpu.service.firewall }}
- {{ $rule }}
{{- end }}
ports:
- name: {{ .Values.opencpu.service.name }}
port: {{ .Values.opencpu.service.port }}
selector:
app: {{ template "opencpu.name" . }}
release: {{ .Release.Name }}

41
molgenis-opencpu/values.yaml Normal file
View File

@ -0,0 +1,41 @@
# Default values for nexus.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
environment: production
opencpu:
name: opencpu
strategy:
type: Recreate
restartPolicy: Always
image:
repository: registry.hub.docker.com
name: molgenis/opencpu
tag: stable
pullPolicy: Always
service:
name: opencpu
type: LoadBalancer
port: 8004
firewall:
- 145.100.224.1/24
ingress:
enabled: false
annotations: {
kubernetes.io/ingress.class: "nginx",
nginx.ingress.kubernetes.io/proxy-body-size: "0"
}
path: /
hosts:
- name: opencpu.molgenis.org
tls: []
nodeSelector: {}
tolerations: []
affinity: {}

11
molgenis-preview/README.md
View File

@ -1,11 +0,0 @@
# MOLGENIS preview
Is used for integration testing purposes.
## Containers
This chart spins up a complete stack to run MOLGENIS. The created containers are:
- MOLGENIS
- PostgreSQL
- Elasticsearch
- OpenCPU

61
molgenis-preview/questions.yml
View File

@ -1,61 +0,0 @@
categories:
- MOLGENIS
questions:
- variable: ingress.hosts[0].name
default: "test.molgenis.org"
description: "Hostname for your stack"
type: hostname
required: true
group: "Services and Load Balancing"
label: Hostname
- variable: molgenis.image.repository
default: "registry.hub.docker.com"
description: "Select a registry to pull from"
type: enum
options:
- "registry.hub.docker.com"
- "registry.molgenis.org"
required: true
group: "MOLGENIS - Version"
label: Registry
- variable: molgenis.image.tag
default: "stable"
description: "Select a MOLGENIS version (check the registry.molgenis.org or hub.docker.com for other tags)"
type: string
required: true
group: "MOLGENIS - Version"
label: Version
- variable: molgenis.resources.limits.cpu
default: 1
description: "CPU limit for this MOLGENIS instance"
type: enum
options:
- "1"
- "2"
- "3"
- "4"
required: true
group: "MOLGENIS - Resource limits"
label: CPU limit
- variable: molgenis.resources.limits.memory
default: 1250Mi
description: "Memory limit for this MOLGENIS instance"
type: enum
options:
- "1250Mi"
- "1500Mi"
- "2000Mi"
- "2500Mi"
required: true
group: "MOLGENIS - Resource limits"
label: Memory limit
- variable: molgenis.javaOpts
default: "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
description: "Java runtime options for the MOLGENIS instance"
type: enum
options:
- "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
- "-Xmx2g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
group: "MOLGENIS - Resource limits"
label: Java memory options

120
molgenis-preview/test.yaml
View File

@ -1,120 +0,0 @@
# Source: molgenis/templates/deployment.yaml
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: lanky-ragdoll-molgenis
labels:
app: molgenis
chart: molgenis-0.1.0
release: lanky-ragdoll
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: molgenis
release: lanky-ragdoll
template:
metadata:
labels:
app: molgenis
release: lanky-ragdoll
spec:
containers:
- name: molgenis
image: "registry.molgenis.org/molgenis/molgenis-app:latest"
imagePullPolicy: Always
env:
- name: molgenis.home
value: /home/molgenis
- name: opencpu.uri.host
value: opencpu
- name: elasticsearch.transport.addresses
value: elasticsearch:9300
- name: elasticsearch.cluster.name
value: molgenis
- name: db_uri
value: "jdbc:postgresql://postgres/molgenis"
- name: db_user
value: molgenis
- name: db_password
value: molgenis
- name: admin.password
value: admin
- name: CATALINA_OPTS
value: "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
ports:
- containerPort: 8080
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /api/v2/version
port: http
resources:
limits:
cpu: 1
memory: 1250Mi
requests:
cpu: 200m
memory: 1Gi
- name: elasticsearch
image: "docker.elastic.co/elasticsearch/elasticsearch:5.5.3"
imagePullPolicy: IfNotPresent
env:
- name: cluster.name
value: molgenis
- name: bootstrap.memory_lock
value: true
- name: ES_JAVA_OPTS
value: "-Xms512m -Xmx512m"
- name: xpack.security.enabled
value: false
- name: discovery.type
value: single-node
ports:
- containerPort: 9200
- containerPort: 9300
limits:
cpu: 1
memory: 1500Mi
requests:
cpu: 100m
memory: 1Gi
- name: postgres
image: "postgres:9.6-alpine"
imagePullPolicy: IfNotPresent
env:
- name: POSTGRES_USER
value: molgenis
- name: POSTGRES_PASSWORD
value: molgenis
- name: POSTGRES_DB
value: molgenis
ports:
- containerPort: 5432
limits:
cpu: 1
memory: 250Mi
requests:
cpu: 100m
memory: 250Mi
- name: opencpu
image: "molgenis/opencpu:latest"
imagePullPolicy: Always
ports:
- containerPort: 8004
limits:
cpu: 1
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi

82
molgenis-preview/values.yaml
View File

@ -1,82 +0,0 @@
# Default values for molgenis.
replicaCount: 1
service:
type: LoadBalancer
port: 8080
ingress:
enabled: true
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
path: /
hosts:
- name: test.molgenis.org
tls: []
molgenis:
image:
repository: registry.molgenis.org
name: molgenis/molgenis-app
tag: 7.0.0-SNAPSHOT
pullPolicy: Always
adminPassword: admin
javaOpts: "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
resources:
limits:
cpu: 1
memory: 1250Mi
requests:
cpu: 200m
memory: 1Gi
postgres:
image:
repository: postgres
tag: 9.6-alpine
pullPolicy: IfNotPresent
user: molgenis
password: molgenis
db: molgenis
resources:
limits:
cpu: 1
memory: 250Mi
requests:
cpu: 100m
memory: 250Mi
elasticsearch:
image:
repository: docker.elastic.co/elasticsearch/elasticsearch
tag: 5.5.3
pullPolicy: IfNotPresent
javaOpts: "-Xms512m -Xmx512m"
clusterName: molgenis
resources:
limits:
cpu: 1
memory: 1500Mi
requests:
cpu: 100m
memory: 1Gi
opencpu:
image:
repository: molgenis/opencpu
tag: latest
pullPolicy: Always
resources:
limits:
cpu: 1
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
nodeSelector: {}
tolerations: []
affinity: {}

6
molgenis-preview/Chart.yaml → molgenis/Chart.yaml
View File

@ -1,8 +1,8 @@
apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Kubernetes
description: MOLGENIS - helm stack (in BETA)
name: molgenis
version: 0.2.0
version: 0.4.3
sources:
- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-preview/catalogIcon-molgenis.svg
icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis/catalogIcon-molgenis.svg

138
molgenis/README.md Normal file
View File

@ -0,0 +1,138 @@
# MOLGENIS
This chart is used for acceptance and production use cases.
## Containers
This chart spins up a MOLGENIS instance with HTTPD. The created containers are:
- MOLGENIS
- ElasticSearch
- PostgreSQL **(optional)**
## Provisioning
You can choose from which registry you want to pull. There are 2 registries:
- https://registry.molgenis.org
- https://hub.docker.com
The registry.molgenis.org contains the bleeding edge versions (PR's and master merges). The hub.docker.com contains the released artifacts (MOLGENIS releases and release candidates).
The three properties you need to specify are:
- ```molgenis.image.repository```
- ```molgenis.image.name```
- ```molgenis.image.tag```
Besides determining which image you want to pull, you also have to set an administrator password. You can do this by specifying the following property.
- ```molgenis.adminPassword```
### Firewall
Is defined at service level you can specify this attribute in the values:
- ```molgenis.firewall.enabled``` default 'false'
If set to 'true' the following options are available. One of the options below has to be set.
- ```molgenis.firewall.umcg.enabled``` default 'false'
- ```molgenis.firewall.cluster.enabled``` default 'false'
UMCG = only available within the UMCG.
Cluster = only available within the GCC cluster environment.
## Services
When you start MOLGENIS you need:
- an elasticsearch instance (5.5.6)
- an postgres instance (9.6)
You can attach additional services like:
- an opencpu instance
### Elasticsearch
You can configure elasticsearch by giving in the cluster location.
To configure the transport address you can address the node communication channel but also the native JAVA API. Which MOLGENIS uses to communicate with Elasticsearch.
From Elasticsearch version 6 and further the JAVA API is not supported anymore. At this moment you can only use Elastic instance till major version 5.
- ```molgenis.services.elasticsearch.transportAddresses: localhost:9300```
To configure the index on a Elasticsearch cluster you can specify the clusterName property.
- ```molgenis.services.elasticsearch.clusterName: molgenis```
### Postgres
You can specify the location of the postgres instance by specify the following property:
- ```molgenis.services.postgres.host: localhost```
You can specify the schema by filling out this property:
- ```molgenis.services.postgres.scheme: molgenis```
You can specify credentials for the database scheme by specifying the following properties:
- ```molgenis.services.postgres.user: molgenis```
- ```molgenis.services.postgres.password: molgenis```
To test you can use the **PostgreSQL**-helm chart of Kubernetes and specify these answers:
```bash
# answers for postgresql chart
postgresUser=molgenis
postgresPassword=molgenis
postgresDatabase=molgenis
persistence.enabled=false
```
### OpenCPU
You can specify the location of the OpenCPU cluster by specifying this property:
- ```molgenis.services.opencpu.host: localhost```
You can test OpenCPU settings using the **OpenCPU**-helm chart of MOLGENIS.
## Resources
You can specify resources by resource type. There are 2 resource types.
- memory of container
- maximum heap space JVM
Specify memory usage of container:
- ```molgenis.resources.limits.memory```
Specify memory usage for Java JVM:
- ```molgenis.javaOpts.maxHeapSpace```
Select the resources you need dependant on the customer you need to serve.
## Persistence
You can enable persistence on your MOLGENIS stack by specifying the following property.
- ```persistence.enabled``` default 'true'
You can also choose to retain the volume of the NFS.
- ```persistence.retain``` default 'false'
The size and claim name can be specified per service. There are now two services that can be persist.
- MOLGENIS
- ElasticSearch
- PostgreSQL **(optional)**
MOLGENIS persistent properties.
- ```molgenis.persistence.claim```
- ```molgenis.persistence.size```
ElasticSearch persistent properties.
- ```elasticsearch.persistence.claim```
- ```elasticsearch.persistence.size```
PostgreSQL persistent properties.
- ```postgres.persistence.claim```
- ```postgres.persistence.size```
### Resolve you persistent volume
You do not know which volume is attached to your MOLGENIS instance. You can resolve this by executing:
```
kubectl get pv
```
You can now view the persistent volume claims and the attached volumes.
| NAME | CAPACITY | ACCESS | MODES | RECLAIM | POLICY | STATUS | CLAIM | STORAGECLASS | REASON | AGE |
| ---- | -------- | ------ | ----- | ------- | ------ | ------ | ----- | ------------ | ------ | --- |
| pvc-45988f55-900f-11e8-a0b4-005056a51744 | 30G | RWX | | Retain | Bound | molgenis-solverd/molgenis-nfs-claim | nfs-provisioner-retain | | | 33d |
| pvc-3984723d-220f-14e8-a98a-skjhf88823kk | 30G | RWO | | Delete | Bound | molgenis-test/molgenis-nfs-claim | nfs-provisioner | | | 33d |
You see the ```molgenis-test/molgenis-nfs-claim``` is bound to the volume: ```pvc-3984723d-220f-14e8-a98a-skjhf88823kk```.
When you want to view the data in the this volume you can go to the nfs-provisioning pod and execute the shell. Go to the directory ```export``` and lookup the directory ```pvc-3984723d-220f-14e8-a98a-skjhf88823kk```.

0
molgenis-preview/catalogIcon-molgenis.svg → molgenis/catalogIcon-molgenis.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 77 KiB

After

Width:  |  Height:  |  Size: 77 KiB

167
molgenis/questions.yml Normal file
View File

@ -0,0 +1,167 @@
categories:
- MOLGENIS
questions:
- variable: ingress.hosts[0].name
label: Hostname
default: "test.molgenis.org"
description: "Hostname for your stack"
type: hostname
required: true
group: "Load balancing"
- variable: molgenis.image.repository
label: Registry
default: "registry.hub.docker.com"
description: "Select a registry to pull from"
type: enum
options:
- "registry.hub.docker.com"
- "registry.molgenis.org"
required: true
group: "Provisioning"
- variable: molgenis.image.tag
label: Version
default: ""
description: "Select a MOLGENIS version (check the registry.molgenis.org or hub.docker.com for released tags)"
type: string
required: true
group: "Provisioning"
- variable: molgenis.adminPassword
label: Administrator password
default: ""
description: "Enter an administrator password"
type: password
required: true
group: "Provisioning"
- variable: service.firewall.enabled
label: Firewall enabled
default: false
description: "Firewall enabled (can be cluster or UMCG scoped)"
type: boolean
required: true
group: "Provisioning"
show_subquestion_if: true
subquestions:
- variable: service.firewall.kind
default: "umcg"
description: "Firewall kind. This can be 'umcg' or 'cluster' environment"
type: enum
required: true
options:
- umcg
- cluster
label: Firewall kind
- variable: molgenis.services.opencpu.host
label: OpenCPU cluster
default: "localhost"
description: "Specify the OpenCPU cluster"
type: string
required: true
group: "Services"
- variable: molgenis.services.postgres.embedded
label: Postgres embedded
default: false
description: "Do you want an embedded postgres"
type: boolean
required: true
group: "Services"
show_subquestion_if: false
subquestions:
- variable: molgenis.services.postgres.host
label: Postgres cluster location
default: ""
description: "Set the location of the postgres cluster. This can be localhost when the postgres is enabled else you need to specify a cluster location if you do not want a embedded postgres instance)"
type: string
required: true
group: "Services"
- variable: molgenis.services.postgres.scheme
label: Database scheme
default: "molgenis"
description: "Set the database scheme"
type: string
required: true
group: "Services"
- variable: molgenis.services.postgres.user
label: Database username
default: "molgenis"
description: "Set user of the database scheme"
type: string
required: true
group: "Services"
- variable: molgenis.services.postgres.password
label: Database password
default: "molgenis"
description: "Set the password of the database scheme"
type: string
required: true
group: "Services"
- variable: molgenis.resources.limits.memory
label: Container memory limit
default: 1250Mi
description: "Memory limit for this MOLGENIS container"
type: enum
options:
- "1250Mi"
- "2500Mi"
required: true
group: "Resources"
- variable: molgenis.resources.requests.memory
label: Container memory reservation
default: 1250Mi
description: "Memory reservation for this MOLGENIS container (must fit in the selected memory limit for the container)"
type: enum
options:
- "1250Mi"
- "2500Mi"
required: true
group: "Resources"
- variable: molgenis.javaOpts.maxHeapSpace
label: Maximum heap space (JVM)
default: "1g"
description: "Maximum heap space MOLGENIS container JVM. Please not this should fit in your container memory limit"
type: enum
options:
- "1g"
- "2g"
group: "Resources"
- variable: persistence.enabled
default: true
description: "Do you want to use persistence"
type: boolean
required: true
group: "Persistence"
label: Persistence
show_subquestion_if: true
subquestions:
- variable: persistence.retain
default: false
description: "Do you want to retain the persistent volume"
type: boolean
label: Retain volume
- variable: molgenis.persistence.size
default: "5Gi"
description: "Size of MOLGENIS filestore (PostgreSQL and ElasticSearch excluded)"
type: enum
options:
- "5Gi"
- "10Gi"
- "20Gi"
label: Size MOLGENIS filestore
- variable: elasticsearch.persistence.size
default: "5Gi"
description: "Size of ElasticSearch data (directory that is persist: /usr/share/elasticsearch/data)"
type: enum
options:
- "5Gi"
- "10Gi"
- "50Gi"
label: Size for ElasticSearch data
- variable: postgres.persistence.size
default: "5Gi"
description: "Size of PostgreSQL data (directory that is persist: /var/lib/postgresql/data/pgdata)"
type: enum
options:
- "5Gi"
- "10Gi"
- "50Gi"
label: Size for PostgreSQL data

0
molgenis-preview/templates/NOTES.txt → molgenis/templates/NOTES.txt
View File

0
molgenis-preview/templates/_helpers.tpl → molgenis/templates/_helpers.tpl
View File

85
molgenis-preview/templates/deployment.yaml → molgenis/templates/deployment.yaml
View File

@ -17,6 +17,8 @@ spec:
matchLabels:
app: {{ template "molgenis.name" . }}
release: {{ .Release.Name }}
strategy:
type: Recreate
template:
metadata:
labels:
@ -26,37 +28,50 @@ spec:
containers:
- name: molgenis
{{- with .Values.molgenis }}
image: "{{ .image.repository }}/{{ .image.name }}:{{ .image.tag }}"
image: {{ .image.repository }}/{{ .image.name }}:{{ .image.tag }}
imagePullPolicy: {{ .image.pullPolicy }}
env:
- name: molgenis.home
value: /home/molgenis
- name: opencpu.uri.host
value: localhost
value: {{ .services.opencpu.host }}
- name: elasticsearch.transport.addresses
value: localhost:9300
value: {{ .services.elasticsearch.transportAddresses }}
- name: elasticsearch.cluster.name
value: {{ $.Values.elasticsearch.clusterName }}
value: {{ .services.elasticsearch.clusterName }}
- name: db_uri
value: "jdbc:postgresql://localhost/{{ $.Values.postgres.db }}"
value: jdbc:postgresql://{{ .services.postgres.host }}/{{ .services.postgres.scheme }}
- name: db_user
value: {{ $.Values.postgres.user }}
value: {{ .services.postgres.user }}
- name: db_password
value: {{ $.Values.postgres.password }}
value: {{ .services.postgres.password }}
- name: admin.password
value: {{ .adminPassword }}
- name: CATALINA_OPTS
value: "{{ .javaOpts }}"
value: "-Xmx{{ .javaOpts.maxHeapSpace }} -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
ports:
- containerPort: 8080
# livenessProbe:
# httpGet:
# path: /
# port: 8080
# readinessProbe:
# httpGet:
# path: /api/v2/version
# port: 8080
{{- if $.Values.persistence.enabled }}
volumeMounts:
- name: molgenis-nfs
mountPath: /home/molgenis
{{- end }}
livenessProbe:
httpGet:
path: /
port: 8080
initialDelaySeconds: 60
periodSeconds: 5
failureThreshold: 25
successThreshold: 1
readinessProbe:
httpGet:
path: /api/v2/version
port: 8080
initialDelaySeconds: 120
periodSeconds: 30
failureThreshold: 3
successThreshold: 1
resources:
{{ toYaml .resources | indent 12 }}
{{- end }}
@ -79,6 +94,11 @@ spec:
ports:
- containerPort: 9200
- containerPort: 9300
{{- if $.Values.persistence.enabled }}
volumeMounts:
- name: elasticsearch-nfs
mountPath: /usr/share/elasticsearch/data
{{- end }}
resources:
{{ toYaml .resources | indent 12 }}
{{- end }}
@ -89,26 +109,35 @@ spec:
imagePullPolicy: {{ .image.pullPolicy }}
env:
- name: POSTGRES_USER
value: {{ .user }}
value: {{ $.Values.molgenis.services.postgres.user }}
- name: POSTGRES_PASSWORD
value: {{ .password }}
value: {{ $.Values.molgenis.services.postgres.password }}
- name: POSTGRES_DB
value: {{ .db }}
value: {{ $.Values.molgenis.services.postgres.scheme }}
ports:
- containerPort: 5432
resources:
{{ toYaml .resources | indent 12 }}
{{- if $.Values.persistence.enabled }}
volumeMounts:
- name: postgres-nfs
mountPath: /var/lib/postgresql/data
{{- end }}
{{- end }}
- name: opencpu
{{- with .Values.opencpu }}
image: "{{ .image.repository }}:{{ .image.tag }}"
imagePullPolicy: {{ .image.pullPolicy }}
ports:
- containerPort: 8004
resources:
{{ toYaml .resources | indent 12 }}
{{- end }}
{{- if .Values.persistence.enabled }}
volumes:
- name: molgenis-nfs
persistentVolumeClaim:
claimName: {{ .Values.molgenis.persistence.claim }}
- name: elasticsearch-nfs
persistentVolumeClaim:
claimName: {{ .Values.elasticsearch.persistence.claim }}
- name: postgres-nfs
persistentVolumeClaim:
claimName: {{ .Values.postgres.persistence.claim }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:

4
molgenis-preview/templates/ingress.yaml → molgenis/templates/ingress.yaml
View File

@ -4,7 +4,7 @@
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ $fullName }}
name: "{{ $.Release.Name }}-ingress"
labels:
app: {{ template "molgenis.name" . }}
chart: {{ template "molgenis.chart" . }}
@ -33,6 +33,6 @@ spec:
- path: {{ $ingressPath }}
backend:
serviceName: {{ $fullName }}
servicePort: 8080
servicePort: {{ $.Values.service.port }}
{{- end }}
{{- end }}

19
molgenis/templates/persistence/elasticsearchPVC.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if .Values.persistence.enabled -}}
apiVersion: extensions/v1beta1
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ .Values.elasticsearch.persistence.claim }}
annotations:
{{- if .Values.persistence.retain }}
volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain"
{{- else }}
volume.beta.kubernetes.io/storage-class: "nfs-provisioner"
{{- end }}
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: {{ .Values.elasticsearch.persistence.size }}
{{- end }}

19
molgenis/templates/persistence/molgenisPVC.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if .Values.persistence.enabled -}}
apiVersion: extensions/v1beta1
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ .Values.molgenis.persistence.claim }}
annotations:
{{- if .Values.persistence.retain }}
volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain"
{{- else }}
volume.beta.kubernetes.io/storage-class: "nfs-provisioner"
{{- end }}
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: {{ .Values.molgenis.persistence.size }}
{{- end }}

21
molgenis/templates/persistence/postgresPVC.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- if .Values.molgenis.services.postgres.embedded }}
{{- if .Values.persistence.enabled }}
apiVersion: extensions/v1beta1
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ .Values.postgres.persistence.claim }}
annotations:
{{- if .Values.persistence.retain }}
volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain"
{{- else }}
volume.beta.kubernetes.io/storage-class: "nfs-provisioner"
{{- end }}
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: {{ .Values.postgres.persistence.size }}
{{- end }}
{{- end }}

12
molgenis-preview/templates/service.yaml → molgenis/templates/service.yaml
View File

@ -9,6 +9,18 @@ metadata:
heritage: {{ .Release.Service }}
spec:
type: {{ .Values.service.type }}
{{- if .Values.service.firewall.enabled }}
loadBalancerSourceRanges:
{{- if .Values.service.firewall.kind eq "umcg" }}
{{- range $index, $rule := .Values.service.firewall.umcg.rules }}
- {{ $rule }}
{{- end }}
{{- else }}
{{- range $index, $rule := .Values.service.firewall.cluster.rules }}
- {{ $rule }}
{{- end }}
{{- end }}
{{- end }}
ports:
- name: molgenis
port: {{ .Values.service.port }}

103
molgenis/values.yaml Normal file
View File

@ -0,0 +1,103 @@
# Default values for molgenis.
replicaCount: 1
service:
type: LoadBalancer
firewall:
enabled: false
kind: "umcg"
umcg:
rules:
- 127.0.0.1/32
cluster:
rules:
- 127.0.0.1/32
port: 8080
ingress:
enabled: true
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
path: /
hosts:
- name: test.molgenis.org
tls: []
molgenis:
image:
repository: registry.hub.docker.com
name: molgenis/molgenis-app
tag: stable
pullPolicy: Always
adminPassword:
javaOpts:
maxHeapSpace: "1g"
resources:
limits:
cpu: 1
memory: 1250Mi
requests:
cpu: 200m
memory: 1250Mi
persistence:
claim: molgenis-nfs-claim
size: 5Gi
services:
opencpu:
host: localhost
elasticsearch:
transportAddresses: localhost:9300
clusterName: molgenis
postgres:
embedded: false
host: localhost
scheme: molgenis
user: molgenis
password: molgenis
elasticsearch:
image:
repository: docker.elastic.co/elasticsearch/elasticsearch
tag: 5.5.3
pullPolicy: IfNotPresent
javaOpts: "-Xms1g -Xmx1g"
clusterName: molgenis
resources:
limits:
cpu: 2
memory: 3Gi
requests:
cpu: 100m
memory: 1Gi
persistence:
claim: elasticsearch-nfs-claim
size: 5Gi
postgres:
image:
repository: postgres
tag: 9.6-alpine
pullPolicy: IfNotPresent
resources:
limits:
cpu: 1
memory: 250Mi
requests:
cpu: 100m
memory: 250Mi
persistence:
claim: postgres-nfs-claim
size: 5Gi
persistence:
enabled: true
retain: false
nodeSelector: {
deployPod: "true"
}
tolerations: []
affinity: {}