fix (jenkins) Fix skip verify value in vault secret

The new pod has label molgenisv2, the legacy one is still labeled molgenis so existing scripts will keep working.

README.md

@@ -1,25 +1,139 @@
 # MOLGENIS Helm templates
 
+These are the Helm templates that we will use for MOLGENIS operations. Basic concepts in respect to docker you need to know.
 
-## Useful commands for Kubernetes
+**Deployments**
 
-- kubectl get pods
+Are a set of pods that will be deployed according to configuration that is usually managed bij Helm. These pods interact with eachother by being in the same namespace created by kubernetes according to the deployment configuration. 
+
+**Pods**
+
+A pod is wrapper around a container. It will recreate the container when it is shutdown for some reason and interact with other pods when needed.
+
+**Containers**
+
+A container is a docker-container that is created from a docker image. It could be seen as an VM for example
+
+**Images**
+
+An image is a template for a container some sort of boot script but also contains the os for example. A build dockerfile, if you will.
+
+**Prerequisites**
+
+There are some prerequisites you need.
+
+- docker
+- minikube
+ 
+## Kubernetes
+
+When you want to use kubernetes there are some commands you need to know. Also running on a remote cluster will be a must have to control your whole DTAP.
+
+### Useful commands
+
+Commands that can be used to get information from a kubernetes cluster
+
+**Pods**
+
+- ```kubectl get pods (optional: [--all-namspaces])```
+  
   Gets alls running instances of containers from a certain deployment
-- kubectl get services
+
+- ```kubectl describe pod #pod name# --namespace=#namesspace#```
+
+  Describes the pod initialization, also displays error messages more accurately if they occur
+
+- ```kubectl remove pod #pod name# --namespace=#namespace# (optional: [--force] [--grace-period=0])```
+
+  Removes a pod from the system (but will restart if the option is set in the deployment,yaml *[see note]*). 
+  
+  **note:** You can not do this while the deployment of the service is still there
+
+**Services**
+
+- ```kubectl get services```
+
   Gets all services from a deployment
-- kubectl get pv
+
+**Volumes**
+  
+- ```kubectl get pv```
+  
   Gets all persistant volumes
-- kubectl get pvc
+- ```kubectl get pvc```
+  
   Gets all persistent volume claims
-- kubectl get deployments
+
+**Deployments**
+
+- ```kubectl get deployments```
+  
   Gets all deployments (comparable with docker-compose)
+    
 
-## Useful commands for Helm
+## Remote clusters
 
-- helm install .
+When you want to see what is running on the clusters at the CIT you have to make a context switch.
+You can access the cluster with kubeconfig-files. You can obtain these by downloading them from the 
+MOLGENIS kubernetes cluster.
+
+- Go to https://rancher.molgenis.org:7777 and login
+- Go to Rancher --> Cluster: *#name#* --> *Kubeconfig File*
+- Go to a **Terminal** where ```kubectl``` is available
+- Add this configuration to ~/.kube/config (or place a new file besides this one)
+  
+  *Example*: 
+```bash
+# When you added the MOLGENIS configuration to the original configuration
+kubectl config use-context molgenis
+
+# or when you placed the MOLGENIS configuration besides the original one
+kubectl config use-context molgenis --kubeconfig=*full path to molgenis config*
+```
+- You can now access all facilities of the MOLGENIS cluster like it is running locally
+  
+  *Example:*
+```bash
+kubectl get pods --namespace=*#namespace of application#*
+```
+
+## Helm
+
+This repository is serves also as a catalogue for Rancher. We have serveral apps that are served through this repoistory. e.g.
+
+- [Jenkins](molgenis-jenkins/README.md)
+- [NEXUS](molgenis-nexus/README.md)
+- [HTTPD](molgenis-httpd/README.md)
+- [MOLNIGES preview](molgenis-preview/README.md)
+
+### Useful commands
+You can you need to know to easily develop and deploy helm-charts
+
+- ```helm lint .```
+
+  To test your helm chart for code errors.
+
+- ```helm install . --dry-run --debug```
+
+  Check if your configuration deploys on a kubernetes cluster and check the configuration
+
+- ```helm install . #release name# --namespace #remote namespace#```
+  
   Do it in the root of the project where the Chart.yaml is located
   It installs a release of a kubernetes stack. You also store this as an artifact in a kubernetes repository
-- helm list
+- ```helm list```
+  
   Lists all installed releases
-- helm delete #release#
-  Performs a sort of mvn clean on your workspace. Very handy for zombie persistent volumes or claims.
+- ```helm delete #release#```
+  
+  Performs a sort of mvn clean on your workspace. Very handy for zombie persistent volumes or claims.
+
+- ```install tiller on remote cluster```
+
+  To install tiller on a remote cluster you need an rbac-config.yml.
+  ```kubectl create -f rbac-config.yaml```
+
+  When you have defined the yaml you can add the tiller to the cluster by following the steps below.
+  ```helm init --service-account tiller```  
+  
+  

httpd/v0.1.0/Chart.yaml

@@ -1,5 +0,0 @@
-apiVersion: v1
-appVersion: "1.0"
-description: A Helm chart for Kubernetes
-name: httpd
-version: 0.1.1

httpd/v0.1.0/questions.yml

@@ -1,71 +0,0 @@
-categories:
-- MOLGENIS
-questions:
-- variable: molgenisUsername
-  default: "molgenis"
-  description: "User of the application"
-  type: string
-  required: true
-  label: MOLGENIS username
-  group: "MOLGENIS Settings"
-- variable: molgenisEmail
-  default: "admin@molgenis.org"
-  description: "Admin email"
-  type: string
-  required: true
-  label: MOLGENIS admin email
-  group: "MOLGENIS Settings"
-- variable: persistence.enabled
-  default: "false"
-  description: "Enable persistent volume for MOLGENIS"
-  type: boolean
-  required: true
-  label: MOLGENIS Persistent Volume Enabled
-  show_subquestion_if: true
-  group: "MOLGENIS Settings"
-  subquestions:
-  - variable: persistence.size
-    default: "10Gi"
-    description: "Persistent Volume Size"
-    type: string
-    label: MOLGENIS Volume Size
-  - variable: persistence.storageClass
-    default: ""
-    description: "If undefined or null, uses the default StorageClass. Default to null"
-    type: storageclass
-    label: Default StorageClass for MOLGENIS
-- variable: ingress.enabled
-  default: "true"
-  description: "Expose app using Layer 7 Load Balancer - ingress"
-  type: boolean
-  label: Expose app using Layer 7 Load Balancer
-  show_subquestion_if: true
-  group: "Services and Load Balancing"
-  subquestions:
-  - variable: ingress.hosts[0].name
-    default: "test.molgenis.org"
-    description: "Hostname for your stack"
-    type: hostname
-    required: true
-    label: Hostname
-- variable: httpd.hostname
-  default: "test.molgenis.org"
-  description: "Hostname for your services (comma separated, example: [hostname]:[port])"
-  type: string
-  required: false
-  group: "Apache configuration"
-  label: Hostname
-- variable: httpd.proxy
-  default: ""
-  description: "Proxy for your services (comma separated, example: [service]:[port]:[path])"
-  type: string
-  required: false
-  group: "Apache configuration"
-  label: Proxy
-- variable: httpd.redirect
-  default: ""
-  description: "Redirection urls for your services (comma separated, example: [redirection_url])"
-  type: string
-  required: false
-  group: "Apache configuration"
-  label: Redirection

jenkins/v1.0.0/Chart.yaml

@@ -1,6 +0,0 @@
-apiVersion: v1
-appVersion: "1.0"
-description: Jenkins stack for MOLGENIS
-name: jenkins
-version: 0.1.0
-icon: https://github.com/sidohaakma/molgenis-docker-helm/blob/master/jenkins/catalogicon-molgenis-jenkins.svg

jenkins/v1.0.0/templates/deployment/jenkins-agent-deployment.yaml

@@ -1,39 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  annotations:
-    kompose.cmd: kompose convert
-    kompose.version: 1.13.0 ()
-  creationTimestamp: null
-  labels:
-    io.kompose.service: jenkins-agent-worker
-  name: jenkins-agent-worker
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        io.kompose.service: jenkins-agent-worker
-    spec:
-      containers:
-      - env:
-        - name: JENKINS_SLAVE_SSH_PUBKEY
-          value: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6+L3I5Dh1oKCxRktAhKwX20vQq5+hp40D2HCN+JSOT1WmiZOKQQ2U73HyRlukXV1MJGn6NM0pZS1W12IiAiSeu6xl+YFlEJykRK+9NnpSGwTMXXirCmCyWAlMUb6pcXmCqa1Pk1HqiUUfvflkvFHNT+26LBNXj0LbrT6KFd0xhm/KH9gMTKnYoBQqezE7D5jjPki5lKAfBL7IQkwgs5wFdaQicRYAUsuI7gV6EsDgVmLmF6f2d8+/AJ0fwYIFpzaYqQfgrpilMCvHXcuskpHj2RtJFMiPZ4WZSMZ3sMTD0MmZxdNU32qc/TR7mILHEB9/10EzmE4F7X1NdWYeJqK5VKH8RfwLHtiFDPPoqttc2AuaMrSPiRJxtww0oLsEN3toE9qauXpVcJUgaxpj0hE7UQP026Et3LZDQCD8w+3VPVUCfGHy7LTZdPzxDYuWmSMGF/VjYYKbv3WgPEVomRdB1TlaSEb8JfnHI1CVo4C+dImwxppVRbiAkjK/D+TnTavgx+zl85Fo1oNO49kjg9Avp2sOoHBSCBk6ceywIdvvaIzQSxQZfj3PbSWRg+ywJMS8tM6m6riEQola8EmHA7pP/Aj70453ip08MUnz1vsM/e396nqdw55KhR5dPEPHrfqmONMgr6IUa+6zyeWBQ7LTpkWztQ4lQcPl48jRE0ijTQ==
-            sido@client-145-100-225-240.surfnet.eduroam.rug.nl
-        image: registry.molgenis.org/molgenis-ops-releases/jenkins-agent-worker:lts
-        name: jenkins-agent-worker
-        ports:
-        - containerPort: 22
-        resources: {}
-        volumeMounts:
-        - mountPath: /var/run/docker.sock
-          name: jenkins-agent-worker-claim
-      restartPolicy: Always
-      volumes:
-      - name: jenkins-agent-worker-claim
-        persistentVolumeClaim:
-          claimName: jenkins-agent-worker-claim
-status: {}

jenkins/v1.0.0/templates/deployment/jenkins-master-deployment.yaml

@@ -1,40 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  annotations:
-    kompose.cmd: kompose convert
-    kompose.version: 1.13.0 ()
-  creationTimestamp: null
-  labels:
-    io.kompose.service: jenkins-master
-  name: jenkins-master
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        io.kompose.service: jenkins-master
-    spec:
-      containers:
-      - env:
-        - name: JENKINS_ADMIN_PASS
-        - name: JENKINS_ADMIN_USER
-        image: registry.molgenis.org/molgenis-ops-releases/jenkins-master:lts
-        name: jenkins-master
-        ports:
-        - containerPort: 8080
-        resources: {}
-        volumeMounts:
-        - mountPath: /var/jenkins-home
-          name: jenkins-master-claim
-        - mountPath: /var/run/docker.sock
-          name: jenkins-master-claim
-      restartPolicy: Always
-      volumes:
-      - name: jenkins-master-claim
-        persistentVolumeClaim:
-          claimName: jenkins-master-claim
-status: {}

jenkins/v1.0.0/templates/ingress.yaml

@@ -1,12 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: ingress-${SERVICE}
-spec:
-  rules:
-  - host: ${SITENAME}
-    http:
-      paths:
-      - backend:
-          serviceName: ${SERVICE}
-          servicePort: 80

jenkins/v1.0.0/templates/services/jenkins-agent-service.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  annotations:
-    kompose.cmd: kompose convert
-    kompose.version: 1.13.0 ()
-  creationTimestamp: null
-  labels:
-    io.kompose.service: jenkins-agent-worker
-  name: jenkins-agent-worker
-spec:
-  ports:
-  - name: "22"
-    port: 22
-    targetPort: 22
-  selector:
-    io.kompose.service: jenkins-agent-worker
-status:
-  loadBalancer: {}

jenkins/v1.0.0/templates/services/jenkins-master-service.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  annotations:
-    kompose.cmd: kompose convert
-    kompose.version: 1.13.0 ()
-  creationTimestamp: null
-  labels:
-    io.kompose.service: jenkins-master
-  name: jenkins-master
-spec:
-  ports:
-  - name: "8080"
-    port: 8080
-    targetPort: 8080
-  selector:
-    io.kompose.service: jenkins-master
-status:
-  loadBalancer: {}

jenkins/v1.0.0/templates/volumes/jenkins-agent-pvc.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  creationTimestamp: null
-  name: jenkins-agent-data
-spec:
-  accessModes:
-  - ReadWriteOnce
-  resources:
-    requests:
-      storage: 100Mi
-status: {}

jenkins/v1.0.0/templates/volumes/jenkins-master-pvc.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  creationTimestamp: null
-  name: jenkins-master-data
-spec:
-  accessModes:
-  - ReadWriteOnce
-  resources:
-    requests:
-      storage: 100Mi
-status: {}

jenkins/v1.0.0/values.yaml

@@ -1,45 +0,0 @@
-# Default values for jenkins.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-replicaCount: 1
-
-image:
-  repository: registry.molgenis.org/molgenis-ops-releases/jenkins-master:lts
-  tag: lts
-  pullPolicy: Always
-
-service:
-  type: ClusterIP
-  port: 8080
-
-ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  path: /
-  hosts:
-    - registry.molgenis.local
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #  cpu: 100m
-  #  memory: 128Mi
-  # requests:
-  #  cpu: 100m
-  #  memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}

molgenis-httpd/Chart.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+appVersion: "1.0"
+description: HTTPD for MOLGENIS
+name: molgenis-httpd
+version: 0.1.0
+sources:
+- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
+icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-httpd/catalogIcon-molgenis-httpd.svg

molgenis-httpd/README.md

@@ -0,0 +1,15 @@
+# MOLGENIS - HTTPD Helm Chart
+
+HTTPD (web)server for kubernetes to deploy on a kubernetes cluster with NFS-share
+
+## Chart Details
+
+This chart will deploy:
+
+- 1 HTTPD container
+
+## Installing the Chart
+
+etc.
+
+

molgenis-httpd/questions.yml

@@ -0,0 +1,31 @@
+categories:
+- MOLGENIS
+questions:
+- variable: ingress.hosts[0].name
+  default: "test.molgenis.org"
+  description: "Hostname for your stack"
+  type: hostname
+  required: true
+  group: "Services and Load Balancing"
+  label: Hostname
+- variable: httpd.hostname
+  default: "test.molgenis.org"
+  description: "Hostname for your services (comma separated, example: [hostname]:[port])"
+  type: string
+  required: false
+  group: "Apache configuration"
+  label: Hostname
+- variable: httpd.proxy
+  default: ""
+  description: "Proxy for your services (comma separated, example: [service]:[port]:[path])"
+  type: string
+  required: false
+  group: "Apache configuration"
+  label: Proxy
+- variable: httpd.redirect
+  default: ""
+  description: "Redirection urls for your services (comma separated, example: [redirection_url])"
+  type: string
+  required: false
+  group: "Apache configuration"
+  label: Redirection

molgenis-httpd/templates/deployment.yaml

@@ -24,9 +24,8 @@ spec:
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
-            - name: http
-              containerPort: 80
-              protocol: TCP
+            - name: {{ .Values.service.name }}
+              containerPort: {{ .Values.service.port }}
           env:
             - name: SERVER_NAME
               value: "{{ .Values.httpd.hostname }}"

molgenis-httpd/templates/service.yaml

@@ -10,10 +10,9 @@ metadata:
 spec:
   type: {{ .Values.service.type }}
   ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
+  - name: {{ .Values.service.name }}
+    port: {{ .Values.service.port }}
+
   selector:
     app: {{ template "httpd.name" . }}
     release: {{ .Release.Name }}

molgenis-httpd/values.yaml

@@ -7,9 +7,10 @@ replicaCount: 1
 image:
   repository: registry.webhosting.rug.nl/molgenis/httpd
   tag: lts
-  pullPolicy: always
+  pullPolicy: Always
 
 service:
+  name: httpd
   type: ClusterIP
   port: 80
 
@@ -17,18 +18,15 @@ httpd:
   proxy: httpd:80:/
   redirect: redirect.molgenis.local
   hostname: test.molgenis.local
-  volume:
-    username: molgenis
-    email: admin@molgenis.org
 
 ingress:
-  enabled: false
+  enabled: true
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
   path: /
   hosts:
-    - molgenis.local
+  - name: test.molgenis.org
   tls: []
   #  - secretName: chart-example-tls
   #    hosts:

molgenis-jenkins/Chart.yaml

@@ -0,0 +1,8 @@
+name: molgenis-jenkins
+home: https://jenkins.io/
+version: 0.7.0
+appVersion: 2.121
+description: Molgenis installation for the jenkins chart.
+sources:
+- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
+icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-jenkins/catalogIcon-molgenis-jenkins.svg

molgenis-jenkins/README.md

@@ -0,0 +1,106 @@
+# Molgenis Jenkins Helm Chart
+
+Jenkins master and slave cluster utilizing the Jenkins Kubernetes plugin.
+Wraps [the kuberenetes jenkins chart](https://github.com/kubernetes/charts/tree/master/stable/jenkins), see documentation there!
+
+## Chart Details
+
+This chart will do the following:
+
+* 1 x Jenkins Master with port 8080 exposed on an external ClusterIP
+* All using Kubernetes Deployments
+
+## Installing the Chart
+
+Usually, you'll be deploying this to the molgenis cluster.
+In the [Rancher Catalog](https://rancher.molgenis.org:7443/g/catalog), add the latest version of this repository.
+In the [molgenis cluster management page](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/apps), choose the 
+catalog, pick the molgenis-jenkins app from the catalog and deploy it.
+
+## Configuration
+
+When deploying, you can paste values into the Rancher Answers to override the defaults in this chart.
+Array values can be added as {value, value, value}.
+```
+jenkins.Master.HostName=jenkins.molgenis.org
+jenkins.Master.AdminPassword=pa$$word
+jenkins.Persistence.Enabled=false
+jenkins.Master.InstallPlugins={kubernetes:1.8.4, workflow-aggregator:2.5, workflow-job:2.21, credentials-binding:1.16, git:3.9.1, blueocean:1.6.2, github-oauth:0.29}
+jenkins.Master.Security.UseGitHub=false
+## if UseGitHub=true
+jenkins.Master.Security.GitHub.ClientID=id
+jenkins.Master.Security.GitHub.ClientSecret=S3cr3t
+## end UseGitHub=true
+PipelineSecrets.Env.PGPPassphrase=literal:S3cr3t
+```
+
+You can use [all configuration values of the jenkins subchart](https://github.com/kubernetes/charts/tree/master/stable/jenkins).
+> Because we use jenkins as a sub-chart, you should prefix all value keys with `jenkins`!
+
+### GitHub Authentication delegation
+You need to setup a MOLGENIS - Jenkins GitHub OAuth App. You can do this by accessing this url: [add new OAuth app](https://github.com/settings/applications/new).
+
+### Additional configuration
+There is one additional group of configuration items specific for this chart, so not prefixed with `jenkins`:
+
+* PipelineSecrets
+
+   When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins and mounted in the jenkins 
+   build pods. The secrets, like the rest of the deployment, is namespaced so multiple instances can run beside
+   each other with their own secrets.
+
+   You can override the values at deploy time but otherwise also configure them 
+   [in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
+
+*  Vault
+
+   New vault token to be used by the pods to retrieve their tokens from the vault.
+   
+   | Parameter                         | Description                                | Default                                       |
+   | ----------------------------------|--------------------------------------------|-----------------------------------------------|
+   | `PipelineSecrets.Vault.Replace`   | Replace the molgenis-pipeline-vault secret |`true`                                         |
+   | `PipelineSecrets.Vault.Token`     | Token to log into the hashicorp vault      |`xxxx`                                         |
+   | `PipelineSecrets.Vault.Addr`      | Address of the vault                       |`https:vault-operator.vault-operator.svc:8200` |
+   | `PipelineSecrets.Vault.skipVerify`| Skip verification of the https connection  |`1`                                            |
+
+*  Env
+   
+   Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
+   in the slave pods.
+
+   | Parameter                              | Description                               | Default         |
+   | -------------------------------------- | ----------------------------------------- | --------------- |
+   | `PipelineSecrets.Env.Replace`          | Replace molgenis-pipeline-env secret      | `true`          |
+   | `PipelineSecrets.Env.PGPPassphrase`    | passphrase for the pgp signing key        | `literal:xxxx`  |
+   | `PipelineSecrets.Env.CodecovToken`     | token for codecov.io                      | `xxxx`          |
+   | `PipelineSecrets.Env.GitHubToken`      | token for GH molgenis-jenkins user        | `xxxx`          |
+   | `PipelineSecrets.Env.NexusPassword`    | token for molgenis-jenkins user in NEXUS  | `xxxx`          |
+   | `PipelineSecrets.Env.DockerHubPassword`| token for molgenis user in hub.docker.com | `xxxx`          |
+   | `PipelineSecrets.Env.SonarToken`       | token for sonarcloud.io                   | `xxxx`          |
+   | `PipelineSecrets.Env.NpmToken`         | token for npmjs.org                       | `xxxx`          | 
+   | `PipelineSecrets.Env.SauceAccessKey`   | token for saucelabs.com                   | `xxxx`          |
+
+* File
+
+  Environment variables stored in molgenis-pipeline-file secret, to be mounted as files
+  in the `/root/.m2` directory of the slave pods.
+  > The settings.xml file references the 
+
+  | Parameter                              | Description                           | Default                                                                         |
+  | -------------------------------------- | ------------------------------------- | ------------------------------------------------------------------------------- |
+  | `PipelineSecrets.File.Replace`         | Replace molgenis-pipeline-file secret | `true`                                                                          |
+  | `PipelineSecrets.File.PGPPrivateKeyAsc`| pgp signing key in ascii form         | `-----BEGIN PGP PRIVATE KEY BLOCK-----xxxxx-----END PGP PRIVATE KEY BLOCK-----` |
+  | `PipelineSecrets.File.MavenSettingsXML`| Maven settings.xml file               | `<settings>[...]</settings>` (see actual [values.yaml](values.yaml))            |
+
+## Command line use
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart.
+For example,
+
+```bash
+$ helm install --name jenkins -f values.yaml molgenis-jenkins
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)
+

molgenis-jenkins/requirements.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: jenkins
+  repository: https://kubernetes-charts.storage.googleapis.com/
+  version: 0.16.4
+digest: sha256:39f694515489598fa545c9a5a4f1347749e8f2a8d7fae6ccae3e2acae1564685
+generated: 2018-06-27T14:36:23.172954738+02:00

molgenis-jenkins/requirements.yaml

@@ -0,0 +1,4 @@
+dependencies:
+  - name: jenkins
+    version: ^0.16
+    repository: https://kubernetes-charts.storage.googleapis.com/

molgenis-jenkins/templates/config.tpl

@@ -0,0 +1,280 @@
+{{- define "override_config_map" }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "jenkins.fullname" . }}
+data:
+  config.xml: |-
+    <?xml version='1.0' encoding='UTF-8'?>
+    <hudson>
+      <disabledAdministrativeMonitors/>
+      <version>{{ .Values.Master.ImageTag }}</version>
+      <numExecutors>0</numExecutors>
+      <mode>NORMAL</mode>
+      <useSecurity>{{ .Values.Master.UseSecurity }}</useSecurity>
+      <authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
+        <denyAnonymousReadAccess>true</denyAnonymousReadAccess>
+      </authorizationStrategy>
+{{- if .Values.Master.Security.UseGitHub }}
+      <securityRealm class="org.jenkinsci.plugins.GithubSecurityRealm">
+        <githubWebUri>https://github.com</githubWebUri>
+        <githubApiUri>https://api.github.com</githubApiUri>
+        <clientID>{{ .Values.Master.Security.GitHub.ClientID }}</clientID>
+        <clientSecret>{{ .Values.Master.Security.GitHub.ClientSecret }}</clientSecret>
+        <oauthScopes>read:org,user:email</oauthScopes>
+      </securityRealm>
+{{- else }}
+      <securityRealm class="hudson.security.LegacySecurityRealm"/>
+{{- end }}
+      <disableRememberMe>false</disableRememberMe>
+      <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
+      <workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULLNAME}</workspaceDir>
+      <buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
+      <markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
+      <jdks/>
+      <clouds>
+        <org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud plugin="kubernetes@{{ template "jenkins.kubernetes-version" . }}">
+          <name>kubernetes</name>
+          <templates>
+{{- range $podName, $pod := .Values.Pods }}
+            <org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
+              <inheritFrom>{{ $pod.InheritFrom | default "" }}</inheritFrom>
+              <name>{{ $podName }}</name>
+              <instanceCap>2147483647</instanceCap>
+              <idleMinutes>0</idleMinutes>
+              <label>{{ .Label }}</label>
+              <nodeSelector>
+                {{- $local := dict "first" true }}
+                {{- range $key, $value := .NodeSelector }}
+                  {{- if not $local.first }},{{- end }}
+                  {{- $key }}={{ $value }}
+                  {{- $_ := set $local "first" false }}
+                {{- end }}</nodeSelector>
+                <nodeUsageMode>{{ .NodeUsageMode }}</nodeUsageMode>
+              <volumes>
+{{- range $index, $volume := .volumes }}
+                <org.csanchez.jenkins.plugins.kubernetes.volumes.{{ .type }}Volume>
+{{- range $key, $value := $volume }}{{- if not (eq $key "type") }}
+                  <{{ $key }}>{{ $value }}</{{ $key }}>
+{{- end }}{{- end }}
+                </org.csanchez.jenkins.plugins.kubernetes.volumes.{{ .type }}Volume>
+{{- end }}
+              </volumes>
+              <containers>
+{{- range $containerName, $container := .Containers }}
+                <org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
+                  <name>{{ $containerName }}</name>
+                  <image>{{ .Image }}:{{ .ImageTag | default "latest" }}</image>
+                  <ports>
+{{- range $index, $envVar := .Ports }}
+                    <org.csanchez.jenkins.plugins.kubernetes.PortMapping>
+                      <name>{{ .name }}</name>
+                      <containerPort>{{ .containerPort }}</containerPort>
+                      <hostPort>{{ .hostPort }}</hostPort>
+                    </org.csanchez.jenkins.plugins.kubernetes.PortMapping>
+{{- end }}
+                  </ports>
+{{- if .Privileged }}
+                  <privileged>true</privileged>
+{{- else }}
+                  <privileged>false</privileged>
+{{- end }}
+{{- if .AlwaysPullImage }}
+                  <alwaysPullImage>true</alwaysPullImage>
+{{- else }}
+                  <alwaysPullImage>false</alwaysPullImage>
+{{- end }}
+                  <workingDir>{{ .WorkingDir | default "" }}</workingDir>
+                  <command>{{ .Command | default "" }}</command>
+                  <args>{{ .Args | default "" }}</args>
+{{- if .TTY }}
+                  <ttyEnabled>true</ttyEnabled>
+{{- else }}
+                  <ttyEnabled>false</ttyEnabled>
+{{- end }}
+                  <envVars>
+{{- range $index, $envVar := .EnvVars }}
+                    <org.csanchez.jenkins.plugins.kubernetes.model.{{ .type }}EnvVar>
+{{- range $key, $value := $envVar }}{{- if not (eq $key "type") }}
+                      <{{ $key }}>{{ $value }}</{{ $key }}>
+{{- end }}{{- end }}
+                    </org.csanchez.jenkins.plugins.kubernetes.model.{{ .type }}EnvVar>
+{{- end }}
+                  </envVars>
+{{- if .resources }}
+{{- if .resources.requests }}
+                  <resourceRequestCpu>{{ .resources.requests.cpu | default "" }}</resourceRequestCpu>
+                  <resourceRequestMemory>{{ .resources.requests.memory | default "" }}</resourceRequestMemory>
+{{- end }}
+{{- if .resources.limits }}
+                  <resourceLimitCpu>{{ .resources.limits.cpu | default "" }}</resourceLimitCpu>
+                  <resourceLimitMemory>{{ .resources.limits.memory | default "" }}</resourceLimitMemory>
+{{- end }}
+{{- end }}
+                </org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
+{{- end }}
+              </containers>
+              <envVars>
+                  <org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar>
+                    <key>JENKINS_URL</key>
+                    <value>http://{{ template "jenkins.fullname" $ }}:{{$.Values.Master.ServicePort}}{{ default "" $.Values.Master.JenkinsUriPrefix }}</value>
+                  </org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar>
+{{- range $index, $envVar := .EnvVars }}
+                <org.csanchez.jenkins.plugins.kubernetes.model.{{ .type }}EnvVar>
+{{- range $key, $value := $envVar }}{{- if not (eq $key "type") }}
+                  <{{ $key }}>{{ $value }}</{{ $key }}>
+{{- end }}{{- end }}
+                </org.csanchez.jenkins.plugins.kubernetes.model.{{ .type }}EnvVar>
+{{- end }}
+              </envVars>
+              <annotations/>
+{{- if .ImagePullSecret }}
+              <imagePullSecrets>
+                <org.csanchez.jenkins.plugins.kubernetes.PodImagePullSecret>
+                  <name>{{ .ImagePullSecret }}</name>
+                </org.csanchez.jenkins.plugins.kubernetes.PodImagePullSecret>
+              </imagePullSecrets>
+{{- else }}
+              <imagePullSecrets/>
+{{- end }}
+              <nodeProperties/>
+            </org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
+{{- end }}
+          </templates>
+          <serverUrl>https://kubernetes.default</serverUrl>
+          <skipTlsVerify>false</skipTlsVerify>
+          <namespace>{{ .Release.Namespace }}</namespace>
+          <jenkinsUrl>http://{{ template "jenkins.fullname" . }}:{{.Values.Master.ServicePort}}{{ default "" .Values.Master.JenkinsUriPrefix }}</jenkinsUrl>
+          <jenkinsTunnel>{{ template "jenkins.fullname" . }}-agent:50000</jenkinsTunnel>
+          <containerCap>50</containerCap>
+          <retentionTimeout>5</retentionTimeout>
+          <connectTimeout>0</connectTimeout>
+          <readTimeout>0</readTimeout>
+        </org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud>
+      </clouds>
+      <views>
+        <hudson.model.AllView>
+          <owner class="hudson" reference="../../.."/>
+          <name>all</name>
+          <filterExecutors>false</filterExecutors>
+          <filterQueue>false</filterQueue>
+          <properties class="hudson.model.View$PropertyList"/>
+        </hudson.model.AllView>
+{{- range $viewName, $view := .Values.Master.Views }}
+        <listView>
+          <owner class="hudson" reference="../../.."/>
+          <name>{{ $viewName }}</name>
+          <filterExecutors>false</filterExecutors>
+          <filterQueue>false</filterQueue>
+          <properties class="hudson.model.View$PropertyList"/>
+          <jobNames>
+             <comparator class="hudson.util.CaseInsensitiveComparator" reference="../../../listView/jobNames/comparator"/>
+{{- range $index, $job := $view }}
+             <string>{{ $job }}</string>
+{{- end }}
+          </jobNames>
+          <jobFilters/>
+          <columns>
+            <hudson.views.StatusColumn/>
+            <hudson.views.WeatherColumn/>
+            <hudson.views.JobColumn/>
+            <hudson.views.LastSuccessColumn/>
+            <hudson.views.LastFailureColumn/>
+            <hudson.views.LastDurationColumn/>
+            <hudson.views.BuildButtonColumn/>
+            <hudson.plugins.favorite.column.FavoriteColumn plugin="favorite@2.3.2"/>
+          </columns>
+          <recurse>false</recurse>
+        </listView>
+{{- end }}
+      </views>
+      <primaryView>{{ .Values.Master.DefaultView }}</primaryView>
+      <quietPeriod>5</quietPeriod>
+      <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
+      <slaveAgentPort>50000</slaveAgentPort>
+      <disabledAgentProtocols>
+{{- range .Values.Master.DisabledAgentProtocols }}
+        <string>{{ . }}</string>
+{{- end }}
+      </disabledAgentProtocols>
+      <label></label>
+{{- if .Values.Master.CSRF.DefaultCrumbIssuer.Enabled }}
+      <crumbIssuer class="hudson.security.csrf.DefaultCrumbIssuer">
+{{- if .Values.Master.CSRF.DefaultCrumbIssuer.ProxyCompatability }}
+        <excludeClientIPFromCrumb>true</excludeClientIPFromCrumb>
+{{- end }}
+      </crumbIssuer>
+{{- end }}
+      <nodeProperties/>
+      <globalNodeProperties/>
+      <noUsageStatistics>true</noUsageStatistics>
+    </hudson>
+{{- if .Values.Master.ScriptApproval }}
+  scriptapproval.xml: |-
+    <?xml version='1.0' encoding='UTF-8'?>
+    <scriptApproval plugin="script-security@1.27">
+      <approvedScriptHashes/>
+      <approvedSignatures>
+{{- range $key, $val := .Values.Master.ScriptApproval }}
+        <string>{{ $val }}</string>
+{{- end }}
+      </approvedSignatures>
+      <aclApprovedSignatures/>
+      <approvedClasspathEntries/>
+      <pendingScripts/>
+      <pendingSignatures/>
+      <pendingClasspathEntries/>
+    </scriptApproval>
+{{- end }}
+  jenkins.CLI.xml: |-
+    <?xml version='1.1' encoding='UTF-8'?>
+    <jenkins.CLI>
+{{- if .Values.Master.CLI }}
+      <enabled>true</enabled>
+{{- else }}
+      <enabled>false</enabled>
+{{- end }}
+    </jenkins.CLI>
+  apply_config.sh: |-
+    mkdir -p /usr/share/jenkins/ref/secrets/;
+    echo "false" > /usr/share/jenkins/ref/secrets/slave-to-master-security-kill-switch;
+    cp -n /var/jenkins_config/config.xml /var/jenkins_home;
+    cp -n /var/jenkins_config/jenkins.CLI.xml /var/jenkins_home;
+{{- if .Values.Master.InstallPlugins }}
+    # Install missing plugins
+    cp /var/jenkins_config/plugins.txt /var/jenkins_home;
+    rm -rf /usr/share/jenkins/ref/plugins/*.lock
+    /usr/local/bin/install-plugins.sh `echo $(cat /var/jenkins_home/plugins.txt)`;
+    # Copy plugins to shared volume
+    cp -n /usr/share/jenkins/ref/plugins/* /var/jenkins_plugins;
+{{- end }}
+{{- if .Values.Master.ScriptApproval }}
+    cp -n /var/jenkins_config/scriptapproval.xml /var/jenkins_home/scriptApproval.xml;
+{{- end }}
+{{- if .Values.Master.InitScripts }}
+    mkdir -p /var/jenkins_home/init.groovy.d/;
+    cp -n /var/jenkins_config/*.groovy /var/jenkins_home/init.groovy.d/
+{{- end }}
+{{- if .Values.Master.CredentialsXmlSecret }}
+    cp -n /var/jenkins_credentials/credentials.xml /var/jenkins_home;
+{{- end }}
+{{- if .Values.Master.SecretsFilesSecret }}
+    cp -n /var/jenkins_secrets/* /usr/share/jenkins/ref/secrets;
+{{- end }}
+{{- if .Values.Master.Jobs }}
+    for job in $(ls /var/jenkins_jobs); do
+      mkdir -p /var/jenkins_home/jobs/$job
+      cp -n /var/jenkins_jobs/$job /var/jenkins_home/jobs/$job/config.xml
+    done
+{{- end }}
+{{- range $key, $val := .Values.Master.InitScripts }}
+  init{{ $key }}.groovy: |-
+{{ $val | indent 4 }}
+{{- end }}
+  plugins.txt: |-
+{{- if .Values.Master.InstallPlugins }}
+{{- range $index, $val := .Values.Master.InstallPlugins }}
+{{ $val | indent 4 }}
+{{- end }}
+{{- end }}
+{{- end }}

molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+# this is the jenkins id.
+  name: "molgenis-jenkins-dockerhub-secret"
+  labels:
+# so we know what type it is.
+    "jenkins.io/credentials-type": "usernamePassword"
+  annotations: {
+# description - can not be a label as spaces are not allowed
+    "jenkins.io/credentials-description" : "user to authenticate against Docker Hub (hub.docker.com)"
+  }
+type: Opaque
+data:
+  username: {{ "molgenisci" | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.DockerHubPassword | b64enc | quote }}

molgenis-jenkins/templates/molgenis-jenkins-github-secret.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+# this is the jenkins id.
+  name: "molgenis-jenkins-github-secret"
+  labels:
+# so we know what type it is.
+    "jenkins.io/credentials-type": "usernamePassword"
+  annotations: {
+# description - can not be a label as spaces are not allowed
+    "jenkins.io/credentials-description" : "oauth token for the molgenis-jenkins github user"
+  }
+type: Opaque
+data:
+  username: {{ "molgenis-jenkins" | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.GitHubToken | b64enc | quote }}

molgenis-jenkins/templates/molgenis-jenkins-gogs-secret.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+# this is the jenkins id.
+  name: "molgenis-jenkins-gogs-secret"
+  labels:
+# so we know what type it is.
+    "jenkins.io/credentials-type": "usernamePassword"
+  annotations: {
+# description - can not be a label as spaces are not allowed
+    "jenkins.io/credentials-description" : "user to authenticate against GOGS (git.webhosting.rug.nl)"
+  }
+type: Opaque
+data:
+  username: {{ "p281392" | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.GogsToken | b64enc | quote }}

molgenis-jenkins/templates/molgenis-jenkins-nexus-secret.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+# this is the jenkins id.
+  name: "molgenis-jenkins-nexus-secret"
+  labels:
+# so we know what type it is.
+    "jenkins.io/credentials-type": "usernamePassword"
+  annotations: {
+# description - can not be a label as spaces are not allowed
+    "jenkins.io/credentials-description" : "user to authenticate against NEXUS"
+  }
+type: Opaque
+data:
+  username: {{ "admin" | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.NexusPassword | b64enc | quote }}

molgenis-jenkins/templates/molgenis-jenkins-saucelabs-secret.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+# this is the jenkins id.
+  name: "molgenis-jenkins-saucelabs-secret"
+  labels:
+# so we know what type it is.
+    "jenkins.io/credentials-type": "usernamePassword"
+  annotations: {
+# description - can not be a label as spaces are not allowed
+    "jenkins.io/credentials-description" : "user to authenticate against Saucelabs (saucelabs.com)"
+  }
+type: Opaque
+data:
+  username: {{ "molgenis-jenkins" | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.SauceAccessKey | b64enc | quote }}

molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml

@@ -0,0 +1,18 @@
+{{- if .Values.PipelineSecrets.Env.Replace }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: molgenis-pipeline-env-secret
+  labels:
+    app: {{ template "jenkins.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+  pgpPassphrase: {{ .Values.PipelineSecrets.Env.PGPPassphrase | b64enc | quote }}
+  codecovToken: {{ .Values.PipelineSecrets.Env.CodecovToken | b64enc | quote }}
+  githubToken: {{ .Values.PipelineSecrets.Env.GitHubToken | b64enc | quote }}
+  sonarToken: {{ .Values.PipelineSecrets.Env.SonarToken | b64enc | quote }}
+  npmToken: {{ .Values.PipelineSecrets.Env.NpmToken | b64enc | quote }}
+{{- end }}

molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.PipelineSecrets.File.Replace }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: molgenis-pipeline-file-secret
+  labels:
+    app: {{ template "jenkins.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+  key.asc: {{ .Values.PipelineSecrets.File.PGPPrivateKeyAsc | b64enc | quote }}
+  settings.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }}
+{{- end }}

molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml

@@ -0,0 +1,16 @@
+{{- if .Values.PipelineSecrets.Vault.Replace }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: molgenis-pipeline-vault-secret
+  labels:
+    app: {{ template "jenkins.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+  token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }}
+  addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
+  skipVerify: {{ .Values.PipelineSecrets.Vault.SkipVerify | b64enc | quote }}
+{{- end }}

molgenis-jenkins/values.yaml

@@ -0,0 +1,615 @@
+jenkins:
+  Master:
+    HostName: jenkins.molgenis.org
+    ServiceType: ClusterIP
+    InstallPlugins:
+      - kubernetes:1.12.3
+      - workflow-aggregator:2.5
+      - workflow-job:2.24
+      - credentials-binding:1.16
+      - git:3.9.1
+      - github-branch-source:2.3.6
+      - kubernetes-credentials-provider:0.9
+      - blueocean:1.8.2
+      - github-oauth:0.29
+      - gogs-webhook:1.0.14
+    Security:
+      UseGitHub: false
+      GitHub:
+        ClientID: ""
+        ClienSecret: ""
+    DefaultView: dev
+    Views:
+      dev:
+        - molgenis
+      ops:
+        - molgenis-ops-docker-httpd
+        - molgenis-ops-docker-maven
+        - molgenis-ops-docker-node
+        - molgenis-ops-tools
+        - molgenis-ops-tomcat
+    Jobs: |-
+      molgenis: |-
+        <?xml version='1.1' encoding='UTF-8'?>
+        <jenkins.branch.OrganizationFolder plugin="branch-api@2.0.20">
+          <actions/>
+          <description></description>
+          <properties>
+            <org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
+              <dockerLabel></dockerLabel>
+              <registry plugin="docker-commons@1.13"/>
+            </org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
+            <jenkins.branch.NoTriggerOrganizationFolderProperty>
+              <branches>.*</branches>
+            </jenkins.branch.NoTriggerOrganizationFolderProperty>
+          </properties>
+          <folderViews class="jenkins.branch.OrganizationFolderViewHolder">
+            <owner reference="../.."/>
+          </folderViews>
+          <healthMetrics>
+            <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
+              <nonRecursive>false</nonRecursive>
+            </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+          </healthMetrics>
+          <icon class="jenkins.branch.MetadataActionFolderIcon">
+            <owner class="jenkins.branch.OrganizationFolder" reference="../.."/>
+          </icon>
+          <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
+            <pruneDeadBranches>true</pruneDeadBranches>
+            <daysToKeep>-1</daysToKeep>
+            <numToKeep>-1</numToKeep>
+          </orphanedItemStrategy>
+          <triggers>
+            <com.cloudbees.hudson.plugins.folder.computed.PeriodicFolderTrigger plugin="cloudbees-folder@6.5.1">
+              <spec>H H * * *</spec>
+              <interval>86400000</interval>
+            </com.cloudbees.hudson.plugins.folder.computed.PeriodicFolderTrigger>
+          </triggers>
+          <disabled>false</disabled>
+          <navigators>
+            <org.jenkinsci.plugins.github__branch__source.GitHubSCMNavigator plugin="github-branch-source@2.3.6">
+              <repoOwner>molgenis</repoOwner>
+              <credentialsId>molgenis-jenkins-github-secret</credentialsId>
+              <traits>
+                <org.jenkinsci.plugins.github__branch__source.BranchDiscoveryTrait>
+                  <strategyId>1</strategyId>
+                </org.jenkinsci.plugins.github__branch__source.BranchDiscoveryTrait>
+                <org.jenkinsci.plugins.github__branch__source.OriginPullRequestDiscoveryTrait>
+                  <strategyId>1</strategyId>
+                </org.jenkinsci.plugins.github__branch__source.OriginPullRequestDiscoveryTrait>
+                <org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
+                  <strategyId>1</strategyId>
+                  <trust class="org.jenkinsci.plugins.github_branch_source.ForkPullRequestDiscoveryTrait$TrustPermission"/>
+                </org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
+              </traits>
+            </org.jenkinsci.plugins.github__branch__source.GitHubSCMNavigator>
+          </navigators>
+          <projectFactories>
+            <org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProjectFactory plugin="workflow-multibranch@2.19">
+              <scriptPath>Jenkinsfile</scriptPath>
+            </org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProjectFactory>
+          </projectFactories>
+          <buildStrategies/>
+        </jenkins.branch.OrganizationFolder>
+      molgenis-ops-docker-httpd: |-
+        <?xml version='1.1' encoding='UTF-8'?>
+        <org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch@2.19">
+          <actions/>
+          <description>HTTPD server that can be used for redirection and proxieing</description>
+          <displayName>molgenis-ops-docker-httpd</displayName>
+          <properties>
+            <org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
+              <dockerLabel></dockerLabel>
+              <registry plugin="docker-commons@1.13"/>
+            </org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
+          </properties>
+          <folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </folderViews>
+          <healthMetrics>
+            <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
+              <nonRecursive>false</nonRecursive>
+            </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+          </healthMetrics>
+          <icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </icon>
+          <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
+            <pruneDeadBranches>true</pruneDeadBranches>
+            <daysToKeep>-1</daysToKeep>
+            <numToKeep>-1</numToKeep>
+          </orphanedItemStrategy>
+          <triggers/>
+          <disabled>false</disabled>
+          <sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api@2.0.20">
+            <data>
+              <jenkins.branch.BranchSource>
+                <source class="jenkins.plugins.git.GitSCMSource" plugin="git@3.9.1">
+                  <id>a756941d-6c9d-4492-bcf9-327041764be6</id>
+                  <remote>https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-httpd.git</remote>
+                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
+                  <traits>
+                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                  </traits>
+                </source>
+                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
+                  <properties class="empty-list"/>
+                </strategy>
+              </jenkins.branch.BranchSource>
+            </data>
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </sources>
+          <factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+            <scriptPath>Jenkinsfile</scriptPath>
+          </factory>
+        </org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
+      molgenis-ops-docker-node: |-
+        <?xml version='1.1' encoding='UTF-8'?>
+        <org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch@2.19">
+          <actions/>
+          <description>NodeJS build container with Curl</description>
+          <displayName>molgenis-ops-docker-node</displayName>
+          <properties>
+            <org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
+              <dockerLabel></dockerLabel>
+              <registry plugin="docker-commons@1.13"/>
+            </org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
+          </properties>
+          <folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </folderViews>
+          <healthMetrics>
+            <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
+              <nonRecursive>false</nonRecursive>
+            </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+          </healthMetrics>
+          <icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </icon>
+          <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
+            <pruneDeadBranches>true</pruneDeadBranches>
+            <daysToKeep>-1</daysToKeep>
+            <numToKeep>-1</numToKeep>
+          </orphanedItemStrategy>
+          <triggers/>
+          <disabled>false</disabled>
+          <sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api@2.0.20">
+            <data>
+              <jenkins.branch.BranchSource>
+                <source class="jenkins.plugins.git.GitSCMSource" plugin="git@3.9.1">
+                  <id>a756941d-6c9d-4492-bcf9-327041764be6</id>
+                  <remote>https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-node.git</remote>
+                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
+                  <traits>
+                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                  </traits>
+                </source>
+                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
+                  <properties class="empty-list"/>
+                </strategy>
+              </jenkins.branch.BranchSource>
+            </data>
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </sources>
+          <factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+            <scriptPath>Jenkinsfile</scriptPath>
+          </factory>
+        </org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
+      molgenis-ops-docker-maven: |-
+        <?xml version='1.1' encoding='UTF-8'?>
+        <org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch@2.19">
+          <actions/>
+          <description>MAVEN build container with RPMbuild and Curl</description>
+          <displayName>molgenis-ops-docker-maven</displayName>
+          <properties>
+            <org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
+              <dockerLabel></dockerLabel>
+              <registry plugin="docker-commons@1.13"/>
+            </org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
+          </properties>
+          <folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </folderViews>
+          <healthMetrics>
+            <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
+              <nonRecursive>false</nonRecursive>
+            </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+          </healthMetrics>
+          <icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </icon>
+          <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
+            <pruneDeadBranches>true</pruneDeadBranches>
+            <daysToKeep>-1</daysToKeep>
+            <numToKeep>-1</numToKeep>
+          </orphanedItemStrategy>
+          <triggers/>
+          <disabled>false</disabled>
+          <sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api@2.0.20">
+            <data>
+              <jenkins.branch.BranchSource>
+                <source class="jenkins.plugins.git.GitSCMSource" plugin="git@3.9.1">
+                  <id>4702479a-6988-4a85-b4b7-e77fa2d05ffa</id>
+                  <remote>https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-maven.git</remote>
+                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
+                  <traits>
+                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                  </traits>
+                </source>
+                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
+                  <properties class="empty-list"/>
+                </strategy>
+              </jenkins.branch.BranchSource>
+            </data>
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </sources>
+          <factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+            <scriptPath>Jenkinsfile</scriptPath>
+          </factory>
+        </org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
+      molgenis-ops-tomcat: |-
+        <?xml version='1.1' encoding='UTF-8'?>
+        <org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch@2.19">
+          <actions/>
+          <description>MOLGENIS tomcat package to manage tomcat version on CentOS</description>
+          <displayName>molgenis-ops-tomcat</displayName>
+          <properties>
+            <org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
+              <dockerLabel></dockerLabel>
+              <registry plugin="docker-commons@1.13"/>
+            </org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
+          </properties>
+          <folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </folderViews>
+          <healthMetrics>
+            <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
+              <nonRecursive>false</nonRecursive>
+            </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+          </healthMetrics>
+          <icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </icon>
+          <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
+            <pruneDeadBranches>true</pruneDeadBranches>
+            <daysToKeep>-1</daysToKeep>
+            <numToKeep>-1</numToKeep>
+          </orphanedItemStrategy>
+          <triggers/>
+          <disabled>false</disabled>
+          <sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api@2.0.20">
+            <data>
+              <jenkins.branch.BranchSource>
+                <source class="jenkins.plugins.git.GitSCMSource" plugin="git@3.9.1">
+                  <id>4702479a-6988-4a85-b4b7-e77fa2d05ffa</id>
+                  <remote>https://git.webhosting.rug.nl/molgenis/molgenis-ops-tomcat.git</remote>
+                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
+                  <traits>
+                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                  </traits>
+                </source>
+                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
+                  <properties class="empty-list"/>
+                </strategy>
+              </jenkins.branch.BranchSource>
+            </data>
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </sources>
+          <factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+            <scriptPath>Jenkinsfile</scriptPath>
+          </factory>
+        </org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
+      molgenis-ops-tools: |-
+        <?xml version='1.1' encoding='UTF-8'?>
+        <org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch@2.19">
+          <actions/>
+          <description>MOLGENIS operations tools-package to configure firewall, apache, sudoers, etc.</description>
+          <displayName>molgenis-ops-tools</displayName>
+          <properties>
+            <org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
+              <dockerLabel></dockerLabel>
+              <registry plugin="docker-commons@1.13"/>
+            </org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
+          </properties>
+          <folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </folderViews>
+          <healthMetrics>
+            <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
+              <nonRecursive>false</nonRecursive>
+            </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+          </healthMetrics>
+          <icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </icon>
+          <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
+            <pruneDeadBranches>true</pruneDeadBranches>
+            <daysToKeep>-1</daysToKeep>
+            <numToKeep>-1</numToKeep>
+          </orphanedItemStrategy>
+          <triggers/>
+          <disabled>false</disabled>
+          <sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api@2.0.20">
+            <data>
+              <jenkins.branch.BranchSource>
+                <source class="jenkins.plugins.git.GitSCMSource" plugin="git@3.9.1">
+                  <id>4702479a-6988-4a85-b4b7-e77fa2d05ffa</id>
+                  <remote>https://git.webhosting.rug.nl/molgenis/molgenis-ops-tools.git</remote>
+                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
+                  <traits>
+                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                  </traits>
+                </source>
+                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
+                  <properties class="empty-list"/>
+                </strategy>
+              </jenkins.branch.BranchSource>
+            </data>
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </sources>
+          <factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+            <scriptPath>Jenkinsfile</scriptPath>
+          </factory>
+        </org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
+    # Kubernetes secret that contains a 'credentials.xml' for Jenkins
+    # CredentialsXmlSecret: jenkins-credentials
+    # Kubernetes secret that contains files to be put in the Jenkins 'secrets' directory,
+    # useful to manage encryption keys used for credentials.xml for instance (such as
+    # master.key and hudson.util.Secret)
+    # SecretsFilesSecret: jenkins-secrets
+    CustomConfigMap: true
+  rbac:
+    install: true
+  Pods:
+    molgenis:
+      Label: molgenisv2
+      NodeUsageMode: EXCLUSIVE
+      volumes:
+        - type: HostPath
+          hostPath: "/var/run/docker.sock"
+          mountPath: "/var/run/docker.sock"
+      Containers:
+        maven:
+          Image: "registry.webhosting.rug.nl/molgenis/maven"
+          ImageTag: lts
+          AlwaysPullImage: true
+          Command: cat
+          WorkingDir: /home/jenkins
+          TTY: true
+          resources:
+            requests:
+              cpu: "1"
+              memory: "4Gi"
+          EnvVars:
+            - type: KeyValue
+              key: MAVEN_OPTS
+              value: "-Duser.home=/home/jenkins"
+            - type: KeyValue
+              key: MAVEN_CONFIG
+              value: "/home/jenkins/.m2"
+        alpine:
+          Image: "spotify/alpine"
+          Command: cat
+          WorkingDir: /home/jenkins
+          TTY: true
+        vault:
+          Image: "vault"
+          Command: cat
+          WorkingDir: /home/jenkins
+          TTY: true
+          EnvVars:
+            - type: Secret
+              key: VAULT_TOKEN
+              secretName: molgenis-pipeline-vault-secret
+              secretKey: token
+            - type: Secret
+              key: VAULT_SKIP_VERIFY
+              secretName: molgenis-pipeline-vault-secret
+              secretKey: skipVerify
+            - type: Secret
+              key: VAULT_ADDR
+              secretName: molgenis-pipeline-vault-secret
+              secretKey: addr
+      NodeSelector: {}
+    molgenis-legacy:
+      InheritFrom: molgenis
+      Label: molgenis
+      NodeUsageMode: NORMAL
+      volumes:
+        - type: Secret
+          secretName: molgenis-pipeline-file-secret
+          mountPath: "/home/jenkins/.m2"
+      Containers:
+      EnvVars:
+        - type: Secret
+          key: PGP_PASSPHRASE
+          secretName: molgenis-pipeline-env-secret
+          secretKey: pgpPassphrase
+        - type: KeyValue
+          key: PGP_SECRETKEY
+          value: "keyfile:/home.jenkins/.m2/key.asc"
+        - type: KeyValue
+          key: npm_config_registry
+          value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
+        - type: Secret
+          key: SONAR_TOKEN
+          secretName: molgenis-pipeline-env-secret
+          secretKey: sonarToken
+        - type: Secret
+          key: CODECOV_TOKEN
+          secretName: molgenis-pipeline-env-secret
+          secretKey: codecovToken
+        - type: Secret
+          key: GITHUB_TOKEN
+          secretName: molgenis-pipeline-env-secret
+          secretKey: githubToken
+      NodeSelector: {}
+    node:
+      Label: node-carbon
+      NodeUsageMode: EXCLUSIVE
+      Containers:
+        node:
+          Image: "registry.webhosting.rug.nl/molgenis/node"
+          ImageTag: lts
+          AlwaysPullImage: true
+          Command: cat
+          WorkingDir: /home/jenkins
+          TTY: true
+      EnvVars:
+        - type: KeyValue
+          key: npm_config_registry
+          value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
+        - type: Secret
+          key: CODECOV_TOKEN
+          secretName: molgenis-pipeline-env-secret
+          secretKey: codecovToken
+        - type: Secret
+          key: GITHUB_TOKEN
+          secretName: molgenis-pipeline-env-secret
+          secretKey: githubToken
+        - type: Secret
+          key: NPM_TOKEN
+          secretName: molgenis-pipeline-env-secret
+          secretKey: npmToken
+      NodeSelector: {}
+    molgenis-it:
+      InheritFrom: molgenis
+      Label: molgenis-it
+      NodeUsageMode: EXCLUSIVE
+      Containers:
+        elasticsearch:
+          Image: docker.elastic.co/elasticsearch/elasticsearch
+          ImageTag: 5.5.3
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "1Gi"
+            limits:
+              cpu: "1"
+              memory: "1500Mi"
+          EnvVars:
+          - type: KeyValue
+            key: ES_JAVA_OPTS
+            value: "-Xms512m -Xmx512m"
+          - type: KeyValue
+            key: cluster.name
+            value: molgenis
+          - type: KeyValue
+            key: bootstrap.memory_lock
+            value: "true"
+          - type: KeyValue
+            key: xpack.security.enabled
+            value: "false"
+          - type: KeyValue
+            key: discovery.type
+            value: single-node
+        postgres:
+          Image: postgres
+          ImageTag: 9.6-alpine
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "250Mi"
+            limits:
+              cpu: "1"
+              memory: "250Mi"
+          EnvVars:
+          - type: KeyValue
+            key: POSTGRES_USER
+            value: molgenis
+          - type: KeyValue
+            key: POSTGRES_PASSWORD
+            value: molgenis
+          - type: KeyValue
+            key: POSTGRES_DB
+            value: molgenis
+        opencpu:
+          Image: molgenis/opencpu
+          AlwaysPullImage: true
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "256Mi"
+            limits:
+              cpu: "1"
+              memory: "512Mi"
+      NodeSelector: {}
+PipelineSecrets:
+  Vault:
+    Replace: true
+    Token: xxxx
+    Addr: "https://vault-operator.vault-operator.svc:8200"
+    SkipVerify: 1
+  Env:
+    # Set to false to keep existing secret
+    Replace: true
+    # Passphrase for the pgp private key file, prefixed with literal:
+    PGPPassphrase: literal:xxxx
+    # Token for codecov.io service
+    CodecovToken: xxxx
+    # Token for github bot account
+    GitHubToken: xxxx
+    # Token for github bot account
+    GogsToken: xxxx
+    # Token for sonarcloud.io
+    SonarToken: xxxx
+    # Token for npmjs.org
+    NpmToken: xxxx
+    # Password Local NEXUS
+    NexusPassword: xxxx
+    # Password hub.docker.com
+    DockerHubPassword: xxxx
+    # Access key for saucelabs.com
+    SauceAccessKey: xxxx
+  File:
+    # Set to false to keep existing secret
+    Replace: true
+    # PGP Private key in ascii format used to sign artifacts
+    PGPPrivateKeyAsc: |-
+      -----BEGIN PGP PRIVATE KEY BLOCK-----
+      xxxxx
+      -----END PGP PRIVATE KEY BLOCK-----
+    # maven.settings file
+    MavenSettingsXML: |-
+      <settings>
+        <localRepository>${user.home}/.mvnrepository</localRepository>
+        <interactiveMode>false</interactiveMode>
+        <mirrors>
+          <mirror>
+            <id>nexus</id>
+            <mirrorOf>external:*</mirrorOf>
+            <url>http://nexus.molgenis-nexus:8081/repository/maven-central/</url>
+          </mirror>
+        </mirrors>
+        <servers>
+          <!-- for snapshot builds of the master -->
+          <server>
+            <id>sonatype-nexus-staging</id>
+            <username>molgenis</username>
+            <password>xxxx</password>
+          </server>
+          <server>
+            <id>local-nexus</id>
+            <url>http://nexus.molgenis-nexus:8081/repository/maven-snapshots/</url>
+            <username>admin</username>
+            <password>xxxxx</password>
+          </server>
+          <!-- for docker images-->
+          <server>
+            <id>registry.molgenis.org</id>
+            <username>admin</username>
+            <password>xxxx</password>
+          </server>
+          <!-- to authenticate against GOGS for MAVEN release -->
+          <server>
+            <id>gogs</id>
+            <username>xxxx</username>
+            <password>xxxx</password>
+          </server>
+        </servers>
+      </settings>

molgenis-nexus/Chart.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+appVersion: "1.0"
+description: Nexus stack for MOLGENIS
+name: molgenis-nexus
+version: 0.3.0
+sources:
+- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
+icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-nexus/catalogIcon-molgenis-nexus.svg

molgenis-nexus/README.md

@@ -0,0 +1,28 @@
+# MOLGENIS - NEXUS Helm Chart
+
+NEXUS repository for kubernetes to deploy on a kubernetes cluster with NFS-share
+
+## Chart Details
+
+This chart will deploy:
+
+- 1 NEXUS container
+- 1 MOLGENIS-httpd container ()to proxy the registry and docker to one domain)
+
+## Installing the Chart
+
+You can test in install the chart by executing:
+
+```helm lint .```
+
+To test if your helm chart-syntax is right and:
+
+```helm install . --dry-run --debug```
+
+To test if your hem chart works and:
+
+```helm install .```
+
+To deploy it on the cluster.
+
+

molgenis-nexus/templates/_helpers.tpl

@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "nexus.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "nexus.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "nexus.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

molgenis-nexus/templates/deployments/httpd-deployment.yaml

@@ -0,0 +1,34 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  creationTimestamp: null
+  name: {{ .Values.httpd.name }}
+  labels:
+    app: {{ .Values.httpd.name }}
+    environment: {{ .Values.environment }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  strategy:
+    type: {{ .Values.httpd.strategy.type }}
+  selector:
+    matchLabels:
+      app: {{ .Values.httpd.selector }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.httpd.name }}
+      creationTimestamp: null
+    spec:
+      restartPolicy: {{ .Values.httpd.restartPolicy }}
+      containers:
+      - name: {{ .Values.httpd.name }}
+        image: "{{ .Values.httpd.image.repository }}:{{ .Values.httpd.image.tag }}"
+        imagePullPolicy: {{ .Values.httpd.image.pullPolicy }}
+        env:
+        - name: PROXY_SERVICE
+          value: "{{ .Values.nexus.name }}:{{ .Values.nexus.port.ui }},{{ .Values.nexus.name }}:{{ .Values.nexus.port.docker }}:{{ .Values.nexus.path.dockerV2 }}"
+        - name: SERVER_NAME
+          value: {{ .Values.httpd.hostname }}
+        ports:
+        - containerPort: {{ .Values.httpd.port }}
+        resources: {}

molgenis-nexus/templates/deployments/nexus-deployment.yaml

@@ -0,0 +1,44 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  creationTimestamp: null
+  name: {{ .Values.nexus.name }}
+  labels:
+    app: {{ .Values.nexus.name }}
+    environment: {{ .Values.environment }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  strategy:
+    type: {{ .Values.nexus.strategy.type }}
+  selector:
+    matchLabels:
+      app: {{ .Values.nexus.selector }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.nexus.name }}
+      creationTimestamp: null
+    spec:
+      volumes:
+      - name: {{ .Values.persistence.name }}
+        persistentVolumeClaim:
+          claimName: {{ .Values.persistence.name }}
+      restartPolicy: {{ .Values.nexus.restartPolicy }}
+      initContainers:
+      - name: volume-mount-nexus
+        image: busybox
+        command: ["sh", "-c", "chown -R 200:200 {{ .Values.persistence.mountPath }}"]
+        volumeMounts:
+        - name: {{ .Values.persistence.name }}
+          mountPath: "{{ .Values.persistence.mountPath }}"
+      containers:
+      - name: {{ .Values.nexus.name }}
+        image: "{{ .Values.nexus.image.repository }}:{{ .Values.nexus.image.tag }}"
+        imagePullPolicy: {{ .Values.nexus.image.pullPolicy }}
+        ports:
+        - containerPort: {{ .Values.nexus.port.ui }}
+        - containerPort: {{ .Values.nexus.port.docker }}
+        volumeMounts:
+        - name: {{ .Values.persistence.name }}
+          mountPath: "/nexus-data"
+

molgenis-nexus/templates/ingress.yaml

@@ -0,0 +1,38 @@
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: "{{ $.Release.Name }}-ingress"
+  labels:
+    app: httpd
+    chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}"
+    release: "{{ $.Release.Name }}"
+    heritage: "{{ $.Release.Service }}"
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    {{- if .tls }}
+    ingress.kubernetes.io/secure-backends: "true"
+    {{- end }}
+    {{- range $key, $value := .annotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+spec:
+  rules:
+  - host: {{ .name }}
+    http:
+      paths:
+        - path: {{ default "/" .path }}
+          backend:
+            serviceName: httpd
+            servicePort: 80
+{{- if .tls }}
+  tls:
+  - hosts:
+    - {{ .name }}
+    secretName: {{ .tlsSecret }}
+{{- end }}
+---
+{{- end }}
+{{- end }}

molgenis-nexus/templates/services/httpd-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.httpd.name }}
+  labels:
+    app: {{ .Values.httpd.name }}
+spec:
+  type: {{ .Values.httpd.service.type }}
+  ports:
+  - name: {{ .Values.httpd.name }}
+    port: {{ .Values.httpd.port }}
+  selector:
+    app: {{ .Values.httpd.selector }}

molgenis-nexus/templates/services/nexus-service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.nexus.name }}
+  labels:
+    app: {{ .Values.nexus.name }}
+spec:
+  type: {{ .Values.nexus.service.type }}
+  ports:
+  - name: ui
+    port: {{ .Values.nexus.port.ui }}
+  - name: docker
+    port: {{ .Values.nexus.port.docker }}
+  selector:
+    app: {{ .Values.nexus.selector }}

molgenis-nexus/templates/volumes/nexus-pv.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: {{ .Values.persistence.name }}
+  labels:
+    name: nfs2
+spec:
+  storageClassName: {{ .Values.persistence.storageClass }}
+  capacity:
+    storage: {{ .Values.persistence.size }}
+  accessModes:
+    - {{ .Values.persistence.accessMode }}
+  persistentVolumeReclaimPolicy: {{ .Values.persistence.reclaimPolicy }}
+  nfs:
+    server: {{ .Values.persistence.server }}
+    path: {{ .Values.persistence.mountPath }}

molgenis-nexus/templates/volumes/nexus-pvc.yaml

@@ -0,0 +1,11 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ .Values.persistence.name }}
+spec:
+  storageClassName: {{ .Values.persistence.storageClass }}
+  accessModes:
+    - {{ .Values.persistence.accessMode }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size }}

molgenis-nexus/values.yaml

@@ -4,20 +4,41 @@
 
 replicaCount: 1
 
-image:
-  repository: sonatype/nexus3
-  tag: stable
-  pullPolicy: IfNotPresent
-
-httpd:
-  name: httpd
-  type: ClusterIP
-  port: 80
-  proxy: httpd:80:/
+environment: production
 
 nexus:
   name: nexus
-  type: ClusterIP
+  strategy:
+    type: Recreate
+  selector: nexus
+  restartPolicy: Always
+  image:
+    repository: sonatype/nexus3
+    tag: latest
+    pullPolicy: Always
+  port:
+    docker: 5000
+    ui: 8081
+  path:
+    dockerV2: v2
+  service:
+    type: ClusterIP
+
+httpd:
+  name: httpd
+  hostname: registry.molgenis.org
+  strategy:
+    type: Recreate
+  selector: httpd
+  restartPolicy: Always
+  image:
+    repository: registry.webhosting.rug.nl/molgenis/httpd
+    tag: lts
+    pullPolicy: Always
+  port: 80
+  service:
+    type: LoadBalancer
+
 
 ingress:
   enabled: true
@@ -26,12 +47,22 @@ ingress:
     # kubernetes.io/tls-acme: "true"
   path: /
   hosts:
-    - registry.molgenis.org
+  - name: registry.molgenis.org
   tls: []
   #  - secretName: chart-example-tls
   #    hosts:
   #      - chart-example.local
 
+persistence:
+  name: molgenis-nexus-data
+  storageClass: nfs-class
+  size: 30G
+  reclaimPolicy: Retain
+  server: 192.168.64.12
+  accessMode: ReadWriteMany
+  mountPath: /gcc/molgenis/nexus
+
+
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little

molgenis-preview/Chart.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: molgenis
+version: 0.2.0
+sources:
+- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
+icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-preview/catalogIcon-molgenis.svg

molgenis-preview/README.md

@@ -0,0 +1,11 @@
+# MOLGENIS preview
+Is used for integration testing purposes.
+
+## Containers
+This chart spins up a complete stack to run MOLGENIS. The created containers are:
+
+- MOLGENIS
+- PostgreSQL
+- Elasticsearch
+- OpenCPU
+

molgenis-preview/questions.yml

@@ -0,0 +1,44 @@
+
+categories:
+- MOLGENIS
+questions:
+- variable: ingress.hosts[0].name
+  default: "test.molgenis.org"
+  description: "Hostname for your stack"
+  type: hostname
+  required: true
+  group: "Services and Load Balancing"
+  label: Hostname
+- variable: molgenis.resources.limits.cpu
+  default: 1
+  description: "CPU limit for this MOLGENIS instance"
+  type: enum
+  options:
+  - "1"
+  - "2"
+  - "3"
+  - "4"
+  required: true
+  group: "MOLGENIS - Resource limits"
+  label: CPU limit
+- variable: molgenis.resources.limits.memory
+  default: 1250Mi
+  description: "Memory limit for this MOLGENIS instance"
+  type: enum
+  options:
+  - "1250Mi"
+  - "1500Mi"
+  - "2000Mi"
+  - "2500Mi"
+  required: true
+  group: "MOLGENIS - Resource limits"
+  label: Memory limit
+- variable: molgenis.javaOpts
+  default: "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
+  description: "Java runtime options for the MOLGENIS instance"
+  type: enum
+  options:
+  - "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
+  - "-Xmx2g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
+  group: "MOLGENIS - Resource limits"
+  label: Java memory options

molgenis-preview/templates/NOTES.txt

@@ -0,0 +1,19 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "molgenis.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ template "molgenis.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "molgenis.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "molgenis.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:80
+{{- end }}

molgenis-preview/templates/_helpers.tpl

@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "molgenis.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "molgenis.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "molgenis.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

molgenis-preview/templates/deployment.yaml

@@ -0,0 +1,124 @@
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  {{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+  {{- end }}
+  name: {{ template "molgenis.fullname" . }}
+  labels:
+    app: {{ template "molgenis.name" . }}
+    chart: {{ template "molgenis.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "molgenis.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "molgenis.name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      containers:
+        - name: molgenis
+        {{- with .Values.molgenis }}
+          image: "{{ .image.repository }}:{{ .image.tag }}"
+          imagePullPolicy: {{ .image.pullPolicy }}
+          env:
+            - name: molgenis.home
+              value: /home/molgenis
+            - name: opencpu.uri.host
+              value: localhost
+            - name: elasticsearch.transport.addresses
+              value: localhost:9300
+            - name: elasticsearch.cluster.name
+              value: {{ $.Values.elasticsearch.clusterName }}
+            - name: db_uri
+              value: "jdbc:postgresql://localhost/{{ $.Values.postgres.db }}"
+            - name: db_user
+              value: {{ $.Values.postgres.user }}
+            - name: db_password
+              value: {{ $.Values.postgres.password }}
+            - name: admin.password
+              value: {{ .adminPassword }}
+            - name: CATALINA_OPTS
+              value: "{{ .javaOpts }}"
+          ports:
+            - containerPort: 8080
+#          livenessProbe:
+#            httpGet:
+#              path: /
+#              port: 8080
+#          readinessProbe:
+#            httpGet:
+#              path: /api/v2/version
+#              port: 8080
+          resources:
+{{ toYaml .resources | indent 12 }}
+        {{- end }}
+
+        - name: elasticsearch
+        {{- with .Values.elasticsearch }}
+          image: "{{ .image.repository }}:{{ .image.tag }}"
+          imagePullPolicy: {{ .image.pullPolicy }}
+          env:
+            - name: cluster.name
+              value: {{ .clusterName }}
+            - name: bootstrap.memory_lock
+              value: "true"
+            - name: ES_JAVA_OPTS
+              value: "{{ .javaOpts }}"
+            - name: xpack.security.enabled
+              value: "false"
+            - name: discovery.type
+              value: single-node
+          ports:
+            - containerPort: 9200
+            - containerPort: 9300
+          resources:
+{{ toYaml .resources | indent 12 }}
+        {{- end }}
+
+        - name: postgres
+        {{- with .Values.postgres }}
+          image: "{{ .image.repository }}:{{ .image.tag }}"
+          imagePullPolicy: {{ .image.pullPolicy }}
+          env:
+            - name: POSTGRES_USER
+              value: {{ .user }}
+            - name: POSTGRES_PASSWORD
+              value: {{ .password }}
+            - name: POSTGRES_DB
+              value: {{ .db }}
+          ports:
+            - containerPort: 5432
+          resources:
+{{ toYaml .resources | indent 12 }}
+        {{- end }}
+
+        - name: opencpu
+        {{- with .Values.opencpu }}
+          image: "{{ .image.repository }}:{{ .image.tag }}"
+          imagePullPolicy: {{ .image.pullPolicy }}
+          ports:
+            - containerPort: 8004
+          resources:
+{{ toYaml .resources | indent 12 }}
+        {{- end }}
+
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}

molgenis-preview/templates/ingress.yaml

@@ -0,0 +1,38 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "molgenis.fullname" . -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    app: {{ template "molgenis.name" . }}
+    chart: {{ template "molgenis.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ .name }}
+      http:
+        paths:
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: 8080
+  {{- end }}
+{{- end }}

molgenis-preview/templates/service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "molgenis.fullname" . }}
+  labels:
+    app: {{ template "molgenis.name" . }}
+    chart: {{ template "molgenis.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - name: molgenis
+      port: {{ .Values.service.port }}
+  selector:
+    app: {{ template "molgenis.name" . }}
+    release: {{ .Release.Name }}

molgenis-preview/test.yaml

@@ -0,0 +1,120 @@
+# Source: molgenis/templates/deployment.yaml
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: lanky-ragdoll-molgenis
+  labels:
+    app: molgenis
+    chart: molgenis-0.1.0
+    release: lanky-ragdoll
+    heritage: Tiller
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: molgenis
+      release: lanky-ragdoll
+  template:
+    metadata:
+      labels:
+        app: molgenis
+        release: lanky-ragdoll
+    spec:
+      containers:
+        - name: molgenis
+          image: "registry.molgenis.org/molgenis/molgenis-app:latest"
+          imagePullPolicy: Always
+          env:
+            - name: molgenis.home
+              value: /home/molgenis
+            - name: opencpu.uri.host
+              value: opencpu
+            - name: elasticsearch.transport.addresses
+              value: elasticsearch:9300
+            - name: elasticsearch.cluster.name
+              value: molgenis
+            - name: db_uri
+              value: "jdbc:postgresql://postgres/molgenis"
+            - name: db_user
+              value: molgenis
+            - name: db_password
+              value: molgenis
+            - name: admin.password
+              value: admin
+            - name: CATALINA_OPTS
+              value: "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
+          ports:
+            - containerPort: 8080
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /api/v2/version
+              port: http
+          resources:
+            limits:
+              cpu: 1
+              memory: 1250Mi
+            requests:
+              cpu: 200m
+              memory: 1Gi
+
+
+        - name: elasticsearch
+          image: "docker.elastic.co/elasticsearch/elasticsearch:5.5.3"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: cluster.name
+              value: molgenis
+            - name: bootstrap.memory_lock
+              value: true
+            - name: ES_JAVA_OPTS
+              value: "-Xms512m -Xmx512m"
+            - name: xpack.security.enabled
+              value: false
+            - name: discovery.type
+              value: single-node
+          ports:
+            - containerPort: 9200
+            - containerPort: 9300
+            limits:
+              cpu: 1
+              memory: 1500Mi
+            requests:
+              cpu: 100m
+              memory: 1Gi
+
+
+        - name: postgres
+          image: "postgres:9.6-alpine"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: POSTGRES_USER
+              value: molgenis
+            - name: POSTGRES_PASSWORD
+              value: molgenis
+            - name: POSTGRES_DB
+              value: molgenis
+          ports:
+            - containerPort: 5432
+            limits:
+              cpu: 1
+              memory: 250Mi
+            requests:
+              cpu: 100m
+              memory: 250Mi
+
+
+        - name: opencpu
+          image: "molgenis/opencpu:latest"
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8004
+            limits:
+              cpu: 1
+              memory: 512Mi
+            requests:
+              cpu: 100m
+              memory: 256Mi

molgenis-preview/values.yaml

@@ -0,0 +1,81 @@
+# Default values for molgenis.
+
+replicaCount: 1
+
+service:
+  type: LoadBalancer
+  port: 8080
+
+ingress:
+  enabled: true
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+  path: /
+  hosts:
+  - name: test.molgenis.org
+  tls: []
+
+molgenis:
+  image:
+    repository: registry.molgenis.org/molgenis/molgenis-app
+    tag: 7.0.0-SNAPSHOT
+    pullPolicy: Always
+  adminPassword: admin
+  javaOpts: "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
+  resources:
+   limits:
+    cpu: 1
+    memory: 1250Mi
+   requests:
+    cpu: 200m
+    memory: 1Gi
+
+postgres:
+  image:
+    repository: postgres
+    tag: 9.6-alpine
+    pullPolicy: IfNotPresent
+  user: molgenis
+  password: molgenis
+  db: molgenis
+  resources:
+   limits:
+    cpu: 1
+    memory: 250Mi
+   requests:
+    cpu: 100m
+    memory: 250Mi
+
+elasticsearch:
+  image:
+    repository: docker.elastic.co/elasticsearch/elasticsearch
+    tag: 5.5.3
+    pullPolicy: IfNotPresent
+  javaOpts: "-Xms512m -Xmx512m"
+  clusterName: molgenis
+  resources:
+   limits:
+    cpu: 1
+    memory: 1500Mi
+   requests:
+    cpu: 100m
+    memory: 1Gi
+
+opencpu:
+  image:
+    repository: molgenis/opencpu
+    tag: latest
+    pullPolicy: Always
+  resources:
+    limits:
+      cpu: 1
+      memory: 512Mi
+    requests:
+      cpu: 100m
+      memory: 256Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

nexus/v1.0.0/Chart.yaml

@@ -1,6 +0,0 @@
-apiVersion: v1
-appVersion: "1.0"
-description: Nexus stack for MOLGENIS
-name: nexus
-version: 0.1.0
-icon: https://github.com/sidohaakma/molgenis-docker-helm/blob/master/nexus/catalogIcon-molgenis-nexus.svg

nexus/v1.0.0/templates/deployment/httpd-deployment.yaml

@@ -1,29 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  creationTimestamp: null
-  name: httpd
-  labels:
-    app: httpd
-spec:
-  replicas: 1
-  strategy: {}
-  template:
-    metadata:
-      labels:
-        app: httpd
-      creationTimestamp: null
-    spec:
-      containers:
-      - env:
-        - name: PROXY_SERVICE
-          value: nexus:8081,nexus:5000:v2
-        - name: SERVER_NAME
-          value: httpd:80
-        image: registry.webhosting.rug.nl/molgenis/httpd:lts
-        name: httpd
-        ports:
-        - containerPort: 80
-        resources: {}
-      restartPolicy: Always
-status: {}

nexus/v1.0.0/templates/deployment/nexus-deployment.yaml

@@ -1,32 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  creationTimestamp: null
-  name: nexus
-spec:
-  replicas: 1
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        app: httpd
-      creationTimestamp: null
-    spec:
-      containers:
-      - image: sonatype/nexus3:latest
-        name: nexus
-        ports:
-        - containerPort: 8081
-        - containerPort: 5000
-        resources: {}
-        volumeMounts:
-        - mountPath: /nexus-data
-          name: molgenis-nexus-data
-      restartPolicy: Always
-      volumes:
-      - name: molgenis-nexus-data
-        persistentVolumeClaim:
-          claimName: molgenis-nexus-data
-status: {}
-

nexus/v1.0.0/templates/ingress.yaml

@@ -1,12 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: ingress-nexus
-spec:
-  rules:
-  - host: registry.molgenis.org
-    http:
-      paths:
-      - backend:
-          serviceName: httpd
-          servicePort: 80

nexus/v1.0.0/templates/services/httpd-service.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "httpd.fullname" . }}
-  labels:
-    app: {{ template "httpd.name" . }}
-    chart: {{ template "httpd.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  type: {{ .Values.httpd.type }}
-  ports:
-    - port: {{ .Values.httpd.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app: {{ template "httpd.name" . }}
-    release: {{ .Release.Name }}

nexus/v1.0.0/templates/services/nexus-service.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  creationTimestamp: null
-  name: nexus
-  labels:
-    app: nexus
-spec:
-  ports:
-  - name: "ui"
-    port: 8081
-  - name: "docker"
-    port: 5000
-  selector:
-    app: nexus

nexus/v1.0.0/templates/volumes/nexus-pv.yaml

@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: molgenis-nexus-data
-  labels:
-    name: nfs2
-spec:
-  storageClassName: nfs-class
-  capacity:
-    storage: 5Gi
-  accessModes:
-    - ReadWriteMany
-  persistentVolumeReclaimPolicy: Retain
-  nfs:
-    server: 192.168.64.10
-    path: /home/gcc/molgenis-nexus-data

nexus/v1.0.0/templates/volumes/nexus-pvc.yaml

@@ -1,11 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: molgenis-nexus-data
-spec:
-  storageClassName: nfs-class
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 5Gi

rbac-config.yml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tiller
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: tiller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: tiller
+    namespace: kube-system