P129679
/
molgenis-ops-docker-helm
1
0
Fork 0
Code Releases Activity

Compare commits

base: P129679:3162da416f6eb34cbbc56cea4ba524e5db283bc0
Branches Tags
P129679:master
P129679:fix/links
P129679:chore/pipeline
P129679:revert/nodeSelector
P129679:chore/nodeSelector
P129679:chore/jenkins-gitsource
P129679:fix/75
P129679:chore/upgrade-jenkins
P129679:feature/molgenis-it
P129679:feat/helm-in-jenkins
P129679:doc/helm-role
P129679:feature/helm-role
P129679:feature/s3
P129679:chore/remove-secrets
P129679:feature/vault
P129679:deploy-test
..
compare: P129679:54aa4dff9e6bc33433e2c732c748fcfdfaff2a77
Branches Tags
P129679:fix/links
P129679:master
P129679:chore/pipeline
P129679:revert/nodeSelector
P129679:chore/nodeSelector
P129679:chore/jenkins-gitsource
P129679:fix/75
P129679:chore/upgrade-jenkins
P129679:feature/molgenis-it
P129679:feat/helm-in-jenkins
P129679:doc/helm-role
P129679:feature/helm-role
P129679:feature/s3
P129679:chore/remove-secrets
P129679:feature/vault
P129679:deploy-test

2 Commits
3162da416f ... 54aa4dff9e

Author SHA1 Message Date
Fleur Kelpin 54aa4dff9e feat (molgenis-vault): Switch backup storage to s3. 
We can host s3 compatible storage locally by deploying the stable/minio chart.
Ran into https://github.com/coreos/etcd-operator/issues/1980 and therefore downgrade the backup and restore operator images to 0.8.3.
 2018-09-17 01:05:33 +02:00
Fleur Kelpin 33d8a30c69 chore: create indexed chart 2018-09-11 16:12:32 +02:00
20 changed files with 332 additions and 269 deletions
Show Stats Expand all files Collapse all files

16
charts/index.yaml Executable file
View File

@ -0,0 +1,16 @@
apiVersion: v1
entries:
molgenis-preview:
- apiVersion: v1
appVersion: "1.0"
created: 2018-09-11T16:11:49.165533266+02:00
description: MOLGENIS - helm stack for testing purposes
digest: e1174bd0d8a71bf4d23f5463521cf4dbcac39dc93f16cd842c92cda1a963f6b2
icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-preview/catalogIcon-molgenis.svg
name: molgenis-preview
sources:
- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
urls:
- molgenis-preview-0.2.0.tgz
version: 0.2.0
generated: 2018-09-11T16:11:49.158086031+02:00

BIN
charts/molgenis-preview-0.2.0.tgz Normal file
View File

Binary file not shown.

87
molgenis-jenkins/README.md
View File

@ -40,62 +40,57 @@ You can use [all configuration values of the jenkins subchart](https://github.co
### GitHub Authentication delegation ### GitHub Authentication delegation
You need to setup a MOLGENIS - Jenkins GitHub OAuth App. You can do this by accessing this url: [add new OAuth app](https://github.com/settings/applications/new). You need to setup a MOLGENIS - Jenkins GitHub OAuth App. You can do this by accessing this url: [add new OAuth app](https://github.com/settings/applications/new).
### Secrets ### Additional configuration
There is one additional group of configuration items specific for this chart, so not prefixed with `jenkins`:
When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins. * PipelineSecrets
When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins and mounted in the jenkins
build pods. The secrets, like the rest of the deployment, is namespaced so multiple instances can run beside
each other with their own secrets.
You can override the values at deploy time but otherwise also configure them You can override the values at deploy time but otherwise also configure them
[in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl. [in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
#### Vault * Vault
The vault secret gets mounted in the vault pod so pipeline scripts can retrieve secrets from the vault. New vault token to be used by the pods to retrieve their tokens from the vault.
| Parameter | Description | Default |
| ------------------------- | ------------------------------------------ | ---------------------------------------------- |
| `secret.vault.token` | Token to log into the hashicorp vault | `xxxx` |
| `secret.vault.addr` | Address of the vault | `https:vault-operator.vault-operator.svc:8200` |
| `secret.vault.skipVerify` | Skip verification of the https connection | `1` |
#### GitHub
Token used by Jenkins to authenticate on GitHub.
| Parameter | Description | Default |
| --------------------- | ------------------------ | ------------------ |
| `secret.gitHub.user` | username for the account | `molgenis-jenkins` |
| `secret.gitHub.token` | token for the account | `xxxx` |
#### Gogs
Token used by Jenkins to authenticate on the [RuG Webhosting Gogs](https://git.webhosting.rug.nl).
| Parameter | Description | Default |
| ------------------- | ------------------------ | --------- |
| `secret.gogs.user` | username for the account | `p281392` |
| `secret.gogs.token` | token for the account | `xxxx` |
#### Legacy:
##### Docker Hub
Account used in pipeline builds to push docker images to `hub.docker.com`. | Parameter | Description | Default |
> They should read `secret/gcc/account/dockerhub` from vault instead! | ---------------------------------- | ------------------------------------------ | ---------------------------------------------- |
| `PipelineSecrets.Vault.Replace` | Replace the molgenis-pipeline-vault secret | `true` |
| `PipelineSecrets.Vault.Token` | Token to log into the hashicorp vault | `xxxx` |
| `PipelineSecrets.Vault.Addr` | Address of the vault | `https:vault-operator.vault-operator.svc:8200` |
| `PipelineSecrets.Vault.SkipVerify` | Skip verification of the https connection | `1` |
| Parameter | Description | Default | * Env
| --------------------------- | ------------------------ | --------------- |
| `secret.dockerHub.user` | username for the account | `molgenisci` |
| `secret.dockerHub.password` | password for the account | `xxxx` |
##### Registry
Account used in pipeline builds to push docker images to `registry.molgenis.org`. Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
> They should read `secret/ops/account/nexus` from vault instead! in the slave pods.
| Parameter | Description | Default | | Parameter | Description | Default |
| --------------------------- | ------------------------ | --------- | | --------------------------------------- | ----------------------------------------- | --------------- |
| `secret.dockerHub.user` | username for the account | `admin` | | `PipelineSecrets.Env.Replace` | Replace molgenis-pipeline-env secret | `true` |
| `secret.dockerHub.password` | password for the account | `xxxx` | | `PipelineSecrets.Env.PGPPassphrase` | passphrase for the pgp signing key | `literal:xxxx` |
| `PipelineSecrets.Env.CodecovToken` | token for codecov.io | `xxxx` |
| `PipelineSecrets.Env.GitHubToken` | token for GH molgenis-jenkins user | `xxxx` |
| `PipelineSecrets.Env.NexusPassword` | token for molgenis-jenkins user in NEXUS | `xxxx` |
| `PipelineSecrets.Env.DockerHubPassword` | token for molgenis user in hub.docker.com | `xxxx` |
| `PipelineSecrets.Env.SonarToken` | token for sonarcloud.io | `xxxx` |
| `PipelineSecrets.Env.NpmToken` | token for npmjs.org | `xxxx` |
| `PipelineSecrets.Env.SauceAccessKey` | token for saucelabs.com | `xxxx` |
* File
Environment variables stored in molgenis-pipeline-file secret, to be mounted as files
in the `/root/.m2` directory of the slave pods.
> The settings.xml file references the
| Parameter | Description | Default |
| -------------------------------------- | ------------------------------------- | ------------------------------------------------------------------------------- |
| `PipelineSecrets.File.Replace` | Replace molgenis-pipeline-file secret | `true` |
| `PipelineSecrets.File.PGPPrivateKeyAsc`| pgp signing key in ascii form | `-----BEGIN PGP PRIVATE KEY BLOCK-----xxxxx-----END PGP PRIVATE KEY BLOCK-----` |
| `PipelineSecrets.File.MavenSettingsXML`| Maven settings.xml file | `<settings>[...]</settings>` (see actual [values.yaml](values.yaml)) |
## Command line use ## Command line use
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.

6
molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml
View File

@ -8,9 +8,9 @@ metadata:
"jenkins.io/credentials-type": "usernamePassword" "jenkins.io/credentials-type": "usernamePassword"
annotations: { annotations: {
# description - can not be a label as spaces are not allowed # description - can not be a label as spaces are not allowed
"jenkins.io/credentials-description" : "(deprecated by vault) Account used in pipeline builds to push docker images to Docker Hub (hub.docker.com)" "jenkins.io/credentials-description" : "user to authenticate against Docker Hub (hub.docker.com)"
} }
type: Opaque type: Opaque
data: data:
username: {{ .Values.secret.registry.user | b64enc | quote }} username: {{ "molgenisci" | b64enc | quote }}
password: {{ .Values.secret.registry.password | b64enc | quote }} password: {{ .Values.PipelineSecrets.Env.DockerHubPassword | b64enc | quote }}

6
molgenis-jenkins/templates/molgenis-jenkins-github-secret.yaml
View File

@ -8,9 +8,9 @@ metadata:
"jenkins.io/credentials-type": "usernamePassword" "jenkins.io/credentials-type": "usernamePassword"
annotations: { annotations: {
# description - can not be a label as spaces are not allowed # description - can not be a label as spaces are not allowed
"jenkins.io/credentials-description" : "Oauth token for the {{.Values.secret.gitHub.user}} GitHub user" "jenkins.io/credentials-description" : "oauth token for the molgenis-jenkins github user"
} }
type: Opaque type: Opaque
data: data:
username: {{ .Values.secret.gitHub.user | b64enc | quote }} username: {{ "molgenis-jenkins" | b64enc | quote }}
password: {{ .Values.secret.gitHub.token | b64enc | quote }} password: {{ .Values.PipelineSecrets.Env.GitHubToken | b64enc | quote }}

6
molgenis-jenkins/templates/molgenis-jenkins-gogs-secret.yaml
View File

@ -8,9 +8,9 @@ metadata:
"jenkins.io/credentials-type": "usernamePassword" "jenkins.io/credentials-type": "usernamePassword"
annotations: { annotations: {
# description - can not be a label as spaces are not allowed # description - can not be a label as spaces are not allowed
"jenkins.io/credentials-description" : "Account used to authenticate against RuG Webhosting Gogs." "jenkins.io/credentials-description" : "user to authenticate against GOGS (git.webhosting.rug.nl)"
} }
type: Opaque type: Opaque
data: data:
username: {{ .Values.secret.gogs.user | b64enc | quote }} username: {{ "p281392" | b64enc | quote }}
password: {{ .Values.secret.gogs.token | b64enc | quote }} password: {{ .Values.PipelineSecrets.Env.GogsToken | b64enc | quote }}

16
molgenis-jenkins/templates/molgenis-jenkins-nexus-secret.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: v1
kind: Secret
metadata:
# this is the jenkins id.
name: "molgenis-jenkins-nexus-secret"
labels:
# so we know what type it is.
"jenkins.io/credentials-type": "usernamePassword"
annotations: {
# description - can not be a label as spaces are not allowed
"jenkins.io/credentials-description" : "user to authenticate against NEXUS"
}
type: Opaque
data:
username: {{ "admin" | b64enc | quote }}
password: {{ .Values.PipelineSecrets.Env.NexusPassword | b64enc | quote }}

17
molgenis-jenkins/templates/molgenis-jenkins-registry-secret.yaml
View File

@ -1,17 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: molgenis-jenkins-registry-secret
labels:
app: {{ template "jenkins.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
annotations: {
# description - can not be a label as spaces are not allowed
"jenkins.io/credentials-description" : "(deprecated by vault) Account used in pipeline builds to push docker images to registry.molgenis.org."
}
type: Opaque
data:
username: {{ .Values.secret.registry.user | b64enc | quote }}
password: {{ .Values.secret.registry.password | b64enc | quote }}

16
molgenis-jenkins/templates/molgenis-jenkins-saucelabs-secret.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: v1
kind: Secret
metadata:
# this is the jenkins id.
name: "molgenis-jenkins-saucelabs-secret"
labels:
# so we know what type it is.
"jenkins.io/credentials-type": "usernamePassword"
annotations: {
# description - can not be a label as spaces are not allowed
"jenkins.io/credentials-description" : "user to authenticate against Saucelabs (saucelabs.com)"
}
type: Opaque
data:
username: {{ "molgenis-jenkins" | b64enc | quote }}
password: {{ .Values.PipelineSecrets.Env.SauceAccessKey | b64enc | quote }}

18
molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml Normal file
View File

@ -0,0 +1,18 @@
{{- if .Values.PipelineSecrets.Env.Replace }}
apiVersion: v1
kind: Secret
metadata:
name: molgenis-pipeline-env-secret
labels:
app: {{ template "jenkins.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
pgpPassphrase: {{ .Values.PipelineSecrets.Env.PGPPassphrase | b64enc | quote }}
codecovToken: {{ .Values.PipelineSecrets.Env.CodecovToken | b64enc | quote }}
githubToken: {{ .Values.PipelineSecrets.Env.GitHubToken | b64enc | quote }}
sonarToken: {{ .Values.PipelineSecrets.Env.SonarToken | b64enc | quote }}
npmToken: {{ .Values.PipelineSecrets.Env.NpmToken | b64enc | quote }}
{{- end }}

15
molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if .Values.PipelineSecrets.File.Replace }}
apiVersion: v1
kind: Secret
metadata:
name: molgenis-pipeline-file-secret
labels:
app: {{ template "jenkins.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
key.asc: {{ .Values.PipelineSecrets.File.PGPPrivateKeyAsc | b64enc | quote }}
settings.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }}
{{- end }}

8
molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.PipelineSecrets.Vault.Replace }}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
@ -9,6 +10,7 @@ metadata:
heritage: "{{ .Release.Service }}" heritage: "{{ .Release.Service }}"
type: Opaque type: Opaque
data: data:
token: {{ .Values.secret.vault.token | b64enc | quote }} token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }}
addr: {{ .Values.secret.vault.addr | b64enc | quote }} addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
skipVerify: {{ .Values.secret.vault.skipVerify | b64enc | quote }} skipVerify: {{ .Values.PipelineSecrets.Vault.SkipVerify | b64enc | quote }}
{{- end }}

229
molgenis-jenkins/values.yaml
View File

@ -368,8 +368,8 @@ jenkins:
install: true install: true
Pods: Pods:
molgenis: molgenis:
Label: molgenis Label: molgenisv2
NodeUsageMode: NORMAL NodeUsageMode: EXCLUSIVE
volumes: volumes:
- type: HostPath - type: HostPath
hostPath: "/var/run/docker.sock" hostPath: "/var/run/docker.sock"
@ -417,6 +417,39 @@ jenkins:
secretName: molgenis-pipeline-vault-secret secretName: molgenis-pipeline-vault-secret
secretKey: addr secretKey: addr
NodeSelector: {} NodeSelector: {}
molgenis-legacy:
InheritFrom: molgenis
Label: molgenis
NodeUsageMode: NORMAL
volumes:
- type: Secret
secretName: molgenis-pipeline-file-secret
mountPath: "/home/jenkins/.m2"
Containers:
EnvVars:
- type: Secret
key: PGP_PASSPHRASE
secretName: molgenis-pipeline-env-secret
secretKey: pgpPassphrase
- type: KeyValue
key: PGP_SECRETKEY
value: "keyfile:/home.jenkins/.m2/key.asc"
- type: KeyValue
key: npm_config_registry
value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
- type: Secret
key: SONAR_TOKEN
secretName: molgenis-pipeline-env-secret
secretKey: sonarToken
- type: Secret
key: CODECOV_TOKEN
secretName: molgenis-pipeline-env-secret
secretKey: codecovToken
- type: Secret
key: GITHUB_TOKEN
secretName: molgenis-pipeline-env-secret
secretKey: githubToken
NodeSelector: {}
node: node:
Label: node-carbon Label: node-carbon
NodeUsageMode: EXCLUSIVE NodeUsageMode: EXCLUSIVE
@ -428,45 +461,155 @@ jenkins:
Command: cat Command: cat
WorkingDir: /home/jenkins WorkingDir: /home/jenkins
TTY: true TTY: true
vault: EnvVars:
Image: "vault" - type: KeyValue
Command: cat key: npm_config_registry
WorkingDir: /home/jenkins value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
TTY: true - type: Secret
EnvVars: key: CODECOV_TOKEN
- type: Secret secretName: molgenis-pipeline-env-secret
key: VAULT_TOKEN secretKey: codecovToken
secretName: molgenis-pipeline-vault-secret - type: Secret
secretKey: token key: GITHUB_TOKEN
- type: Secret secretName: molgenis-pipeline-env-secret
key: VAULT_SKIP_VERIFY secretKey: githubToken
secretName: molgenis-pipeline-vault-secret - type: Secret
secretKey: skipVerify key: NPM_TOKEN
- type: Secret secretName: molgenis-pipeline-env-secret
key: VAULT_ADDR secretKey: npmToken
secretName: molgenis-pipeline-vault-secret
secretKey: addr
NodeSelector: {} NodeSelector: {}
#secret contains configuration for the kubernetes secrets that jenkins can access molgenis-it:
secret: InheritFrom: molgenis
# vault configures the vault secret Label: molgenis-it
vault: NodeUsageMode: EXCLUSIVE
token: xxxx Containers:
addr: "https://vault-operator.vault-operator.svc:8200" elasticsearch:
skipVerify: "1" Image: docker.elastic.co/elasticsearch/elasticsearch
# githubToken contains access token for jenkins bot account on github.com ImageTag: 5.5.3
gitHub: resources:
user: "molgenis-jenkins" requests:
token: xxxx cpu: "100m"
# gogs contains access token for jenkins bot account on RuG GoGs memory: "1Gi"
gogs: limits:
user: p281392 cpu: "1"
token: xxxx memory: "1500Mi"
# registry contains credentials for registry.molgenis.org EnvVars:
registry: - type: KeyValue
user: admin key: ES_JAVA_OPTS
password: xxxx value: "-Xms512m -Xmx512m"
# dockerHubPassword contains password for hub.docker.com - type: KeyValue
dockerHub: key: cluster.name
user: molgenisci value: molgenis
password: xxxx - type: KeyValue
key: bootstrap.memory_lock
value: "true"
- type: KeyValue
key: xpack.security.enabled
value: "false"
- type: KeyValue
key: discovery.type
value: single-node
postgres:
Image: postgres
ImageTag: 9.6-alpine
resources:
requests:
cpu: "100m"
memory: "250Mi"
limits:
cpu: "1"
memory: "250Mi"
EnvVars:
- type: KeyValue
key: POSTGRES_USER
value: molgenis
- type: KeyValue
key: POSTGRES_PASSWORD
value: molgenis
- type: KeyValue
key: POSTGRES_DB
value: molgenis
opencpu:
Image: molgenis/opencpu
AlwaysPullImage: true
resources:
requests:
cpu: "100m"
memory: "256Mi"
limits:
cpu: "1"
memory: "512Mi"
NodeSelector: {}
PipelineSecrets:
Vault:
Replace: true
Token: xxxx
Addr: "https://vault-operator.vault-operator.svc:8200"
SkipVerify: 1
Env:
# Set to false to keep existing secret
Replace: true
# Passphrase for the pgp private key file, prefixed with literal:
PGPPassphrase: literal:xxxx
# Token for codecov.io service
CodecovToken: xxxx
# Token for github bot account
GitHubToken: xxxx
# Token for github bot account
GogsToken: xxxx
# Token for sonarcloud.io
SonarToken: xxxx
# Token for npmjs.org
NpmToken: xxxx
# Password Local NEXUS
NexusPassword: xxxx
# Password hub.docker.com
DockerHubPassword: xxxx
# Access key for saucelabs.com
SauceAccessKey: xxxx
File:
# Set to false to keep existing secret
Replace: true
# PGP Private key in ascii format used to sign artifacts
PGPPrivateKeyAsc: |-
-----BEGIN PGP PRIVATE KEY BLOCK-----
xxxxx
-----END PGP PRIVATE KEY BLOCK-----
# maven.settings file
MavenSettingsXML: |-
<settings>
<localRepository>${user.home}/.mvnrepository</localRepository>
<interactiveMode>false</interactiveMode>
<mirrors>
<mirror>
<id>nexus</id>
<mirrorOf>external:*</mirrorOf>
<url>http://nexus.molgenis-nexus:8081/repository/maven-central/</url>
</mirror>
</mirrors>
<servers>
<!-- for snapshot builds of the master -->
<server>
<id>sonatype-nexus-staging</id>
<username>molgenis</username>
<password>xxxx</password>
</server>
<server>
<id>local-nexus</id>
<url>http://nexus.molgenis-nexus:8081/repository/maven-snapshots/</url>
<username>admin</username>
<password>xxxxx</password>
</server>
<!-- for docker images-->
<server>
<id>registry.molgenis.org</id>
<username>admin</username>
<password>xxxx</password>
</server>
<server>
<id>registry.hub.docker.com</id>
<username>molgenisci</username>
<password>xxxx</password>
</server>
</servers>
</settings>

2
molgenis/Chart.yaml
View File

@ -2,7 +2,7 @@ apiVersion: v1
appVersion: "1.0" appVersion: "1.0"
description: MOLGENIS - helm stack (in BETA) description: MOLGENIS - helm stack (in BETA)
name: molgenis-beta name: molgenis-beta
version: 0.3.0 version: 0.1.0
sources: sources:
- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis/catalogIcon-molgenis.svg icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis/catalogIcon-molgenis.svg

39
molgenis/README.md
View File

@ -79,44 +79,5 @@ Specify memory usage for Java JVM:
Select the resources you need dependant on the customer you need to serve. Select the resources you need dependant on the customer you need to serve.
## Persistence
You can enable persistence on your MOLGENIS stack by specifying the following property.
- ```persistence.enabled```
You can also choose to retain the volume of the NFS.
- ```persistence.retain```
The size and claim name can be specified per service. There are now two services that can be persist.
- MOLGENIS
- ElasticSearch
MOLGENIS persistent properties.
- ```molgenis.persistence.claim```
- ```molgenis.persistence.size```
ElasticSearch persistent properties.
- ```elasticsearch.persistence.claim```
- ```elasticsearch.persistence.size```
### Resolve you persistent volume
You do not know which volume is attached to your MOLGENIS instance. You can resolve this by executing:
```
kubectl get pv
```
You can now view the persistent volume claims and the attached volumes.
| NAME | CAPACITY | ACCESS | MODES | RECLAIM | POLICY | STATUS | CLAIM | STORAGECLASS | REASON | AGE |
| ---- | -------- | ------ | ----- | ------- | ------ | ------ | ----- | ------------ | ------ | --- |
| pvc-45988f55-900f-11e8-a0b4-005056a51744 | 30G | RWX | | Retain | Bound | molgenis-solverd/molgenis-nfs-claim | nfs-provisioner-retain | | | 33d |
| pvc-3984723d-220f-14e8-a98a-skjhf88823kk | 30G | RWO | | Delete | Bound | molgenis-test/molgenis-nfs-claim | nfs-provisioner | | | 33d |
You see the ```molgenis-test/molgenis-nfs-claim``` is bound to the volume: ```pvc-3984723d-220f-14e8-a98a-skjhf88823kk```.
When you want to view the data in the this volume you can go to the nfs-provisioning pod and execute the shell. Go to the directory ```export``` and lookup the directory ```pvc-3984723d-220f-14e8-a98a-skjhf88823kk```.
## Firewall ## Firewall
Is defined at cluster level. This chart does not facilitate firewall configuration. Is defined at cluster level. This chart does not facilitate firewall configuration.

36
molgenis/questions.yml
View File

@ -81,7 +81,7 @@ questions:
- variable: molgenis.resources.requests.memory - variable: molgenis.resources.requests.memory
label: Container memory reservation label: Container memory reservation
default: 1250Mi default: 1250Mi
description: "Memory reservation for this MOLGENIS container (must fit in the selected memory limit for the container)" description: "Memory reservation for this MOLGENIS container"
type: enum type: enum
options: options:
- "1250Mi" - "1250Mi"
@ -96,36 +96,4 @@ questions:
options: options:
- "1g" - "1g"
- "2g" - "2g"
group: "Resources" group: "Resources"
- variable: persistence.enabled
default: false
description: "Do you want to use persistence"
type: boolean
required: true
group: "Persistence"
label: Persistence
show_subquestion_if: true
subquestions:
- variable: persistence.retain
default: false
description: "Do you want to retain the persistent volume"
type: boolean
label: Retain volume
- variable: molgenis.persistence.size
default: "30Gi"
description: "Size of MOLGENIS filestore (PostgreSQL and ElasticSearch excluded)"
type: enum
options:
- "30Gi"
- "50Gi"
- "100Gi"
label: Size MOLGENIS filestore
- variable: elasticsearch.persistence.size
default: "50Gi"
description: "Size of ElasticSearch data (directory that is persist: /usr/share/elasticsearch/data)"
type: enum
options:
- "50Gi"
- "100Gi"
- "200Gi"
label: Size for ElasticSearch data

20
molgenis/templates/deployment.yaml
View File

@ -49,11 +49,6 @@ spec:
value: "-Xmx{{ .javaOpts.maxHeapSpace }} -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled" value: "-Xmx{{ .javaOpts.maxHeapSpace }} -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
ports: ports:
- containerPort: 8080 - containerPort: 8080
{{- if $.Values.persistence.enabled }}
volumeMounts:
- name: molgenis-nfs
mountPath: /home/molgenis
{{- end }}
livenessProbe: livenessProbe:
httpGet: httpGet:
path: / path: /
@ -92,25 +87,10 @@ spec:
ports: ports:
- containerPort: 9200 - containerPort: 9200
- containerPort: 9300 - containerPort: 9300
{{- if $.Values.persistence.enabled }}
volumeMounts:
- name: elasticsearch-nfs
mountPath: /usr/share/elasticsearch/data
{{- end }}
resources: resources:
{{ toYaml .resources | indent 12 }} {{ toYaml .resources | indent 12 }}
{{- end }} {{- end }}
{{- if .Values.persistence.enabled }}
volumes:
- name: molgenis-nfs
persistentVolumeClaim:
claimName: {{ .Values.molgenis.persistence.claim }}
- name: elasticsearch-nfs
persistentVolumeClaim:
claimName: {{ .Values.elasticsearch.persistence.claim }}
{{- end }}
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
nodeSelector: nodeSelector:

19
molgenis/templates/persistence/elasticsearchPVC.yaml
View File

@ -1,19 +0,0 @@
{{- if .Values.persistence.enabled -}}
apiVersion: extensions/v1beta1
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ .Values.elasticsearch.persistence.claim }}
annotations:
{{- if .Values.persistence.retain }}
volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain"
{{- else }}
volume.beta.kubernetes.io/storage-class: "nfs-provisioner"
{{- end }}
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: {{ .Values.elasticsearch.persistence.size }}
{{- end }}

19
molgenis/templates/persistence/molgenisPVC.yaml
View File

@ -1,19 +0,0 @@
{{- if .Values.persistence.enabled -}}
apiVersion: extensions/v1beta1
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ .Values.molgenis.persistence.claim }}
annotations:
{{- if .Values.persistence.retain }}
volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain"
{{- else }}
volume.beta.kubernetes.io/storage-class: "nfs-provisioner"
{{- end }}
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: {{ .Values.molgenis.persistence.size }}
{{- end }}

26
molgenis/values.yaml
View File

@ -25,15 +25,12 @@ molgenis:
javaOpts: javaOpts:
maxHeapSpace: "1g" maxHeapSpace: "1g"
resources: resources:
limits: limits:
cpu: 1 cpu: 1
memory: 1250Mi memory: 1250Mi
requests: requests:
cpu: 200m cpu: 200m
memory: 1250Mi memory: 1250Mi
persistence:
claim: molgenis-nfs-claim
size: 30Gi
services: services:
opencpu: opencpu:
host: localhost host: localhost
@ -60,17 +57,8 @@ elasticsearch:
requests: requests:
cpu: 100m cpu: 100m
memory: 1Gi memory: 1Gi
persistence:
claim: elasticsearch-nfs-claim
size: 50Gi
persistence: nodeSelector: {}
enabled: false
retain: false
nodeSelector: {
deployPod: "true"
}
tolerations: [] tolerations: []