18 changed files with 316 additions and 269 deletions
--- a/molgenis-jenkins/README.md
+++ b/molgenis-jenkins/README.md
@ -40,62 +40,57 @@ You can use [all configuration values of the jenkins subchart](https://github.co
 ### GitHub Authentication delegation
 You need to setup a MOLGENIS - Jenkins GitHub OAuth App. You can do this by accessing this url: [add new OAuth app](https://github.com/settings/applications/new).
-### Secrets
+### Additional configuration
 There is one additional group of configuration items specific for this chart, so not prefixed with `jenkins`:
-   When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins.
+* PipelineSecrets
   When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins and mounted in the jenkins 
   build pods. The secrets, like the rest of the deployment, is namespaced so multiple instances can run beside
   each other with their own secrets.
   You can override the values at deploy time but otherwise also configure them 
   [in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
-#### Vault
+*  Vault
-The vault secret gets mounted in the vault pod so pipeline scripts can retrieve secrets from the vault.
+   New vault token to be used by the pods to retrieve their tokens from the vault.
 | Parameter                 | Description                                | Default                                        |
 | ------------------------- | ------------------------------------------ | ---------------------------------------------- |
 | `secret.vault.token`      | Token to log into the hashicorp vault      | `xxxx`                                         |
 | `secret.vault.addr`       | Address of the vault                       | `https:vault-operator.vault-operator.svc:8200` |
 | `secret.vault.skipVerify` | Skip verification of the https connection  | `1`                                            |
 #### GitHub
 Token used by Jenkins to authenticate on GitHub.
 | Parameter             | Description              | Default            |
 | --------------------- | ------------------------ | ------------------ |
 | `secret.gitHub.user`  | username for the account | `molgenis-jenkins` |
 | `secret.gitHub.token` | token for the account    | `xxxx`             |
 #### Gogs
 Token used by Jenkins to authenticate on the [RuG Webhosting Gogs](https://git.webhosting.rug.nl).
 | Parameter           | Description              | Default   |
 | ------------------- | ------------------------ | --------- |
 | `secret.gogs.user`  | username for the account | `p281392` |
 | `secret.gogs.token` | token for the account    | `xxxx`    |
 #### Legacy:
 ##### Docker Hub
-Account used in pipeline builds to push docker images to `hub.docker.com`.
+   | Parameter                          | Description                                | Default                                        |
-> They should read `secret/gcc/account/dockerhub` from vault instead!
+   | ---------------------------------- | ------------------------------------------ | ---------------------------------------------- |
   | `PipelineSecrets.Vault.Replace`    | Replace the molgenis-pipeline-vault secret | `true`                                         |
   | `PipelineSecrets.Vault.Token`      | Token to log into the hashicorp vault      | `xxxx`                                         |
   | `PipelineSecrets.Vault.Addr`       | Address of the vault                       | `https:vault-operator.vault-operator.svc:8200` |
   | `PipelineSecrets.Vault.SkipVerify` | Skip verification of the https connection  | `1`                                            |
-| Parameter                   | Description              | Default         |
+*  Env
 | --------------------------- | ------------------------ | --------------- |
 | `secret.dockerHub.user`     | username for the account | `molgenisci`    |
 | `secret.dockerHub.password` | password for the account | `xxxx`          |
 ##### Registry
-Account used in pipeline builds to push docker images to `registry.molgenis.org`.
+   Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
-> They should read `secret/ops/account/nexus` from vault instead!
+   in the slave pods.
-| Parameter                   | Description              | Default   |
+   | Parameter                               | Description                               | Default         |
-| --------------------------- | ------------------------ | --------- |
+   | --------------------------------------- | ----------------------------------------- | --------------- |
-| `secret.dockerHub.user`     | username for the account | `admin`   |
+   | `PipelineSecrets.Env.Replace`           | Replace molgenis-pipeline-env secret      | `true`          |
-| `secret.dockerHub.password` | password for the account | `xxxx`    |
+   | `PipelineSecrets.Env.PGPPassphrase`     | passphrase for the pgp signing key        | `literal:xxxx`  |
   | `PipelineSecrets.Env.CodecovToken`      | token for codecov.io                      | `xxxx`          |
   | `PipelineSecrets.Env.GitHubToken`       | token for GH molgenis-jenkins user        | `xxxx`          |
   | `PipelineSecrets.Env.NexusPassword`     | token for molgenis-jenkins user in NEXUS  | `xxxx`          |
   | `PipelineSecrets.Env.DockerHubPassword` | token for molgenis user in hub.docker.com | `xxxx`          |
   | `PipelineSecrets.Env.SonarToken`        | token for sonarcloud.io                   | `xxxx`          |
   | `PipelineSecrets.Env.NpmToken`          | token for npmjs.org                       | `xxxx`          | 
   | `PipelineSecrets.Env.SauceAccessKey`    | token for saucelabs.com                   | `xxxx`          |
 * File
  Environment variables stored in molgenis-pipeline-file secret, to be mounted as files
  in the `/root/.m2` directory of the slave pods.
  > The settings.xml file references the 
  | Parameter                              | Description                           | Default                                                                         |
  | -------------------------------------- | ------------------------------------- | ------------------------------------------------------------------------------- |
  | `PipelineSecrets.File.Replace`         | Replace molgenis-pipeline-file secret | `true`                                                                          |
  | `PipelineSecrets.File.PGPPrivateKeyAsc`| pgp signing key in ascii form         | `-----BEGIN PGP PRIVATE KEY BLOCK-----xxxxx-----END PGP PRIVATE KEY BLOCK-----` |
  | `PipelineSecrets.File.MavenSettingsXML`| Maven settings.xml file               | `<settings>[...]</settings>` (see actual [values.yaml](values.yaml))            |
 ## Command line use
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
--- a/molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml
@ -8,9 +8,9 @@ metadata:
    "jenkins.io/credentials-type": "usernamePassword"
  annotations: {
 # description - can not be a label as spaces are not allowed
-    "jenkins.io/credentials-description" : "(deprecated by vault) Account used in pipeline builds to push docker images to Docker Hub (hub.docker.com)"
+    "jenkins.io/credentials-description" : "user to authenticate against Docker Hub (hub.docker.com)"
  }
 type: Opaque
 data:
-  username: {{ .Values.secret.registry.user | b64enc | quote }}
+  username: {{ "molgenisci" | b64enc | quote }}
-  password: {{ .Values.secret.registry.password | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.DockerHubPassword | b64enc | quote }}
--- a/molgenis-jenkins/templates/molgenis-jenkins-github-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-jenkins-github-secret.yaml
@ -8,9 +8,9 @@ metadata:
    "jenkins.io/credentials-type": "usernamePassword"
  annotations: {
 # description - can not be a label as spaces are not allowed
-    "jenkins.io/credentials-description" : "Oauth token for the {{.Values.secret.gitHub.user}} GitHub user"
+    "jenkins.io/credentials-description" : "oauth token for the molgenis-jenkins github user"
  }
 type: Opaque
 data:
-  username: {{ .Values.secret.gitHub.user | b64enc | quote }}
+  username: {{ "molgenis-jenkins" | b64enc | quote }}
-  password: {{ .Values.secret.gitHub.token | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.GitHubToken | b64enc | quote }}
--- a/molgenis-jenkins/templates/molgenis-jenkins-gogs-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-jenkins-gogs-secret.yaml
@ -8,9 +8,9 @@ metadata:
    "jenkins.io/credentials-type": "usernamePassword"
  annotations: {
 # description - can not be a label as spaces are not allowed
-    "jenkins.io/credentials-description" : "Account used to authenticate against RuG Webhosting Gogs."
+    "jenkins.io/credentials-description" : "user to authenticate against GOGS (git.webhosting.rug.nl)"
  }
 type: Opaque
 data:
-  username: {{ .Values.secret.gogs.user | b64enc | quote }}
+  username: {{ "p281392" | b64enc | quote }}
-  password: {{ .Values.secret.gogs.token | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.GogsToken | b64enc | quote }}
--- a/molgenis-jenkins/templates/molgenis-jenkins-nexus-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-jenkins-nexus-secret.yaml
@ -0,0 +1,16 @@
 apiVersion: v1
 kind: Secret
 metadata:
 # this is the jenkins id.
  name: "molgenis-jenkins-nexus-secret"
  labels:
 # so we know what type it is.
    "jenkins.io/credentials-type": "usernamePassword"
  annotations: {
 # description - can not be a label as spaces are not allowed
    "jenkins.io/credentials-description" : "user to authenticate against NEXUS"
  }
 type: Opaque
 data:
  username: {{ "admin" | b64enc | quote }}
  password: {{ .Values.PipelineSecrets.Env.NexusPassword | b64enc | quote }}
--- a/molgenis-jenkins/templates/molgenis-jenkins-registry-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-jenkins-registry-secret.yaml
@ -1,17 +0,0 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: molgenis-jenkins-registry-secret
  labels:
    app: {{ template "jenkins.fullname" . }}
    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    release: "{{ .Release.Name }}"
    heritage: "{{ .Release.Service }}"
  annotations: {
 # description - can not be a label as spaces are not allowed
    "jenkins.io/credentials-description" : "(deprecated by vault) Account used in pipeline builds to push docker images to registry.molgenis.org."
  }
 type: Opaque
 data:
  username: {{ .Values.secret.registry.user | b64enc | quote }}
  password: {{ .Values.secret.registry.password | b64enc | quote }}
--- a/molgenis-jenkins/templates/molgenis-jenkins-saucelabs-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-jenkins-saucelabs-secret.yaml
@ -0,0 +1,16 @@
 apiVersion: v1
 kind: Secret
 metadata:
 # this is the jenkins id.
  name: "molgenis-jenkins-saucelabs-secret"
  labels:
 # so we know what type it is.
    "jenkins.io/credentials-type": "usernamePassword"
  annotations: {
 # description - can not be a label as spaces are not allowed
    "jenkins.io/credentials-description" : "user to authenticate against Saucelabs (saucelabs.com)"
  }
 type: Opaque
 data:
  username: {{ "molgenis-jenkins" | b64enc | quote }}
  password: {{ .Values.PipelineSecrets.Env.SauceAccessKey | b64enc | quote }}
--- a/molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml
@ -0,0 +1,18 @@
 {{- if .Values.PipelineSecrets.Env.Replace }}
 apiVersion: v1
 kind: Secret
 metadata:
  name: molgenis-pipeline-env-secret
  labels:
    app: {{ template "jenkins.fullname" . }}
    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    release: "{{ .Release.Name }}"
    heritage: "{{ .Release.Service }}"
 type: Opaque
 data:
  pgpPassphrase: {{ .Values.PipelineSecrets.Env.PGPPassphrase | b64enc | quote }}
  codecovToken: {{ .Values.PipelineSecrets.Env.CodecovToken | b64enc | quote }}
  githubToken: {{ .Values.PipelineSecrets.Env.GitHubToken | b64enc | quote }}
  sonarToken: {{ .Values.PipelineSecrets.Env.SonarToken | b64enc | quote }}
  npmToken: {{ .Values.PipelineSecrets.Env.NpmToken | b64enc | quote }}
 {{- end }}
--- a/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
@ -0,0 +1,15 @@
 {{- if .Values.PipelineSecrets.File.Replace }}
 apiVersion: v1
 kind: Secret
 metadata:
  name: molgenis-pipeline-file-secret
  labels:
    app: {{ template "jenkins.fullname" . }}
    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    release: "{{ .Release.Name }}"
    heritage: "{{ .Release.Service }}"
 type: Opaque
 data:
  key.asc: {{ .Values.PipelineSecrets.File.PGPPrivateKeyAsc | b64enc | quote }}
  settings.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }}
 {{- end }}
--- a/molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml
@ -1,3 +1,4 @@
 {{- if .Values.PipelineSecrets.Vault.Replace }}
 apiVersion: v1
 kind: Secret
 metadata:
@ -9,6 +10,7 @@ metadata:
    heritage: "{{ .Release.Service }}"
 type: Opaque
 data:
-  token: {{ .Values.secret.vault.token | b64enc | quote }}
+  token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }}
-  addr: {{ .Values.secret.vault.addr | b64enc | quote }}
+  addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
-  skipVerify: {{ .Values.secret.vault.skipVerify | b64enc | quote }}
+  skipVerify: {{ .Values.PipelineSecrets.Vault.SkipVerify | b64enc | quote }}
 {{- end }}
--- a/molgenis-jenkins/values.yaml
+++ b/molgenis-jenkins/values.yaml
@ -368,8 +368,8 @@ jenkins:
    install: true
  Pods:
    molgenis:
-      Label: molgenis
+      Label: molgenisv2
-      NodeUsageMode: NORMAL
+      NodeUsageMode: EXCLUSIVE
      volumes:
        - type: HostPath
          hostPath: "/var/run/docker.sock"
@ -417,6 +417,39 @@ jenkins:
              secretName: molgenis-pipeline-vault-secret
              secretKey: addr
      NodeSelector: {}
    molgenis-legacy:
      InheritFrom: molgenis
      Label: molgenis
      NodeUsageMode: NORMAL
      volumes:
        - type: Secret
          secretName: molgenis-pipeline-file-secret
          mountPath: "/home/jenkins/.m2"
      Containers:
      EnvVars:
        - type: Secret
          key: PGP_PASSPHRASE
          secretName: molgenis-pipeline-env-secret
          secretKey: pgpPassphrase
        - type: KeyValue
          key: PGP_SECRETKEY
          value: "keyfile:/home.jenkins/.m2/key.asc"
        - type: KeyValue
          key: npm_config_registry
          value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
        - type: Secret
          key: SONAR_TOKEN
          secretName: molgenis-pipeline-env-secret
          secretKey: sonarToken
        - type: Secret
          key: CODECOV_TOKEN
          secretName: molgenis-pipeline-env-secret
          secretKey: codecovToken
        - type: Secret
          key: GITHUB_TOKEN
          secretName: molgenis-pipeline-env-secret
          secretKey: githubToken
      NodeSelector: {}
    node:
      Label: node-carbon
      NodeUsageMode: EXCLUSIVE
@ -428,45 +461,155 @@ jenkins:
          Command: cat
          WorkingDir: /home/jenkins
          TTY: true
-        vault:
+      EnvVars:
-          Image: "vault"
+        - type: KeyValue
-          Command: cat
+          key: npm_config_registry
-          WorkingDir: /home/jenkins
+          value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
-          TTY: true
+        - type: Secret
-          EnvVars:
+          key: CODECOV_TOKEN
-            - type: Secret
+          secretName: molgenis-pipeline-env-secret
-              key: VAULT_TOKEN
+          secretKey: codecovToken
-              secretName: molgenis-pipeline-vault-secret
+        - type: Secret
-              secretKey: token
+          key: GITHUB_TOKEN
-            - type: Secret
+          secretName: molgenis-pipeline-env-secret
-              key: VAULT_SKIP_VERIFY
+          secretKey: githubToken
-              secretName: molgenis-pipeline-vault-secret
+        - type: Secret
-              secretKey: skipVerify
+          key: NPM_TOKEN
-            - type: Secret
+          secretName: molgenis-pipeline-env-secret
-              key: VAULT_ADDR
+          secretKey: npmToken
              secretName: molgenis-pipeline-vault-secret
              secretKey: addr
      NodeSelector: {}
-#secret contains configuration for the kubernetes secrets that jenkins can access
+    molgenis-it:
-secret:
+      InheritFrom: molgenis
-  # vault configures the vault secret
+      Label: molgenis-it
-  vault:
+      NodeUsageMode: EXCLUSIVE
-    token: xxxx
+      Containers:
-    addr: "https://vault-operator.vault-operator.svc:8200"
+        elasticsearch:
-    skipVerify: "1"
+          Image: docker.elastic.co/elasticsearch/elasticsearch
-  # githubToken contains access token for jenkins bot account on github.com
+          ImageTag: 5.5.3
-  gitHub:
+          resources:
-    user: "molgenis-jenkins"
+            requests:
-    token: xxxx
+              cpu: "100m"
-  # gogs contains access token for jenkins bot account on RuG GoGs
+              memory: "1Gi"
-  gogs:
+            limits:
-    user: p281392
+              cpu: "1"
-    token: xxxx
+              memory: "1500Mi"
-  # registry contains credentials for registry.molgenis.org
+          EnvVars:
-  registry:
+          - type: KeyValue
-    user: admin
+            key: ES_JAVA_OPTS
-    password: xxxx
+            value: "-Xms512m -Xmx512m"
-  # dockerHubPassword contains password for hub.docker.com
+          - type: KeyValue
-  dockerHub:
+            key: cluster.name
-    user: molgenisci
+            value: molgenis
-    password: xxxx
+          - type: KeyValue
            key: bootstrap.memory_lock
            value: "true"
          - type: KeyValue
            key: xpack.security.enabled
            value: "false"
          - type: KeyValue
            key: discovery.type
            value: single-node
        postgres:
          Image: postgres
          ImageTag: 9.6-alpine
          resources:
            requests:
              cpu: "100m"
              memory: "250Mi"
            limits:
              cpu: "1"
              memory: "250Mi"
          EnvVars:
          - type: KeyValue
            key: POSTGRES_USER
            value: molgenis
          - type: KeyValue
            key: POSTGRES_PASSWORD
            value: molgenis
          - type: KeyValue
            key: POSTGRES_DB
            value: molgenis
        opencpu:
          Image: molgenis/opencpu
          AlwaysPullImage: true
          resources:
            requests:
              cpu: "100m"
              memory: "256Mi"
            limits:
              cpu: "1"
              memory: "512Mi"
      NodeSelector: {}
 PipelineSecrets:
  Vault:
    Replace: true
    Token: xxxx
    Addr: "https://vault-operator.vault-operator.svc:8200"
    SkipVerify: 1
  Env:
    # Set to false to keep existing secret
    Replace: true
    # Passphrase for the pgp private key file, prefixed with literal:
    PGPPassphrase: literal:xxxx
    # Token for codecov.io service
    CodecovToken: xxxx
    # Token for github bot account
    GitHubToken: xxxx
    # Token for github bot account
    GogsToken: xxxx
    # Token for sonarcloud.io
    SonarToken: xxxx
    # Token for npmjs.org
    NpmToken: xxxx
    # Password Local NEXUS
    NexusPassword: xxxx
    # Password hub.docker.com
    DockerHubPassword: xxxx
    # Access key for saucelabs.com
    SauceAccessKey: xxxx
  File:
    # Set to false to keep existing secret
    Replace: true
    # PGP Private key in ascii format used to sign artifacts
    PGPPrivateKeyAsc: |-
      -----BEGIN PGP PRIVATE KEY BLOCK-----
      xxxxx
      -----END PGP PRIVATE KEY BLOCK-----
    # maven.settings file
    MavenSettingsXML: |-
      <settings>
        <localRepository>${user.home}/.mvnrepository</localRepository>
        <interactiveMode>false</interactiveMode>
        <mirrors>
          <mirror>
            <id>nexus</id>
            <mirrorOf>external:*</mirrorOf>
            <url>http://nexus.molgenis-nexus:8081/repository/maven-central/</url>
          </mirror>
        </mirrors>
        <servers>
          <!-- for snapshot builds of the master -->
          <server>
            <id>sonatype-nexus-staging</id>
            <username>molgenis</username>
            <password>xxxx</password>
          </server>
          <server>
            <id>local-nexus</id>
            <url>http://nexus.molgenis-nexus:8081/repository/maven-snapshots/</url>
            <username>admin</username>
            <password>xxxxx</password>
          </server>
          <!-- for docker images-->
          <server>
            <id>registry.molgenis.org</id>
            <username>admin</username>
            <password>xxxx</password>
          </server>
          <server>
            <id>registry.hub.docker.com</id>
            <username>molgenisci</username>
            <password>xxxx</password>
          </server>
        </servers>
      </settings>
--- a/molgenis/Chart.yaml
+++ b/molgenis/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "1.0"
 description: MOLGENIS - helm stack (in BETA)
 name: molgenis-beta
-version: 0.3.0
+version: 0.1.0
 sources:
 - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
 icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis/catalogIcon-molgenis.svg
--- a/molgenis/README.md
+++ b/molgenis/README.md
@ -79,44 +79,5 @@ Specify memory usage for Java JVM:
 Select the resources you need dependant on the customer you need to serve.
 ## Persistence
 You can enable persistence on your MOLGENIS stack by specifying the following property.
 - ```persistence.enabled```
 You can also choose to retain the volume of the NFS.
 - ```persistence.retain```
 The size and claim name can be specified per service. There are now two services that can be persist.
 - MOLGENIS
 - ElasticSearch
 MOLGENIS persistent properties.
 - ```molgenis.persistence.claim```
 - ```molgenis.persistence.size```
 ElasticSearch persistent properties.
 - ```elasticsearch.persistence.claim```
 - ```elasticsearch.persistence.size```
 ### Resolve you persistent volume
 You do not know which volume is attached to your MOLGENIS instance. You can resolve this by executing:
 ```
 kubectl get pv
 ```
 You can now view the persistent volume claims and the attached volumes.
 | NAME | CAPACITY | ACCESS | MODES | RECLAIM | POLICY | STATUS | CLAIM | STORAGECLASS | REASON | AGE |
 | ---- | -------- | ------ | ----- | ------- | ------ | ------ | ----- | ------------ | ------ | --- |
 | pvc-45988f55-900f-11e8-a0b4-005056a51744 | 30G | RWX | | Retain | Bound | molgenis-solverd/molgenis-nfs-claim | nfs-provisioner-retain | | | 33d |
 | pvc-3984723d-220f-14e8-a98a-skjhf88823kk | 30G | RWO | | Delete | Bound | molgenis-test/molgenis-nfs-claim | nfs-provisioner | | | 33d |
 You see the ```molgenis-test/molgenis-nfs-claim``` is bound to the volume: ```pvc-3984723d-220f-14e8-a98a-skjhf88823kk```.
 When you want to view the data in the this volume you can go to the nfs-provisioning pod and execute the shell. Go to the directory ```export``` and lookup the directory ```pvc-3984723d-220f-14e8-a98a-skjhf88823kk```. 
 ## Firewall
 Is defined at cluster level. This chart does not facilitate firewall configuration.
--- a/molgenis/questions.yml
+++ b/molgenis/questions.yml
@ -81,7 +81,7 @@ questions:
 - variable: molgenis.resources.requests.memory
  label: Container memory reservation
  default: 1250Mi
-  description: "Memory reservation for this MOLGENIS container (must fit in the selected memory limit for the container)"
+  description: "Memory reservation for this MOLGENIS container"
  type: enum
  options:
  - "1250Mi"
@ -96,36 +96,4 @@ questions:
  options:
  - "1g"
  - "2g"
-  group: "Resources"
+  group: "Resources"
 - variable: persistence.enabled
  default: false
  description: "Do you want to use persistence"
  type: boolean
  required: true
  group: "Persistence"
  label: Persistence
  show_subquestion_if: true
  subquestions:
  - variable: persistence.retain
    default: false
    description: "Do you want to retain the persistent volume"
    type: boolean
    label: Retain volume
  - variable: molgenis.persistence.size
    default: "30Gi"
    description: "Size of MOLGENIS filestore (PostgreSQL and ElasticSearch excluded)"
    type: enum
    options:
    - "30Gi"
    - "50Gi"
    - "100Gi"
    label: Size MOLGENIS filestore
  - variable: elasticsearch.persistence.size
    default: "50Gi"
    description: "Size of ElasticSearch data (directory that is persist: /usr/share/elasticsearch/data)"
    type: enum
    options:
    - "50Gi"
    - "100Gi"
    - "200Gi"
    label: Size for ElasticSearch data
--- a/molgenis/templates/deployment.yaml
+++ b/molgenis/templates/deployment.yaml
@ -49,11 +49,6 @@ spec:
              value: "-Xmx{{ .javaOpts.maxHeapSpace }} -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
          ports:
            - containerPort: 8080
          {{- if $.Values.persistence.enabled }}
          volumeMounts:
          - name: molgenis-nfs
            mountPath: /home/molgenis
          {{- end }}
          livenessProbe:
            httpGet:
              path: /
@ -92,25 +87,10 @@ spec:
          ports:
            - containerPort: 9200
            - containerPort: 9300
          {{- if $.Values.persistence.enabled }}
          volumeMounts:
          - name: elasticsearch-nfs
            mountPath: /usr/share/elasticsearch/data
          {{- end }}
          resources:
 {{ toYaml .resources | indent 12 }}
        {{- end }}
 {{- if .Values.persistence.enabled }}
      volumes:
        - name: molgenis-nfs
          persistentVolumeClaim:
            claimName: {{ .Values.molgenis.persistence.claim }}
        - name: elasticsearch-nfs
          persistentVolumeClaim:
            claimName: {{ .Values.elasticsearch.persistence.claim }}
 {{- end }}
    {{- with .Values.nodeSelector }}
      nodeSelector:
--- a/molgenis/templates/persistence/elasticsearchPVC.yaml
+++ b/molgenis/templates/persistence/elasticsearchPVC.yaml
@ -1,19 +0,0 @@
 {{- if .Values.persistence.enabled -}}
 apiVersion: extensions/v1beta1
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: {{ .Values.elasticsearch.persistence.claim }}
  annotations:
    {{- if .Values.persistence.retain }}
    volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain"
    {{- else }}
    volume.beta.kubernetes.io/storage-class: "nfs-provisioner"
    {{- end }}
 spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: {{ .Values.elasticsearch.persistence.size }}
 {{- end }}
--- a/molgenis/templates/persistence/molgenisPVC.yaml
+++ b/molgenis/templates/persistence/molgenisPVC.yaml
@ -1,19 +0,0 @@
 {{- if .Values.persistence.enabled -}}
 apiVersion: extensions/v1beta1
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: {{ .Values.molgenis.persistence.claim }}
  annotations:
    {{- if .Values.persistence.retain }}
    volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain"
    {{- else }}
    volume.beta.kubernetes.io/storage-class: "nfs-provisioner"
    {{- end }}
 spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: {{ .Values.molgenis.persistence.size }}
 {{- end }}
--- a/molgenis/values.yaml
+++ b/molgenis/values.yaml
@ -25,15 +25,12 @@ molgenis:
  javaOpts:
    maxHeapSpace: "1g"
  resources:
-    limits:
+   limits:
-      cpu: 1
+    cpu: 1
-      memory: 1250Mi
+    memory: 1250Mi
-    requests:
+   requests:
-      cpu: 200m
+    cpu: 200m
-      memory: 1250Mi
+    memory: 1250Mi
  persistence:
    claim: molgenis-nfs-claim
    size: 30Gi
  services:
    opencpu:
      host: localhost
@ -60,17 +57,8 @@ elasticsearch:
   requests:
    cpu: 100m
    memory: 1Gi
  persistence:
    claim: elasticsearch-nfs-claim
    size: 50Gi
-persistence:
+nodeSelector: {}
  enabled: false
  retain: false
 nodeSelector: {
  deployPod: "true"
 }
 tolerations: []