fix (jenkins) Fix skip verify value in vault secret

The new pod has label molgenisv2, the legacy one is still labeled molgenis so existing scripts will keep working.

README.md

@@ -77,7 +77,7 @@ When you want to see what is running on the clusters at the CIT you have to make
 You can access the cluster with kubeconfig-files. You can obtain these by downloading them from the 
 MOLGENIS kubernetes cluster.
 
-- Go to https://rancher.molgenis.org:7443 and login
+- Go to https://rancher.molgenis.org:7777 and login
 - Go to Rancher --> Cluster: *#name#* --> *Kubeconfig File*
 - Go to a **Terminal** where ```kubectl``` is available
 - Add this configuration to ~/.kube/config (or place a new file besides this one)
@@ -104,6 +104,7 @@ This repository is serves also as a catalogue for Rancher. We have serveral apps
 - [Jenkins](molgenis-jenkins/README.md)
 - [NEXUS](molgenis-nexus/README.md)
 - [HTTPD](molgenis-httpd/README.md)
+- [MOLNIGES preview](molgenis-preview/README.md)
 
 ### Useful commands
 You can you need to know to easily develop and deploy helm-charts
@@ -116,7 +117,7 @@ You can you need to know to easily develop and deploy helm-charts
 
   Check if your configuration deploys on a kubernetes cluster and check the configuration
 
-- ```helm install .```
+- ```helm install . #release name# --namespace #remote namespace#```
   
   Do it in the root of the project where the Chart.yaml is located
   It installs a release of a kubernetes stack. You also store this as an artifact in a kubernetes repository
@@ -126,4 +127,13 @@ You can you need to know to easily develop and deploy helm-charts
 - ```helm delete #release#```
   
   Performs a sort of mvn clean on your workspace. Very handy for zombie persistent volumes or claims.
-  
+
+- ```install tiller on remote cluster```
+
+  To install tiller on a remote cluster you need an rbac-config.yml.
+  ```kubectl create -f rbac-config.yaml```
+
+  When you have defined the yaml you can add the tiller to the cluster by following the steps below.
+  ```helm init --service-account tiller```  
+  
+  

molgenis-httpd/Chart.yaml

@@ -2,4 +2,7 @@ apiVersion: v1
 appVersion: "1.0"
 description: HTTPD for MOLGENIS
 name: molgenis-httpd
-version: 0.1.0
+version: 0.1.0
+sources:
+- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
+icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-httpd/catalogIcon-molgenis-httpd.svg

molgenis-jenkins/Chart.yaml

@@ -1,7 +1,7 @@
 name: molgenis-jenkins
 home: https://jenkins.io/
-version: 0.2.5
-appVersion: 2.107
+version: 0.7.0
+appVersion: 2.121
 description: Molgenis installation for the jenkins chart.
 sources:
 - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git

molgenis-jenkins/README.md

@@ -25,47 +25,72 @@ Array values can be added as {value, value, value}.
 jenkins.Master.HostName=jenkins.molgenis.org
 jenkins.Master.AdminPassword=pa$$word
 jenkins.Persistence.Enabled=false
-jenkins.Master.InstallPlugins={kubernetes:1.8.4, workflow-aggregator:2.5, workflow-job:2.21, credentials-binding:1.16, git:3.9.1}
+jenkins.Master.InstallPlugins={kubernetes:1.8.4, workflow-aggregator:2.5, workflow-job:2.21, credentials-binding:1.16, git:3.9.1, blueocean:1.6.2, github-oauth:0.29}
+jenkins.Master.Security.UseGitHub=false
+## if UseGitHub=true
+jenkins.Master.Security.GitHub.ClientID=id
+jenkins.Master.Security.GitHub.ClientSecret=S3cr3t
+## end UseGitHub=true
 PipelineSecrets.Env.PGPPassphrase=literal:S3cr3t
 ```
 
 You can use [all configuration values of the jenkins subchart](https://github.com/kubernetes/charts/tree/master/stable/jenkins).
 > Because we use jenkins as a sub-chart, you should prefix all value keys with `jenkins`!
 
+### GitHub Authentication delegation
+You need to setup a MOLGENIS - Jenkins GitHub OAuth App. You can do this by accessing this url: [add new OAuth app](https://github.com/settings/applications/new).
+
+### Additional configuration
 There is one additional group of configuration items specific for this chart, so not prefixed with `jenkins`:
-## PipelineSecrets
 
-When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins and mounted in the jenkins 
-build pods. The secrets, like the rest of the deployment, is namespaced so multiple instances can run beside
-each other with their own secrets.
+* PipelineSecrets
 
-You can override the values at deploy time but otherwise also configure them 
-[in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
+   When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins and mounted in the jenkins 
+   build pods. The secrets, like the rest of the deployment, is namespaced so multiple instances can run beside
+   each other with their own secrets.
 
-### Env
-Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
-in the slave pods.
+   You can override the values at deploy time but otherwise also configure them 
+   [in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
 
-| Parameter                          | Description                          | Default         |
-| ---------------------------------- | ------------------------------------ | --------------- |
-| `PipelineSecrets.Env.Replace`      | Replace molgenis-pipeline-env secret | `true`          |
-| `PipelineSecrets.Env.PGPPassphrase`| passphrase for the pgp signing key   | `literal:xxxx`  |
-| `PipelineSecrets.Env.CodecovToken` | token for codecov.io                 | `xxxx`          |
-| `PipelineSecrets.Env.GitHubToken`  | token for GH molgenis-jenkins user   | `xxxx`          |
-| `PipelineSecrets.Env.SonarToken`   | token for sonarcloud.io              | `xxxx`          |                                                            |
+*  Vault
 
-### File
+   New vault token to be used by the pods to retrieve their tokens from the vault.
+   
+   | Parameter                         | Description                                | Default                                       |
+   | ----------------------------------|--------------------------------------------|-----------------------------------------------|
+   | `PipelineSecrets.Vault.Replace`   | Replace the molgenis-pipeline-vault secret |`true`                                         |
+   | `PipelineSecrets.Vault.Token`     | Token to log into the hashicorp vault      |`xxxx`                                         |
+   | `PipelineSecrets.Vault.Addr`      | Address of the vault                       |`https:vault-operator.vault-operator.svc:8200` |
+   | `PipelineSecrets.Vault.skipVerify`| Skip verification of the https connection  |`1`                                            |
 
-Environment variables stored in molgenis-pipeline-file secret, to be mounted as files
-in the `/root/.m2` directory of the slave pods.
-> The settings.xml file references the 
+*  Env
+   
+   Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
+   in the slave pods.
 
-| Parameter                              | Description                           | Default                                                                         |
-| -------------------------------------- | ------------------------------------- | ------------------------------------------------------------------------------- |
-| `PipelineSecrets.File.Replace`         | Replace molgenis-pipeline-file secret | `true`                                                                          |
-| `PipelineSecrets.File.PGPPrivateKeyAsc`| pgp signing key in ascii form         | `-----BEGIN PGP PRIVATE KEY BLOCK-----xxxxx-----END PGP PRIVATE KEY BLOCK-----` |
-| `PipelineSecrets.File.MavenSettingsXML`| Maven settings.xml file               | `<settings>[...]</settings>` (see actual [values.yaml](values.yaml))            |
+   | Parameter                              | Description                               | Default         |
+   | -------------------------------------- | ----------------------------------------- | --------------- |
+   | `PipelineSecrets.Env.Replace`          | Replace molgenis-pipeline-env secret      | `true`          |
+   | `PipelineSecrets.Env.PGPPassphrase`    | passphrase for the pgp signing key        | `literal:xxxx`  |
+   | `PipelineSecrets.Env.CodecovToken`     | token for codecov.io                      | `xxxx`          |
+   | `PipelineSecrets.Env.GitHubToken`      | token for GH molgenis-jenkins user        | `xxxx`          |
+   | `PipelineSecrets.Env.NexusPassword`    | token for molgenis-jenkins user in NEXUS  | `xxxx`          |
+   | `PipelineSecrets.Env.DockerHubPassword`| token for molgenis user in hub.docker.com | `xxxx`          |
+   | `PipelineSecrets.Env.SonarToken`       | token for sonarcloud.io                   | `xxxx`          |
+   | `PipelineSecrets.Env.NpmToken`         | token for npmjs.org                       | `xxxx`          | 
+   | `PipelineSecrets.Env.SauceAccessKey`   | token for saucelabs.com                   | `xxxx`          |
 
+* File
+
+  Environment variables stored in molgenis-pipeline-file secret, to be mounted as files
+  in the `/root/.m2` directory of the slave pods.
+  > The settings.xml file references the 
+
+  | Parameter                              | Description                           | Default                                                                         |
+  | -------------------------------------- | ------------------------------------- | ------------------------------------------------------------------------------- |
+  | `PipelineSecrets.File.Replace`         | Replace molgenis-pipeline-file secret | `true`                                                                          |
+  | `PipelineSecrets.File.PGPPrivateKeyAsc`| pgp signing key in ascii form         | `-----BEGIN PGP PRIVATE KEY BLOCK-----xxxxx-----END PGP PRIVATE KEY BLOCK-----` |
+  | `PipelineSecrets.File.MavenSettingsXML`| Maven settings.xml file               | `<settings>[...]</settings>` (see actual [values.yaml](values.yaml))            |
 
 ## Command line use
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.

molgenis-jenkins/templates/config.tpl

@@ -15,22 +15,30 @@ data:
       <authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
         <denyAnonymousReadAccess>true</denyAnonymousReadAccess>
       </authorizationStrategy>
+{{- if .Values.Master.Security.UseGitHub }}
+      <securityRealm class="org.jenkinsci.plugins.GithubSecurityRealm">
+        <githubWebUri>https://github.com</githubWebUri>
+        <githubApiUri>https://api.github.com</githubApiUri>
+        <clientID>{{ .Values.Master.Security.GitHub.ClientID }}</clientID>
+        <clientSecret>{{ .Values.Master.Security.GitHub.ClientSecret }}</clientSecret>
+        <oauthScopes>read:org,user:email</oauthScopes>
+      </securityRealm>
+{{- else }}
       <securityRealm class="hudson.security.LegacySecurityRealm"/>
+{{- end }}
       <disableRememberMe>false</disableRememberMe>
       <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
       <workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULLNAME}</workspaceDir>
       <buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
       <markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
       <jdks/>
-      <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
-      <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
       <clouds>
         <org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud plugin="kubernetes@{{ template "jenkins.kubernetes-version" . }}">
           <name>kubernetes</name>
           <templates>
 {{- range $podName, $pod := .Values.Pods }}
             <org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
-              <inheritFrom></inheritFrom>
+              <inheritFrom>{{ $pod.InheritFrom | default "" }}</inheritFrom>
               <name>{{ $podName }}</name>
               <instanceCap>2147483647</instanceCap>
               <idleMinutes>0</idleMinutes>
@@ -76,14 +84,23 @@ data:
 {{- else }}
                   <alwaysPullImage>false</alwaysPullImage>
 {{- end }}
-                  <workingDir>/home/jenkins</workingDir>
-                  <command>{{ .Command | default "cat" }}</command>
+                  <workingDir>{{ .WorkingDir | default "" }}</workingDir>
+                  <command>{{ .Command | default "" }}</command>
                   <args>{{ .Args | default "" }}</args>
 {{- if .TTY }}
                   <ttyEnabled>true</ttyEnabled>
 {{- else }}
                   <ttyEnabled>false</ttyEnabled>
 {{- end }}
+                  <envVars>
+{{- range $index, $envVar := .EnvVars }}
+                    <org.csanchez.jenkins.plugins.kubernetes.model.{{ .type }}EnvVar>
+{{- range $key, $value := $envVar }}{{- if not (eq $key "type") }}
+                      <{{ $key }}>{{ $value }}</{{ $key }}>
+{{- end }}{{- end }}
+                    </org.csanchez.jenkins.plugins.kubernetes.model.{{ .type }}EnvVar>
+{{- end }}
+                  </envVars>
 {{- if .resources }}
 {{- if .resources.requests }}
                   <resourceRequestCpu>{{ .resources.requests.cpu | default "" }}</resourceRequestCpu>
@@ -129,24 +146,51 @@ data:
           <namespace>{{ .Release.Namespace }}</namespace>
           <jenkinsUrl>http://{{ template "jenkins.fullname" . }}:{{.Values.Master.ServicePort}}{{ default "" .Values.Master.JenkinsUriPrefix }}</jenkinsUrl>
           <jenkinsTunnel>{{ template "jenkins.fullname" . }}-agent:50000</jenkinsTunnel>
-          <containerCap>10</containerCap>
+          <containerCap>50</containerCap>
           <retentionTimeout>5</retentionTimeout>
           <connectTimeout>0</connectTimeout>
           <readTimeout>0</readTimeout>
         </org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud>
       </clouds>
-      <quietPeriod>5</quietPeriod>
-      <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
       <views>
         <hudson.model.AllView>
           <owner class="hudson" reference="../../.."/>
-          <name>All</name>
+          <name>all</name>
           <filterExecutors>false</filterExecutors>
           <filterQueue>false</filterQueue>
           <properties class="hudson.model.View$PropertyList"/>
         </hudson.model.AllView>
+{{- range $viewName, $view := .Values.Master.Views }}
+        <listView>
+          <owner class="hudson" reference="../../.."/>
+          <name>{{ $viewName }}</name>
+          <filterExecutors>false</filterExecutors>
+          <filterQueue>false</filterQueue>
+          <properties class="hudson.model.View$PropertyList"/>
+          <jobNames>
+             <comparator class="hudson.util.CaseInsensitiveComparator" reference="../../../listView/jobNames/comparator"/>
+{{- range $index, $job := $view }}
+             <string>{{ $job }}</string>
+{{- end }}
+          </jobNames>
+          <jobFilters/>
+          <columns>
+            <hudson.views.StatusColumn/>
+            <hudson.views.WeatherColumn/>
+            <hudson.views.JobColumn/>
+            <hudson.views.LastSuccessColumn/>
+            <hudson.views.LastFailureColumn/>
+            <hudson.views.LastDurationColumn/>
+            <hudson.views.BuildButtonColumn/>
+            <hudson.plugins.favorite.column.FavoriteColumn plugin="favorite@2.3.2"/>
+          </columns>
+          <recurse>false</recurse>
+        </listView>
+{{- end }}
       </views>
-      <primaryView>All</primaryView>
+      <primaryView>{{ .Values.Master.DefaultView }}</primaryView>
+      <quietPeriod>5</quietPeriod>
+      <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
       <slaveAgentPort>50000</slaveAgentPort>
       <disabledAgentProtocols>
 {{- range .Values.Master.DisabledAgentProtocols }}

molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+# this is the jenkins id.
+  name: "molgenis-jenkins-dockerhub-secret"
+  labels:
+# so we know what type it is.
+    "jenkins.io/credentials-type": "usernamePassword"
+  annotations: {
+# description - can not be a label as spaces are not allowed
+    "jenkins.io/credentials-description" : "user to authenticate against Docker Hub (hub.docker.com)"
+  }
+type: Opaque
+data:
+  username: {{ "molgenisci" | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.DockerHubPassword | b64enc | quote }}

molgenis-jenkins/templates/molgenis-jenkins-gogs-secret.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+# this is the jenkins id.
+  name: "molgenis-jenkins-gogs-secret"
+  labels:
+# so we know what type it is.
+    "jenkins.io/credentials-type": "usernamePassword"
+  annotations: {
+# description - can not be a label as spaces are not allowed
+    "jenkins.io/credentials-description" : "user to authenticate against GOGS (git.webhosting.rug.nl)"
+  }
+type: Opaque
+data:
+  username: {{ "p281392" | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.GogsToken | b64enc | quote }}

molgenis-jenkins/templates/molgenis-jenkins-nexus-secret.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+# this is the jenkins id.
+  name: "molgenis-jenkins-nexus-secret"
+  labels:
+# so we know what type it is.
+    "jenkins.io/credentials-type": "usernamePassword"
+  annotations: {
+# description - can not be a label as spaces are not allowed
+    "jenkins.io/credentials-description" : "user to authenticate against NEXUS"
+  }
+type: Opaque
+data:
+  username: {{ "admin" | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.NexusPassword | b64enc | quote }}

molgenis-jenkins/templates/molgenis-jenkins-saucelabs-secret.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+# this is the jenkins id.
+  name: "molgenis-jenkins-saucelabs-secret"
+  labels:
+# so we know what type it is.
+    "jenkins.io/credentials-type": "usernamePassword"
+  annotations: {
+# description - can not be a label as spaces are not allowed
+    "jenkins.io/credentials-description" : "user to authenticate against Saucelabs (saucelabs.com)"
+  }
+type: Opaque
+data:
+  username: {{ "molgenis-jenkins" | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.SauceAccessKey | b64enc | quote }}

molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml

@@ -14,4 +14,5 @@ data:
   codecovToken: {{ .Values.PipelineSecrets.Env.CodecovToken | b64enc | quote }}
   githubToken: {{ .Values.PipelineSecrets.Env.GitHubToken | b64enc | quote }}
   sonarToken: {{ .Values.PipelineSecrets.Env.SonarToken | b64enc | quote }}
+  npmToken: {{ .Values.PipelineSecrets.Env.NpmToken | b64enc | quote }}
 {{- end }}

molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml

@@ -0,0 +1,16 @@
+{{- if .Values.PipelineSecrets.Vault.Replace }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: molgenis-pipeline-vault-secret
+  labels:
+    app: {{ template "jenkins.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+  token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }}
+  addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
+  skipVerify: {{ .Values.PipelineSecrets.Vault.SkipVerify | b64enc | quote }}
+{{- end }}

molgenis-jenkins/values.yaml

@@ -3,14 +3,31 @@ jenkins:
     HostName: jenkins.molgenis.org
     ServiceType: ClusterIP
     InstallPlugins:
-      - kubernetes:1.8.4
+      - kubernetes:1.12.3
       - workflow-aggregator:2.5
-      - workflow-job:2.21
+      - workflow-job:2.24
       - credentials-binding:1.16
       - git:3.9.1
       - github-branch-source:2.3.6
       - kubernetes-credentials-provider:0.9
-      - blueocean:1.6.1
+      - blueocean:1.8.2
+      - github-oauth:0.29
+      - gogs-webhook:1.0.14
+    Security:
+      UseGitHub: false
+      GitHub:
+        ClientID: ""
+        ClienSecret: ""
+    DefaultView: dev
+    Views:
+      dev:
+        - molgenis
+      ops:
+        - molgenis-ops-docker-httpd
+        - molgenis-ops-docker-maven
+        - molgenis-ops-docker-node
+        - molgenis-ops-tools
+        - molgenis-ops-tomcat
     Jobs: |-
       molgenis: |-
         <?xml version='1.1' encoding='UTF-8'?>
@@ -74,6 +91,271 @@ jenkins:
           </projectFactories>
           <buildStrategies/>
         </jenkins.branch.OrganizationFolder>
+      molgenis-ops-docker-httpd: |-
+        <?xml version='1.1' encoding='UTF-8'?>
+        <org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch@2.19">
+          <actions/>
+          <description>HTTPD server that can be used for redirection and proxieing</description>
+          <displayName>molgenis-ops-docker-httpd</displayName>
+          <properties>
+            <org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
+              <dockerLabel></dockerLabel>
+              <registry plugin="docker-commons@1.13"/>
+            </org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
+          </properties>
+          <folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </folderViews>
+          <healthMetrics>
+            <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
+              <nonRecursive>false</nonRecursive>
+            </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+          </healthMetrics>
+          <icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </icon>
+          <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
+            <pruneDeadBranches>true</pruneDeadBranches>
+            <daysToKeep>-1</daysToKeep>
+            <numToKeep>-1</numToKeep>
+          </orphanedItemStrategy>
+          <triggers/>
+          <disabled>false</disabled>
+          <sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api@2.0.20">
+            <data>
+              <jenkins.branch.BranchSource>
+                <source class="jenkins.plugins.git.GitSCMSource" plugin="git@3.9.1">
+                  <id>a756941d-6c9d-4492-bcf9-327041764be6</id>
+                  <remote>https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-httpd.git</remote>
+                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
+                  <traits>
+                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                  </traits>
+                </source>
+                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
+                  <properties class="empty-list"/>
+                </strategy>
+              </jenkins.branch.BranchSource>
+            </data>
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </sources>
+          <factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+            <scriptPath>Jenkinsfile</scriptPath>
+          </factory>
+        </org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
+      molgenis-ops-docker-node: |-
+        <?xml version='1.1' encoding='UTF-8'?>
+        <org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch@2.19">
+          <actions/>
+          <description>NodeJS build container with Curl</description>
+          <displayName>molgenis-ops-docker-node</displayName>
+          <properties>
+            <org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
+              <dockerLabel></dockerLabel>
+              <registry plugin="docker-commons@1.13"/>
+            </org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
+          </properties>
+          <folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </folderViews>
+          <healthMetrics>
+            <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
+              <nonRecursive>false</nonRecursive>
+            </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+          </healthMetrics>
+          <icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </icon>
+          <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
+            <pruneDeadBranches>true</pruneDeadBranches>
+            <daysToKeep>-1</daysToKeep>
+            <numToKeep>-1</numToKeep>
+          </orphanedItemStrategy>
+          <triggers/>
+          <disabled>false</disabled>
+          <sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api@2.0.20">
+            <data>
+              <jenkins.branch.BranchSource>
+                <source class="jenkins.plugins.git.GitSCMSource" plugin="git@3.9.1">
+                  <id>a756941d-6c9d-4492-bcf9-327041764be6</id>
+                  <remote>https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-node.git</remote>
+                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
+                  <traits>
+                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                  </traits>
+                </source>
+                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
+                  <properties class="empty-list"/>
+                </strategy>
+              </jenkins.branch.BranchSource>
+            </data>
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </sources>
+          <factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+            <scriptPath>Jenkinsfile</scriptPath>
+          </factory>
+        </org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
+      molgenis-ops-docker-maven: |-
+        <?xml version='1.1' encoding='UTF-8'?>
+        <org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch@2.19">
+          <actions/>
+          <description>MAVEN build container with RPMbuild and Curl</description>
+          <displayName>molgenis-ops-docker-maven</displayName>
+          <properties>
+            <org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
+              <dockerLabel></dockerLabel>
+              <registry plugin="docker-commons@1.13"/>
+            </org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
+          </properties>
+          <folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </folderViews>
+          <healthMetrics>
+            <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
+              <nonRecursive>false</nonRecursive>
+            </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+          </healthMetrics>
+          <icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </icon>
+          <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
+            <pruneDeadBranches>true</pruneDeadBranches>
+            <daysToKeep>-1</daysToKeep>
+            <numToKeep>-1</numToKeep>
+          </orphanedItemStrategy>
+          <triggers/>
+          <disabled>false</disabled>
+          <sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api@2.0.20">
+            <data>
+              <jenkins.branch.BranchSource>
+                <source class="jenkins.plugins.git.GitSCMSource" plugin="git@3.9.1">
+                  <id>4702479a-6988-4a85-b4b7-e77fa2d05ffa</id>
+                  <remote>https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-maven.git</remote>
+                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
+                  <traits>
+                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                  </traits>
+                </source>
+                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
+                  <properties class="empty-list"/>
+                </strategy>
+              </jenkins.branch.BranchSource>
+            </data>
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </sources>
+          <factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+            <scriptPath>Jenkinsfile</scriptPath>
+          </factory>
+        </org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
+      molgenis-ops-tomcat: |-
+        <?xml version='1.1' encoding='UTF-8'?>
+        <org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch@2.19">
+          <actions/>
+          <description>MOLGENIS tomcat package to manage tomcat version on CentOS</description>
+          <displayName>molgenis-ops-tomcat</displayName>
+          <properties>
+            <org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
+              <dockerLabel></dockerLabel>
+              <registry plugin="docker-commons@1.13"/>
+            </org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
+          </properties>
+          <folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </folderViews>
+          <healthMetrics>
+            <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
+              <nonRecursive>false</nonRecursive>
+            </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+          </healthMetrics>
+          <icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </icon>
+          <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
+            <pruneDeadBranches>true</pruneDeadBranches>
+            <daysToKeep>-1</daysToKeep>
+            <numToKeep>-1</numToKeep>
+          </orphanedItemStrategy>
+          <triggers/>
+          <disabled>false</disabled>
+          <sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api@2.0.20">
+            <data>
+              <jenkins.branch.BranchSource>
+                <source class="jenkins.plugins.git.GitSCMSource" plugin="git@3.9.1">
+                  <id>4702479a-6988-4a85-b4b7-e77fa2d05ffa</id>
+                  <remote>https://git.webhosting.rug.nl/molgenis/molgenis-ops-tomcat.git</remote>
+                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
+                  <traits>
+                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                  </traits>
+                </source>
+                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
+                  <properties class="empty-list"/>
+                </strategy>
+              </jenkins.branch.BranchSource>
+            </data>
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </sources>
+          <factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+            <scriptPath>Jenkinsfile</scriptPath>
+          </factory>
+        </org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
+      molgenis-ops-tools: |-
+        <?xml version='1.1' encoding='UTF-8'?>
+        <org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch@2.19">
+          <actions/>
+          <description>MOLGENIS operations tools-package to configure firewall, apache, sudoers, etc.</description>
+          <displayName>molgenis-ops-tools</displayName>
+          <properties>
+            <org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
+              <dockerLabel></dockerLabel>
+              <registry plugin="docker-commons@1.13"/>
+            </org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
+          </properties>
+          <folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </folderViews>
+          <healthMetrics>
+            <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
+              <nonRecursive>false</nonRecursive>
+            </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+          </healthMetrics>
+          <icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </icon>
+          <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
+            <pruneDeadBranches>true</pruneDeadBranches>
+            <daysToKeep>-1</daysToKeep>
+            <numToKeep>-1</numToKeep>
+          </orphanedItemStrategy>
+          <triggers/>
+          <disabled>false</disabled>
+          <sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api@2.0.20">
+            <data>
+              <jenkins.branch.BranchSource>
+                <source class="jenkins.plugins.git.GitSCMSource" plugin="git@3.9.1">
+                  <id>4702479a-6988-4a85-b4b7-e77fa2d05ffa</id>
+                  <remote>https://git.webhosting.rug.nl/molgenis/molgenis-ops-tools.git</remote>
+                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
+                  <traits>
+                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                  </traits>
+                </source>
+                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
+                  <properties class="empty-list"/>
+                </strategy>
+              </jenkins.branch.BranchSource>
+            </data>
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </sources>
+          <factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+            <scriptPath>Jenkinsfile</scriptPath>
+          </factory>
+        </org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
     # Kubernetes secret that contains a 'credentials.xml' for Jenkins
     # CredentialsXmlSecret: jenkins-credentials
     # Kubernetes secret that contains files to be put in the Jenkins 'secrets' directory,
@@ -85,46 +367,64 @@ jenkins:
     install: true
   Pods:
     molgenis:
-      Label: molgenis
-      NodeUsageMode: NORMAL
+      Label: molgenisv2
+      NodeUsageMode: EXCLUSIVE
       volumes:
         - type: HostPath
           hostPath: "/var/run/docker.sock"
           mountPath: "/var/run/docker.sock"
-        - type: Secret
-          secretName: molgenis-pipeline-file-secret
-          mountPath: "/root/.m2"
       Containers:
         maven:
           Image: "registry.webhosting.rug.nl/molgenis/maven"
+          ImageTag: lts
+          AlwaysPullImage: true
+          Command: cat
+          WorkingDir: /home/jenkins
           TTY: true
           resources:
             requests:
-              cpu: "1000m"
-            limits:
-              memory: "1Gi"
+              cpu: "1"
+              memory: "4Gi"
+          EnvVars:
+            - type: KeyValue
+              key: MAVEN_OPTS
+              value: "-Duser.home=/home/jenkins"
+            - type: KeyValue
+              key: MAVEN_CONFIG
+              value: "/home/jenkins/.m2"
         alpine:
           Image: "spotify/alpine"
+          Command: cat
+          WorkingDir: /home/jenkins
           TTY: true
-        elasticsearch:
-          Image: "elasticsearch"
-          ImageTag: "5.5.1"
+        vault:
+          Image: "vault"
+          Command: cat
+          WorkingDir: /home/jenkins
           TTY: true
-          Ports:
-            - name: rest
-              containerPort: "9200"
-              hostPort: "9200"
-            - name: api
-              containerPort: "9300"
-              hostPort: "9300"
-        postgres:
-          Image: "postgres"
-          ImageTag: "9.6-alpine"
-          TTY: true
-          Ports:
-            - name: postgres
-              containerPort: "5432"
-              hostPort: "5432"
+          EnvVars:
+            - type: Secret
+              key: VAULT_TOKEN
+              secretName: molgenis-pipeline-vault-secret
+              secretKey: token
+            - type: Secret
+              key: VAULT_SKIP_VERIFY
+              secretName: molgenis-pipeline-vault-secret
+              secretKey: skipVerify
+            - type: Secret
+              key: VAULT_ADDR
+              secretName: molgenis-pipeline-vault-secret
+              secretKey: addr
+      NodeSelector: {}
+    molgenis-legacy:
+      InheritFrom: molgenis
+      Label: molgenis
+      NodeUsageMode: NORMAL
+      volumes:
+        - type: Secret
+          secretName: molgenis-pipeline-file-secret
+          mountPath: "/home/jenkins/.m2"
+      Containers:
       EnvVars:
         - type: Secret
           key: PGP_PASSPHRASE
@@ -132,13 +432,10 @@ jenkins:
           secretKey: pgpPassphrase
         - type: KeyValue
           key: PGP_SECRETKEY
-          value: "keyfile:/root/.m2/key.asc"
+          value: "keyfile:/home.jenkins/.m2/key.asc"
         - type: KeyValue
           key: npm_config_registry
-          value: "http://nexus.molgenis-nexus:8081/repository/npm-central"
-        - type: KeyValue
-          key: yarn_proxy
-          value: "http://nexus.molgenis-nexus:8081/repository/npm-central"
+          value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
         - type: Secret
           key: SONAR_TOKEN
           secretName: molgenis-pipeline-env-secret
@@ -151,10 +448,103 @@ jenkins:
           key: GITHUB_TOKEN
           secretName: molgenis-pipeline-env-secret
           secretKey: githubToken
-      # If needed
-      # ImagePullSecret: jenkins
+      NodeSelector: {}
+    node:
+      Label: node-carbon
+      NodeUsageMode: EXCLUSIVE
+      Containers:
+        node:
+          Image: "registry.webhosting.rug.nl/molgenis/node"
+          ImageTag: lts
+          AlwaysPullImage: true
+          Command: cat
+          WorkingDir: /home/jenkins
+          TTY: true
+      EnvVars:
+        - type: KeyValue
+          key: npm_config_registry
+          value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
+        - type: Secret
+          key: CODECOV_TOKEN
+          secretName: molgenis-pipeline-env-secret
+          secretKey: codecovToken
+        - type: Secret
+          key: GITHUB_TOKEN
+          secretName: molgenis-pipeline-env-secret
+          secretKey: githubToken
+        - type: Secret
+          key: NPM_TOKEN
+          secretName: molgenis-pipeline-env-secret
+          secretKey: npmToken
+      NodeSelector: {}
+    molgenis-it:
+      InheritFrom: molgenis
+      Label: molgenis-it
+      NodeUsageMode: EXCLUSIVE
+      Containers:
+        elasticsearch:
+          Image: docker.elastic.co/elasticsearch/elasticsearch
+          ImageTag: 5.5.3
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "1Gi"
+            limits:
+              cpu: "1"
+              memory: "1500Mi"
+          EnvVars:
+          - type: KeyValue
+            key: ES_JAVA_OPTS
+            value: "-Xms512m -Xmx512m"
+          - type: KeyValue
+            key: cluster.name
+            value: molgenis
+          - type: KeyValue
+            key: bootstrap.memory_lock
+            value: "true"
+          - type: KeyValue
+            key: xpack.security.enabled
+            value: "false"
+          - type: KeyValue
+            key: discovery.type
+            value: single-node
+        postgres:
+          Image: postgres
+          ImageTag: 9.6-alpine
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "250Mi"
+            limits:
+              cpu: "1"
+              memory: "250Mi"
+          EnvVars:
+          - type: KeyValue
+            key: POSTGRES_USER
+            value: molgenis
+          - type: KeyValue
+            key: POSTGRES_PASSWORD
+            value: molgenis
+          - type: KeyValue
+            key: POSTGRES_DB
+            value: molgenis
+        opencpu:
+          Image: molgenis/opencpu
+          AlwaysPullImage: true
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "256Mi"
+            limits:
+              cpu: "1"
+              memory: "512Mi"
       NodeSelector: {}
 PipelineSecrets:
+  Vault:
+    Replace: true
+    Token: xxxx
+    Addr: "https://vault-operator.vault-operator.svc:8200"
+    SkipVerify: 1
   Env:
     # Set to false to keep existing secret
     Replace: true
@@ -164,8 +554,18 @@ PipelineSecrets:
     CodecovToken: xxxx
     # Token for github bot account
     GitHubToken: xxxx
+    # Token for github bot account
+    GogsToken: xxxx
     # Token for sonarcloud.io
     SonarToken: xxxx
+    # Token for npmjs.org
+    NpmToken: xxxx
+    # Password Local NEXUS
+    NexusPassword: xxxx
+    # Password hub.docker.com
+    DockerHubPassword: xxxx
+    # Access key for saucelabs.com
+    SauceAccessKey: xxxx
   File:
     # Set to false to keep existing secret
     Replace: true
@@ -205,5 +605,11 @@ PipelineSecrets:
             <username>admin</username>
             <password>xxxx</password>
           </server>
+          <!-- to authenticate against GOGS for MAVEN release -->
+          <server>
+            <id>gogs</id>
+            <username>xxxx</username>
+            <password>xxxx</password>
+          </server>
         </servers>
       </settings>

molgenis-nexus/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "1.0"
 description: Nexus stack for MOLGENIS
 name: molgenis-nexus
-version: 0.2.0
+version: 0.3.0
 sources:
 - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
 icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-nexus/catalogIcon-molgenis-nexus.svg

molgenis-nexus/README.md

@@ -11,6 +11,18 @@ This chart will deploy:
 
 ## Installing the Chart
 
-etc.
+You can test in install the chart by executing:
+
+```helm lint .```
+
+To test if your helm chart-syntax is right and:
+
+```helm install . --dry-run --debug```
+
+To test if your hem chart works and:
+
+```helm install .```
+
+To deploy it on the cluster.
 
 

molgenis-nexus/templates/services/httpd-service.yaml

@@ -5,7 +5,7 @@ metadata:
   labels:
     app: {{ .Values.httpd.name }}
 spec:
-  type: NodePort
+  type: {{ .Values.httpd.service.type }}
   ports:
   - name: {{ .Values.httpd.name }}
     port: {{ .Values.httpd.port }}

molgenis-nexus/templates/services/nexus-service.yaml

@@ -5,7 +5,7 @@ metadata:
   labels:
     app: {{ .Values.nexus.name }}
 spec:
-  type: ClusterIP
+  type: {{ .Values.nexus.service.type }}
   ports:
   - name: ui
     port: {{ .Values.nexus.port.ui }}

molgenis-nexus/values.yaml

@@ -6,10 +6,6 @@ replicaCount: 1
 
 environment: production
 
-service:
-  type: NodePort
-  port: 80
-
 nexus:
   name: nexus
   strategy:
@@ -25,6 +21,8 @@ nexus:
     ui: 8081
   path:
     dockerV2: v2
+  service:
+    type: ClusterIP
 
 httpd:
   name: httpd
@@ -38,6 +36,8 @@ httpd:
     tag: lts
     pullPolicy: Always
   port: 80
+  service:
+    type: LoadBalancer
 
 
 ingress:

molgenis-preview/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

molgenis-preview/Chart.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: molgenis
+version: 0.2.0
+sources:
+- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
+icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-preview/catalogIcon-molgenis.svg

molgenis-preview/README.md

@@ -0,0 +1,11 @@
+# MOLGENIS preview
+Is used for integration testing purposes.
+
+## Containers
+This chart spins up a complete stack to run MOLGENIS. The created containers are:
+
+- MOLGENIS
+- PostgreSQL
+- Elasticsearch
+- OpenCPU
+

molgenis-preview/questions.yml

@@ -0,0 +1,44 @@
+
+categories:
+- MOLGENIS
+questions:
+- variable: ingress.hosts[0].name
+  default: "test.molgenis.org"
+  description: "Hostname for your stack"
+  type: hostname
+  required: true
+  group: "Services and Load Balancing"
+  label: Hostname
+- variable: molgenis.resources.limits.cpu
+  default: 1
+  description: "CPU limit for this MOLGENIS instance"
+  type: enum
+  options:
+  - "1"
+  - "2"
+  - "3"
+  - "4"
+  required: true
+  group: "MOLGENIS - Resource limits"
+  label: CPU limit
+- variable: molgenis.resources.limits.memory
+  default: 1250Mi
+  description: "Memory limit for this MOLGENIS instance"
+  type: enum
+  options:
+  - "1250Mi"
+  - "1500Mi"
+  - "2000Mi"
+  - "2500Mi"
+  required: true
+  group: "MOLGENIS - Resource limits"
+  label: Memory limit
+- variable: molgenis.javaOpts
+  default: "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
+  description: "Java runtime options for the MOLGENIS instance"
+  type: enum
+  options:
+  - "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
+  - "-Xmx2g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
+  group: "MOLGENIS - Resource limits"
+  label: Java memory options

molgenis-preview/templates/NOTES.txt

@@ -0,0 +1,19 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "molgenis.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ template "molgenis.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "molgenis.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "molgenis.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:80
+{{- end }}

molgenis-preview/templates/_helpers.tpl

@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "molgenis.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "molgenis.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "molgenis.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

molgenis-preview/templates/deployment.yaml

@@ -0,0 +1,124 @@
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  {{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+  {{- end }}
+  name: {{ template "molgenis.fullname" . }}
+  labels:
+    app: {{ template "molgenis.name" . }}
+    chart: {{ template "molgenis.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "molgenis.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "molgenis.name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      containers:
+        - name: molgenis
+        {{- with .Values.molgenis }}
+          image: "{{ .image.repository }}:{{ .image.tag }}"
+          imagePullPolicy: {{ .image.pullPolicy }}
+          env:
+            - name: molgenis.home
+              value: /home/molgenis
+            - name: opencpu.uri.host
+              value: localhost
+            - name: elasticsearch.transport.addresses
+              value: localhost:9300
+            - name: elasticsearch.cluster.name
+              value: {{ $.Values.elasticsearch.clusterName }}
+            - name: db_uri
+              value: "jdbc:postgresql://localhost/{{ $.Values.postgres.db }}"
+            - name: db_user
+              value: {{ $.Values.postgres.user }}
+            - name: db_password
+              value: {{ $.Values.postgres.password }}
+            - name: admin.password
+              value: {{ .adminPassword }}
+            - name: CATALINA_OPTS
+              value: "{{ .javaOpts }}"
+          ports:
+            - containerPort: 8080
+#          livenessProbe:
+#            httpGet:
+#              path: /
+#              port: 8080
+#          readinessProbe:
+#            httpGet:
+#              path: /api/v2/version
+#              port: 8080
+          resources:
+{{ toYaml .resources | indent 12 }}
+        {{- end }}
+
+        - name: elasticsearch
+        {{- with .Values.elasticsearch }}
+          image: "{{ .image.repository }}:{{ .image.tag }}"
+          imagePullPolicy: {{ .image.pullPolicy }}
+          env:
+            - name: cluster.name
+              value: {{ .clusterName }}
+            - name: bootstrap.memory_lock
+              value: "true"
+            - name: ES_JAVA_OPTS
+              value: "{{ .javaOpts }}"
+            - name: xpack.security.enabled
+              value: "false"
+            - name: discovery.type
+              value: single-node
+          ports:
+            - containerPort: 9200
+            - containerPort: 9300
+          resources:
+{{ toYaml .resources | indent 12 }}
+        {{- end }}
+
+        - name: postgres
+        {{- with .Values.postgres }}
+          image: "{{ .image.repository }}:{{ .image.tag }}"
+          imagePullPolicy: {{ .image.pullPolicy }}
+          env:
+            - name: POSTGRES_USER
+              value: {{ .user }}
+            - name: POSTGRES_PASSWORD
+              value: {{ .password }}
+            - name: POSTGRES_DB
+              value: {{ .db }}
+          ports:
+            - containerPort: 5432
+          resources:
+{{ toYaml .resources | indent 12 }}
+        {{- end }}
+
+        - name: opencpu
+        {{- with .Values.opencpu }}
+          image: "{{ .image.repository }}:{{ .image.tag }}"
+          imagePullPolicy: {{ .image.pullPolicy }}
+          ports:
+            - containerPort: 8004
+          resources:
+{{ toYaml .resources | indent 12 }}
+        {{- end }}
+
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}

molgenis-preview/templates/ingress.yaml

@@ -0,0 +1,38 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "molgenis.fullname" . -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    app: {{ template "molgenis.name" . }}
+    chart: {{ template "molgenis.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ .name }}
+      http:
+        paths:
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: 8080
+  {{- end }}
+{{- end }}

molgenis-preview/templates/service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "molgenis.fullname" . }}
+  labels:
+    app: {{ template "molgenis.name" . }}
+    chart: {{ template "molgenis.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - name: molgenis
+      port: {{ .Values.service.port }}
+  selector:
+    app: {{ template "molgenis.name" . }}
+    release: {{ .Release.Name }}

molgenis-preview/test.yaml

@@ -0,0 +1,120 @@
+# Source: molgenis/templates/deployment.yaml
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: lanky-ragdoll-molgenis
+  labels:
+    app: molgenis
+    chart: molgenis-0.1.0
+    release: lanky-ragdoll
+    heritage: Tiller
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: molgenis
+      release: lanky-ragdoll
+  template:
+    metadata:
+      labels:
+        app: molgenis
+        release: lanky-ragdoll
+    spec:
+      containers:
+        - name: molgenis
+          image: "registry.molgenis.org/molgenis/molgenis-app:latest"
+          imagePullPolicy: Always
+          env:
+            - name: molgenis.home
+              value: /home/molgenis
+            - name: opencpu.uri.host
+              value: opencpu
+            - name: elasticsearch.transport.addresses
+              value: elasticsearch:9300
+            - name: elasticsearch.cluster.name
+              value: molgenis
+            - name: db_uri
+              value: "jdbc:postgresql://postgres/molgenis"
+            - name: db_user
+              value: molgenis
+            - name: db_password
+              value: molgenis
+            - name: admin.password
+              value: admin
+            - name: CATALINA_OPTS
+              value: "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
+          ports:
+            - containerPort: 8080
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /api/v2/version
+              port: http
+          resources:
+            limits:
+              cpu: 1
+              memory: 1250Mi
+            requests:
+              cpu: 200m
+              memory: 1Gi
+
+
+        - name: elasticsearch
+          image: "docker.elastic.co/elasticsearch/elasticsearch:5.5.3"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: cluster.name
+              value: molgenis
+            - name: bootstrap.memory_lock
+              value: true
+            - name: ES_JAVA_OPTS
+              value: "-Xms512m -Xmx512m"
+            - name: xpack.security.enabled
+              value: false
+            - name: discovery.type
+              value: single-node
+          ports:
+            - containerPort: 9200
+            - containerPort: 9300
+            limits:
+              cpu: 1
+              memory: 1500Mi
+            requests:
+              cpu: 100m
+              memory: 1Gi
+
+
+        - name: postgres
+          image: "postgres:9.6-alpine"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: POSTGRES_USER
+              value: molgenis
+            - name: POSTGRES_PASSWORD
+              value: molgenis
+            - name: POSTGRES_DB
+              value: molgenis
+          ports:
+            - containerPort: 5432
+            limits:
+              cpu: 1
+              memory: 250Mi
+            requests:
+              cpu: 100m
+              memory: 250Mi
+
+
+        - name: opencpu
+          image: "molgenis/opencpu:latest"
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8004
+            limits:
+              cpu: 1
+              memory: 512Mi
+            requests:
+              cpu: 100m
+              memory: 256Mi

molgenis-preview/values.yaml

@@ -0,0 +1,81 @@
+# Default values for molgenis.
+
+replicaCount: 1
+
+service:
+  type: LoadBalancer
+  port: 8080
+
+ingress:
+  enabled: true
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+  path: /
+  hosts:
+  - name: test.molgenis.org
+  tls: []
+
+molgenis:
+  image:
+    repository: registry.molgenis.org/molgenis/molgenis-app
+    tag: 7.0.0-SNAPSHOT
+    pullPolicy: Always
+  adminPassword: admin
+  javaOpts: "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
+  resources:
+   limits:
+    cpu: 1
+    memory: 1250Mi
+   requests:
+    cpu: 200m
+    memory: 1Gi
+
+postgres:
+  image:
+    repository: postgres
+    tag: 9.6-alpine
+    pullPolicy: IfNotPresent
+  user: molgenis
+  password: molgenis
+  db: molgenis
+  resources:
+   limits:
+    cpu: 1
+    memory: 250Mi
+   requests:
+    cpu: 100m
+    memory: 250Mi
+
+elasticsearch:
+  image:
+    repository: docker.elastic.co/elasticsearch/elasticsearch
+    tag: 5.5.3
+    pullPolicy: IfNotPresent
+  javaOpts: "-Xms512m -Xmx512m"
+  clusterName: molgenis
+  resources:
+   limits:
+    cpu: 1
+    memory: 1500Mi
+   requests:
+    cpu: 100m
+    memory: 1Gi
+
+opencpu:
+  image:
+    repository: molgenis/opencpu
+    tag: latest
+    pullPolicy: Always
+  resources:
+    limits:
+      cpu: 1
+      memory: 512Mi
+    requests:
+      cpu: 100m
+      memory: 256Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

rbac-config.yml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tiller
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: tiller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: tiller
+    namespace: kube-system