P129679/molgenis-ops-docker-helm
1
0
Fork 0
Code Releases Activity

Compare commits

base: P129679:chore/pipeline
Branches Tags
P129679:master P129679:fix/links P129679:chore/pipeline P129679:revert/nodeSelector P129679:chore/nodeSelector P129679:chore/jenkins-gitsource P129679:fix/75 P129679:chore/upgrade-jenkins P129679:feature/molgenis-it P129679:feat/helm-in-jenkins P129679:doc/helm-role P129679:feature/helm-role P129679:feature/s3 P129679:chore/remove-secrets P129679:feature/vault P129679:deploy-test
..
compare: P129679:deploy-test
Branches Tags
P129679:fix/links P129679:master P129679:chore/pipeline P129679:revert/nodeSelector P129679:chore/nodeSelector P129679:chore/jenkins-gitsource P129679:fix/75 P129679:chore/upgrade-jenkins P129679:feature/molgenis-it P129679:feat/helm-in-jenkins P129679:doc/helm-role P129679:feature/helm-role P129679:feature/s3 P129679:chore/remove-secrets P129679:feature/vault P129679:deploy-test

7 Commits
chore/pipe ... deploy-tes

Author SHA1 Message Date
Fleur Kelpin
f8de505ed6 fix (jenkins) Fix skip verify value in vault secret 2018-08-19 23:05:53 +02:00
Fleur Kelpin
af00229be0 Merge branch 'fix-views' of https://git.webhosting.rug.nl/p281392/molgenis-ops-docker-helm into deploy-test 2018-08-19 22:40:09 +02:00
sido
d5ed6e979b updated views 2018-08-18 23:18:10 +02:00
sido
2d84fb08a8 updated views 2018-08-18 23:12:54 +02:00
sido
44044b59aa updated views 2018-08-18 23:12:02 +02:00
sido
acbd380a0c updated plugins 2018-08-18 22:36:05 +02:00
sido
e54f958add fix views by reorder the views 2018-08-18 22:16:13 +02:00
101 changed files with 830 additions and 2525 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,3 +1,2 @@
.idea .idea
*.iml *.iml
target

40
Jenkinsfile vendored
View File

@ -1,40 +0,0 @@
pipeline {
agent {
kubernetes {
label 'helm'
}
}
stages {
stage('Test') {
steps {
container('chart-testing') {
sh "chart_test.sh --no-install --all"
}
}
}
stage('Package') {
steps {
container('chart-testing'){
sh 'mkdir target'
sh 'for dir in charts/*; do helm package --destination target "$dir"; done'
}
}
}
stage('Deploy') {
when {
branch 'master'
}
steps {
container('vault') {
script {
env.NEXUS_USER = sh(script: 'vault read -field=username secret/ops/account/nexus', returnStdout: true)
env.NEXUS_PWD = sh(script: 'vault read -field=password secret/ops/account/nexus', returnStdout: true)
}
}
container('alpine') {
sh 'set +x; for chart in target/*; do curl -L -u $NEXUS_USER:$NEXUS_PWD http://registry.molgenis.org/repository/helm/ --upload-file "$chart"; done'
}
}
}
}
}

24
README.md
View File

@ -104,9 +104,7 @@ This repository is serves also as a catalogue for Rancher. We have serveral apps
- [Jenkins](molgenis-jenkins/README.md) - [Jenkins](molgenis-jenkins/README.md)
- [NEXUS](molgenis-nexus/README.md) - [NEXUS](molgenis-nexus/README.md)
- [HTTPD](molgenis-httpd/README.md) - [HTTPD](molgenis-httpd/README.md)
- [MOLGENIS](molgenis/README.md) - [MOLNIGES preview](molgenis-preview/README.md)
- [MOLGENIS preview](molgenis-preview/README.md)
- [MOLGENIS vault](molgenis-vault/README.md)
### Useful commands ### Useful commands
You can you need to know to easily develop and deploy helm-charts You can you need to know to easily develop and deploy helm-charts
@ -123,26 +121,6 @@ You can you need to know to easily develop and deploy helm-charts
Do it in the root of the project where the Chart.yaml is located Do it in the root of the project where the Chart.yaml is located
It installs a release of a kubernetes stack. You also store this as an artifact in a kubernetes repository It installs a release of a kubernetes stack. You also store this as an artifact in a kubernetes repository
- ```helm package .```
You can create a package which can be uploaded in the molgenis helm repository
- ```helm publish```
You still have to create an ```index.yaml``` for the chart. You can do this by executing this command: ```helm repo index #directory name of helm chart#```
Then you can upload it by executing:
- ```curl -v --user #username#:#password# --upload-file index.yaml https://registry.molgenis.org/repository/helm/#chart name#/index.yml```
- ```curl -v --user #username#:#password# --upload-file #chart name#-#version#.tgz https://registry.molgenis.org/repository/helm/#chart name#/#chart name#-#version#.tgz```
Now you have to add the repository locally to use in your ```requirements.yaml```.
- ```helm repo add #repository name# https://registry.molgenis.org/repository/helm/molgenis```
- ```helm dep build```
You can build your dependencies (create a ```charts``` directory and install the chart in it) of the helm-chart.
- ```helm list``` - ```helm list```
Lists all installed releases Lists all installed releases

115
charts/molgenis-jenkins/README.md
View File

@ -1,115 +0,0 @@
# Molgenis Jenkins Helm Chart
Jenkins master and slave cluster utilizing the Jenkins Kubernetes plugin.
Wraps [the kuberenetes jenkins chart](https://github.com/kubernetes/charts/tree/master/stable/jenkins), see documentation there!
## Chart Details
This chart will do the following:
* 1 x Jenkins Master with port 8080 exposed on an external ClusterIP
* All using Kubernetes Deployments
## Installing the Chart
Usually, you'll be deploying this to the molgenis cluster.
In the [Rancher Catalog](https://rancher.molgenis.org:7443/g/catalog), add the latest version of this repository.
In the [molgenis cluster management page](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/apps), choose the
catalog, pick the molgenis-jenkins app from the catalog and deploy it.
## Configuration
When deploying, you can paste values into the Rancher Answers to override the defaults in this chart.
Array values can be added as {value, value, value}.
```
jenkins.Master.HostName=jenkins.molgenis.org
jenkins.Master.AdminPassword=pa$$word
jenkins.Persistence.Enabled=false
jenkins.Master.InstallPlugins={kubernetes:1.8.4, workflow-aggregator:2.5, workflow-job:2.21, credentials-binding:1.16, git:3.9.1, blueocean:1.6.2, github-oauth:0.29}
jenkins.Master.Security.UseGitHub=false
## if UseGitHub=true
jenkins.Master.Security.GitHub.ClientID=id
jenkins.Master.Security.GitHub.ClientSecret=S3cr3t
## end UseGitHub=true
PipelineSecrets.Env.PGPPassphrase=literal:S3cr3t
```
You can use [all configuration values of the jenkins subchart](https://github.com/kubernetes/charts/tree/master/stable/jenkins).
> Because we use jenkins as a sub-chart, you should prefix all value keys with `jenkins`!
### GitHub Authentication delegation
You need to setup a MOLGENIS - Jenkins GitHub OAuth App. You can do this by accessing this url: [add new OAuth app](https://github.com/settings/applications/new).
### Secrets
When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins.
You can override the values at deploy time but otherwise also configure them
[in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
#### Vault
The vault secret gets mounted in the vault pod so pipeline scripts can retrieve secrets from the vault.
| Parameter | Description | Default |
| ------------------------- | ------------------------------------------ | ---------------------------------------------- |
| `secret.vault.token` | Token to log into the hashicorp vault | `xxxx` |
| `secret.vault.addr` | Address of the vault | `https:vault-operator.vault-operator.svc:8200` |
| `secret.vault.skipVerify` | Skip verification of the https connection | `1` |
#### GitHub
Token used by Jenkins to authenticate on GitHub.
| Parameter | Description | Default |
| --------------------- | ------------------------ | ------------------ |
| `secret.gitHub.user` | username for the account | `molgenis-jenkins` |
| `secret.gitHub.token` | token for the account | `xxxx` |
#### Gogs
Token used by Jenkins to authenticate on the [RuG Webhosting Gogs](https://git.webhosting.rug.nl).
| Parameter | Description | Default |
| ------------------- | ------------------------ | --------- |
| `secret.gogs.user` | username for the account | `p281392` |
| `secret.gogs.token` | token for the account | `xxxx` |
#### Slack
The Slack integration is done mostly in the Jenkinsfile of each project. It is sufficient to only add the plugin to the Jenkins configuration in Helm.
#### Legacy:
##### Docker Hub
Account used in pipeline builds to push docker images to `hub.docker.com`.
> They should read `secret/gcc/account/dockerhub` from vault instead!
| Parameter | Description | Default |
| --------------------------- | ------------------------ | --------------- |
| `secret.dockerHub.user` | username for the account | `molgenisci` |
| `secret.dockerHub.password` | password for the account | `xxxx` |
##### Registry
Account used in pipeline builds to push docker images to `registry.molgenis.org`.
> They should read `secret/ops/account/nexus` from vault instead!
| Parameter | Description | Default |
| --------------------------- | ------------------------ | --------- |
| `secret.dockerHub.user` | username for the account | `admin` |
| `secret.dockerHub.password` | password for the account | `xxxx` |
## Command line use
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart.
For example,
```bash
$ helm install --name jenkins -f values.yaml molgenis-jenkins
```
> **Tip**: You can use the default [values.yaml](values.yaml)

BIN
charts/molgenis-jenkins/charts/jenkins-0.18.0.tgz
View File

Binary file not shown.

8
charts/molgenis-jenkins/resources/README.md
View File

@ -1,8 +0,0 @@
# Helm in Jenkins
To be able to run helm inside a jenkins pod, you'll need to
* create a role in the namespace where tiller is installed
* bind that role to the user that jenkins pods run as
This directory contains yaml for these resources.
See also https://github.com/helm/helm/blob/master/docs/rbac.md

13
charts/molgenis-jenkins/resources/jenkins-default-tiller-user-rolebinding.yaml
View File

@ -1,13 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: tiller-jenkins-binding
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: tiller-user
subjects:
- kind: ServiceAccount
name: default
namespace: molgenis-jenkins

18
charts/molgenis-jenkins/resources/tiller-user-role.yaml
View File

@ -1,18 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: tiller-user
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- pods/portforward
verbs:
- create
- apiGroups:
- ""
resources:
- pods
verbs:
- list

17
charts/molgenis-jenkins/templates/molgenis-jenkins-registry-secret.yaml
View File

@ -1,17 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: molgenis-jenkins-registry-secret
labels:
app: {{ template "jenkins.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
annotations: {
# description - can not be a label as spaces are not allowed
"jenkins.io/credentials-description" : "(deprecated by vault) Account used in pipeline builds to push docker images to registry.molgenis.org."
}
type: Opaque
data:
username: {{ .Values.secret.registry.user | b64enc | quote }}
password: {{ .Values.secret.registry.password | b64enc | quote }}

69
charts/molgenis-nexus/README.md
View File

@ -1,69 +0,0 @@
# MOLGENIS - NEXUS Helm Chart
NEXUS repository for kubernetes to deploy on a kubernetes cluster with NFS-share
## Chart Details
This chart will deploy:
- 1 NEXUS-nfs initialization container
We need this container to avoid permission issues on the NEXUS docker
- 1 NEXUS container
- 1 MOLGENIS-httpd container (to proxy the registry and docker to one domain)
## Backup restore
There are two steps in restoring the NEXUS.
- Database
- Blobstore
### Restore the database
Go to the commandline:
```bash
kubectl get pv
```
```bash
| NAME | CAPACITY | ACCESS | MODES | RECLAIM | POLICY | STATUS | CLAIM | STORAGECLASS | REASON | AGE |
| ---- | -------- | ------ | ----- | ------- | ------ | ------ | ----- | ------------ | ------ | --- |
| pvc-45988f55-900f-11e8-a0b4-005056a51744 | 30G | RWX | | Retain | Bound | molgenis-nexus/molgenis-nfs-claim | nfs-provisioner-retain | | | 33d |
| pvc-3984723d-220f-14e8-a98a-skjhf88823kk | 30G | RWO | | Delete | Bound | molgenis-test/molgenis-nfs-claim | nfs-provisioner | | | 33d |
```
The persistent volume is the one in the molgenis-nexus namespace.
Go to the NFS-provisioner to the path of the persistent volume:
```bash
ls -t --full-time | head -7 | xargs cp ../restore-from-backup/
```
### Restore the blobstore
You can copy the directory ```blobs``` to the target persistent volume ```/ blobs```.
You can now bring the NEXUS back up.
## Installing the Chart
You can test in install the chart by executing:
```helm lint .```
To test if your helm chart-syntax is right and:
```helm install . --dry-run --debug```
To test if your hem chart works and:
```helm install .```
To deploy it on the cluster.
```curl -L -u xxxx:xxxx http://registry.molgenis.org/repository/helm/ --upload-file molgenis-x.x.x.tgz```
To push it to the registry

55
charts/molgenis-nexus/templates/deployments/nexusProxy-deployment.yaml
View File

@ -1,55 +0,0 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
creationTimestamp: null
name: {{ .Values.nexusProxy.name }}
labels:
app: {{ .Values.nexusProxy.name }}
environment: {{ .Values.environment }}
spec:
replicas: {{ .Values.replicaCount }}
strategy:
type: {{ .Values.nexusProxy.strategy.type }}
selector:
matchLabels:
app: {{ .Values.nexusProxy.selector }}
template:
metadata:
labels:
app: {{ .Values.nexusProxy.name }}
creationTimestamp: null
spec:
restartPolicy: {{ .Values.nexusProxy.restartPolicy }}
containers:
- name: {{ .Values.nexusProxy.name }}
image: "{{ .Values.nexusProxy.image.repository }}:{{ .Values.nexusProxy.image.tag }}"
imagePullPolicy: {{ .Values.nexusProxy.image.pullPolicy }}
env:
- name: PROXY_SERVICE
value: "{{ .Values.nexus.name }}:{{ .Values.nexus.port.ui }},{{ .Values.nexus.name }}:{{ .Values.nexus.port.docker }}:{{ .Values.nexus.path.dockerV2 }}"
- name: SERVER_NAME
value: {{ .Values.nexusProxy.hostname }}
ports:
- containerPort: {{ .Values.nexusProxy.port }}
resources: {}
livenessProbe:
httpGet:
path: /
port: {{ .Values.nexusProxy.port }}
initialDelaySeconds: 1500
periodSeconds: 20
failureThreshold: 5
successThreshold: 1
readinessProbe:
httpGet:
path: /
port: {{ .Values.nexusProxy.port }}
initialDelaySeconds: 150
periodSeconds: 20
failureThreshold: 15
successThreshold: 1
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}

15
charts/molgenis-nexus/templates/persistence/nexusPVC.yaml
View File

@ -1,15 +0,0 @@
{{- if .Values.persistence.enabled -}}
apiVersion: extensions/v1beta1
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ .Values.persistence.claim }}
annotations:
volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain"
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: {{ .Values.persistence.size }}
{{- end }}

13
charts/molgenis-nexus/templates/services/nexusProxy-service.yaml
View File

@ -1,13 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.nexusProxy.name }}
labels:
app: {{ .Values.nexusProxy.name }}
spec:
type: {{ .Values.nexusProxy.service.type }}
ports:
- name: {{ .Values.nexusProxy.name }}
port: {{ .Values.nexusProxy.port }}
selector:
app: {{ .Values.nexusProxy.selector }}

65
charts/molgenis-nexus/values.yaml
View File

@ -1,65 +0,0 @@
# Default values for nexus.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
environment: production
nexus:
name: nexus
strategy:
type: Recreate
selector: nexus
restartPolicy: Always
image:
repository: molgenis/nexus3
tag: latest
pullPolicy: Always
port:
docker: 5000
ui: 8081
path:
dockerV2: v2
service:
type: ClusterIP
nexusProxy:
name: nexus-proxy
hostname: registry.molgenis.org
strategy:
type: Recreate
selector: nexus-proxy
restartPolicy: Always
image:
repository: molgenis/httpd
tag: latest
pullPolicy: Always
port: 80
service:
type: LoadBalancer
ingress:
enabled: true
annotations: {}
path: /
hosts:
- name: registry.molgenis.org
tls: []
persistence:
enabled: true
claim: molgenis-nexus
size: 500Gi
resources: {}
nodeSelector: {
deployPod: "true"
}
tolerations: []
affinity: {}

12
charts/molgenis-opencpu/Chart.yaml
View File

@ -1,12 +0,0 @@
apiVersion: v1
appVersion: "1.0"
description: Opencpu stack for MOLGENIS
name: molgenis-opencpu
version: 0.1.1
sources:
- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-opencpu/catalogIcon-molgenis-opencpu.svg
home: https://www.opencpu.org
maintainers:
- name: sidohaakma
- name: fdlk

38
charts/molgenis-opencpu/README.md
View File

@ -1,38 +0,0 @@
# MOLGENIS - OpenCPU Helm Chart
NEXUS repository for kubernetes to deploy on a kubernetes cluster with NFS-share
## Containers
This chart will deploy the following containers:
- OpenCPU
- MOLGENIS-httpd (to proxy the registry and docker to one domain)
## Provisioning
You can choose for the OpenCPU image from which repository you want to pull. Experimental builds are pushed to registry.molgenis.org and the stable builds to hub.docker.com.
You need to fill out 2 properties to determine which repository you are going to use.
- ```opencpu.image.repository```
- ```opencpu.image.tag```
You can do this in the questions in Rancher or in the ```values.yaml```.
## Development
You can test in install the chart by executing:
```helm lint .```
To test if your helm chart-syntax is right and:
```helm install . --dry-run --debug```
To test if your hem chart works and:
```helm install .```
To deploy it on the cluster.

1
charts/molgenis-opencpu/catalog-molgenis-opencpu.svg
View File

File diff suppressed because one or more lines are too long
Side by Side

Before

Width:  |  Height:  |  Size: 245 KiB

28
charts/molgenis-opencpu/questions.yml
View File

@ -1,28 +0,0 @@
categories:
- MOLGENIS
questions:
- variable: ingress.enabled
label: Enable ingress
default: false
description: "Enable ingress"
type: boolean
required: true
group: "Load balancing"
- variable: opencpu.image.repository
label: Registry
default: "registry.hub.docker.com"
description: "Select a registry to pull from"
type: enum
options:
- "registry.hub.docker.com"
- "registry.molgenis.org"
required: true
group: "Provisioning"
- variable: opencpu.image.tag
label: Version
default: ""
description: "Select a OpenCPU version (check the registry.molgenis.org or hub.docker.com for released tags)"
type: string
required: true
group: "Provisioning"

32
charts/molgenis-opencpu/templates/_helpers.tpl
View File

@ -1,32 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "opencpu.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "opencpu.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "opencpu.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

35
charts/molgenis-opencpu/templates/deployment.yaml
View File

@ -1,35 +0,0 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
{{- with .Values.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
name: {{ template "opencpu.fullname" . }}
labels:
app: {{ template "opencpu.name" . }}
chart: {{ template "opencpu.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: {{ template "opencpu.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "opencpu.name" . }}
release: {{ .Release.Name }}
spec:
containers:
{{- with .Values.opencpu }}
- name: {{ .name }}
image: "{{ .image.repository }}/{{ .image.name }}:{{ .image.tag }}"
imagePullPolicy: {{ .image.pullPolicy }}
ports:
- containerPort: {{ .service.port }}
{{- end }}

36
charts/molgenis-opencpu/templates/ingress.yaml
View File

@ -1,36 +0,0 @@
{{- if .Values.ingress.enabled }}
{{- range .Values.ingress.hosts }}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: "{{ $.Release.Name }}-ingress"
labels:
app: {{ $.Values.opencpu.name }}
chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}"
release: "{{ $.Release.Name }}"
heritage: "{{ $.Release.Service }}"
annotations:
{{- if .tls }}
ingress.kubernetes.io/secure-backends: "true"
{{- end }}
{{- range $key, $value := .annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
rules:
- host: {{ .name }}
http:
paths:
- path: {{ default "/" .path }}
backend:
serviceName: {{ $.Values.opencpu.service.name }}
servicePort: {{ $.Values.opencpu.service.port }}
{{- if .tls }}
tls:
- hosts:
- {{ .name }}
secretName: {{ .tlsSecret }}
{{- end }}
---
{{- end }}
{{- end }}

20
charts/molgenis-opencpu/templates/service.yaml
View File

@ -1,20 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.opencpu.service.name }}
labels:
app: {{ .Values.opencpu.service.name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
type: {{ .Values.opencpu.service.type }}
loadBalancerSourceRanges:
{{- range $index, $rule := .Values.opencpu.service.firewall }}
- {{ $rule }}
{{- end }}
ports:
- name: {{ .Values.opencpu.service.name }}
port: {{ .Values.opencpu.service.port }}
selector:
app: {{ template "opencpu.name" . }}
release: {{ .Release.Name }}

41
charts/molgenis-opencpu/values.yaml
View File

@ -1,41 +0,0 @@
# Default values for nexus.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
environment: production
opencpu:
name: opencpu
strategy:
type: Recreate
restartPolicy: Always
image:
repository: registry.hub.docker.com
name: molgenis/opencpu
tag: stable
pullPolicy: Always
service:
name: opencpu
type: LoadBalancer
port: 8004
firewall:
- 145.100.224.1/24
ingress:
enabled: false
annotations: {
kubernetes.io/ingress.class: "nginx",
nginx.ingress.kubernetes.io/proxy-body-size: "0"
}
path: /
hosts:
- name: opencpu.molgenis.org
tls: []
nodeSelector: {}
tolerations: []
affinity: {}

21
charts/molgenis-vault/.helmignore
View File

@ -1,21 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

10
charts/molgenis-vault/Chart.yaml
View File

@ -1,10 +0,0 @@
apiVersion: v1
appVersion: "1.0"
description: MOLGENIS vault
name: molgenis-vault
version: 0.1.1
icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-vault/catalogIcon-molgenis-vault.svg
home: https://github.com/coreos/vault-operator
maintainers:
- name: fdlk
- name: sidohaakma

52
charts/molgenis-vault/README.md
View File

@ -1,52 +0,0 @@
# MOLGENIS Vault helm chart
This chart creates a vault operator, but NO vault.
The vault operator defines a new custom resource named `vault` that you can use to create vaults.
After launching the operator, create the molgenis vault manually:
`kubectl create -f resources/vault.yaml`
That creates a new vault with two vault pods.
See https://github.com/coreos/vault-operator/blob/master/doc/user/vault.md
## Parameters
### Azure cloud credentials
Define credentials for backup to the Azure Blob Store.
See [etcd-operator documentation](https://github.com/coreos/etcd-operator/blob/master/doc/user/abs_backup.md).
| Parameter | Description | Default |
| --------------- | ----------------------------- | ------------------ |
| `abs.account` | name of storage account | `fdlkops` |
| `abs.accessKey` | access key of storage account | `xxxx` |
| `abs.cloud` | name of cloud environment | `AzurePublicCloud` |
### Backup job
Define the schedule of the backup job
| Parameter | Description | Default |
| -------------------- | ---------------------------- | ------------- |
| `backupJob.enable` | Enable backup cronjob | `true` |
| `backupJob.schedule` | cron schedule for the backup | `0 12 * * 1` |
### UI
Parameter | Description | Default
--------- | ----------- | -------
`ui.replicaCount` | desired number of Vault UI pod | `1`
`ui.image.repository` | Vault UI container image repository | `djenriquez/vault-ui`
`ui.image.tag` | Vault UI container image tag | `latest`
`ui.resources` | Vault UI pod resource requests & limits | `{}`
`ui.nodeSelector` | node labels for Vault UI pod assignment | `{}`
`ui.ingress.enabled` | If true, Vault UI Ingress will be created | `true`
`ui.ingress.annotations` | Vault UI Ingress annotations | `{}`
`ui.ingress.host` | Vault UI Ingress hostname | `vault.molgenis.org`
`ui.ingress.tls` | Vault UI Ingress TLS configuration (YAML) | `[]`
`ui.vault.url` | Vault UI default vault url | `https://vault.vault-operator:8200`
`ui.vault.auth` | Vault UI login method | `GITHUB`
`ui.service.name` | Vault UI service name | `vault-ui`
`ui.service.type` | type of ui service to create | `ClusterIP`
`ui.service.externalPort` | Vault UI service target port | `8000`
`ui.service.internalPort` | Vault UI container port | `8000`
`ui.service.nodePort` | Port to be used as the service NodePort (ignored if `server.service.type` is not `NodePort`) | `0`

627
charts/molgenis-vault/catalogIcon-molgenis-vault.svg
View File

@ -1,627 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
version="1.1"
id="Layer_1"
x="0px"
y="0px"
width="500px"
height="264px"
viewBox="0 0 500 264"
enable-background="new 0 0 500 264"
xml:space="preserve"
sodipodi:docname="catalogIcon-molgenis-vault.svg"
inkscape:version="0.92.2 5c3e80d, 2017-08-06"><metadata
id="metadata5805"><rdf:RDF><cc:Work
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title></dc:title></cc:Work></rdf:RDF></metadata><defs
id="defs5803"><filter
inkscape:collect="always"
style="color-interpolation-filters:sRGB"
id="filter6667"
x="-0.064315152"
width="1.1286303"
y="-0.12104943"
height="1.2420989"><feGaussianBlur
inkscape:collect="always"
stdDeviation="13.265"
id="feGaussianBlur6669" /></filter></defs><sodipodi:namedview
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1"
objecttolerance="10"
gridtolerance="10"
guidetolerance="10"
inkscape:pageopacity="0"
inkscape:pageshadow="2"
inkscape:window-width="1166"
inkscape:window-height="588"
id="namedview5801"
showgrid="false"
inkscape:zoom="1"
inkscape:cx="202.52842"
inkscape:cy="106.4469"
inkscape:window-x="61"
inkscape:window-y="25"
inkscape:window-maximized="0"
inkscape:current-layer="Layer_1" /><rect
style="fill:#ffffff;fill-opacity:1;stroke:#000000;stroke-width:0;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;filter:url(#filter6667)"
id="rect6665"
width="495"
height="263"
x="1"
y="1" /><image
y="24.641571"
x="4.9419723"
id="image5824"
xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAIAAAAiOjnJAAAAA3NCSVQICAjb4U/gAAAgAElEQVR4
nO19d3wcxfX4m72qk046SadqNcuSbMuyLVdMtTHGoRkwmF6CQzUlhBC+hJCEEH6EECD0gA2JqaHX
EDBgHGPccLdsS7Isyer1dDqd7k5X9nZ+f2ybLbe3MrKxsd5Hn9Pu7OzbN7NvZ968NghjDKNwfAOD
YWPzwHt7XBtbvHW9AW+YoRBkJpoqshLPGOe4dEpGcZp1uDjRKGMd5/D5fvf9Xzbt6vQDsJyAZBWM
FLqwPO2Rs8aWpCfoRzvKWMcvBCLMbZ8ceGV7t57KNhP19KKSG2Zl60Q+yljHKXiC9Lmv7N3Y4gVA
AJj/hRinHPxuXsHDC4v04KdGnuRROOohHMUXv1G9sWWQn/iE31in3N9f1rY+/l2bnkeMMtbxCA+t
aV7T6AHA/Ggk/Kr9YcnpfasObm7xxn3EKGMdd1DfN/S3b1sBI8AIAAEGwAgAuBLhD4gD4phm4LZP
6pl4AtQoYx138Oi3rWEGA8KAAAADAkAYgC0R/ohL5FUAQHhHp//z/W7tp4wy1vEFgQjz9u5efvgB
ToqSjU8YASYuSa5y0+bKbV3aDxplrOML1jcN+MJRQnhiGQVzv6JEJYBUzOKFsdX1/eGo1nQ4yljH
F2xrG5Su+fiJj/sV/nhOki8QucreULS+b0jjQaOMdXxB60BIsgQE4CY++R9RqFIZAUCLJ6jxIOPh
bMUoHHXgCzOAADASLTcIlGYc4QIAqy7FijrIF2Y0HjTKWMckYBwN0d1huofBtJFKSjDnGagkPTcm
mdk5CnPadU5Cx4AQJ3JxmnbETZSCHMVdRbxaHidbDBoPGmWsYwwGAts7PR+4/Rsj0X4QucOYZB2f
mXxWdsoFRkOKxu1jWT8FJB1+2FOujBjMxGMs3sIJW6jAYdF40ChjHTMwFG4+0PVwf+B70uzCA+0L
7vMF97W4XirMuHVM6mWxpOeZY+wA/PBDYhHNg1gsFwoRSMYzhNMSjMVpWs4Oo8L7sQF9g2u3H7zC
4/9eqgpAmLS4ANCMt777kb1tv4oyAVU8JxUmOyxGcfkn07PLykHtEgAAWlCSajaoSmYcjDLWMQCu
wTXV7XcxjI9blWEMmB1CMCLXbxgAY4SRe3DtntbbGBxSorIaqaunZfKqBCxRrANxQF4ir/KLwxvj
+c+MMtbRDoFQQ23H7zBEQTl2SK15ZAXv0Pb6rkdUEd5zWr7NZIg5XGHFSCa/CqcUpswfl6pN9ihj
HeXA1HX9OYoDGBDm1OP86IERry1HwqmodcKo0/Nxv3+zEmOBw/LAggLZCCTcp1BeyY+tRurZ88dR
WtMgwChjHeXg9m3wBnYhQAgAIfYX+FNAgBBC/AE7pCBubEGAEG7qfU4V7W9OzT9/Yjpbia8N/ClS
nBLHAM+eX1KZE1+1McpYRzV0eN4TF2iCYZgE2aDDASd3eYf2+IK1SrQUgreumHhWaZzpTH4XwGPn
jNXpnTzKWEcvMDjU79+MsagcAOkxJ6+DhKtkRmS3b70qcpuJ+uTaSb8+eQwlmpYJs7T0KQA4LcHw
zpUTf3Nqnk7iRxnr6IVAqBHjEDupCcs0UbWJgD0VrwIAYERYlBHCg8G9sfCbDeiJc4s33FI5f1wK
Jcx3QGgVAACB1YhumZ2z71czl1Q49RM/qiA9eiEY6QSZYpL95cwwmDfDcP/5ciH+AQtINGBOQfI3
N0yp7gl8uNe1odlb5wp4gjSFqOwkU3mW7YxxjosmOZ2JpuESP8pYRy9gHOUP+eGInZY4+woSpkVB
WY4xAnEeQwDA4LCeZ5Vn2srnF4wM3QAwOhUezWCgbIrYPMF0p1JOVBYtNUbKfliIiwejI9bRCwnm
fMSL5jKbnpKzQFaBQHL4KNSA0RHr6IUEc57JmKGqrCRLtC+l2Gb8CKSPjliHCRgMuzp9n9e6d3b4
evwRAMhOMs0YYz9nQtqU7ETdaKgM+4IOz9sAmI99wIITFeKkdHYdx/pX8UtGzLvTIHN60mkj2zSd
MBpiP/Lw1YH++79q2tY+CCCbmRBgfFJh8sMLi+YVO/SgGgo3bzt4MYMjHOeIgjux8CM8qUBaLSvl
/PG5D41o4/TCKGONJISj+I5P61/e1skwvEJI6F0kcgEF+JcnjXnsnGJjXJMbQH3XI+2et/kzpYuw
CMTTMAAyoMRZxR9YTDmH2JgfBqOMNWIQjuKL39j3Wa1b8e6VwjcGgEunZLx52YS4vBVlAjubrg2E
DwyTHDw+5y9ZKecN864Rg1HhfcTgrs8aPtvfL4ZViW5MIIYXE2rxd/f03v9lU1y0Bso2Of9Zi3EM
a3LBglyOuV/MmmJ4fz+2qCjjzh+Rq2B0xBopWNPgOfOfVXEzGsiAQrDhlso5Bclxa4ZpV037vQND
WwWhCktnWtYrHQMYkK0k+77slAuGR8pIwyhjjQyc/OKujc2DnG+4EMrCruZU5josmGYWlji+/MVk
PY/AONo18FGz66UQ3cniIOU2wIAogzNpQXHmnVaTXlPx4YNRxhoB2Nvtn/zUdgBQHUo44FQD8nIK
QcM9s4tS9Sb5xDji9m3o863zhWojdC8DUQNKtJmLUmwzMpIXHA0sxcKoHmsEYFVdvzygSvCiihca
ygCsquu/5QS9azeETOn2een2eQSCo1FQPhppOuZgd6dP4swEwMU7sOekhxRXRxS9AcPuTt8PePhR
+gZHR6wRgB5fhIjnROIvKAQsyVVu/OrxRY4AkUcYRhlrBIBipXUAifAOMRSkMkBAyafRnwKMMtYI
QLbdxHtM8UMU4kV4kmeQ4L5OAspNNh8JKo8sjDLWCMCMMXYuWzrpkIeUxjzSNV1YQeJpubryeRxu
CNJMVae/vm/IPUQbKZSZZKrISixJT9BhdlKBUcYSwRuKugMRI4WciSarcRhC8Tnj0+5EiBEDG1gf
YaKG6iSIAQCMCJ1VNrxomRGH9U0Dz2/u+LzW7Q3JMhPhAofl8imZt52Yq50CRAmjeixodAeXf9/5
aU1ffd8QzQAAtpmoKTlJl03JuG5GlsOq69s7e+XeVXVumW+6ctZTli+pcL53VflItmc40OIJ3fbJ
Ad6+SVIrEQ+tRvSb0/LuP71A//d2XDNWOIofWN309+/awzFsMU6b8clzx109LTMuqh0dvhOe30nL
/T3jgNWAdv5y+oQMm36aRxDWNHgu+Xe1eygavyoAAMzJt390dXm2XZdEeJRqQY4AeEPRM/9Z9ddv
2xRcJcpGrgB9zbv77/qsIa4RcHpu0gNnFAo3iqjkuWKFR2AAeOSssT8WV311oP/cV/ZKuSoWqdzv
5tbBuSt2dw3qis44ThmLZvDFb1SvO+gFUPj2Yn68wdzo89SGjv+3pjkuzt+dXnDL7GwhChkwiIk0
JPiBzbfx65PH/PKkMYelefGgtjdwyZvVQRorqVI4O/OpuTEAhjpX8JJ/19A6jO3HKWP9fX3b6gYP
rxogQjRlB/zxQ2taNzbH2eeDQvD8BaWPnl1kNqjhIU6tRurpRcVPnFt8aAuuHwgMhus/qPOyyUiV
RKoRTNZZ3zzw+Lr42+kcjzKWO0CPe2yLJ0gDAO+JwLsbsEISGRgKnM7ztKLkb2+aqgd/dU/gga+b
Pq7uowXDDo/KTMGSyRkPnFFY5hzG3n8jC+9W9V72Vg1JlUoOUkT6PiOuf9hbME62GBruma0dxXo8
qhve3dPLcRWA3MDHFUpPAQDjdQcHansDekSi8kzbe1eV9/giq+v7iWAK87TcpIWlqWm2EexzVjsw
vGnnyQ3t3JG0gfyB4hLIU9x6Q9GXt3b9dp5WYNnxyFhf7HeLKVxiTUZKd2KAVXX9+mXtzCTTlZWZ
V1bGX1EOCxgccvs2uH3rBoM1YboX46iBSrRZClNsMzPsZyaY40QzN/UHt7R6tXyn9cE7Vb2jjCWH
vd1+3jWKN+rJlU9I9HgRV0V4T5f/x6MaMI52et5vdq2I0L1kOR3tD0Xa+n0bmnqfS086vTjzzgRz
YSwk6w4OMABi86UNBACxBxCp75V+Zwjt7Q64/BGN2fB4ZCxvKEp2Jw9Y5Vcqf7oDP5obQph2Vbff
4x3azsk8pLGbF5AQRF2+1W7/+tKs+7Idi1Xx7OsOEDwkbyBXKL9E9glrVMA0xnWuoVHGkoDZQAkJ
WpRfI/+ilJE12GbWSpl/+CAU6dzVvJT1SBYcccTc7JwnDi9y41Bd1wNhuq/AeYMSVY8/wg9FSNlA
ES8Ql0Bq9wRulcPKjrHgeFQ3FKdZuaWfLGEwkFv1SQsBA2JvPNIQZQJ7Wm8L0Z3saxfFaP6XPyAN
3eig65nugc9iIhXaLm2gGF8k6RBM3CVoH+IoE45HxjptbIp8N1HZrnwx/uaO1dr04TBBY8+T/lC9
EOsFfDZuwMDn5eajwsQlHQaMDnT9JaRIjpWWYNRuY5yeARB+nZrL2+ORsa6qzKSUu6hpqQoxIMhL
MeuMix9BCIQPdno+EFPWigf8BEiUAwjxiwgBMIz/oCK57cRMm2IHOb75YvCjogLwAzlwYxVF4ZJ0
LVXcMSxjNfUHV9d79nX7feGow2qcnJ24sDRVj4m0PNN20STn+3tdACDIvWpKQrY6JyHfNy9fT0T8
yEK7+98AUawQhzgiJRK17AgAoMe7qjjzLrNRTPF42tgUUXiXNpB4AjHTiStFogThCU6bdlcfk4xV
3RO494vGz/e7ZTYrI4UunZLx8MKiuNFUTy8qWdc00OOLaCpIxZN5xY6bZh/5JAiMa/AbLH3tIk2K
U6RyKdLnW5fjuEg4L3MmTMlOrGL1JhhU7tB4AIj65CWTM7RJP/amwle2d896budn+/sZkOclpzH8
e3fvtGd2fFYbZyvs3GTzJ9dMSrYYpMnNlSnOESBUnml754qJhzxc0dHBgcDOHu/nnZ73uwc+8wS2
RqIePTcOhdvCUZdkKMGEHkAhvWOSVfjCgcB2Gdo7Tx4DoGy14FStKAe+T/gp12ai4m55cozZCl/b
0b30/f1xjOsIzBT1ybXlZ5WlaWPb1em74q3a2l71/YxYOGd82quXjD+E7K5RJtA98Fn3wKeDwRqM
JStzhAyJlrKslHO1d4Fz+zbsaV023OfKIDmhclrRa2QJzeAZz+7gBi0kKEtlQNgHZeWAfzsv/5Gf
jdV+7rHEWHWuoalPbw9q7nEtgNNm3HPnjLgiV5BmntvU8fymjqb+IKnCoQDPzLPfOzf/oknDyEHN
A9Pp+fhg7zN0tF+7noFKKnTePCb1KoRUNGS93q9rOn4z/KdLIMFcPKv4I1nhjg7fyS/sDka1tkgV
AQO5w+qULNumW6fZTHHmumOJsRa/vu/j6j4AmepSKXFz2uHbT8x99vwSPZgZDFVdvh3tPlcgQiGU
l2yZU2DXH/ZOAh0drO34ndu/jqBQUQkTAhGC5ITK8jFPkCI2C32Da/e136lyV2xUyktJ1vLpRW8p
6Xx7d+8179bSgnCpvcMqP6jlpVi+vWmqHn3eMcNYbQOhsX/bQg+H2GQz1Xn/iXG/rRGESNRT1XKT
P7RfeEcsYEGhTSwVyMWd1ZQ/teAlWZI0X7BmR9Plw0Ul5Hlnf5320yflPaVK7btVvUvf3x/Q3acT
nAn/+fkkbS2DAMeM8L6mwaPVA2qXvCFmc0sc77wRBIyj+9ru8gVrJamqhM0FWd2moNMULmHAGA+F
W6pab40yklh7m6UYIctwUQlqU/bXbq2IRfClUzK+v23a7LwkAMVSQNIwoADfMDPr+9um6eQqOIYY
a79rSNa9RLoETv1M5ETgFsbagvnIQmvfyoGhHYAA8ztxyf6wZmEg3HCg6y8kQgpZUhPnHAIq8i/d
rpXctiIrcdOyaR9cNXFecQolLjvFHk4yUddOz9z5yxkvXVSmvbu4DI4ZPZY3SBMyBPlZEdHGgpzB
B44GaX3y6Q+GMO1q6XsZiTQgQjEAEodMYREmV8Pi7oH/ZjsWO2yzBLS5jsvcvm8PARVbZE+oTLSU
aVNOIbhokvOiSc4eX2Rzq7e+b6gvQBsplJVkqshKnJ1vH1aIpQDHDGOl2UximIMGSEfyZMsRamCb
+/UoE+Der1RuRQAYY1FPLlVEsfuWYE5gxs29LzoKRcZKSzoxOaFyILDzEFBhoMZm3K6/CZlJpvMn
pg+v2bHhmJkKp+YkcmYsdrgmzVsAXIlgjuDNWxVZRyK4isGhLg+7pEf8r3x05SlTyjAShwVPYHsg
fJC4SpXl/MlA2Q4BVY7jIkfi7ENr0Q+HY4ax5o9z2Iy88hchySsk9cKCugGhXLtpZt6R2Emm3785
Eh3gl+iiCluiy2c3QuX3SQW+HLjdUQWVP+4b/JZEbjOPnZj7V4QMw0LlsM0qyb73CLQ9FhwzjOWw
Gq+dnhVj3QKi1EnAbXNyj4zZ2DW4BkhWFzQCpNcJSyU5oknGNVH09g7tkuFPt8+blPcURSXqRJVu
P70i/1kKDS/bwsjCkWasMN3r9m3o8a7q832r9BbShgcXFGUm8pIWJngME6+FLyxLt/7qlCOUkLPf
v5mP9RQo4EI/Sbcm4SoirrINIOrgQLhZ+Yj0pLkzxr6dajsRNFEZqZTSrN9Nyvu7MHv+WHDkFKT9
/o3NruUDgd0IMfwyhkqylhem30Rk1IwD6w4OnL1yT1ydXlqC4dubplZk6d+1BmgGN/UHe/wRI0K5
yea8FL2fezDStqX+HGFFhjFGpAaTA3LglCqzxQrcUs5scM4pXRPrcQOBnZ2e9/v9myLRPgKV0W6d
mJF8VnbKBUbDj7OPnAyODGMxB7oe6ex/D4Dh/Z/YLYa4fUEzkxeNz/kTQroMvRubvZe9VdM2EI4V
ZTrBmfDB1eXlmXo/2S2tg89uav98v9s9FGVRUQgVOCxLKpx3nDQmbvqeHu+qmvb/AwBWqmIZi12f
ERpwJN0WlZXF2OYjsZhlLGPGiaXfxKOaCUV6Q3Q3hqiRsltNuT/6ECWDI8FYdZ1/7vS8L1O2AAC/
vkGAISN5YfmYR3VOzd5Q9LF1rSu2dEqzd6ICh/m2E3N/edIYnaoXbyh62ycH3tjZE6uC1Ug9eGbh
b07N1xDVGrofb3O/zlEgYSwBeNUWAmU5UchVS7SMm1n8oR76j2Y47IzV6/26uv1uKT+pQ1nOA6RL
WlwIR/GuDl91TyAQYZIthopsW0VWon5pvWswfOY/9+ztiREqSHwCl0/JePWSCWaDOuaqlpv6/d8T
N+CYjZXNfjHAaT9jUt7f49c7uuFw6w+ZJtc/uElArb8xMY41u17ITlmkc0IEALMBzc63z84/FJEi
SDOLXtu3tzsg5QbpLx+w+vZul9PWEMtRwh9q4CdjSRQs2V7uODZXkZVTbNMPoUVHGxzeVaEvuD8Q
bhDMWMLaW27bAsAIQpFuQcV8uOGhNS3b2gYVa0vFL29Ofm5Tx1cHVJyrIlFPmO4Dfp0maBwEvYBQ
LmoKpEtESWUEGKgfa+vKkYXDy1jeoT2C0pDUFgpqPU7pw+n1kDe457DSw0LXYPip9WwiHsH1Vqp3
VRYidN+qg0pUQ+EWLlIU8YpaTpriWsSdk7pN/pKiMiBAqYlz4uZfOCbg8DJWJOpWtT8Qp5IpIq7L
5YjA21W9AZoRDUT6AlZ3dPp2dMi3kAiED5IWJeBN4tJhUG+UKcZUUcath6fRRxoOr4xloGziUppV
D/DqBl4kIY+BQnqdNqNMYCCwfTC4LxjpxDhsoJISzIUpCZX2hPK4X8uXdf3q9ux4wvXq+v7p0tTZ
Q6Em3hKMOWMOv7kuYMwzGeZ4i8MvSFzcLRyTYZzjWJycMEVfBxztcHgZy2YehwRRAoAQKwAAJMds
fUt8T+JQpLul7+Xugf8yjHxBhwGspjFj0q7MTb1Ew6BR2xtQrCN46Vl9PceJ8zU9cu+uQPggfwdn
D0DCr4hLhlS64Qk/oCVaJ47L+qEe7kcPHN6pMMU2zWhIAqnMrvzjdmJH5tTEOdoIO/rf3dp4Qafn
XQb7lYsAhCBItzf2PLatccng0N5YSHzhKCeYi36CxK/gNihMWZgtB88QLUPlDzXIFyLKpYlwDOIp
uXABBDbLuMn5zx9tSs4fAoeXsQyULcdxKfue5K6fhBMt+5ftuMBk0IhhZ+q7HjnQ/f+iOCBDJeLk
UQ1Fmnc1L3UNqhtGrEZKHCa1A1YxUQiQJHWhjDK+YKSDpIGd/yAGVaqnADjFNquycKUymOKYhsPu
B1fgvNHlWxsINQAQqh5gz8QSiyl3bMYdGngae55u739LpmYS+YNEiwAAGByq6bh3Sv6KFNs0Gaoy
Z0KbNxxbkxmzvFTq8e0PNXIBg/zTRR88Ul1KUCVqyoCVrwz5adcVZdyuGv51JKFrMPxZrXtD80Cd
a8gdoCkEucmWiizbGSWpC0och+BEetgZy0DZJuc/X9Vy01C4BQAUnMVyVdbk/Oc1Qze/a+17lbxF
HZX0mGFCNR3/N3Ps+zLMpxc71jR4FLeRQKxZiafMHycZUL1DVfKnK3VhCpTCgdWYNz73QdIR+UeB
OtfQg980v7+nNywJ2ETVvYHV9f1PbWh3JpruODH316fmJQ0nPdghmnSCNMNgsBopnRYUOjrQ0PP3
7oFP+XysIgEZ9oUlWb81GWNGLWMc2dq4OBhpPQQ6ASAr+fzxuQ+RJY3u4Pgntg4rkgwAStKs+++e
RbZ3X9uv+nz/U1SMNeCJgIDKTb2iKOP2H1eoYjD8fX3bH75qihMDjAEQLnJYX71k/Gm6EzkNj7Ga
+oNPfNf2aU1f20CYwTg32XzehPS7ThmjM+VrMNLhGlzjD9ZEol6jwZ5oKXPa58fVB3YPfLa/8379
REoAAwA1pXCFbGC48cO6l7d2AcjMLjFjXwGhNy8dT2aqxTiy8cA8LmALAzlHS/hKeoox2BMmlWX/
Ick68RBbNEIQjuLrP9j/xq5ejiwdAatmA1q+uOy6GVl68A+DsV7b0X3bJw2+iHzrFauBeuycsbef
mKsTz3BhT+syt28jIl49UkpXgpQjrOYJoTzRUjpj7FukFdIdoGc8t6PJE9JJw4UT0z64ehI5XLl9
G/a03ip9OKGk498R8LQgBEYqZWzmL7NTFv/oEhWD4foP9r+yI6ZbRyygAN67aqKetAN6hbK3d/cu
fX+/LxKVCxAYglHmjk8bXvx+eO6gOgHjiCewnVhzcb98ch/umC/h60jjOf2huvb+d0i0aTbjf6+r
yE5SM3grPrTTipJfv2yCbNLvHvgEpOtBUUmhErCKslMunjXu0xzHkpHiqijjGwo3+0N1oUg3xno3
WmLh5a2dcq4iF8IywCB8pgzA0vf21/cNxX2ErhHL5Y+UPr5VTLovfKKCkx2A1UjV/HrmoeU70ICh
cPOWhkUKoUU28SibIC80oKTZ4z4xGyVZnZr6g1e9UyvuZaJwmAKAG2ZlP72oRBanH6Z7N9efhUGZ
3VWFJLtlUmnO7+3WSfHaqgv8ofouz4d9vu+Gwq2AGAAADAYqKcU2NSP5rMzks+K6uvf4IuOf4N+m
uDqR9Zj0VDxDAPissrQvlsYMsGZB14i1YkunJ8THi7ImNsSbJfjjYJR5dmOHHmzDgki0n7XO8hpQ
QuMoJDTEQFxFkkKeQIbx1Xf/TYa8KNX63c2Vb10+cU5BMiWozBEAAquRurA8fcMtlS9dVKbM/tDa
9ypABAFCGBBGkgSLBDFGyl6adf+0ojdGhKvCdG91+z3bDy5p738jGGlBwAiPY7Cv37ehrvOPWxvO
6/Gu0sbzxHdt3NvkXqhqekjpKUgqr6pzx91ZSJe64csDhHEt9gC3qs79xLnFehAODzCntFJRW0nW
8KJeTLiKxavg8n7pSj7baZ9P4qYQXD414/KpGR3ecFWXzxWgKYC8FEtlblKsiPJgpKPD8y5LFfA2
KU6owqxNFGOAdPu80qz7LSZdom5cGAhs39d+N027+cWASgMRxqFId037//X7NpTl/FHVs41m8Cs7
unSF/kqAfCwGQMu3dJ5UmKxxgy7GauoPchmSRKEUEXMRp6xs0ZSFMY72+b7t9a7yBffTzKCBSkyy
lmXYFzrt8zWc+8xGJ58hVNZO1WPuPEbWMHSg6/+lJFSqqjZyk825yXEStQEAAFPf/VfMhBRqKe4R
ANhgsJdk/TYr5dyRMmx4/Fv2tN3OMEHhibEayBZ2DXwSiXom5T2llOc2t3iJ/OxIfK3yFYdU4yys
EBH33lfVuWkGa/jr6mIsI8UPiERqMmKE5HyuNHRa/lBdbcfv/cH9ghASpvuC4RaXd3WCuWh87kOx
rPoWY46BSoxivxg5IawKEd9mtVUhwggUK+hItK+m43eT858/ZAm60/Nx3+C37OyM+TdJSiB2a0X5
mL9ZTSMWeRaMdOxrvxszIf71ajVQoKrPt66x50mlVXtL2yD/vniKQcAoe3+I+I/EAgQA0OOjm/qD
GslndH1SoppKZpqVAC6PEW41ENi+s+laX2i/EGPJTSEIMIKhSNPu5uvdvu9U70XIkJo4G0Bix8UA
WHGsMzS0P7CpsedJPa1Wgneoqr77rxK9lEQugeyUi6cVvjqCXAUAdZ1/phkvIL0NFKhqd7+hjH1t
6Avyb1B1+ae8JCaVl9hVETT1BzXI1jViXVzh/Hx/v3wGFIjhAF1coaLeCEW697b9isEBgv+FcUbA
Ea5pv2f62HdUdxfKSjm/zyeak6VjpohK+rkhJC1EYn1o73/NaEgqdN6ip+0C+IK1+1pvxzhIohIB
U8WZv8pPv04oCEfxtrbBqi5/52AYAHLs5um5SZW5SbGCMlTB49/SH9iEhtlAvggf7H1uasHL5G3e
UFTkTeFOTOAA2SVyMOB7GgMAeIJaOg5djHVlZeaj37bW9QVl7SAPcu0m1YTVB3ufiTIDmugRAERx
oKH78Yr8Z5WX05Pm2sxlgXCdlKNV8WApZVh6IJ429/4jTLvGZd2jMw7dE9ha3XY3LTaExIwwRqXZ
v8tNvZS91uOLPLau9bWd3T1+uZtNdpLpFzOz7z4lT+euhR2ed9TedqGjODoAACAASURBVPwGsr8e
/7ZAqMFmGSfczK1wY0x6KqB843wna6dK1DUVWo3UO1dOdFiM0sxmYltsRvTW5ROVy6gI7e7xrgJO
S0hyPWCMxMEVAwDq830XjKjsCYuQoSzn9wgMhMJRhor/JbI38P4riChHYjVAHf3v7jh4Rb9/s3bb
GRxq6v1HVcstkeiAOioMhc6bBK56t6p34pNbH/+urcdHc5eJhUfXYPgva1snPrn105q+eL0OGEfc
vg0yDzG9DeRKmD7fOhLnmGSzkio1XzQQpz92KsTSqRBj7WBxvcuWypykb2+eMiU7kUctzscladZv
bpiiap70BLZjTGN+pYqBYwsJheIv7vdvUX16ckLl2My7AQDUUUkR8gM75qcFYbXDlgjbm/hD9VUt
N28/eGlr30rvUBUdHcA4gnGEwSGGCQZCDa19K7c0nN/sWo4xHQMVpCaeWJTBzap/Xdt62Vs17gAN
ApXA00T4Ffb4Iotf3/fMRn6n0xjgDzUweIhrCyAQ3OrjNxD4vkLeIUl8yvQx9lhUAYFLtCYoGwIA
GNtMlPbuw8Nwm5mSnbj9jukfV/d9Uu2qcw0BQHGa9dzx6UsmO2P56wxFWvhDYkUhgqiRYX+D4Zgu
DHlpV2McOdj7LG++UB3NyY6WX1UzMSAA8AX3+4L72XMKmQEhjGnRSCKfJiSoKGQpy/k9+33+a1vX
fV8d1JpWQJyrGYC7PmvITDRfPjXmFg+hSJeCZp0NFIjAsswrp41NsRopeSJurGxmHDhtbBwnreH5
YxkptKTCuURNSFcFjKNIZHsV4oWVAOJOteTB/PSlKbZpDd2Pe4eqYvUDhyq2JCYjQ36KQ8LnrwdV
Vsq57Bqwvm/ojk/rOfMIHzwiaPi4Fb74CWEAYAAt+/jAKUXJseYUBiI/MPYVAKJYsnZLthguqnD+
e1dvLKrEpiMgHi4lAaGl8XwcDq9rssWUJYSqkgtmIApBUBYAmI1xdlBm91moLFyZmbLIYLADgRZL
0XLLF7XQUPZxqlQNF1U2nxPgD183BSL8MCDIKOLbIp3oxXnFE6Qf/KY5VmMNyErSwAlRumNf2QMj
JdcB3Ts3n0JaVEkvESV8nQnOhAvjOTgcigcpzeCuwTAAZCaZtRfPKQnTAFOAGFIlJwA/EfJpfxB2
2GboeD6VYpuRYpuBcWRgaFe/f5PHv20wuA+A5nECAK/z44uEDUjZUtWJWVYSF5WBSmaNgB3e8Pt7
CGEc8cM04q0+sgGHU2siAHhjZ89j5xQ7rCovwmrOI2lm7xdwaTaQG2AQwkql2pTsxFvn5D63qVOD
KhGEhvDHFIKnF42LqzQZHmNVdfkf/bb1s5o+bzgKAEkmw8LS1Hvn5sdKoJBgLnDYZgwMbRMGWQm1
/A/brkRLeZJ1vH5iEDI5bLMctlmQAVEm4B3a5fFv7Q9s8YWqATPCCA7cgeimhYhfVaoUE7Q6qkRL
CavB/3y/m8aMlCsJAZqctxSiYDCKv6rrv3SKiqRlMxcaqZQIM0BQheJSRVbDgJQu/wDw6NnFG5u9
Ozr5+FsNAVXxqf3m1PyFpalKnDIYxlT41Ib2Wc/t/PfuXm+YzZyGfBHmw319J7+464HVMcfz4sy7
AAwCybIxVxxtMVWc+atDnpoNlC018aSxmXdOL3pzzrivS7MfcCTMBEyxj1GM8uKvKlUgrH5klaWo
rPxGEltZO4nEUK6c76V/RPn3rYMxmkUJJnPVOUmVKvIXAZWeNE+J12ai/vPzivIMmwZVKoUY/WJG
1iNnjY1BrZR0PZUAYMWWzrs+awxHJZFO7CWagT9/0/LXteoLOntCxbise9iVsYp7Cf9blLEsblCh
TjAbnTmOi6YW/nPmuA9zUhYjRAm5lbknyvxEZPTIvXFUKrCoBI/1toEQJ06Jb5joIowlHMGViz3Z
5o1pvB+TdiVgSos8BVUIi39O+4JY7hW5yebvbq48qzQ1FlU8wVwTjAgeOrPwpYvKdEY56GKsDm/4
7v82EiTzDQKxEX/4uonVQaj0TuoVZbkPUShBLhhiDIARsozL/m2h8yZd9A4HbOaxZTl/mjn2/WRb
Jdd5gqzKe6JKRFTBDRXzvUvUJ11S+TochKPkCwcAtTdP9JWMc8OxdzlItJRlp5xHdpcOqrg/RFm0
I+pYN9qVS8ryUswq3xOImSxOKUrZtGza7+cX6M8VrEvGWr6l0xeOyqZ08QABANAMfnZje6wkUtkp
F6Ta5rS7X+8dXB2MdAEwAJTFlOFMmp+Xfs0hW209Qbqud8gXjjoSjCXpCaoeVDbLuKkF/zrQ9XCX
532suCoRsokS4RhhiYMKWZ/hdyF0JholF4Q7ZHKcau8B1t4McVzW/w0M7eSC53RQJUBJ5t1xA1Uo
BNfNyLqyMvPjfa6Pql3rm7xdg2GawYCw1UCVpNvmj0u5qjLzEJKQ6WKs1fX9AITlEvPchMlTrJpB
SgCLKas46zfFWb+O0B6aGTRSdpPRcWhCFc3gd6t6n9/csaXVR3O7YmKrkTqlKOXOk8ecMz5N9mGx
RiGaGez1fqmKUMlw2pfYwijDpXKYlJkI4OIv8L6GoOgo8WZ2fuG+y8nZWkl4jQZ7Rf6zu5tvCNO9
eqhiIT99aW7qZRpoSTAb0KVTMtgFhDcU9QZpI4UcCcZD2+yEBV13ch584iDPr+e4Es4fq80b1vNE
kzEtwVxoMqYdGlc19Qfnrth91Tv7N7YM0oyQCAgFaby63rPo1X2LXt3r8iu90anxOQ9YTblIzMYl
ZsASslaRma1iXRKuCpt1LSxNJRZWSNIzQkcJhUIRX3lBSZxFls08dlrRq0nWCXqoQsg0Lus3xZl3
auOMBckWQ16KJdtu/iFcBfqN0PJZHEl1axgDYPPhz9Zf5xo6+cVdG1u8pCQsSXOF8Od17lOX72Y1
bSQYqKSS7PswH9cj/CH+l/wjL5EH5F1R3qVzZp69ItMmIUnROXJq+fI5+XY9CZ6tprxpRa8XOe8w
UskaVDlss6YXvZmXdu2PvjWErsdXZNmI4Qq4I+HrBG7QqtAc0n84BCLMBa/t6xiMSJ+O5MQAqnUN
XfLvGlqxd3R60lxH4mxy0BK3GokxAIC0MiLL+cmHQvDAgkIJScpxXaRTMoY9cIbe/H0UshQ4b5hT
8kVZ7kPO5DOtpjzKYDMYEoyGlOSEKfnpS6ePfWdqwctJ1gmH3sUjB7pkrEsmZ3xc7SZFdcBAvFcW
0GVqWr4RhEe/ba11DfE0sLIL/6o4hz9Rx72+yfuvbV1KF7Ei57JdLVtlMphwhMmTeIAo0cZ30STn
ReXOD6v7REoACBW88ACJDeLaaZlxd0SXgYFKyk65IDvlAgDAOArA6E8HfCRB14h16ZSMypxEuXoO
iFMMxamWX8zMjouKYYK+YI0nsG0wuE8QfvVAIMI8t6ldoriU0KPQFQE88V2bcr/7FNs0u3WSdHIS
mwLSctUSodBEibIRhWDlJeNnjkkSKQEpagW6UwqTn79A15bVsQAhw9HJVaA/mOKdKyfOXbG7azAs
/aI5B3+HxfjeVeXaLoW+YE1L38t9vu8YhvNEpcCSmnRiQfoNevIjrjvocQ9FOf2K+jqeD7fgK9T1
De3t9k+RT9BUXtrVNR2/BQKTJGZTihvLHsg+CQEAJErzDyZbDF9fP/mKt2pXHejn7W5ER5FYMFxY
nv76ZROGlb/l2AK9Il6ZM2HDLZWnFKUoxgk8c4x9w7JKWXJOKTDNrhU7m650eb/GTEjQw2Eccg+u
3dV0bWPPk4osNHLY0e4jdIHEAWDpeEAwGXuXApz2M8wGp1R/KYTCSjWFSi28IDVhcCTOlGF2WI3/
va5i+YUluclmrkikk6OqIMXy6iXjP7pm0k+Yq2BYRujiNOu3N01d2+j5pLpPcPRbNDFtYalcbySD
gz3PtvT9E6SyDDEoMK19K6NMoDRbK6VMty+iLv8oVTrEBOQeUuodgEKWHMdFLa4VMvlHhgrzDERe
5EYeDDZzgepASyG4aXbOtdOzPt/v/m+te1eHzxWIAEBmkrkyJ3HRxPSzytKGFU9xjMLwvBsoBPPH
OWT5x7Sh37+xpW8leyx9cQjECQN39L/jsM3OSD4zFh6rkeLes8gOwsyCAPhNmkAShBkrojI39bLW
vlcxDimokgDm0GGyhH18fvr1GuO91UixGy3Hxv0Th8Ou7WjseZoNGeNX7cAr+EBYtbNXD/Y+ozEh
jktn041IM/0La3gx5T9wlxACgFgRlWZjRo7jIiVVpJqBvQoiwYjXBaNk2/RsxwUj2k8/NTi8jOUP
1fmCtezbx7zMC9KAVbYEAIYiLWLyRQXMK3ZQ8mUcCYLKUQSrAWnkFyjMWGY2psuo0hP7ajFll4/5
24+ugTzKYdgepLW9gc/3u2t6A4BhXFrCORPSFMsuEbxDexGfOp8HQd2EiSJO8zMQ2JWcUKmKqsyZ
cEpRyrqDXh4HiY/HARJR6MJJ6aqemSyYDI6KvGf2tN5KMx4ZVTItFxkaajHmTilYLkuHNApKGAZj
ufyRO/5T/25VL+kref9XTedNSHv+ghLViIAwrSdnnIgtEnVr1Ht4YdHcl3YzmNdoKxEQhTYTenBB
kfaD7QkV04reqGm/1xeqVpCEpXgxADhscybkPjzKVXpA73je4Q2f+MKut3f3MoI2EgMAMBg+rXWf
+MKuRrdKJD+FLGL8pDi1AAAoA1YBI2113ylFKb8/vZAImyRCKLF8KnzyvHHagW8sJJgLphW9UZL1
O7Mxi6dEjgxjbDUVjs/5y5SCF0e5SifoGrEYDFe8XSMmCOSUhiCctg2ELn6jeuvt02SrMJt5LAiO
+GLQCgKBN6S/NnORNiUPLigMRpjHv2tlxDul+gCMjRR67Jxi1Xh/VUDIkJt6WY5jSb9/s9u/3hes
Dka6okzASCVaTDnJCZPTkk512GaMClXDAl2pIj+rdS96bS8AMT9guSQCACsvHi9LqUtHBzfVn8Ew
unLIImScU7JKz5DwWa37ns8ba10KixCG6blJTy8ad0qR3qzRo3CYQNeI9frObsnuoYjXHiGJyePN
XT0yxjIa7Dkpizv63wJ1VpTYUTKTf6ZzojlvQtpZZalrGjxf7HfX9g75ItFks6EiK/HcCWmnFKUc
fuednyx4Q9FG95BnKEohyLabi1Kth6zL1cVYuzp8kimLG+PkisNdnSr2k6KMW12+tSG6U7gPkffw
R0ZjWnHmXcOgm0ILS1P1xCGNQlzoGgz/a1vXB3tdVV1+0tcoyWw4pSjlqsrMS6dkDJfDdE2F+X/9
nvMOJe0aIF08YWwzUf4/n6K83R+qr2q5KRJVza+CAZCRSpmc/w97QpxEvKMAAADM4FC1279+MFgd
inQDZoyGpARzYYptZnrSXKNheM7pgQjz0Jrmp9a3B6P8akUtYLXAYX7s7GLV4MdYoIuxZj2/c1t7
rNg3UadUnGptuGe2aqVQpLuu689u30aERLGbtek4EmeVZf/xp7Ff7eGGvsG1Ta5/+EL7lX4YGMCA
ErIdiwudN2tuoiZCnWto8ev7qnv1Oi9dXZm5fLFKDmlV0MVY93ze+Pj6dgA1QYko+cWMrH9eXKaB
ZzC4z+VdPRisoRmvkUpKtJRlJC9ITpjyU11wdQ2Gq7r8Pb4IAGTbTVOykzJVtyzQAVHGt7/zwd7B
L1UkVf4VsOxlMqROyHkoLelUbYR7u/1nvFwlTw2nIQgDAIYFJY5Prp2kh7d0MVZ939CkJ7cTu0Px
X4vonQsUwltvn67pPHO8QDiKX9ne9dLWrh3tgwyRbcaIYGae/ebZOVdPy9TIN6yESNRT1XKzP1Qr
kVLJIQtk5VRZ9h+zHYtjIezxRU74x86m/pAUg1S+ka7MhN8rKzPevCy+97PevXT+35qWP3zdpOq3
wsKvThrz5HnjYl4+6oHBsLfbX90d8ARpq5EqTrPOzLPrHPZJ2Nzi/fl7++s0NwWpyEx89dLxOj9C
jCO7W27wBnZypzLHDgAQRhmJpctQkfdMrHHr4jeqP6x2aT5WxrNEOcavXjL+2ulx0hjpZSwGw71f
NP59fZsy2wYg+MWM7OWLS4f1FR494A1Fn1rf9tLWrjZviGyXzURdVOG8b16BnigaFv69q2fp+/vD
TPyAVZuJevPyiReWp8fF2dT7XLNrhaxQNc+7jBdMxrRZYz9UJrVf2+g5/aUqVaq0aRYOcpPN+++e
pe2oOLxt5VbVuR/+X+vmFi8bFE4hmJmXdO/c/B/F8ajDG17T4KnpDXiDtCPBODkrcf44h3ZUsRLW
NHh+/t7+tgEyVkwiaJgN6P7T838/vzDuV/P5fvcFr+2jGfJ2VZmFLQerkfpiacW8Yi1BOxTp3NJw
PoOVGuZYI4oExqReUZJ9n6zw3Ff2fr5fNbRYudQnL0katXxxibZt41A2wuzxRRrdQwyG4jRrtt0c
/4aRhvq+oftWHfy4uo9mJD1sNaIrKzMfOrNI9AzWhPf3uq56uyYclUoRAhA9efW0jFcvkW8ARkLX
YHjy09tdAVpunJC9Iyn+XLtp310zNVwwGnuebHO/ghUEqrKVsg6FbHNKVpEbzPb4ImMe2cz1Wwyq
VGhWtOiUwuTvbp4aszsOLfFaZpLp0FY3g0N7ewe/8gVrI9EBI5WUZB3vtJ+pmsBJA97e3Xvjh3Vc
LgkW+NYGafyv7V0fV7veuWJi3PDiLa2D17xTG5bF8ahyGMAbu3qKUq0PnVkUC9uD3zS7/BE15a/i
PQnIMXR4w4/8r/XRs8fGwMr0er/ksiOr+XAo2UtGfhT7+3zfZaWcJ1RY1zRAC5b7GFRJACsOAABg
S6vXG4rG2m4Ijtg6Pxjp2NO6bGfzVW3uVz2B7/2h2oGhbe39b+5u+fmu5qVD4WadeN7e3XvVO7W+
CMNJsJwcKwlYdQ9FF726j9/1WR1oBl//QV0wiqX3ylERJfDXta1VXX5VbJ4g/dqObgkeBDoDVlds
6RRzTEohFOkO0Z3SKFmIH0Yr+YWBwDYS527WOhKPKrGGUFMoRwCAwgyu01SADZuxaAZvaR18Y2fP
Gzt7Nrd4w9rbCQMAgD9Ut6Ppyn7/RrWLyDu0Y0fz1crNOZRQ3zd044cH+CEGAQCRfkM4RQAQjOKr
3qlVy+DAwft7XHu7/aADlXBMY3goRr7Qz2vdARoTNwKRGxQpUZF/nlB0db16MpVA+KCibLjLIyRD
0uEN66GKeJwsJavYwC5fzO6FYU2FDIYVWzofWdvS4uFFXQTZSaa7T8371cljYi0J6ejAntbbItF+
gVKQqk4QAjrq3dv2q5lj39M2Qt+36qAvTAMg+UTD/pPuPNc1GHn4fy2xNCCv7+yW3q6FSjj+tKbP
HaCVm0psavES8wiZbQbkB6CYawA2tXjPn6iyPKQZv1BdKf7FkrFkp9GoxGRCM2rxtGpUSUByC9fA
cFQrYk/viBWO4kverF728YGWgZCYQAygyxe554vGs1fu9YXVM2kf7H0uRHcDYAA+UZgs+xlgwDgS
dTd0P6FBQIc3/HFNHyDQSm4HkljBV7Z3q84yNIPXNw0MCxX7F2bw5laVDSD5bffI3GvsqSJVHZlv
j78Ua7cjBAaxl8Rk/2KncVf5PzHAkutmDIARknwGDqtRJ1UqKeOkDdRYc4B+xrrzP/WcSk34NDnm
xYBhdX3/9R/UKe+io4NdA59IqZXugEr89Q5+SaaAksGaBg8dHV7AqidEb1Hjgx5fxBuKDguV0GTV
7ZCDtGwYID5/EbkcFX+AgzFkLIsxE5R9pRlGq6zMesYKUMp61eqgiusB5fDGN1BjTznQyVg7Onwr
tnTJ059L/96tcillhYHAdnb7RizpbPENiu3CADiqsbNNTW9A+VB1YsQgG1Tbq8IH4ShzCKjYEl9I
ZWB2WA18fbZFaggVqIQDR4L6p2+zFAOYyNcNRKcJ/8lJmGQS9leWiPqkwmSdVKmn5OcbWOCwjMBe
Ov/c2sUAn3QUhNSUPHCpp/FLW7tkN7KSI8nrxIggohMuDamIqxx4g7Q4MgOWjOEsbiQgFvKjQiCi
wgc2k4ESxnbdqNjKaTYVPcuETJs4U4B09ICYqITBZ2IMzb6BsjlsM4SOkv4KJIrl4psgftOSTiNx
VuYkFaVa9FBFCjySqRAAEJw/MV1bY6yLsdY3DbDNkwSLCp0I3OpauQE1g0Nk8Kd2wCoCxGD5PmwC
8G90eAGrqmYHZ6IpM8k8XFRsZVXzzunFDu4WoVs4ELJtqaDiuQ/mjY2pfM9xXMzWJxDFDKMFXhkh
pPxKtJQlS73cKATL5uTooUr8PpDQOVwDjQgtm5Mbi2buQdqXWXAP8e8bE58gltXCroCcLczGTHIQ
1Q5YxQjMxpimIT5Rp3xSFZ7OCXxSqFDb9JVCsKDEMVxUANhhMaimeT1tbEpBipkIH5KiUnmKOHZP
cCZopI512hdwc9nwd1gFgKKMW5Sv+NY5uXnJFm2qJIXiLMs18MrKjLj2U12MlWwx8M+SNk5CDHJY
5cNDcsIUdjs9YZca9h5iehf4DSPAGvmM5hc7rAaCGckewCARAvjCzETjzDz1d3bjrJxhoWLLr52e
pZqZ00ih++YVEF+MgJBspQSV8Hf/6VoejggZyrL/iMAouYd4DNGHQt9yf87kBU77AiXOJLPhhQtL
KAANqohLwmDA9UlusuWxs4s1aGZBF2PNzrdLRkflAQJAMFvxFhMtJUnWSfHQc9+a1VRot06OVSnN
ZryyMlPluarEAACCW07IjeWpfdrYlPMmpOpHBQgcVsN98/JjkXfDrOxTipJ50US9f+SnCBaWOq6s
jLMvlT2hojT7foyFN0XiAukBFk4TLRPKsv8UC+d5E9IeXFAkysooxp+iQ2xm9MFVE/UY9HQx1tIZ
2RKtCWAJs3ONwkvVMvqNzbwTMBU3YBUDFGfeqb25/ENnFjltRp0Bq8WplrtP1Uofv3xxWTbbQfFQ
AcYU4OWLSzUs7kYKvXX5hIIUM99GLKKVouKv4rJ06+uXahm2BchxXFSW80cAE0mXxg6rdmvllPwX
tf3ffz+/4MEzCikFVUTbhTfONcRhMfz35xVzCmKmwyBBF2OdNjbl0ikZ0kUIMR9jDBgvKElV9S5K
TZxT4LyBvQtzHa6yw+oYxxWq4zYJucnmty6fYDVSInODIPYB8Uaxw2L44OpyDRMpi+3r6ydnJ5m0
UbERsE8vKokbSpCXYvn2pqkVWYly/RCBin8KzMyz/+/Gqfpt+TmOi6YVvmqzlPEIAEBlh1UE1gLn
9ZWF/1S6YSnhj2cUfnB1Of91CQwrECyMGhgwnFSYvPX2adpOPiTodZvxhqLnvrKXU1izjyc+tek5
SV/+YrKGL1SL6+Um14sYq1iXEKLy05eOzbhdJ5evbfRc8XZtl08tpzwGQFCcav3g6vLKHF3+mW0D
oes/qPvqQD/IRg6+gQUpluWLS/WnoA1EmAe+bnpuU4d8F1Merc1E/frUvPtPLziEROoYR12Dqzs9
HwwEdjJY0gMWc06mfWFu6uVWU5z1mgw8QfrJ9e0vb+3sUCQwZ2F6TtI9p+VfOiVjWH6cw/DHCtLM
Q2tantvY7g1HOfERgc2Ibpqd89DCoriJD33B2ta+f7l964SctoiypiWeUpD+i+EGfrn8kUfWtv5r
W5cnGOVZAAOgzCTjLSfk3nNa3rCyMDIY1jT0L/++c3WDxzPEITQbYPoY+zXTMq+bkX0IDsod3vAb
u7r/W+ve2+33DNEAkGYzTclOPHdC2tWVWYccUiFAlPH5Q42hSDdA1EDZbZZCqyn3h/iqhKN4c4t3
fdPAgb6gOxAxUigzyTQ5O3H+OMeEDL0OtCQM29HPG4quafDUuQIAUJyWML/YoTTKagCDQ0PhZjo6
aKASbeYiirIOj14CgjSzucVb2zvkC0eTLcaKLNvMPPsPycJIM7htIOQJRq1GlJdiGZEcoTSDWQcQ
q5E6Nj23DxEOxYN0FEYhLhyKB+mxBTSDX97a9Z+aPgC4oDz9hlk5x9XIIYA3FH1mQ/t3TQM2E3Vx
RcaVlZmHtR9++iPWXZ81PLWxQzj9v1PzYrsC/2TBHaDnrti9t4f3+cRw7fTMlUvGHz7e+mmGIAvg
8kee29Qh6DkA4KkNbRqepT9VeGB1096eAK9EwADw2o7uz/dr5U/8gfATZ6y93X4aEx5MgMMMrtWd
reAnAxwPiYYBDAhY8eAwwU+csbhNrEFQqQMAxN4p9ycLNKOwl2BQ7o42gvATZywOSEsqPh5F93nF
DqmzHgJAp+tWox8CHA+MRYZkcRPij03SkYaHzizKTTbx5mQEAAtLHZdPPYyJen/66gaJze54hQKH
ZdOyaQ+sblrfNGgzoYsrnP83N/+w5to4DhgLyY6OUy4rcFhWLhkfv94IwfDiCmkGK20mQZrp8UWC
NOOwGp2JplifQTiKuwbDQZpJSzAON3UHC6zJpccXoRDkJluy7To3oUaap+rgDtBNniAdxbnJ5txk
i+xB7gBtNVH6bYg0gzu84R5/mMGQmWjKS7HoHy3CUUwhUNZ3B2j3UIRCyJlo0vbjICFIM0Yq5t5V
yke3eILuIZoCyLabs+1m/WTrZay/r2979NvWQJhZUOJ4elFJgcPCYPi0pu+FzR0bm72+MAMAFIJs
u+mc8Wl3nZInuK4yGD7c53ppSydZrSjVcvnUzDtPGqPTHLvu4MBLWztX1fW7/NzmchSCvBTz+RPT
bz4hR9X/WASVESpm79AMfmNnzwvfd+xo59K8UghK0q13n5rHquzbBkI/f2//2kaP1UjdckLuY+cU
a3f1mgbPS1s7V9d7XETuvDSbYUFJ6o2zsrUTTLj8kZs/OvDVgX4jhS6dkvHkeeNsJopVoL++s7vR
HWSXt0YKypwJF1U47zhRqz/3dvtv/ujArg6f1URdNz37kbPGathVd3X6Hv22ddX+fk9QjEbJTDIu
LE29bU6uHpcsXZr3d6t6L3urFhAAxoAgL9nyybWT7lt18KsDdeJ8DgAAETxJREFUHl4WRuQLNFPo
6UUlt5yQs6vTd+OHB7a1D0qnIa49aQmGlUvGqwYBC9DoDi77+MBX9R52mzgCA3dAAb52etYT54xT
tYV/daD/Zyv3CI1lSf3fDZNV/YqquvzXvFNb1e3nKCU2awWA88anrVwy/oyXq6q6/ULh8+eX3Boj
rKDRHbz5owOr6/u5pYOilwBgwbjU5YtLi9PULfE/+9ceruEAgODaaVk3zsq+6p3aloGQEhUAOCym
5YvV/cZ84ejEv29rGwhx3QDw27n5j/xMxQLBYHhgddNf17bRmE/lg4m3hxAF+OppWS9cWKo9YOti
rLkrdq87OEC8TaAAGJWOEksoBDfMynltR3eQZmJWQ2BE6IOry2Px1ur6/kverPGEaC25CAFgKEq1
frG0Qung8dWB/p/9aw9IGfJ/N05RMtbq+v7Fr1fL47lJ5zMMzkSTKxAhUc3Ot39/q0q2nK8O9F/2
bynlUlQChjSb8YOrypX01LmGxj+xVdbnRgqFozgWKmC3pl6ikm7v3arey96uISs7E02dv5sjm9oY
DMs+PrBiSyeJU3KM2I0g4azStP9eV6ExWuuSEupcQ5wSiFOEIEYtZpWsw2C0YktXkMaSG2XVMKIZ
WPp+XY9aeol1BwcueG2fJxhVjY+VoWrqD53xclWMWHVlEKYcdnX6Fr9e7QsrAlml8ZwuPy1DJc3Y
xsGaBo8K5TFCQ92B6KJX921rkyel5swD0j4PR0EDFdvtyz4+oOyHJk9QVtnlp5VZEV7b0b1iS5cM
p/RBwFK1qq5/TYN6LhMWdDEWA1iMbBSPeRDDJMkgf/YX+GMQb5SGQbqH6Kc3tsue6PJHrni7JsCO
dpLEAVhCAxFl2jEYvuLtWjVtsiIIU8pbQZq56u1aXySqJ2BVhopRjPcd3vBlb9UEo1JqNVH5ItHL
3qqRvWYujY/4cnWhAoQDNPPC5k5FJyB1VORbxvDA6iadAauAoGtwZLLNIACQZJdHMCffvmhCGoPh
izr3xuZB8X0h8heVpVsvnZJhtxg3NQ98WuPmdqVDQg34cK/r4YVF5MMe/Ka5YzAiQYQAAIwI5Tks
3lDUHYiIGPiDza2Dr2zvvmGWNKZDkhFfZbh68fvO6t4hGSpAQAHOS7EEaaaHNVrLMusrOwQAAO7+
vIGIr+RST2UmGh86s4gV1dc3DTz4TXNjP5n9ETX2hx5b1/bggkLlE2SoAONzytLmFqcMhqKfVvdV
dcvsnggA1jQqc4NhSR21KWxH+2DLQBikb3FKlm1OYXJLf2jdQU+AFnzrwWZE84q1Niwaph4LC2MV
+u3cPEH6+93pBcs+PrBiK/+hEJLveeNTP7h6Er8Ayfu0pu/iN6tphr3IDR71fUNBmhF8wN0B+uWt
XTJJHzC+dnrWY2cXswuftY2emz86UNcnjPlcEMQT37X/Yma2dO6XiTlkCdAMfnqDbLzEAHBWadoL
F5YUpVoBYEeH745P6ze2kHHeKqgAoLon8G5Vr+yq02bacEulkEKjOM16zvi0k1/cxWdW5io/t6n9
3rn5EolYMrZiAKAAVhIZix84o3DZxwde3iZkNuBqN7qDDIbYApC6xFrfF5T1lc2INt06jSXJG4q+
vbuHzTGebDG8dHHZCORuIAZObrotS5fkTaQQPHr2WKuBkmT0wshMwfLFZeSy9vyJ6UQmXMRbQyFI
WIY/rnYF2TxmROTkheXpK5eMF5bT84od391cWZBi5snjRvna3kBVl3RLH2UQJgEbm71N/SGpdRZN
yUr86JpylqsAYHpu0tfXT5mdZ48dz8nBym1djHAVc931xDnFssQszkTT8xeUyFC5A9GvDsikFjmq
KyszScHcSKFnzy/JTjLLUPlCtEryKikqpc2UwVjWwADNvMEnEku2GG6anbP1tmnd95/Yef+cJRVx
0hnrYyxB5OUP5hQkyxYUDqtxZp5dnMgBAEGBw6rMM3sCG1FOIpS28Wt2iU78mSl44txxsk8wM8nE
heRKyVvbOKBCvNqDAGBto0dGMyB4+GdjZSE0NhP1woWlcmwgR7iqrl8WsFrgMKuGpM4flzohI0GG
6lvZFKaIfb1iqhyV1UidMz5N0UDlYIWUzZRBSXqCBA8CAHTzR/VzV+x+t6pX+PKdiSY98UW6p0J2
EuRnJ1UNbFqCkTfMcXnIzQYVCrhCdirkLO0S2NsVEB+HEAA+bWyqqrLnwklOp83o8tOcXIkBENoj
yxQqRSXDsLvTL1KCEGBwWA1nlanoLafnJlXmJO7q8klQEcK7LxytcwV4LQBmO8EzRE97dgdgqViD
MSDoGAxJlHOYXX2T1SSoAINqxGy23cxrm4g3JAeBWtUU8QAAM/PsxamWxv6grK/WHfSuaxrITDRd
Oy3rzpPHaM+AAuieCoF4KTG0SpRITLyqkvwZ8imK0+NhviaGmXnqQYJmA5o5xi68GLZ+h1ehAiBQ
ySjq8oX5j4GlCk/ItMUyXMzOt2ug6vFFuKUcEbDqDUX3dvn3dvv2dhF/3f69XX4vq9QmUHmVybeU
sa+qIKdKrXY8VBSC5YtLrdxnLw9Y7fFFHv+urfTxrXf/tzFW9kYJtrg1ABSDf0ypUHpVuxpgCU4C
glFGNianq2WlYsGZaJSRF6AVSs7YsyGn5iX+NMb5NJtRA1VYQbb6o2NflWdV0aRcq6aeOmrVFpSk
frG0Ii/FEovCYJT5+4a2Wc/tVN0CnATd/lhijhON9gnV4tXkUKmLwFYDxcnjvFTeGztBb9dgRJa0
xmaUvh4pKpmO1GqkJPlaMPIMxczR5fJHFKhEsJkM8kwwoPZoUbqXXsKwWLbBhxJVzP6MSRUBCqrU
YF6xY8+vZvxuXoHDYpT1jCDX17qGFr++L6jpiatPxhJHV3IKi1kVQCJ8xKmpwJibbPYEafGJGKRL
fRGCNLOtbVA6VeO8FKUgIpsFxMdl202y2+tcAVL3QcLmlkEFKhGciSazAcJRyaRjNsDlU7MoTt2F
CZ4m70dmAzqzNFVlqSWZvzS6VEaVmvCuFxU4rMaHFxbdOzf/7d09K7d3b+Y6n5DeMK7q8r+yvfuW
E2LueqKPsRBwmsBYoqFYk68mSJ2xqnEis0qF8kxbdU+A1D1ubvHW9gaUpsB/7+rxhPgdSzicMFWZ
tUGhxhRgYoYNAJGvOxBhPt7Xp/Su3Nzi3dvt10BlM1HFaQm1vQFxtz2Ew1G4fmb2aWMPdfNzApUW
M8SmigesQBXnFla/cNPsnOqewNMb2v+1rUu0aiAEGN7b06vBWPpdkzEAYbFRByRWA8HgEAMbaStA
kmpnlKTy93J/NMbLPq6Xjb2N7uC9qw7yVAk48fxxUoOuFJV02IA5BcmEiYNDdd+XB7ukGTICEeaO
/zSooJK+nQUlDl6QEht4x6f1KlI5AAD4wtHnNnVc9lbN/V81qQSlyVGpdyWAsoFKQHJUSKXaltbB
P3/T/OL3nS0e0TBQnmlbvrj0lhNypJIi1haz9DMWKaDEaiJWVDsUSXJJhdNqoGQV1jYOnPvK3l2d
PgaDLxx9e3fvqct3uQK0pBpG03OS5FkMVWzYYp+eUpSSlmCUVWjyhE5dvvuzWncgwrA7cZy9cs+2
dl8Mc7gI10wTtJciSVXdgTNertrbLVGCuAP039a1jntsyx3/aXh3j+sva1vnrtgtz0qP5ahidGac
/iRwkajkdT6t6Tv5xV0PfNOy7JP60se3XvNurbB7POtiyctn3BO1c1volrEwcawxKHNXSQpiVSOn
S0lVZ6Lpptk5z2zs4FDx19c0DEx7ZofNRNEMVix4uYfeO1eZdI+dcElUYp/aTNS107Ke2tAhqQ+o
vi+46NV9ZgMYKRSIEJuMyVBJRcnZ+faFJam8ExVfE+Ntbb5pz+yYU5BckWWjGVznGtrSOhikMYmq
uifwWU2fijcViUqrPyV9FaOahCryCoPhrs8a+D3xcDgKb+zq/feu3jJnwoSMhOqeQJ0ryPckh6oi
WysLjX4ZK64wztYkBGGNqVDAFqPOg2cWflrT1+QJctiILg2wE6JKJ+OzStOWTFa8GMkjVCboe+fm
v7az2y1ZDHIVwgyEGSzHQKJSkPH8BSUznt3hDUdlawIaw/rmgfXNhFVAvFc+pUoqiE+P/QqQrIGx
qsVEFaSZtoGQrKUMQK0rUOsKSKnlUF2i7GoCdE2FFBBZHjEAAKUhLWKR+DjViPqymg6r8aNryh0W
o/hhSQlQFpalJ7x6iTwZgZEiKefulD0r225evriMT5qo6HmseDQ5UCnedUl6wjtXTuQ0JjKCNVGV
pCWcM0FM78ZTLokyVVXccupcxfBJAsVq0pWt48FmoiqyEtUbKKGZW1RWZidpu/7qYqyS9ASJ5ISh
1KliYClz2oihEgEgVTtMSbpVSMHLHmQmmZQTdmVO0tfXT85LsUj92oA7kDq7VeYkfXPDFKXHN2f9
JW6kAAnWZQGWVDifv6DUiCh+EkfiU3ihhEIwpyBZToPa+HBWWdp/r6vITDLx064cFdFFHKqKzMQv
llaQnVDmFCjn+spIUXnJKuaU8c4EGVV5KRaZMa04zUqiAkCZifI+f+HC0mSLQa2BSNIQgLQE4+uX
jdcOrNDFWHeePIZYDoDDary6UmWv6RtnZ9tMPCkIKISXzVFZjnL2VwA+hz3cNFs9tdDMPPv226df
O51PuINAkqQfAQBYjeg3p47ZsKxS1YZV4LBcWJ4OCDj5A8F5E9IKHCo1bzkh54ulk0rSrSKvEHIw
m4b0tKIUEhUgsJnUO3f+OMfOO2Zwu9WriNRcFwEgZ5Lx0bOLtt4+TeYBUZ5pmz/OQXQ7unyqUzW6
6fzy9AKHmaRq2ZxcWX+eMz6tJN0qoAKAW07IlXHG7Hz797dNW1jqIFGJt/B9Xp5p+9+NU+MEsAAY
/vSnP2nXYBuZnWTe0+UbikRnjEl67dIJ5VkqgluazXRyYfKeLn9fIFLosDxx7jgViQfAQKHzJqTt
7x3q8IZSrMZb5+Q8eGaRIQb7J5oNiyc5L5uSkWCkPEN0/xDNOm2aDWhqduKtc3JfuWT8xRVOU+yA
k7PGp7UPhJr6gxYDumSyc8VFZbGMNsVpCTfNzilzJgQi0W5fmDXRmClqbnHKK5eULZmc8dSG9gOs
nZh/Wqkz4cZZ6rocu8Vw0STn1dMy0xOMQZpxByJR3t/USKHiNOs541PvP73ghQtL5xU7VL/+c8en
NXuCzf1Bm4m6sjLzuQtKYhn1f1aWVt0T6BoMOxNN95yad+/cApkMYqTQOePTanoCHd5Qms14x0m5
f1pQqBRUnImma6ZlXTgpPTXByGDcH6BphsEAFAK72XDq2JQ/zC94/oJSPTsjH2P5sQIRxh2IAEBm
kvmHZIWMCwyGHl84HMXORBPr6eYO0IWPfu/jNudhH42vm56lMwqUweDyR4I0YzagNJvpsBI/UiDQ
bDVSGhGjqnCMRULbTJRNn9uGfvAE6Ue/bd3bFShwWC6ucJ5SlGI2IApJfFQCEWbp+/t9Edkm3ejU
Ir0qdQrBD89pe4Thh9B8jI1YIw7hKD75xV3b2kSnUzbm9tSilJJ0a7LV6PJHtrUPvrSlq75Prmi2
GlHrb084tKjunzwc74z1aU3fBa/vAwBhduMuYJAFrEoBAeBbZudwbqWjoIBjbCoccfCxW60CcKpF
iZKMV42S3MUd4Gy7+cEFRUeY2mMIjof8WFowf5wj2SLsj0ousqX6J2m0p81EvXOFrr2Kjls43hkr
227+4OryzCQj4WQRJ2A1N9n05S8mH7onzPEBx7uMxYInSD+zoX35ls4OzehemxHdMCvnD/MLRgX2
uDDKWCLQDN7c4l3bOLC709fkCbkDkXAUzAbItpvLM21zxzrOm5jmsB7vUqlOGGWsUTgscLzLWKNw
mGCUsUbhsMD/B9I52d6RWD9ZAAAAAElFTkSuQmCC
"
style="image-rendering:optimizeQuality"
preserveAspectRatio="none"
height="216.15865"
width="217.16856" /><g
data-name="Layer 2"
id="Layer_2"
transform="matrix(2.4080868,0,0,2.15985,284.82342,10.2181)"><g
id="Logo"><path
id="path6529"
d="M 10.39,89.27 V 87.16 H 8.46 v 2.11 h -1 v -5.08 h 1 v 2.13 h 1.94 v -2.13 h 1 v 5.08 z m 4.61,0 H 14.22 L 14.15,89 a 2.15,2.15 0 0 1 -1.14,0.32 c -0.7,0 -1,-0.46 -1,-1.09 0,-0.63 0.34,-1 1.11,-1 H 14 V 86.85 C 14,86.44 13.88,86.3 13.27,86.3 a 5.55,5.55 0 0 0 -1.06,0.11 l -0.12,-0.7 a 5.18,5.18 0 0 1 1.31,-0.17 c 1.2,0 1.55,0.41 1.55,1.32 z m -1,-1.38 h -0.71 c -0.31,0 -0.4,0.08 -0.4,0.36 0,0.28 0.09,0.37 0.38,0.37 a 1.55,1.55 0 0 0 0.72,-0.19 z m 3,1.46 a 4.67,4.67 0 0 1 -1.32,-0.21 l 0.13,-0.7 a 4.44,4.44 0 0 0 1.14,0.16 c 0.42,0 0.49,-0.09 0.49,-0.37 0,-0.28 0,-0.34 -0.67,-0.48 -0.93,-0.22 -1,-0.44 -1,-1.15 0,-0.71 0.34,-1.06 1.43,-1.06 a 5.22,5.22 0 0 1 1.14,0.13 L 18.25,86.4 A 7,7 0 0 0 17.2,86.29 c -0.42,0 -0.49,0.09 -0.49,0.32 0,0.23 0,0.32 0.54,0.44 1.07,0.27 1.17,0.41 1.17,1.16 0,0.75 -0.26,1.14 -1.42,1.14 z m 4.38,-0.08 v -2.56 c 0,-0.2 -0.09,-0.29 -0.31,-0.29 a 2.72,2.72 0 0 0 -1,0.31 v 2.54 h -1 v -5.15 l 1,0.14 v 1.62 a 3.48,3.48 0 0 1 1.4,-0.35 c 0.63,0 0.86,0.43 0.86,1.08 v 2.66 z m 1.76,-4.18 v -0.9 h 1 v 0.9 z m 0,4.18 v -3.66 h 1 v 3.67 z m 1.72,-3.63 c 0,-0.92 0.56,-1.45 1.86,-1.45 a 6.14,6.14 0 0 1 1.42,0.17 l -0.11,0.82 A 8,8 0 0 0 26.75,85 c -0.68,0 -0.9,0.23 -0.9,0.76 v 1.93 c 0,0.53 0.22,0.76 0.9,0.76 A 8,8 0 0 0 28,88.36 l 0.11,0.82 a 6.14,6.14 0 0 1 -1.42,0.17 c -1.3,0 -1.86,-0.53 -1.86,-1.45 z m 5.39,3.71 c -1.31,0 -1.66,-0.69 -1.66,-1.44 V 87 c 0,-0.75 0.35,-1.44 1.66,-1.44 1.31,0 1.66,0.69 1.66,1.44 v 0.93 c 0,0.72 -0.35,1.42 -1.66,1.42 z m 0,-3 c -0.51,0 -0.71,0.22 -0.71,0.63 v 1 c 0,0.41 0.2,0.63 0.71,0.63 0.51,0 0.71,-0.22 0.71,-0.63 v -1 C 31,86.53 30.76,86.31 30.25,86.31 Z m 4.35,0.06 a 7.58,7.58 0 0 0 -1,0.53 v 2.36 h -1 v -3.69 h 0.81 l 0.06,0.41 a 4.35,4.35 0 0 1 1,-0.48 z m 3.82,1.68 a 1.13,1.13 0 0 1 -1.26,1.29 5.48,5.48 0 0 1 -1,-0.11 v 1.5 l -1,0.14 v -5.3 h 0.76 l 0.09,0.31 a 2.06,2.06 0 0 1 1.21,-0.38 c 0.77,0 1.18,0.44 1.18,1.27 z m -2.28,0.41 a 4.41,4.41 0 0 0 0.85,0.1 c 0.34,0 0.48,-0.16 0.48,-0.49 v -1.33 c 0,-0.3 -0.12,-0.47 -0.47,-0.47 a 1.38,1.38 0 0 0 -0.85,0.33 z"
inkscape:connector-curvature="0" /><path
id="path6531"
d="m 21.73,93.36 h 4.12 l -6.26,21 h -5.86 l -6.26,-21 h 4.12 l 5.07,17.47 z"
inkscape:connector-curvature="0" /><path
id="path6533"
d="m 37.31,114.32 h -3.15 l -0.28,-1 a 8.38,8.38 0 0 1 -4.56,1.35 c -2.8,0 -4,-1.92 -4,-4.56 0,-3.12 1.35,-4.31 4.47,-4.31 h 3.68 v -1.61 c 0,-1.7 -0.47,-2.3 -2.93,-2.3 a 21.42,21.42 0 0 0 -4.25,0.47 l -0.47,-2.93 a 20,20 0 0 1 5.26,-0.72 c 4.82,0 6.23,1.7 6.23,5.54 z m -3.84,-5.79 h -2.84 c -1.26,0 -1.61,0.35 -1.61,1.51 0,1.16 0.35,1.54 1.54,1.54 a 6,6 0 0 0 2.9,-0.79 z"
inkscape:connector-curvature="0" /><path
id="path6535"
d="m 43.35,99 v 10.7 c 0,0.82 0.35,1.23 1.23,1.23 a 10.59,10.59 0 0 0 4,-1.29 V 99 h 3.84 v 15.33 H 49.49 L 49.11,113 A 15.35,15.35 0 0 1 43,114.64 c -2.55,0 -3.46,-1.79 -3.46,-4.53 V 99 Z"
inkscape:connector-curvature="0" /><path
id="path6537"
d="M 54.46,114.32 V 92.73 L 58.3,92.2 v 22.13 z"
inkscape:connector-curvature="0" /><path
id="path6539"
d="m 69.76,114 a 10.64,10.64 0 0 1 -3.37,0.6 c -2.8,0 -4.22,-1.32 -4.22,-4.06 V 102 h -2.3 v -3 h 2.3 V 95.19 L 66,94.65 V 99 h 3.93 l -0.24,3 H 66 v 8 a 1.21,1.21 0 0 0 1.38,1.35 7.39,7.39 0 0 0 1.92,-0.31 z"
inkscape:connector-curvature="0" /><path
id="path6541"
d="M 0,0 38.57,77.41 77.41,0 Z m 43.16,15.54 h 4.49 V 20 h -4.49 z m -8.94,18 H 29.73 V 29 h 4.49 z m 0,-6.73 h -4.49 v -4.54 h 4.49 z m 0,-6.73 h -4.49 v -4.54 h 4.49 z M 41,40.22 H 36.46 V 35.73 H 41 Z m 0,-6.73 H 36.46 V 29 H 41 Z m 0,-6.73 H 36.46 V 22.27 H 41 Z M 41,20 H 36.46 V 15.54 H 41 Z m 2.21,2.24 h 4.49 v 4.49 h -4.54 z m 0,11.22 V 29 h 4.49 v 4.49 z"
inkscape:connector-curvature="0" /></g></g><image
y="97.389206"
x="218.78775"
id="image6642"
xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAH4AAACOCAYAAAD3sbyRAAAMJ2lDQ1BJQ0MgUHJvZmlsZQAASImV
lwdUk8kWgOcvqSS0QASkhN4E6VV6jVSpgo2QBBJKDAlBxY4sKrgWVCxYkVUR21oAWVTErohg7w8L
Ksq6qIsNlTdJAF09773z7jnz/1/u3Llz7838c2YAUIvliMU5qDoAuaJ8SVxYIGt8SiqL9AiQAR3Q
AAUQOFypOCA2NhJAGXr/U97dAIj8fdVO7uvn/v8qGjy+lAsAEgs5nSfl5kI+BADuxhVL8gEg9EC9
6bR8MWQijBJoSWCAkM3knKlkDzmnKzlSYZMQFwQ5DQAyjcORZAKgKo+LVcDNhH5Ul0B2EPGEIshN
kH25Ag4P8mfIo3Jzp0JWs4Jslf6dn8x/+Ewf9snhZA6zMheFkIOFUnEOZ8b/WY7/Lbk5sqE5TGGj
CSThcfKc5XXLnhohZxrkc6L06BjImpCvCXkKezk/FcjCEwftP3ClQbBmgAkASuNxgiMg60M2EeVE
Rw7qfTOEoWzIsPZogjCfnaAci/IkU+MG/aPT+dKQ+CHmSBRzyW1KZdmJAYM+Nwn47CGfjYWChGRl
nGh7gTApGrIq5HvS7PiIQZsXhYKg6CEbiSxOHjP8zzGQIQmNU9pgZrnSobwwL4GQHT3IkfmChHDl
WGwyl6OITQdyFl86PnIoTh4/OESZF1bEFyUOxo+Vi/MD4wbtq8U5sYP2WBM/J0yuN4HcJi2IHxrb
mw8XmzJfHIjzYxOUseFaWZyxscoYcBsQCYJAMGABGWzpYCrIAsK2nvoe+EvZEwo4QAIyAR/YDWqG
RiQrekTwGQ8KwZ+Q+EA6PC5Q0csHBVD/ZVirfNqBDEVvgWJENngKORdEgBz4W6YYJRqeLQk8gRrh
T7NzYaw5sMn7ftKx1IZ0xBBiMDGcGEq0xvVwX9wbj4RPf9iccA/ccyiub/aEp4QOwiPCdUIn4fYU
YZHkh8hZIAp0whhDB7NL/z473AJ6dcUDcR/oH/rGmbgesMNd4EwBuB+c2xVqv49VNpzxt1oO+qI4
UFDKCIo/xerHCFRtVF2Hvcgr9X0tlHGlD1craLjnxzyCvqsfD74jfrTEFmEHsbPYCew81oTVAxZ2
HGvAWrGjch5eG08Ua2NotjhFPNnQj/Cn+TiDc8qrJnWodeh2+DzYB/L50/PlH0vQVPEMiTBTkM8K
gLs1n8UWce1HsZwcHOEuKt/7lVvLW6ZiT0eYF77p8poB8CyFysxvOg7cg448BYDx7pvO9A1c9ssB
ONrOlUkKlDpc/iAAKlCDX4ouMIR7lxXMyAm4AW/gD0LAWBADEkAKmAzrLIDrVAKmgVlgPigBZWA5
WA3Wg81gG9gJ9oADoB40gRPgDLgI2sF1cBeulS7wEvSCd6AfQRASQkcYiC5ihJgjtogT4oH4IiFI
JBKHpCBpSCYiQmTILGQBUoaUI+uRrUgN8jtyBDmBnEc6kNvIQ6QbeYN8QjGUhmqhBqgFOhr1QAPQ
CDQBnYRmonloIVqMLkXXolXobrQOPYFeRK+jnehLtA8DmArGxIwxO8wDC8JisFQsA5Ngc7BSrAKr
wvZijfCfvop1Yj3YR5yIM3AWbgfXazieiHPxPHwOvgRfj+/E6/BT+FX8Id6LfyXQCfoEW4IXgU0Y
T8gkTCOUECoI2wmHCafht9NFeEckEplES6I7/PZSiFnEmcQlxI3EfcRmYgfxMbGPRCLpkmxJPqQY
EoeUTyohrSPtJh0nXSF1kT6QVchGZCdyKDmVLCIXkSvIu8jHyFfIz8j9FHWKOcWLEkPhUWZQllGq
KY2Uy5QuSj9Vg2pJ9aEmULOo86lrqXupp6n3qG9VVFRMVDxVxqkIVeaprFXZr3JO5aHKR5omzYYW
RJtIk9GW0nbQmmm3aW/pdLoF3Z+eSs+nL6XX0E/SH9A/qDJU7VXZqjzVuaqVqnWqV1RfqVHUzNUC
1CarFapVqB1Uu6zWo05Rt1APUueoz1GvVD+iflO9T4Oh4agRo5GrsURjl8Z5jeeaJE0LzRBNnmax
5jbNk5qPGRjDlBHE4DIWMKoZpxldWkQtSy22VpZWmdYerTatXm1NbRftJO3p2pXaR7U7mRjTgslm
5jCXMQ8wbzA/jTAYETCCP2LxiL0jrox4rzNSx1+Hr1Oqs0/nus4nXZZuiG627grdet37eriejd44
vWl6m/RO6/WM1BrpPZI7snTkgZF39FF9G/04/Zn62/Rb9fsMDA3CDMQG6wxOGvQYMg39DbMMVxke
M+w2Yhj5GgmNVhkdN3rB0mYFsHJYa1mnWL3G+sbhxjLjrcZtxv0mliaJJkUm+0zum1JNPUwzTFeZ
tpj2mhmZRZnNMqs1u2NOMfcwF5ivMT9r/t7C0iLZYqFFvcVzSx1LtmWhZa3lPSu6lZ9VnlWV1TVr
orWHdbb1Rut2G9TG1UZgU2lz2Ra1dbMV2m607RhFGOU5SjSqatRNO5pdgF2BXa3dQ3umfaR9kX29
/avRZqNTR68YfXb0VwdXhxyHaoe7jpqOYx2LHBsd3zjZOHGdKp2uOdOdQ53nOjc4v3axdeG7bHK5
5cpwjXJd6Nri+sXN3U3ittet293MPc19g/tNDy2PWI8lHuc8CZ6BnnM9mzw/erl55Xsd8PrL2847
23uX9/MxlmP4Y6rHPPYx8eH4bPXp9GX5pvlu8e30M/bj+FX5PfI39ef5b/d/FmAdkBWwO+BVoEOg
JPBw4Psgr6DZQc3BWHBYcGlwW4hmSGLI+pAHoSahmaG1ob1hrmEzw5rDCeER4SvCb7IN2Fx2Dbt3
rPvY2WNPRdAi4iPWRzyKtImURDZGoVFjo1ZG3Ys2jxZF18eAGHbMypj7sZaxebF/jCOOix1XOe5p
nGPcrLiz8Yz4KfG74t8lBCYsS7ibaJUoS2xJUkuamFST9D45OLk8uXP86PGzx19M0UsRpjSkklKT
Uren9k0ImbB6QtdE14klE29Mspw0fdL5yXqTcyYfnaI2hTPlYBohLTltV9pnTgynitOXzk7fkN7L
DeKu4b7k+fNW8br5Pvxy/rMMn4zyjOeZPpkrM7sFfoIKQY8wSLhe+DorPGtz1vvsmOwd2QM5yTn7
csm5ablHRJqibNGpqYZTp0/tENuKS8SdeV55q/N6JRGS7VJEOknakK8FD9mtMivZL7KHBb4FlQUf
piVNOzhdY7poeusMmxmLZzwrDC38bSY+kzuzZZbxrPmzHs4OmL11DjInfU7LXNO5xXO75oXN2zmf
Oj97/qUih6Lyor8XJC9oLDYonlf8+JewX2pLVEskJTcXei/cvAhfJFzUtth58brFX0t5pRfKHMoq
yj4v4S658Kvjr2t/HViasbRtmduyTcuJy0XLb6zwW7GzXKO8sPzxyqiVdatYq0pX/b16yurzFS4V
m9dQ18jWdK6NXNuwzmzd8nWf1wvWX68MrNy3QX/D4g3vN/I2Xtnkv2nvZoPNZZs/bRFuubU1bGtd
lUVVxTbitoJtT6uTqs/+5vFbzXa97WXbv+wQ7ejcGbfzVI17Tc0u/V3LatFaWW337om72/cE72nY
a7d36z7mvrL9YL9s/4vf036/cSDiQMtBj4N7D5kf2nCYcbi0DqmbUddbL6jvbEhp6Dgy9khLo3fj
4T/s/9jRZNxUeVT76LJj1GPFxwaOFx7vaxY395zIPPG4ZUrL3ZPjT147Ne5U2+mI0+fOhJ45eTbg
7PFzPueaznudP3LB40L9RbeLda2urYcvuV463ObWVnfZ/XJDu2d7Y8eYjmNX/K6cuBp89cw19rWL
16Ovd9xIvHHr5sSbnbd4t57fzrn9+k7Bnf678+4R7pXeV79f8UD/QdW/rP+1r9Ot8+jD4Ietj+If
3X3MffzyifTJ567ip/SnFc+MntU8d3re1B3a3f5iwouul+KX/T0lf2r8ueGV1atDf/n/1do7vrfr
teT1wJslb3Xf7vjb5e+Wvti+B+9y3/W/L/2g+2HnR4+PZz8lf3rWP+0z6fPaL9ZfGr9GfL03kDsw
IOZIOIqjAAYbmpEBwJsdANBT4NmhHQDqBOXdTCGI8j6pIPCfWHl/U4gbADv8AUicB0AkPKNsgs0c
Mg2+5UfwBH+AOjsPt0GRZjg7KX3R4I2F8GFg4K0BAKRGAL5IBgb6Nw4MfKmGwd4GoDlPeSeUi/wO
ukVxzrlkOrsY/CD/Bs85cE/8nz0/AAAACXBIWXMAABYlAAAWJQFJUiTwAAABnWlUWHRYTUw6Y29t
LmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0
az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMu
b3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJk
ZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczpleGlmPSJodHRwOi8vbnMuYWRvYmUuY29tL2V4
aWYvMS4wLyI+CiAgICAgICAgIDxleGlmOlBpeGVsWERpbWVuc2lvbj4xMjY8L2V4aWY6UGl4ZWxY
RGltZW5zaW9uPgogICAgICAgICA8ZXhpZjpQaXhlbFlEaW1lbnNpb24+MTQyPC9leGlmOlBpeGVs
WURpbWVuc2lvbj4KICAgICAgPC9yZGY6RGVzY3JpcHRpb24+CiAgIDwvcmRmOlJERj4KPC94Onht
cG1ldGE+Cn6ipB4AAAAcaURPVAAAAAIAAAAAAAAARwAAACgAAABHAAAARwAACnXMeSkEAAAKQUlE
QVR4Aeyc3atN6xfHz37DUcq7JFtH5wh3kkh0fhHupNgiyQXJnUTEhdcLovwDElLekiTcceul46Xk
7cKFrQjJSyHb3tvRd+5PrO9vPeZcc62zN3s+Ltbwnc94xjPG+I7xPHPNtdau+/L132/xX+EyUBeJ
LxznCjgSX0zef4vER+ILmoGChh07PhJf0AwUNOzY8ZH4gmagoGHHjo/EFzQDBQ07dnwkvqAZKGjY
seMj8QXNQEHDjh0fiS9oBgoaduz4SHxlGeCLO8i6urrKDGTUxq6vU2vc2dkpj/Ku5+Gk+ef6eTH+
Vjo/d8cTGDKvA2kOY9fXqTWOxKcx0TVOourr63Xl06dPkn379i3Bffr0Ef78+bNkY2OjZEdHhyTE
CpR5gWDWYR52sMs6bW1tspIVM7+pqUnzHLs9H29vb9c8/HGMvw0NDdKrNfb8aJEML7k7PhKfFIoT
7bjWRLu9bieeBekI73Qw46GO8kAcU2ChnYHr+BPC2GHncOzr/mzYC8oxcWdodqnk7ngSDbEQ7Vs+
45H45GjLu+U70Y67nXgWhHDOVs5CP/sInMIJVSh26Ty3A2Yd1qXQQhj9UCGmjXvC8Y+4uhuTR3ay
UD79etUdD0GR+P/m5i2tkHqMeDqMrR4c6qi0QDh7Kaj/q9Su5wUEjJ5j7NAJ6Lm9EMbP+vrk+URH
R/I+v7s623cWx74zVRpf1R0P0ZH46s5wCo3CcqId9zjxdAyOcPbiKIHQkegjuU5nkgC3E9pBKDzO
dK98Ov/KlSta8s6dO5IvXryQZL3hw4cL//XXn5J///0/SQpa4OvLt7iS5xfdvRPgr+eV/OFnmqy6
41kgEl+wMx7CQx3pFeqYjvROpaC47npU+Nu3b6X66NEjyevXr0vu2rVL8unTp5LYEfjuxXccX6d/
//7S3rx5s+Ts2bMlx48fLzlw4EDJbztBvgJgvu904LQ8h+KTc2Vequ74NIecaMeeaPeRgFwvEp88
AqfhyJPnL4SrJp6OoWL97PGF0Yc4CsErmzPbC4sAt27dKtPHjx+XfPLkiST6FArrsC7zfdwx+u4/
fo4cOVJDc+fOlTxw4ECJKvaQ5IV482LseVzgEid+ACLxXR8yhRLquYvEd/0hDTqdhKRVdFqC6Ug6
jkq+ffu2OJg5c6bk+/fvJdHzeWkYu+4PODSfQvDxfv36aej8+fOS+BnKi+fNMTsXW3kIszPiV1ZZ
dce7w5H4ghAP0aFKoyPpMPTpBCqZyuV9OZW+atUqmT527Jgk+nQmdh2zLp3p4yGMfiietOv4M2fO
HKmePXtWknhYN+sZjz52HRMn42n+MV51x0MkBl26Y+hH4rO97XOiHXt+Pf8hXDPiQxWMo6FO8usf
PnyQr2vXrpU8ePCgJHoEWimmI9wftxdKFNddP4RZb8aMGZp65swZySFDhkiyc3kDsDMwHsLsjP5k
ET/TZCS+6yaVQkpLWIho5jNeGOI9YSQi69bOTSJPxq5duyaTJJBOrRZPmDBBdnfs2FHi8vbt24Xv
379fcr1SQNz4Cx47dqxMXb16VXLQoEGSFAo7JvOyxol/rANOkzXreF8IRyLxyce6vZZ4r1iIDxUE
lc74mjVr9F+egDEfvRBmPhJ975hNmzZJZc+ePV2q/EHP0t8DbNmyxfSwnEjsuz++XghPmzZNhi5f
vizJGc2ZnXam+7sf5pd6mY5q1vGR+ORj2rSt+pcnnpri7pMK962ds9srmcpdvXq1TNHp2ElLYNZx
znKe7eNPQ4N/np7gurpE8unetm3bCLWspPOz+oP+rFmzZO/ixYuSTU3J7w06O5OdKGse2IHQL+tk
mYu5Ox5bkfjkqCgM8VQaAVPJFASS6+hRmXfv3pXKlClTJPmyJnaZ5xi7SMaxyzoDBgyQCnfR48aN
E+ZIYmcKYfxja+b5AuviH+v5+mmYdc+dOyeT8+bNk+Q7fm1tyceu7IzcAzjusTOewEkEiUFyHT0S
QmIj8b8Y8RBLJfIEijPUz3TGIZ7vuL169UqmvDAc09mhQnJ9vhlz48YN2R8zZoxkWqcz/vz5c+lP
mjRJ8uXLl5L47+uFMP66/2DyRB5ZP7QO8+TM1xfsI7meJqs+43EYYiPxyc0hhQAhEOb4lyOeQJCh
CiNQ5P79+6W6YcMGSeYznhWHOoKEDxs2TPZv3bolOWLECEnOVjorhFtbW6U/efJkydevX0tiP239
SseXLFki+3yjiHseP9MpFG6qe+yMhyh5XeYFQpGR+OSHGV4YvwzxcByqTK9UKnTq1Kmaeu/ePUlP
AJiComCydhr6gwcPln3O+ObmZuG0Tmc86xnPeu5vpXjUqFHyj28a8SxfF8u8YJ984UcZ1bKXqj7j
I/HJ+3iIgIBK8S9DPIFRTuBQ4Lx9o+M/fvyoqWnzGKeyQ53PuvjDGX/z5k1dqvSMf/z4seZxxr95
80Y4tH6af2nj3GtcunRJ60yfPl2S69w0g9mZOPM9fk3+wUvujocQbINxwHEkvvRu3wsBQn964iE8
baunMvn26cKFCzW1Vp1DoeEP8tsZ/48uNTf/N+/jWd8LPS9et26d/OUmmDyF7FFA+EH8aTJ3x2M4
El+bMx5if3ricZQCAFN5VCpbGGclZy56zEdih0rGDs/eOdN4YMSOwjrgoUOHyiSfe/Ok0PVCmPfx
fCPo3bt3soc/7h+YZ/rcw6Tp+zjxc514kPjLOHkI5ZO8uszd8TiIQTAO4BiORuJ/fMZTOOSR/EE4
knwy3u3EQ3hoq6czCYiCAON4Gt65c6eWWrQouTf4/ffk16vYb29PPsVqbOTPj/GpVvL39jjrea7g
CQxh4nv27Jn+i//uN0Shz87At2r5PB897KRh3lWMHj1apvGTfIEpBOziR5rM3fEYjsQnX5wgH72e
eCqWgL0TuN7amrwf/uOPsVwqkdihkrHj35ELvY+l4r0DKsXYZ+t0zJNHdpo0TAfyu/q9e/cqbuLz
eB0fPnxY+itWrJBkPezq4tcX4vfrjIdk7o6HMAx7QFyPxCd/UKHXEA+xvtVTmZypfMNkwYIFmkJl
eqGAJ06cKD0e+NB5VHalnVxrffz0Dg1h4iWuBw8eKD4ah3HH69evl96+ffskPQ9gdijsSDnDS+6O
x3YkvvynbRQChPQa4qlQCsA7gYAPHToklZUrV0oyj8QwD/2TJ09Kr6VlUYl+rf+6lHeMY3aurGc6
X0hhpwPzefmJEycUz9KlSyU9fjD5Wb58ufSOHDkiiX+Mo48kf1LO8JK743GANSDQHYnEJ28rew3x
EE5le2dQ+fzald+5UxheKOBTp07JdEtLiySV3lNnPH6l+R0apxNPnz6teBYvXixJ4zCui9+9LFu2
TOjo0aOS7ECc6eQFHLLzncmS/+bueKxE4rOd8b2GeDqBSvO7Z65fuHBBNTJ//nxJ5nmHoM/fj+Mb
Ol++JImt9oz3DnFMR/nOFcIUPDubY+wxTlwPHz5UHoifzqeRkBs3btR/d+/eLUnekOyA6GMPnCb/
BQAA//91aB1RAAAJsUlEQVTtnDuMTWsbx8+YcU8kiEtcGhSimpM4QyIh+Wa+Vii1IgqNKDASIhRo
RI9EIVGQuBQUGhoRZBQS1wSJ5DsoEIkZtxmO819+Z2b/7Xe/a6/tW9bMeRX72f/39lz+z/O+a6+1
RtvXb/9+K/Dvy5cvmtXW1iY5NDQk2d7eXtN+8eJF4bVr10oyb9y4cTWYdZYuXar2e/fuSX79mukZ
Gsok67u+GB4cHNR6HR0dko4/f/6s9vHjx0vG8KdPnzRuwoQJko6ZTz9+PXz4UOPxPxT+HTt2aNzB
gwcliRuSOKjz2wfrgWOyrSjxGIyDHjAcfvz4sWxYsmSJJAbiAIS7oTt37lQTjqMvRnCr/djldubF
2Mn4Xbt2yY9Dhw5Jhvx1/48fP66mjRs3SnqcSTTinndd9CTibadKxJMaAUmAyLRQpbG1sjVREYFl
f2jet2+f2tatWyc5ffp0yaGhbOtub6/duqkAtvL58+drPHqxxyvI8YcPHzTvzZs3kmB2MirOMePO
nj2reXv27JFkB8AONdb5IJ7Pnj1T75w5c2rm4xd+sh7r11myblPhik/E1z/jxzzxZJpnvlcOGbx8
+XJl3u3btyWZT3/dtBzROHnyZKGpU6dKknhkuu8406ZN07grV65ILliwQNLH+Trgly9favzq1asl
3759K+l2O4b4d+/eaXxe/xiHftZFEld2mI8fP2p9MPPVmOOjcMVjUCI++1FE4Mc88WQmDnslgTlT
z58/rzxcv369JPNyJGfNEBKOSscOx7Nnz9a8vr4+STBnIxUUwk+fPtW8FStWSL5+/VoypM/1g7FX
k+t8EAfGbd26VaOOHDkiSWFhJ3jixInqd3vqqKjbVLjiUYjhEM1FHDgR3/g2CfEbNcRjqFcOV50Q
TgJw42LlypXKwP7+/ppMZD0PBJjBYBKPynLM1T/XFAsXLtQSPi6Enz9/rvGdnZ2Sr169kkR/Xns1
qc4H66Cfgrl69apGEyfiyJlOpTuuo6JhU+GKx/FEfHbnknhAaMOof+tk3KgjHoNxgMomc4dxdmu2
v39AseDq/tGjR7HY1PSjB72hSqefMz3vGc/ZyVVy0TOeBKgxfgTAD8aBud9w69YtjZ41a5YkhRWq
dPwlHiNUNfxauOJRiOHDRGf36odxIn4kA8Rr1BKP4aEz3Sufs+rw4cOKw/bt20fG4zfW88CQySSa
Yx8PnjFjhtZv9ozHjj///J/md3b+Lhk742ucqQOwK+THhg0bNOvUqVOSfobHcB2VDZsKVzwBSsRn
Z3zDKH/rHHPE4/Dw1u5bPZjHotljz3nz5mnqixcvWKJGxgLlle84dsb7me447xlPAdQYPwLgB+Mc
c3a/f/9es2KV7f0e9xGqG35tueJZ3Q34ESfi/47VmCE+71bPmc8Z9+DBA+VMV9cfkgMDWcZ75caw
BxI8ZcoUrXvjxg3JZcuWSaI/tC6Vef/+fY3nzh33HVhfnQ0+GBfSRzx4UaW7+z9araMj2xG9srkV
PGnSJI1z3MCUul0tV3wivm5c/6nsMUc8DpHZP27tta9iDfdnP+944Wvz5s2K3IkTJyRZN1SRzfbz
PH/37t1an4r2M53fy/yO379/v8bv3btXEnuYr8Y6H8SDcWC3u7u7W7MvXLggydNHr/QYHo5rdi1V
x6S6TYUrHkdwzA0I40T830yMWuLJ6DDBXM2HKj/rZ50tW7YoM48ePSpJO5XmiUY/iRfDvb29WvfA
gQOSoY+i78hhB3a63eBVq1ZJ9eXLlyU5s2OV7Wc649mh0B/yy9sLVzyBTsRnISXwY554HMThoglA
JXDVzNVtX1/2pg56GNcq5jVn3oXj6pprAJ4hoI8E94oB4z/jwG7nokWLNOX69euSM2fOlORag9/z
XtmOqXTGe9yxKyYLVzyO4agbkBcT4ER89mKFE+34lxNPhuclmMoKjedePgmwbds2JS3vl6OPRPt/
42jFfP9DEgqABHbMO3unT5/Wkjx1cwKL4lF7xpMIifjs5Um28LyJ8MuIpzIgMFbZ9PuNHzD9VM6m
TZuk4syZM5IDA9lz/VCFMa9oPzsJfrmM7TgkcE9Pj6aeO3dOEoJaPdM9ITzubm8IFz7jPUBuQAxD
NIECJ+KzP+TI+zPP4xwi2ttbJt4V/2yMwXfu3NHXNWvWSPKee6wC8/ajJyRZJ7Sj8Gzg0qVLWqKr
q0sydEfOL9oce2WD2Tm408jbt9gXst/bE/HfL9I8MI4JbCKem+3fIxSrdLZy39rBnsGOmU+Gcw/9
5MmTsoDn+jzXznvG+5EVIpxx2Ms7cpzlx44d01S3m0oNXbTlrXTmc41AHEhEjki3P4RbrngWTsT/
y4iPEd5sPxkcqljWo/I46588eaIcvHnzpiRP13g/noplyyZhQ5Jx/K1eb+9ODe3p+a/k4sWLJbkD
12xl56300JnuOwv2hvzx9pYrHiLYalrFifjsDh6JVFniySQnnDOZynTsGRvDnG0EYhhnb6wMDmZP
ATn7sAt57do1fb17964k1wQk2ty5c9XOPXV+PXC2sg52kuhgxkHYz8LDfk6QCWD8ZCdjh8TOmGy5
4lGQiK+t1DFPvBPeLKbiyNhmMRlPAiJpZ13aQ2ch/8lSW1v2ogiVzI4FZsdptrJ/1pmOPeyg2IN/
eWXLFd8s0T6+WaJ9PAS7w7Qn4j0yGW6ZeJYlAz0jwVQMZ1MMc5aR0SHMeujn7A0lmFe8JwiJxTqs
ix7sCG3lXtmOYzsF67vf6Mce4ur2wkdMJuK/34hiZ/BAEmgCDzH/euK9smKYwHqg82Iq1DOadioa
zLpuF4RSOWAnmMqLVWrRftYP7YDYh/34h//sTN5Of0i2XPEYhAExnIivvfoftcSTUVQMGRrKYCrK
+9lCCUQI+3z0ecKRYF4JvhMwjsTFD/RgR2hr90oveqajz+Pi2P10f+AjJluueBQQMIhwg2OYACfi
PyukoUT45cRDOBVDZZGBMczZy3ywz4/1Mx57ikrWKWq3EwLGL/cjhrGH+b4e/diLzOt/4YpHAQ6g
2A0KYRxiPtjHx/oZjz1FJevE/MBOtwtiODLAofE+3zH2MN/Xox97kXn9b5n4vIrSuGpFIBFfLT5K
syYRX1qoq6UoEV8tPkqzJhFfWqirpSgRXy0+SrMmEV9aqKulKBFfLT5KsyYRX1qoq6UoEV8tPkqz
JhFfWqirpSgRXy0+SrMmEV9aqKulKBFfLT5KsyYRX1qoq6UoEV8tPkqzJhFfWqirpSgRXy0+SrMm
EV9aqKulKBFfLT5KsyYRX1qoq6UoEV8tPkqzJhFfWqirpSgRXy0+SrPmL/hk6fsEzapeAAAAAElF
TkSuQmCC
"
style="image-rendering:optimizeQuality"
preserveAspectRatio="none"
height="94.666664"
width="84" /><g
inkscape:groupmode="layer"
id="layer1"
inkscape:label="base"
style="opacity:1" /></svg>
Side by Side

Before

Width:  |  Height:  |  Size: 46 KiB

BIN
charts/molgenis-vault/charts/etcd-operator-0.8.0.tgz
View File

Binary file not shown.

BIN
charts/molgenis-vault/charts/vault-operator-0.1.1.tgz
View File

Binary file not shown.

9
charts/molgenis-vault/requirements.lock
View File

@ -1,9 +0,0 @@
dependencies:
- name: vault-operator
repository: https://kubernetes-charts.storage.googleapis.com/
version: 0.1.1
- name: etcd-operator
repository: https://kubernetes-charts.storage.googleapis.com/
version: 0.8.0
digest: sha256:47aa645df7dfce9760905800321599de05995ae50090735d45310936dbaa46de
generated: 2018-09-06T18:59:39.861922543+02:00

7
charts/molgenis-vault/requirements.yaml
View File

@ -1,7 +0,0 @@
dependencies:
- name: vault-operator
version: ^0.1.1
repository: https://kubernetes-charts.storage.googleapis.com/
- name: etcd-operator
version: ^0.8.0
repository: https://kubernetes-charts.storage.googleapis.com/

15
charts/molgenis-vault/resources/restore.yaml
View File

@ -1,15 +0,0 @@
# Use kubectl create -f restore.yaml to manually execute a restore of the vault
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdRestore"
metadata:
# The restore CR name must be the same as spec.etcdCluster.name
name: vault-etcd
namespace: vault-operator
spec:
etcdCluster:
# The namespace is the same as this EtcdRestore CR
name: vault-etcd
backupStorageType: ABS
abs:
path: vault/backup-<specify the backup name>
absSecret: abs

9
charts/molgenis-vault/resources/vault.yaml
View File

@ -1,9 +0,0 @@
# Use kubectl create -f vault.yaml to manually create a vault
apiVersion: "vault.security.coreos.com/v1alpha1"
kind: "VaultService"
metadata:
name: "vault"
namespace: "vault-operator"
spec:
nodes: 2
version: "0.9.1-0"

13
charts/molgenis-vault/templates/NOTES.txt
View File

@ -1,13 +0,0 @@
Vault operator created
Next steps:
* Manually create a vault using resources/vault.yaml
* Manually restore a backup using resources/backup.yaml
* Unseal the vault pods
{{ if .Values.backupJob.enable }}
!! Make sure to check if the backups succeed !!
{{ else }}
!!!!!! NO BACKUPS CONFIGURED !!!!!!
{{ end }}

54
charts/molgenis-vault/templates/_helpers.tpl
View File

@ -1,54 +0,0 @@
{{/*
Define vault ui fullname
*/}}
{{- define "vault.ui.fullname" -}}
{{- printf "%s-ui" .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Define vault service url for the ui
*/}}
{{- define "vault.service.url" -}}
{{- printf "https://%s:8200" .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* See https://github.com/helm/helm/issues/4535 */}}
{{- define "call-nested" }}
{{- $dot := index . 0 }}
{{- $subchart := index . 1 }}
{{- $template := index . 2 }}
{{- include $template (dict "Chart" (dict "Name" $subchart) "Values" (index $dot.Values $subchart) "Release" $dot.Release "Capabilities" $dot.Capabilities) }}
{{- end }}
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "molgenis-vault.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "molgenis-vault.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "molgenis-vault.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

10
charts/molgenis-vault/templates/abs-secret.yaml
View File

@ -1,10 +0,0 @@
# Secret to access microsoft azure blob store
apiVersion: v1
kind: Secret
metadata:
name: abs
type: Opaque
stringData:
storage-account: {{ .Values.abs.account }}
storage-key: {{ .Values.abs.accessKey }}
cloud: {{ .Values.abs.cloud }}

18
charts/molgenis-vault/templates/backup-configmap.yaml
View File

@ -1,18 +0,0 @@
# configmap to use as a template by the backup cronjob to create etcdbackup instances
apiVersion: v1
kind: ConfigMap
metadata:
name: backup-config
data:
backup_cr.yaml: |
apiVersion: "etcd.database.coreos.com/v1beta2"
kind: "EtcdBackup"
metadata:
generateName: vault-backup-
spec:
etcdEndpoints: ["https://vault-etcd-client:2379"]
storageType: ABS
clientTLSSecret: vault-etcd-client-tls
abs:
path: vault/backup.<NOW>
absSecret: abs

30
charts/molgenis-vault/templates/backup-cronjob.yaml
View File

@ -1,30 +0,0 @@
{{- if .Values.backupJob.enable }}
# cronjob that creates etcdbackups using the etcd backup serviceaccount
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: etcd-backup
spec:
schedule: {{ .Values.backupJob.schedule | quote }}
jobTemplate:
spec:
template:
spec:
serviceAccountName: {{ include "call-nested" (list . "etcd-operator" "etcd-operator.serviceAccountName") }}
containers:
- name: etcd-backup
image: lachlanevenson/k8s-kubectl
command:
- /bin/sh
- "-ec"
- |
sed -e "s|<NOW>|$(date '+%Y-%m-%d_%H:%M:%S')|g" /var/etcd_backup/backup_cr.yaml | kubectl create -f -
volumeMounts:
- name: backup-config
mountPath: /var/etcd_backup
restartPolicy: OnFailure
volumes:
- name: backup-config
configMap:
name: backup-config
{{- end }}

30
charts/molgenis-vault/templates/ui-ingress.yaml
View File

@ -1,30 +0,0 @@
{{- if .Values.ui.ingress.enabled -}}
{{- $serviceName := include "vault.ui.fullname" . -}}
{{- $servicePort := .Values.ui.service.externalPort -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ template "vault.ui.fullname" . }}
labels:
app: {{ template "molgenis-vault.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
{{- range $key, $value := .Values.ui.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
rules:
- host: {{ .Values.ui.ingress.host }}
http:
paths:
- path:
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- if .Values.ui.ingress.tls }}
tls:
{{ toYaml .Values.ui.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}

23
charts/molgenis-vault/templates/ui-service.yaml
View File

@ -1,23 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "vault.ui.fullname" . }}
labels:
app: {{ template "vault-operator.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
type: {{ .Values.ui.service.type }}
ports:
- port: {{ .Values.ui.service.externalPort }}
targetPort: {{ .Values.ui.service.internalPort }}
protocol: TCP
name: {{ .Values.ui.service.name }}
{{- if .Values.ui.service.nodePort }}
nodePort: {{ .Values.ui.service.nodePort }}
{{- end }}
selector:
app: {{ template "vault-operator.name" . }}
release: {{ .Release.Name }}
component: {{ .Values.ui.name }}

50
charts/molgenis-vault/templates/vault-ui-deployment.yaml
View File

@ -1,50 +0,0 @@
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: {{ template "vault.ui.fullname" . }}
labels:
app: {{ template "vault-operator.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
component: {{ .Values.ui.name }}
spec:
replicas: {{ .Values.ui.replicaCount }}
template:
metadata:
labels:
app: {{ template "vault-operator.name" . }}
release: {{ .Release.Name }}
component: {{ .Values.ui.name }}
spec:
containers:
- name: {{ .Values.ui.name }}
image: "{{ .Values.ui.image.repository }}:{{ .Values.ui.image.tag }}"
imagePullPolicy: {{ .Values.imagePullPolicy }}
env:
- name: VAULT_URL_DEFAULT
{{- if .Values.ui.vault.url }}
value: {{ .Values.ui.vault.url }}
{{ else }}
value: {{ template "vault.service.url" . }}
{{- end }}
- name: VAULT_AUTH_DEFAULT
value: {{ .Values.ui.vault.auth }}
- name: NODE_TLS_REJECT_UNAUTHORIZED
value: '0'
ports:
- containerPort: {{ .Values.ui.service.internalPort }}
livenessProbe:
httpGet:
path: /
port: {{ .Values.ui.service.internalPort }}
readinessProbe:
httpGet:
path: /
port: {{ .Values.ui.service.internalPort }}
resources:
{{ toYaml .Values.ui.resources | indent 12 }}
{{- if .Values.ui.nodeSelector }}
nodeSelector:
{{ toYaml .Values.ui.nodeSelector | indent 8 }}
{{- end }}

79
charts/molgenis-vault/values.yaml
View File

@ -1,79 +0,0 @@
# Default values for molgenis-vault.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# abs gives details of the credentials to reach the azure backup storage
abs:
# account is the name of the Storage account
account: fdlkops
# access key for the Storage account
accessKey: xxxx
# default cloud
cloud: AzurePublicCloud
# backupjob describes the backup cronjob
backupJob:
# enable enables the backup job
enable: true
# schedule gives the cron schedule for the backup job
schedule: "0 12 * * 1"
###
# All of the config variables related to setting up the etcd-operator
# If you want more information about the variables exposed, please visit:
# https://github.com/kubernetes/charts/tree/master/stable/etcd-operator#configuration
###
etcd-operator:
deployments:
etcdOperator: true
backupOperator: true
restoreOperator: true
serviceAccount:
etcdOperatorServiceAccount:
create: true
backupOperatorServiceAccount:
create: true
restoreOperatorServiceAccount:
create: true
etcdOperator:
image:
tag: v0.9.2
backupOperator:
image:
tag: v0.9.2
restoreOperator:
image:
tag: v0.9.2
ui:
name: "vault-ui"
replicaCount: 1
image:
repository: djenriquez/vault-ui
tag: latest
service:
name: vault-ui
type: ClusterIP
externalPort: 8000
internalPort: 8000
# nodePort: 32001
ingress:
enabled: true
# Used to create Ingress record (should used with service.type: ClusterIP).
host: vault.molgenis.org
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
vault:
auth: GITHUB
url: https://vault.vault-operator:8200

138
charts/molgenis/README.md
View File

@ -1,138 +0,0 @@
# MOLGENIS
This chart is used for acceptance and production use cases.
## Containers
This chart spins up a MOLGENIS instance with HTTPD. The created containers are:
- MOLGENIS
- ElasticSearch
- PostgreSQL **(optional)**
## Provisioning
You can choose from which registry you want to pull. There are 2 registries:
- https://registry.molgenis.org
- https://hub.docker.com
The registry.molgenis.org contains the bleeding edge versions (PR's and master merges). The hub.docker.com contains the released artifacts (MOLGENIS releases and release candidates).
The three properties you need to specify are:
- ```molgenis.image.repository```
- ```molgenis.image.name```
- ```molgenis.image.tag```
Besides determining which image you want to pull, you also have to set an administrator password. You can do this by specifying the following property.
- ```molgenis.adminPassword```
### Firewall
Is defined at service level you can specify this attribute in the values:
- ```molgenis.firewall.enabled``` default 'false'
If set to 'true' the following options are available. One of the options below has to be set.
- ```molgenis.firewall.umcg.enabled``` default 'false'
- ```molgenis.firewall.cluster.enabled``` default 'false'
UMCG = only available within the UMCG.
Cluster = only available within the GCC cluster environment.
## Services
When you start MOLGENIS you need:
- an elasticsearch instance (5.5.6)
- an postgres instance (9.6)
You can attach additional services like:
- an opencpu instance
### Elasticsearch
You can configure elasticsearch by giving in the cluster location.
To configure the transport address you can address the node communication channel but also the native JAVA API. Which MOLGENIS uses to communicate with Elasticsearch.
From Elasticsearch version 6 and further the JAVA API is not supported anymore. At this moment you can only use Elastic instance till major version 5.
- ```molgenis.services.elasticsearch.transportAddresses: localhost:9300```
To configure the index on a Elasticsearch cluster you can specify the clusterName property.
- ```molgenis.services.elasticsearch.clusterName: molgenis```
### Postgres
You can specify the location of the postgres instance by specify the following property:
- ```molgenis.services.postgres.host: localhost```
You can specify the schema by filling out this property:
- ```molgenis.services.postgres.scheme: molgenis```
You can specify credentials for the database scheme by specifying the following properties:
- ```molgenis.services.postgres.user: molgenis```
- ```molgenis.services.postgres.password: molgenis```
To test you can use the **PostgreSQL**-helm chart of Kubernetes and specify these answers:
```bash
# answers for postgresql chart
postgresUser=molgenis
postgresPassword=molgenis
postgresDatabase=molgenis
persistence.enabled=false
```
### OpenCPU
You can specify the location of the OpenCPU cluster by specifying this property:
- ```molgenis.services.opencpu.host: localhost```
You can test OpenCPU settings using the **OpenCPU**-helm chart of MOLGENIS.
## Resources
You can specify resources by resource type. There are 2 resource types.
- memory of container
- maximum heap space JVM
Specify memory usage of container:
- ```molgenis.resources.limits.memory```
Specify memory usage for Java JVM:
- ```molgenis.javaOpts.maxHeapSpace```
Select the resources you need dependant on the customer you need to serve.
## Persistence
You can enable persistence on your MOLGENIS stack by specifying the following property.
- ```persistence.enabled``` default 'true'
You can also choose to retain the volume of the NFS.
- ```persistence.retain``` default 'false'
The size and claim name can be specified per service. There are now two services that can be persist.
- MOLGENIS
- ElasticSearch
- PostgreSQL **(optional)**
MOLGENIS persistent properties.
- ```molgenis.persistence.claim```
- ```molgenis.persistence.size```
ElasticSearch persistent properties.
- ```elasticsearch.persistence.claim```
- ```elasticsearch.persistence.size```
PostgreSQL persistent properties.
- ```postgres.persistence.claim```
- ```postgres.persistence.size```
### Resolve you persistent volume
You do not know which volume is attached to your MOLGENIS instance. You can resolve this by executing:
```
kubectl get pv
```
You can now view the persistent volume claims and the attached volumes.
| NAME | CAPACITY | ACCESS | MODES | RECLAIM | POLICY | STATUS | CLAIM | STORAGECLASS | REASON | AGE |
| ---- | -------- | ------ | ----- | ------- | ------ | ------ | ----- | ------------ | ------ | --- |
| pvc-45988f55-900f-11e8-a0b4-005056a51744 | 30G | RWX | | Retain | Bound | molgenis-solverd/molgenis-nfs-claim | nfs-provisioner-retain | | | 33d |
| pvc-3984723d-220f-14e8-a98a-skjhf88823kk | 30G | RWO | | Delete | Bound | molgenis-test/molgenis-nfs-claim | nfs-provisioner | | | 33d |
You see the ```molgenis-test/molgenis-nfs-claim``` is bound to the volume: ```pvc-3984723d-220f-14e8-a98a-skjhf88823kk```.
When you want to view the data in the this volume you can go to the nfs-provisioning pod and execute the shell. Go to the directory ```export``` and lookup the directory ```pvc-3984723d-220f-14e8-a98a-skjhf88823kk```.

167
charts/molgenis/questions.yml
View File

@ -1,167 +0,0 @@
categories:
- MOLGENIS
questions:
- variable: ingress.hosts[0].name
label: Hostname
default: "test.molgenis.org"
description: "Hostname for your stack"
type: hostname
required: true
group: "Load balancing"
- variable: molgenis.image.repository
label: Registry
default: "registry.hub.docker.com"
description: "Select a registry to pull from"
type: enum
options:
- "registry.hub.docker.com"
- "registry.molgenis.org"
required: true
group: "Provisioning"
- variable: molgenis.image.tag
label: Version
default: ""
description: "Select a MOLGENIS version (check the registry.molgenis.org or hub.docker.com for released tags)"
type: string
required: true
group: "Provisioning"
- variable: molgenis.adminPassword
label: Administrator password
default: ""
description: "Enter an administrator password"
type: password
required: true
group: "Provisioning"
- variable: service.firewall.enabled
label: Firewall enabled
default: false
description: "Firewall enabled (can be cluster or UMCG scoped)"
type: boolean
required: true
group: "Provisioning"
show_subquestion_if: true
subquestions:
- variable: service.firewall.kind
default: "umcg"
description: "Firewall kind. This can be 'umcg' or 'cluster' environment"
type: enum
required: true
options:
- umcg
- cluster
label: Firewall kind
- variable: molgenis.services.opencpu.host
label: OpenCPU cluster
default: "localhost"
description: "Specify the OpenCPU cluster"
type: string
required: true
group: "Services"
- variable: molgenis.services.postgres.embedded
label: Postgres embedded
default: false
description: "Do you want an embedded postgres"
type: boolean
required: true
group: "Services"
show_subquestion_if: false
subquestions:
- variable: molgenis.services.postgres.host
label: Postgres cluster location
default: ""
description: "Set the location of the postgres cluster. This can be localhost when the postgres is enabled else you need to specify a cluster location if you do not want a embedded postgres instance)"
type: string
required: true
group: "Services"
- variable: molgenis.services.postgres.scheme
label: Database scheme
default: "molgenis"
description: "Set the database scheme"
type: string
required: true
group: "Services"
- variable: molgenis.services.postgres.user
label: Database username
default: "molgenis"
description: "Set user of the database scheme"
type: string
required: true
group: "Services"
- variable: molgenis.services.postgres.password
label: Database password
default: "molgenis"
description: "Set the password of the database scheme"
type: string
required: true
group: "Services"
- variable: molgenis.resources.limits.memory
label: Container memory limit
default: 1250Mi
description: "Memory limit for this MOLGENIS container"
type: enum
options:
- "1250Mi"
- "2500Mi"
required: true
group: "Resources"
- variable: molgenis.resources.requests.memory
label: Container memory reservation
default: 1250Mi
description: "Memory reservation for this MOLGENIS container (must fit in the selected memory limit for the container)"
type: enum
options:
- "1250Mi"
- "2500Mi"
required: true
group: "Resources"
- variable: molgenis.javaOpts.maxHeapSpace
label: Maximum heap space (JVM)
default: "1g"
description: "Maximum heap space MOLGENIS container JVM. Please not this should fit in your container memory limit"
type: enum
options:
- "1g"
- "2g"
group: "Resources"
- variable: persistence.enabled
default: true
description: "Do you want to use persistence"
type: boolean
required: true
group: "Persistence"
label: Persistence
show_subquestion_if: true
subquestions:
- variable: persistence.retain
default: false
description: "Do you want to retain the persistent volume"
type: boolean
label: Retain volume
- variable: molgenis.persistence.size
default: "5Gi"
description: "Size of MOLGENIS filestore (PostgreSQL and ElasticSearch excluded)"
type: enum
options:
- "5Gi"
- "10Gi"
- "20Gi"
label: Size MOLGENIS filestore
- variable: elasticsearch.persistence.size
default: "5Gi"
description: "Size of ElasticSearch data (directory that is persist: /usr/share/elasticsearch/data)"
type: enum
options:
- "5Gi"
- "10Gi"
- "50Gi"
label: Size for ElasticSearch data
- variable: postgres.persistence.size
default: "5Gi"
description: "Size of PostgreSQL data (directory that is persist: /var/lib/postgresql/data/pgdata)"
type: enum
options:
- "5Gi"
- "10Gi"
- "50Gi"
label: Size for PostgreSQL data

19
charts/molgenis/templates/persistence/elasticsearchPVC.yaml
View File

@ -1,19 +0,0 @@
{{- if .Values.persistence.enabled -}}
apiVersion: extensions/v1beta1
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ .Values.elasticsearch.persistence.claim }}
annotations:
{{- if .Values.persistence.retain }}
volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain"
{{- else }}
volume.beta.kubernetes.io/storage-class: "nfs-provisioner"
{{- end }}
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: {{ .Values.elasticsearch.persistence.size }}
{{- end }}

19
charts/molgenis/templates/persistence/molgenisPVC.yaml
View File

@ -1,19 +0,0 @@
{{- if .Values.persistence.enabled -}}
apiVersion: extensions/v1beta1
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ .Values.molgenis.persistence.claim }}
annotations:
{{- if .Values.persistence.retain }}
volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain"
{{- else }}
volume.beta.kubernetes.io/storage-class: "nfs-provisioner"
{{- end }}
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: {{ .Values.molgenis.persistence.size }}
{{- end }}

21
charts/molgenis/templates/persistence/postgresPVC.yaml
View File

@ -1,21 +0,0 @@
{{- if .Values.molgenis.services.postgres.embedded }}
{{- if .Values.persistence.enabled }}
apiVersion: extensions/v1beta1
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ .Values.postgres.persistence.claim }}
annotations:
{{- if .Values.persistence.retain }}
volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain"
{{- else }}
volume.beta.kubernetes.io/storage-class: "nfs-provisioner"
{{- end }}
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: {{ .Values.postgres.persistence.size }}
{{- end }}
{{- end }}

103
charts/molgenis/values.yaml
View File

@ -1,103 +0,0 @@
# Default values for molgenis.
replicaCount: 1
service:
type: LoadBalancer
firewall:
enabled: false
kind: "umcg"
umcg:
rules:
- 127.0.0.1/32
cluster:
rules:
- 127.0.0.1/32
port: 8080
ingress:
enabled: true
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
path: /
hosts:
- name: test.molgenis.org
tls: []
molgenis:
image:
repository: registry.hub.docker.com
name: molgenis/molgenis-app
tag: stable
pullPolicy: Always
adminPassword:
javaOpts:
maxHeapSpace: "1g"
resources:
limits:
cpu: 1
memory: 1250Mi
requests:
cpu: 200m
memory: 1250Mi
persistence:
claim: molgenis-nfs-claim
size: 5Gi
services:
opencpu:
host: localhost
elasticsearch:
transportAddresses: localhost:9300
clusterName: molgenis
postgres:
embedded: false
host: localhost
scheme: molgenis
user: molgenis
password: molgenis
elasticsearch:
image:
repository: docker.elastic.co/elasticsearch/elasticsearch
tag: 5.5.3
pullPolicy: IfNotPresent
javaOpts: "-Xms1g -Xmx1g"
clusterName: molgenis
resources:
limits:
cpu: 2
memory: 3Gi
requests:
cpu: 100m
memory: 1Gi
persistence:
claim: elasticsearch-nfs-claim
size: 5Gi
postgres:
image:
repository: postgres
tag: 9.6-alpine
pullPolicy: IfNotPresent
resources:
limits:
cpu: 1
memory: 250Mi
requests:
cpu: 100m
memory: 250Mi
persistence:
claim: postgres-nfs-claim
size: 5Gi
persistence:
enabled: true
retain: false
nodeSelector: {
deployPod: "true"
}
tolerations: []
affinity: {}

0
charts/molgenis-httpd/.helmignore → molgenis-httpd/.helmignore
View File

4
charts/molgenis-httpd/Chart.yaml → molgenis-httpd/Chart.yaml
View File

@ -6,7 +6,3 @@ version: 0.1.0
sources: sources:
- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-httpd/catalogIcon-molgenis-httpd.svg icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-httpd/catalogIcon-molgenis-httpd.svg
home: http://httpd.apache.org
maintainers:
- name: sidohaakma
- name: fdlk

0
charts/molgenis-httpd/README.md → molgenis-httpd/README.md
View File

0
charts/molgenis-httpd/catalogIcon-molgenis-httpd.svg → molgenis-httpd/catalogIcon-molgenis-httpd.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 89 KiB

After

Width:  |  Height:  |  Size: 89 KiB

0
charts/molgenis-httpd/questions.yml → molgenis-httpd/questions.yml
View File

0
charts/molgenis-httpd/templates/NOTES.txt → molgenis-httpd/templates/NOTES.txt
View File

0
charts/molgenis-httpd/templates/_helpers.tpl → molgenis-httpd/templates/_helpers.tpl
View File

0
charts/molgenis-httpd/templates/deployment.yaml → molgenis-httpd/templates/deployment.yaml
View File

0
charts/molgenis-httpd/templates/ingress.yaml → molgenis-httpd/templates/ingress.yaml
View File

0
charts/molgenis-httpd/templates/service.yaml → molgenis-httpd/templates/service.yaml
View File

0
charts/molgenis-httpd/values.yaml → molgenis-httpd/values.yaml
View File

7
charts/molgenis-jenkins/Chart.yaml → molgenis-jenkins/Chart.yaml
View File

@ -1,11 +1,8 @@
name: molgenis-jenkins name: molgenis-jenkins
home: https://jenkins.io/ home: https://jenkins.io/
version: 0.8.1 version: 0.7.0
appVersion: 2.138.1 appVersion: 2.121
description: Molgenis installation for the jenkins chart. description: Molgenis installation for the jenkins chart.
sources: sources:
- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-jenkins/catalogIcon-molgenis-jenkins.svg icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-jenkins/catalogIcon-molgenis-jenkins.svg
maintainers:
- name: fdlk
- name: sidohaakma

106
molgenis-jenkins/README.md Normal file
View File

@ -0,0 +1,106 @@
# Molgenis Jenkins Helm Chart
Jenkins master and slave cluster utilizing the Jenkins Kubernetes plugin.
Wraps [the kuberenetes jenkins chart](https://github.com/kubernetes/charts/tree/master/stable/jenkins), see documentation there!
## Chart Details
This chart will do the following:
* 1 x Jenkins Master with port 8080 exposed on an external ClusterIP
* All using Kubernetes Deployments
## Installing the Chart
Usually, you'll be deploying this to the molgenis cluster.
In the [Rancher Catalog](https://rancher.molgenis.org:7443/g/catalog), add the latest version of this repository.
In the [molgenis cluster management page](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/apps), choose the
catalog, pick the molgenis-jenkins app from the catalog and deploy it.
## Configuration
When deploying, you can paste values into the Rancher Answers to override the defaults in this chart.
Array values can be added as {value, value, value}.
```
jenkins.Master.HostName=jenkins.molgenis.org
jenkins.Master.AdminPassword=pa$$word
jenkins.Persistence.Enabled=false
jenkins.Master.InstallPlugins={kubernetes:1.8.4, workflow-aggregator:2.5, workflow-job:2.21, credentials-binding:1.16, git:3.9.1, blueocean:1.6.2, github-oauth:0.29}
jenkins.Master.Security.UseGitHub=false
## if UseGitHub=true
jenkins.Master.Security.GitHub.ClientID=id
jenkins.Master.Security.GitHub.ClientSecret=S3cr3t
## end UseGitHub=true
PipelineSecrets.Env.PGPPassphrase=literal:S3cr3t
```
You can use [all configuration values of the jenkins subchart](https://github.com/kubernetes/charts/tree/master/stable/jenkins).
> Because we use jenkins as a sub-chart, you should prefix all value keys with `jenkins`!
### GitHub Authentication delegation
You need to setup a MOLGENIS - Jenkins GitHub OAuth App. You can do this by accessing this url: [add new OAuth app](https://github.com/settings/applications/new).
### Additional configuration
There is one additional group of configuration items specific for this chart, so not prefixed with `jenkins`:
* PipelineSecrets
When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins and mounted in the jenkins
build pods. The secrets, like the rest of the deployment, is namespaced so multiple instances can run beside
each other with their own secrets.
You can override the values at deploy time but otherwise also configure them
[in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
* Vault
New vault token to be used by the pods to retrieve their tokens from the vault.
| Parameter | Description | Default |
| ----------------------------------|--------------------------------------------|-----------------------------------------------|
| `PipelineSecrets.Vault.Replace` | Replace the molgenis-pipeline-vault secret |`true` |
| `PipelineSecrets.Vault.Token` | Token to log into the hashicorp vault |`xxxx` |
| `PipelineSecrets.Vault.Addr` | Address of the vault |`https:vault-operator.vault-operator.svc:8200` |
| `PipelineSecrets.Vault.skipVerify`| Skip verification of the https connection |`1` |
* Env
Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
in the slave pods.
| Parameter | Description | Default |
| -------------------------------------- | ----------------------------------------- | --------------- |
| `PipelineSecrets.Env.Replace` | Replace molgenis-pipeline-env secret | `true` |
| `PipelineSecrets.Env.PGPPassphrase` | passphrase for the pgp signing key | `literal:xxxx` |
| `PipelineSecrets.Env.CodecovToken` | token for codecov.io | `xxxx` |
| `PipelineSecrets.Env.GitHubToken` | token for GH molgenis-jenkins user | `xxxx` |
| `PipelineSecrets.Env.NexusPassword` | token for molgenis-jenkins user in NEXUS | `xxxx` |
| `PipelineSecrets.Env.DockerHubPassword`| token for molgenis user in hub.docker.com | `xxxx` |
| `PipelineSecrets.Env.SonarToken` | token for sonarcloud.io | `xxxx` |
| `PipelineSecrets.Env.NpmToken` | token for npmjs.org | `xxxx` |
| `PipelineSecrets.Env.SauceAccessKey` | token for saucelabs.com | `xxxx` |
* File
Environment variables stored in molgenis-pipeline-file secret, to be mounted as files
in the `/root/.m2` directory of the slave pods.
> The settings.xml file references the
| Parameter | Description | Default |
| -------------------------------------- | ------------------------------------- | ------------------------------------------------------------------------------- |
| `PipelineSecrets.File.Replace` | Replace molgenis-pipeline-file secret | `true` |
| `PipelineSecrets.File.PGPPrivateKeyAsc`| pgp signing key in ascii form | `-----BEGIN PGP PRIVATE KEY BLOCK-----xxxxx-----END PGP PRIVATE KEY BLOCK-----` |
| `PipelineSecrets.File.MavenSettingsXML`| Maven settings.xml file | `<settings>[...]</settings>` (see actual [values.yaml](values.yaml)) |
## Command line use
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart.
For example,
```bash
$ helm install --name jenkins -f values.yaml molgenis-jenkins
```
> **Tip**: You can use the default [values.yaml](values.yaml)

0
charts/molgenis-jenkins/catalogIcon-molgenis-jenkins.svg → molgenis-jenkins/catalogIcon-molgenis-jenkins.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 133 KiB

After

Width:  |  Height:  |  Size: 133 KiB

BIN
molgenis-jenkins/charts/jenkins-0.16.4.tgz Normal file
View File

Binary file not shown.

4
charts/molgenis-jenkins/requirements.lock → molgenis-jenkins/requirements.lock
View File

@ -1,6 +1,6 @@
dependencies: dependencies:
- name: jenkins - name: jenkins
repository: https://kubernetes-charts.storage.googleapis.com/ repository: https://kubernetes-charts.storage.googleapis.com/
version: 0.18.0 version: 0.16.4
digest: sha256:39f694515489598fa545c9a5a4f1347749e8f2a8d7fae6ccae3e2acae1564685 digest: sha256:39f694515489598fa545c9a5a4f1347749e8f2a8d7fae6ccae3e2acae1564685
generated: 2018-09-27T11:00:15.795416984+02:00 generated: 2018-06-27T14:36:23.172954738+02:00

0
charts/molgenis-jenkins/requirements.yaml → molgenis-jenkins/requirements.yaml
View File

7
charts/molgenis-jenkins/templates/config.tpl → molgenis-jenkins/templates/config.tpl
View File

@ -32,9 +32,6 @@ data:
<buildsDir>${ITEM_ROOTDIR}/builds</buildsDir> <buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
<markupFormatter class="hudson.markup.EscapedMarkupFormatter"/> <markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
<jdks/> <jdks/>
<primaryView>dev</primaryView>
<viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
<myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
<clouds> <clouds>
<org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud plugin="kubernetes@{{ template "jenkins.kubernetes-version" . }}"> <org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud plugin="kubernetes@{{ template "jenkins.kubernetes-version" . }}">
<name>kubernetes</name> <name>kubernetes</name>
@ -155,8 +152,6 @@ data:
<readTimeout>0</readTimeout> <readTimeout>0</readTimeout>
</org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud> </org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud>
</clouds> </clouds>
<quietPeriod>5</quietPeriod>
<scmCheckoutRetryCount>0</scmCheckoutRetryCount>
<views> <views>
<hudson.model.AllView> <hudson.model.AllView>
<owner class="hudson" reference="../../.."/> <owner class="hudson" reference="../../.."/>
@ -194,6 +189,8 @@ data:
{{- end }} {{- end }}
</views> </views>
<primaryView>{{ .Values.Master.DefaultView }}</primaryView> <primaryView>{{ .Values.Master.DefaultView }}</primaryView>
<quietPeriod>5</quietPeriod>
<scmCheckoutRetryCount>0</scmCheckoutRetryCount>
<slaveAgentPort>50000</slaveAgentPort> <slaveAgentPort>50000</slaveAgentPort>
<disabledAgentProtocols> <disabledAgentProtocols>
{{- range .Values.Master.DisabledAgentProtocols }} {{- range .Values.Master.DisabledAgentProtocols }}

6
charts/molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml → molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml
View File

@ -8,9 +8,9 @@ metadata:
"jenkins.io/credentials-type": "usernamePassword" "jenkins.io/credentials-type": "usernamePassword"
annotations: { annotations: {
# description - can not be a label as spaces are not allowed # description - can not be a label as spaces are not allowed
"jenkins.io/credentials-description" : "(deprecated by vault) Account used in pipeline builds to push docker images to Docker Hub (hub.docker.com)" "jenkins.io/credentials-description" : "user to authenticate against Docker Hub (hub.docker.com)"
} }
type: Opaque type: Opaque
data: data:
username: {{ .Values.secret.registry.user | b64enc | quote }} username: {{ "molgenisci" | b64enc | quote }}
password: {{ .Values.secret.registry.password | b64enc | quote }} password: {{ .Values.PipelineSecrets.Env.DockerHubPassword | b64enc | quote }}

6
charts/molgenis-jenkins/templates/molgenis-jenkins-github-secret.yaml → molgenis-jenkins/templates/molgenis-jenkins-github-secret.yaml
View File

@ -8,9 +8,9 @@ metadata:
"jenkins.io/credentials-type": "usernamePassword" "jenkins.io/credentials-type": "usernamePassword"
annotations: { annotations: {
# description - can not be a label as spaces are not allowed # description - can not be a label as spaces are not allowed
"jenkins.io/credentials-description" : "Oauth token for the {{.Values.secret.gitHub.user}} GitHub user" "jenkins.io/credentials-description" : "oauth token for the molgenis-jenkins github user"
} }
type: Opaque type: Opaque
data: data:
username: {{ .Values.secret.gitHub.user | b64enc | quote }} username: {{ "molgenis-jenkins" | b64enc | quote }}
password: {{ .Values.secret.gitHub.token | b64enc | quote }} password: {{ .Values.PipelineSecrets.Env.GitHubToken | b64enc | quote }}

6
charts/molgenis-jenkins/templates/molgenis-jenkins-gogs-secret.yaml → molgenis-jenkins/templates/molgenis-jenkins-gogs-secret.yaml
View File

@ -8,9 +8,9 @@ metadata:
"jenkins.io/credentials-type": "usernamePassword" "jenkins.io/credentials-type": "usernamePassword"
annotations: { annotations: {
# description - can not be a label as spaces are not allowed # description - can not be a label as spaces are not allowed
"jenkins.io/credentials-description" : "Account used to authenticate against RuG Webhosting Gogs." "jenkins.io/credentials-description" : "user to authenticate against GOGS (git.webhosting.rug.nl)"
} }
type: Opaque type: Opaque
data: data:
username: {{ .Values.secret.gogs.user | b64enc | quote }} username: {{ "p281392" | b64enc | quote }}
password: {{ .Values.secret.gogs.token | b64enc | quote }} password: {{ .Values.PipelineSecrets.Env.GogsToken | b64enc | quote }}

16
molgenis-jenkins/templates/molgenis-jenkins-nexus-secret.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: v1
kind: Secret
metadata:
# this is the jenkins id.
name: "molgenis-jenkins-nexus-secret"
labels:
# so we know what type it is.
"jenkins.io/credentials-type": "usernamePassword"
annotations: {
# description - can not be a label as spaces are not allowed
"jenkins.io/credentials-description" : "user to authenticate against NEXUS"
}
type: Opaque
data:
username: {{ "admin" | b64enc | quote }}
password: {{ .Values.PipelineSecrets.Env.NexusPassword | b64enc | quote }}

16
molgenis-jenkins/templates/molgenis-jenkins-saucelabs-secret.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: v1
kind: Secret
metadata:
# this is the jenkins id.
name: "molgenis-jenkins-saucelabs-secret"
labels:
# so we know what type it is.
"jenkins.io/credentials-type": "usernamePassword"
annotations: {
# description - can not be a label as spaces are not allowed
"jenkins.io/credentials-description" : "user to authenticate against Saucelabs (saucelabs.com)"
}
type: Opaque
data:
username: {{ "molgenis-jenkins" | b64enc | quote }}
password: {{ .Values.PipelineSecrets.Env.SauceAccessKey | b64enc | quote }}

18
molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml Normal file
View File

@ -0,0 +1,18 @@
{{- if .Values.PipelineSecrets.Env.Replace }}
apiVersion: v1
kind: Secret
metadata:
name: molgenis-pipeline-env-secret
labels:
app: {{ template "jenkins.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
pgpPassphrase: {{ .Values.PipelineSecrets.Env.PGPPassphrase | b64enc | quote }}
codecovToken: {{ .Values.PipelineSecrets.Env.CodecovToken | b64enc | quote }}
githubToken: {{ .Values.PipelineSecrets.Env.GitHubToken | b64enc | quote }}
sonarToken: {{ .Values.PipelineSecrets.Env.SonarToken | b64enc | quote }}
npmToken: {{ .Values.PipelineSecrets.Env.NpmToken | b64enc | quote }}
{{- end }}

15
molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if .Values.PipelineSecrets.File.Replace }}
apiVersion: v1
kind: Secret
metadata:
name: molgenis-pipeline-file-secret
labels:
app: {{ template "jenkins.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
key.asc: {{ .Values.PipelineSecrets.File.PGPPrivateKeyAsc | b64enc | quote }}
settings.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }}
{{- end }}

8
charts/molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml → molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml
View File

@ -1,3 +1,4 @@
{{- if .Values.PipelineSecrets.Vault.Replace }}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
@ -9,6 +10,7 @@ metadata:
heritage: "{{ .Release.Service }}" heritage: "{{ .Release.Service }}"
type: Opaque type: Opaque
data: data:
token: {{ .Values.secret.vault.token | b64enc | quote }} token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }}
addr: {{ .Values.secret.vault.addr | b64enc | quote }} addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
skipVerify: {{ .Values.secret.vault.skipVerify | b64enc | quote }} skipVerify: {{ .Values.PipelineSecrets.Vault.SkipVerify | b64enc | quote }}
{{- end }}

278
charts/molgenis-jenkins/values.yaml → molgenis-jenkins/values.yaml
View File

@ -3,18 +3,16 @@ jenkins:
HostName: jenkins.molgenis.org HostName: jenkins.molgenis.org
ServiceType: ClusterIP ServiceType: ClusterIP
InstallPlugins: InstallPlugins:
- kubernetes:1.12.6 - kubernetes:1.12.3
- workflow-aggregator:2.5 - workflow-aggregator:2.5
- workflow-job:2.25 - workflow-job:2.24
- credentials-binding:1.16 - credentials-binding:1.16
- git:3.9.1 - git:3.9.1
- github-branch-source:2.3.6 - github-branch-source:2.3.6
- kubernetes-credentials-provider:0.10 - kubernetes-credentials-provider:0.9
- blueocean:1.8.3 - blueocean:1.8.2
- github-oauth:0.29 - github-oauth:0.29
- gogs-webhook:1.0.14 - gogs-webhook:1.0.14
- github-scm-trait-commit-skip:0.1.1
- slack:2.3
Security: Security:
UseGitHub: false UseGitHub: false
GitHub: GitHub:
@ -83,18 +81,6 @@ jenkins:
<strategyId>1</strategyId> <strategyId>1</strategyId>
<trust class="org.jenkinsci.plugins.github_branch_source.ForkPullRequestDiscoveryTrait$TrustPermission"/> <trust class="org.jenkinsci.plugins.github_branch_source.ForkPullRequestDiscoveryTrait$TrustPermission"/>
</org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait> </org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
<org.jenkinsci.plugins.scm__filter.GitHubCommitSkipTrait plugin="github-scm-trait-commit-skip@0.1.1"/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits> </traits>
</org.jenkinsci.plugins.github__branch__source.GitHubSCMNavigator> </org.jenkinsci.plugins.github__branch__source.GitHubSCMNavigator>
</navigators> </navigators>
@ -144,17 +130,6 @@ jenkins:
<credentialsId>molgenis-jenkins-gogs-secret</credentialsId> <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
<traits> <traits>
<jenkins.plugins.git.traits.BranchDiscoveryTrait/> <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits> </traits>
</source> </source>
<strategy class="jenkins.branch.DefaultBranchPropertyStrategy"> <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@ -208,17 +183,6 @@ jenkins:
<credentialsId>molgenis-jenkins-gogs-secret</credentialsId> <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
<traits> <traits>
<jenkins.plugins.git.traits.BranchDiscoveryTrait/> <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits> </traits>
</source> </source>
<strategy class="jenkins.branch.DefaultBranchPropertyStrategy"> <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@ -272,17 +236,6 @@ jenkins:
<credentialsId>molgenis-jenkins-gogs-secret</credentialsId> <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
<traits> <traits>
<jenkins.plugins.git.traits.BranchDiscoveryTrait/> <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits> </traits>
</source> </source>
<strategy class="jenkins.branch.DefaultBranchPropertyStrategy"> <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@ -336,17 +289,6 @@ jenkins:
<credentialsId>molgenis-jenkins-gogs-secret</credentialsId> <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
<traits> <traits>
<jenkins.plugins.git.traits.BranchDiscoveryTrait/> <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits> </traits>
</source> </source>
<strategy class="jenkins.branch.DefaultBranchPropertyStrategy"> <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@ -400,17 +342,6 @@ jenkins:
<credentialsId>molgenis-jenkins-gogs-secret</credentialsId> <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
<traits> <traits>
<jenkins.plugins.git.traits.BranchDiscoveryTrait/> <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
<jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.LocalBranch">
<localBranch>**</localBranch>
</extension>
</jenkins.plugins.git.traits.LocalBranchTrait>
<jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
<extension class="hudson.plugins.git.extensions.impl.UserIdentity">
<name>MOLGENIS Jenkins</name>
<email>molgenis+ci@gmail.com</email>
</extension>
</jenkins.plugins.git.traits.UserIdentityTrait>
</traits> </traits>
</source> </source>
<strategy class="jenkins.branch.DefaultBranchPropertyStrategy"> <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@ -436,8 +367,8 @@ jenkins:
install: true install: true
Pods: Pods:
molgenis: molgenis:
Label: molgenis Label: molgenisv2
NodeUsageMode: NORMAL NodeUsageMode: EXCLUSIVE
volumes: volumes:
- type: HostPath - type: HostPath
hostPath: "/var/run/docker.sock" hostPath: "/var/run/docker.sock"
@ -484,12 +415,39 @@ jenkins:
key: VAULT_ADDR key: VAULT_ADDR
secretName: molgenis-pipeline-vault-secret secretName: molgenis-pipeline-vault-secret
secretKey: addr secretKey: addr
helm: NodeSelector: {}
Image: "lachlanevenson/k8s-helm" molgenis-legacy:
ImageTag: "v2.10.0" InheritFrom: molgenis
Command: cat Label: molgenis
WorkingDir: /home/jenkins NodeUsageMode: NORMAL
TTY: true volumes:
- type: Secret
secretName: molgenis-pipeline-file-secret
mountPath: "/home/jenkins/.m2"
Containers:
EnvVars:
- type: Secret
key: PGP_PASSPHRASE
secretName: molgenis-pipeline-env-secret
secretKey: pgpPassphrase
- type: KeyValue
key: PGP_SECRETKEY
value: "keyfile:/home.jenkins/.m2/key.asc"
- type: KeyValue
key: npm_config_registry
value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
- type: Secret
key: SONAR_TOKEN
secretName: molgenis-pipeline-env-secret
secretKey: sonarToken
- type: Secret
key: CODECOV_TOKEN
secretName: molgenis-pipeline-env-secret
secretKey: codecovToken
- type: Secret
key: GITHUB_TOKEN
secretName: molgenis-pipeline-env-secret
secretKey: githubToken
NodeSelector: {} NodeSelector: {}
node: node:
Label: node-carbon Label: node-carbon
@ -502,24 +460,22 @@ jenkins:
Command: cat Command: cat
WorkingDir: /home/jenkins WorkingDir: /home/jenkins
TTY: true TTY: true
vault:
Image: "vault"
Command: cat
WorkingDir: /home/jenkins
TTY: true
EnvVars: EnvVars:
- type: KeyValue
key: npm_config_registry
value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
- type: Secret - type: Secret
key: VAULT_TOKEN key: CODECOV_TOKEN
secretName: molgenis-pipeline-vault-secret secretName: molgenis-pipeline-env-secret
secretKey: token secretKey: codecovToken
- type: Secret - type: Secret
key: VAULT_SKIP_VERIFY key: GITHUB_TOKEN
secretName: molgenis-pipeline-vault-secret secretName: molgenis-pipeline-env-secret
secretKey: skipVerify secretKey: githubToken
- type: Secret - type: Secret
key: VAULT_ADDR key: NPM_TOKEN
secretName: molgenis-pipeline-vault-secret secretName: molgenis-pipeline-env-secret
secretKey: addr secretKey: npmToken
NodeSelector: {} NodeSelector: {}
molgenis-it: molgenis-it:
InheritFrom: molgenis InheritFrom: molgenis
@ -583,61 +539,77 @@ jenkins:
cpu: "1" cpu: "1"
memory: "512Mi" memory: "512Mi"
NodeSelector: {} NodeSelector: {}
helm: PipelineSecrets:
Label: helm Vault:
NodeUsageMode: EXCLUSIVE Replace: true
Containers: Token: xxxx
chart-testing: Addr: "https://vault-operator.vault-operator.svc:8200"
Image: "quay.io/helmpack/chart-testing" SkipVerify: 1
ImageTag: v1.1.0 Env:
Command: cat # Set to false to keep existing secret
WorkingDir: /home/jenkins Replace: true
TTY: true # Passphrase for the pgp private key file, prefixed with literal:
alpine: PGPPassphrase: literal:xxxx
Image: "spotify/alpine" # Token for codecov.io service
Command: cat CodecovToken: xxxx
WorkingDir: /home/jenkins # Token for github bot account
TTY: true GitHubToken: xxxx
vault: # Token for github bot account
Image: "vault" GogsToken: xxxx
Command: cat # Token for sonarcloud.io
WorkingDir: /home/jenkins SonarToken: xxxx
TTY: true # Token for npmjs.org
EnvVars: NpmToken: xxxx
- type: Secret # Password Local NEXUS
key: VAULT_TOKEN NexusPassword: xxxx
secretName: molgenis-pipeline-vault-secret # Password hub.docker.com
secretKey: token DockerHubPassword: xxxx
- type: Secret # Access key for saucelabs.com
key: VAULT_SKIP_VERIFY SauceAccessKey: xxxx
secretName: molgenis-pipeline-vault-secret File:
secretKey: skipVerify # Set to false to keep existing secret
- type: Secret Replace: true
key: VAULT_ADDR # PGP Private key in ascii format used to sign artifacts
secretName: molgenis-pipeline-vault-secret PGPPrivateKeyAsc: |-
secretKey: addr -----BEGIN PGP PRIVATE KEY BLOCK-----
NodeSelector: {} xxxxx
-----END PGP PRIVATE KEY BLOCK-----
# secret contains configuration for the kubernetes secrets that jenkins can access # maven.settings file
secret: MavenSettingsXML: |-
# vault configures the vault secret <settings>
vault: <localRepository>${user.home}/.mvnrepository</localRepository>
token: xxxx <interactiveMode>false</interactiveMode>
addr: "https://vault-operator.vault-operator.svc:8200" <mirrors>
skipVerify: "1" <mirror>
# githubToken contains access token for jenkins bot account on github.com <id>nexus</id>
gitHub: <mirrorOf>external:*</mirrorOf>
user: "molgenis-jenkins" <url>http://nexus.molgenis-nexus:8081/repository/maven-central/</url>
token: xxxx </mirror>
# gogs contains access token for jenkins bot account on RuG GoGs </mirrors>
gogs: <servers>
user: p281392 <!-- for snapshot builds of the master -->
token: xxxx <server>
# registry contains credentials for registry.molgenis.org <id>sonatype-nexus-staging</id>
registry: <username>molgenis</username>
user: admin <password>xxxx</password>
password: xxxx </server>
# dockerHubPassword contains password for hub.docker.com <server>
dockerHub: <id>local-nexus</id>
user: molgenisci <url>http://nexus.molgenis-nexus:8081/repository/maven-snapshots/</url>
password: xxxx <username>admin</username>
<password>xxxxx</password>
</server>
<!-- for docker images-->
<server>
<id>registry.molgenis.org</id>
<username>admin</username>
<password>xxxx</password>
</server>
<!-- to authenticate against GOGS for MAVEN release -->
<server>
<id>gogs</id>
<username>xxxx</username>
<password>xxxx</password>
</server>
</servers>
</settings>

0
charts/molgenis-nexus/.helmignore → molgenis-nexus/.helmignore
View File

6
charts/molgenis-nexus/Chart.yaml → molgenis-nexus/Chart.yaml
View File

@ -2,11 +2,7 @@ apiVersion: v1
appVersion: "1.0" appVersion: "1.0"
description: Nexus stack for MOLGENIS description: Nexus stack for MOLGENIS
name: molgenis-nexus name: molgenis-nexus
version: 0.4.2 version: 0.3.0
sources: sources:
- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-nexus/catalogIcon-molgenis-nexus.svg icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-nexus/catalogIcon-molgenis-nexus.svg
home: https://www.sonatype.com/nexus-repository-oss
maintainers:
- name: sidohaakma
- name: fdlk

28
molgenis-nexus/README.md Normal file
View File

@ -0,0 +1,28 @@
# MOLGENIS - NEXUS Helm Chart
NEXUS repository for kubernetes to deploy on a kubernetes cluster with NFS-share
## Chart Details
This chart will deploy:
- 1 NEXUS container
- 1 MOLGENIS-httpd container ()to proxy the registry and docker to one domain)
## Installing the Chart
You can test in install the chart by executing:
```helm lint .```
To test if your helm chart-syntax is right and:
```helm install . --dry-run --debug```
To test if your hem chart works and:
```helm install .```
To deploy it on the cluster.

0
charts/molgenis-nexus/catalogIcon-molgenis-nexus.svg → molgenis-nexus/catalogIcon-molgenis-nexus.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 42 KiB

After

Width:  |  Height:  |  Size: 42 KiB

0
charts/molgenis-nexus/templates/_helpers.tpl → molgenis-nexus/templates/_helpers.tpl
View File

34
molgenis-nexus/templates/deployments/httpd-deployment.yaml Normal file
View File

@ -0,0 +1,34 @@
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
creationTimestamp: null
name: {{ .Values.httpd.name }}
labels:
app: {{ .Values.httpd.name }}
environment: {{ .Values.environment }}
spec:
replicas: {{ .Values.replicaCount }}
strategy:
type: {{ .Values.httpd.strategy.type }}
selector:
matchLabels:
app: {{ .Values.httpd.selector }}
template:
metadata:
labels:
app: {{ .Values.httpd.name }}
creationTimestamp: null
spec:
restartPolicy: {{ .Values.httpd.restartPolicy }}
containers:
- name: {{ .Values.httpd.name }}
image: "{{ .Values.httpd.image.repository }}:{{ .Values.httpd.image.tag }}"
imagePullPolicy: {{ .Values.httpd.image.pullPolicy }}
env:
- name: PROXY_SERVICE
value: "{{ .Values.nexus.name }}:{{ .Values.nexus.port.ui }},{{ .Values.nexus.name }}:{{ .Values.nexus.port.docker }}:{{ .Values.nexus.path.dockerV2 }}"
- name: SERVER_NAME
value: {{ .Values.httpd.hostname }}
ports:
- containerPort: {{ .Values.httpd.port }}
resources: {}

41
charts/molgenis-nexus/templates/deployments/nexus-deployment.yaml → molgenis-nexus/templates/deployments/nexus-deployment.yaml
View File

@ -19,14 +19,18 @@ spec:
app: {{ .Values.nexus.name }} app: {{ .Values.nexus.name }}
creationTimestamp: null creationTimestamp: null
spec: spec:
volumes:
- name: {{ .Values.persistence.name }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.name }}
restartPolicy: {{ .Values.nexus.restartPolicy }} restartPolicy: {{ .Values.nexus.restartPolicy }}
initContainers: initContainers:
- name: nexus-nfs - name: volume-mount-nexus
image: busybox image: busybox
command: ["sh", "-c", "chown -R 200:200 /nexus-data"] command: ["sh", "-c", "chown -R 200:200 {{ .Values.persistence.mountPath }}"]
volumeMounts: volumeMounts:
- name: molgenis-nexus-nfs - name: {{ .Values.persistence.name }}
mountPath: "/nexus-data" mountPath: "{{ .Values.persistence.mountPath }}"
containers: containers:
- name: {{ .Values.nexus.name }} - name: {{ .Values.nexus.name }}
image: "{{ .Values.nexus.image.repository }}:{{ .Values.nexus.image.tag }}" image: "{{ .Values.nexus.image.repository }}:{{ .Values.nexus.image.tag }}"
@ -35,31 +39,6 @@ spec:
- containerPort: {{ .Values.nexus.port.ui }} - containerPort: {{ .Values.nexus.port.ui }}
- containerPort: {{ .Values.nexus.port.docker }} - containerPort: {{ .Values.nexus.port.docker }}
volumeMounts: volumeMounts:
- name: molgenis-nexus-nfs - name: {{ .Values.persistence.name }}
mountPath: /nexus-data mountPath: "/nexus-data"
livenessProbe:
httpGet:
path: /
port: {{ .Values.nexus.port.ui }}
initialDelaySeconds: 120
periodSeconds: 20
failureThreshold: 15
successThreshold: 1
readinessProbe:
httpGet:
path: /
port: {{ .Values.nexus.port.ui }}
initialDelaySeconds: 120
periodSeconds: 20
failureThreshold: 15
successThreshold: 1
volumes:
- name: molgenis-nexus-nfs
persistentVolumeClaim:
claimName: {{ .Values.persistence.claim }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}

6
charts/molgenis-nexus/templates/ingress.yaml → molgenis-nexus/templates/ingress.yaml
View File

@ -5,7 +5,7 @@ kind: Ingress
metadata: metadata:
name: "{{ $.Release.Name }}-ingress" name: "{{ $.Release.Name }}-ingress"
labels: labels:
app: {{ $.Values.nexusProxy.name }} app: httpd
chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}" chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}"
release: "{{ $.Release.Name }}" release: "{{ $.Release.Name }}"
heritage: "{{ $.Release.Service }}" heritage: "{{ $.Release.Service }}"
@ -25,8 +25,8 @@ spec:
paths: paths:
- path: {{ default "/" .path }} - path: {{ default "/" .path }}
backend: backend:
serviceName: {{ $.Values.nexusProxy.name }} serviceName: httpd
servicePort: {{ $.Values.nexusProxy.port }} servicePort: 80
{{- if .tls }} {{- if .tls }}
tls: tls:
- hosts: - hosts:

13
molgenis-nexus/templates/services/httpd-service.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.httpd.name }}
labels:
app: {{ .Values.httpd.name }}
spec:
type: {{ .Values.httpd.service.type }}
ports:
- name: {{ .Values.httpd.name }}
port: {{ .Values.httpd.port }}
selector:
app: {{ .Values.httpd.selector }}

0
charts/molgenis-nexus/templates/services/nexus-service.yaml → molgenis-nexus/templates/services/nexus-service.yaml
View File

16
molgenis-nexus/templates/volumes/nexus-pv.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ .Values.persistence.name }}
labels:
name: nfs2
spec:
storageClassName: {{ .Values.persistence.storageClass }}
capacity:
storage: {{ .Values.persistence.size }}
accessModes:
- {{ .Values.persistence.accessMode }}
persistentVolumeReclaimPolicy: {{ .Values.persistence.reclaimPolicy }}
nfs:
server: {{ .Values.persistence.server }}
path: {{ .Values.persistence.mountPath }}

11
molgenis-nexus/templates/volumes/nexus-pvc.yaml Normal file
View File

@ -0,0 +1,11 @@
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ .Values.persistence.name }}
spec:
storageClassName: {{ .Values.persistence.storageClass }}
accessModes:
- {{ .Values.persistence.accessMode }}
resources:
requests:
storage: {{ .Values.persistence.size }}

82
molgenis-nexus/values.yaml Normal file
View File

@ -0,0 +1,82 @@
# Default values for nexus.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
environment: production
nexus:
name: nexus
strategy:
type: Recreate
selector: nexus
restartPolicy: Always
image:
repository: sonatype/nexus3
tag: latest
pullPolicy: Always
port:
docker: 5000
ui: 8081
path:
dockerV2: v2
service:
type: ClusterIP
httpd:
name: httpd
hostname: registry.molgenis.org
strategy:
type: Recreate
selector: httpd
restartPolicy: Always
image:
repository: registry.webhosting.rug.nl/molgenis/httpd
tag: lts
pullPolicy: Always
port: 80
service:
type: LoadBalancer
ingress:
enabled: true
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
path: /
hosts:
- name: registry.molgenis.org
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
persistence:
name: molgenis-nexus-data
storageClass: nfs-class
size: 30G
reclaimPolicy: Retain
server: 192.168.64.12
accessMode: ReadWriteMany
mountPath: /gcc/molgenis/nexus
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}

0
charts/molgenis-opencpu/.helmignore → molgenis-preview/.helmignore
View File

10
charts/molgenis/Chart.yaml → molgenis-preview/Chart.yaml
View File

@ -1,12 +1,8 @@
apiVersion: v1 apiVersion: v1
appVersion: "1.0" appVersion: "1.0"
description: MOLGENIS - helm stack (in BETA) description: A Helm chart for Kubernetes
name: molgenis name: molgenis
version: 0.4.3 version: 0.2.0
sources: sources:
- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis/catalogIcon-molgenis.svg icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-preview/catalogIcon-molgenis.svg
home: http://molgenis.org
maintainers:
- name: sidohaakma
- name: fdlk

11
molgenis-preview/README.md Normal file
View File

@ -0,0 +1,11 @@
# MOLGENIS preview
Is used for integration testing purposes.
## Containers
This chart spins up a complete stack to run MOLGENIS. The created containers are:
- MOLGENIS
- PostgreSQL
- Elasticsearch
- OpenCPU

0
charts/molgenis/catalogIcon-molgenis.svg → molgenis-preview/catalogIcon-molgenis.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 77 KiB

After

Width:  |  Height:  |  Size: 77 KiB

44
molgenis-preview/questions.yml Normal file
View File

@ -0,0 +1,44 @@
categories:
- MOLGENIS
questions:
- variable: ingress.hosts[0].name
default: "test.molgenis.org"
description: "Hostname for your stack"
type: hostname
required: true
group: "Services and Load Balancing"
label: Hostname
- variable: molgenis.resources.limits.cpu
default: 1
description: "CPU limit for this MOLGENIS instance"
type: enum
options:
- "1"
- "2"
- "3"
- "4"
required: true
group: "MOLGENIS - Resource limits"
label: CPU limit
- variable: molgenis.resources.limits.memory
default: 1250Mi
description: "Memory limit for this MOLGENIS instance"
type: enum
options:
- "1250Mi"
- "1500Mi"
- "2000Mi"
- "2500Mi"
required: true
group: "MOLGENIS - Resource limits"
label: Memory limit
- variable: molgenis.javaOpts
default: "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
description: "Java runtime options for the MOLGENIS instance"
type: enum
options:
- "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
- "-Xmx2g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
group: "MOLGENIS - Resource limits"
label: Java memory options

0
charts/molgenis/templates/NOTES.txt → molgenis-preview/templates/NOTES.txt
View File

0
charts/molgenis/templates/_helpers.tpl → molgenis-preview/templates/_helpers.tpl
View File

83
charts/molgenis/templates/deployment.yaml → molgenis-preview/templates/deployment.yaml
View File

@ -17,8 +17,6 @@ spec:
matchLabels: matchLabels:
app: {{ template "molgenis.name" . }} app: {{ template "molgenis.name" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
strategy:
type: Recreate
template: template:
metadata: metadata:
labels: labels:
@ -28,50 +26,37 @@ spec:
containers: containers:
- name: molgenis - name: molgenis
{{- with .Values.molgenis }} {{- with .Values.molgenis }}
image: {{ .image.repository }}/{{ .image.name }}:{{ .image.tag }} image: "{{ .image.repository }}:{{ .image.tag }}"
imagePullPolicy: {{ .image.pullPolicy }} imagePullPolicy: {{ .image.pullPolicy }}
env: env:
- name: molgenis.home - name: molgenis.home
value: /home/molgenis value: /home/molgenis
- name: opencpu.uri.host - name: opencpu.uri.host
value: {{ .services.opencpu.host }} value: localhost
- name: elasticsearch.transport.addresses - name: elasticsearch.transport.addresses
value: {{ .services.elasticsearch.transportAddresses }} value: localhost:9300
- name: elasticsearch.cluster.name - name: elasticsearch.cluster.name
value: {{ .services.elasticsearch.clusterName }} value: {{ $.Values.elasticsearch.clusterName }}
- name: db_uri - name: db_uri
value: jdbc:postgresql://{{ .services.postgres.host }}/{{ .services.postgres.scheme }} value: "jdbc:postgresql://localhost/{{ $.Values.postgres.db }}"
- name: db_user - name: db_user
value: {{ .services.postgres.user }} value: {{ $.Values.postgres.user }}
- name: db_password - name: db_password
value: {{ .services.postgres.password }} value: {{ $.Values.postgres.password }}
- name: admin.password - name: admin.password
value: {{ .adminPassword }} value: {{ .adminPassword }}
- name: CATALINA_OPTS - name: CATALINA_OPTS
value: "-Xmx{{ .javaOpts.maxHeapSpace }} -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled" value: "{{ .javaOpts }}"
ports: ports:
- containerPort: 8080 - containerPort: 8080
{{- if $.Values.persistence.enabled }} # livenessProbe:
volumeMounts: # httpGet:
- name: molgenis-nfs # path: /
mountPath: /home/molgenis # port: 8080
{{- end }} # readinessProbe:
livenessProbe: # httpGet:
httpGet: # path: /api/v2/version
path: / # port: 8080
port: 8080
initialDelaySeconds: 60
periodSeconds: 5
failureThreshold: 25
successThreshold: 1
readinessProbe:
httpGet:
path: /api/v2/version
port: 8080
initialDelaySeconds: 120
periodSeconds: 30
failureThreshold: 3
successThreshold: 1
resources: resources:
{{ toYaml .resources | indent 12 }} {{ toYaml .resources | indent 12 }}
{{- end }} {{- end }}
@ -94,11 +79,6 @@ spec:
ports: ports:
- containerPort: 9200 - containerPort: 9200
- containerPort: 9300 - containerPort: 9300
{{- if $.Values.persistence.enabled }}
volumeMounts:
- name: elasticsearch-nfs
mountPath: /usr/share/elasticsearch/data
{{- end }}
resources: resources:
{{ toYaml .resources | indent 12 }} {{ toYaml .resources | indent 12 }}
{{- end }} {{- end }}
@ -109,34 +89,25 @@ spec:
imagePullPolicy: {{ .image.pullPolicy }} imagePullPolicy: {{ .image.pullPolicy }}
env: env:
- name: POSTGRES_USER - name: POSTGRES_USER
value: {{ $.Values.molgenis.services.postgres.user }} value: {{ .user }}
- name: POSTGRES_PASSWORD - name: POSTGRES_PASSWORD
value: {{ $.Values.molgenis.services.postgres.password }} value: {{ .password }}
- name: POSTGRES_DB - name: POSTGRES_DB
value: {{ $.Values.molgenis.services.postgres.scheme }} value: {{ .db }}
ports: ports:
- containerPort: 5432 - containerPort: 5432
resources: resources:
{{ toYaml .resources | indent 12 }} {{ toYaml .resources | indent 12 }}
{{- if $.Values.persistence.enabled }}
volumeMounts:
- name: postgres-nfs
mountPath: /var/lib/postgresql/data
{{- end }}
{{- end }} {{- end }}
- name: opencpu
{{- if .Values.persistence.enabled }} {{- with .Values.opencpu }}
volumes: image: "{{ .image.repository }}:{{ .image.tag }}"
- name: molgenis-nfs imagePullPolicy: {{ .image.pullPolicy }}
persistentVolumeClaim: ports:
claimName: {{ .Values.molgenis.persistence.claim }} - containerPort: 8004
- name: elasticsearch-nfs resources:
persistentVolumeClaim: {{ toYaml .resources | indent 12 }}
claimName: {{ .Values.elasticsearch.persistence.claim }}
- name: postgres-nfs
persistentVolumeClaim:
claimName: {{ .Values.postgres.persistence.claim }}
{{- end }} {{- end }}
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}

4
charts/molgenis/templates/ingress.yaml → molgenis-preview/templates/ingress.yaml
View File

@ -4,7 +4,7 @@
apiVersion: extensions/v1beta1 apiVersion: extensions/v1beta1
kind: Ingress kind: Ingress
metadata: metadata:
name: "{{ $.Release.Name }}-ingress" name: {{ $fullName }}
labels: labels:
app: {{ template "molgenis.name" . }} app: {{ template "molgenis.name" . }}
chart: {{ template "molgenis.chart" . }} chart: {{ template "molgenis.chart" . }}
@ -33,6 +33,6 @@ spec:
- path: {{ $ingressPath }} - path: {{ $ingressPath }}
backend: backend:
serviceName: {{ $fullName }} serviceName: {{ $fullName }}
servicePort: {{ $.Values.service.port }} servicePort: 8080
{{- end }} {{- end }}
{{- end }} {{- end }}

12
charts/molgenis/templates/service.yaml → molgenis-preview/templates/service.yaml
View File

@ -9,18 +9,6 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
spec: spec:
type: {{ .Values.service.type }} type: {{ .Values.service.type }}
{{- if .Values.service.firewall.enabled }}
loadBalancerSourceRanges:
{{- if .Values.service.firewall.kind eq "umcg" }}
{{- range $index, $rule := .Values.service.firewall.umcg.rules }}
- {{ $rule }}
{{- end }}
{{- else }}
{{- range $index, $rule := .Values.service.firewall.cluster.rules }}
- {{ $rule }}
{{- end }}
{{- end }}
{{- end }}
ports: ports:
- name: molgenis - name: molgenis
port: {{ .Values.service.port }} port: {{ .Values.service.port }}

120
molgenis-preview/test.yaml Normal file
View File

@ -0,0 +1,120 @@
# Source: molgenis/templates/deployment.yaml
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: lanky-ragdoll-molgenis
labels:
app: molgenis
chart: molgenis-0.1.0
release: lanky-ragdoll
heritage: Tiller
spec:
replicas: 1
selector:
matchLabels:
app: molgenis
release: lanky-ragdoll
template:
metadata:
labels:
app: molgenis
release: lanky-ragdoll
spec:
containers:
- name: molgenis
image: "registry.molgenis.org/molgenis/molgenis-app:latest"
imagePullPolicy: Always
env:
- name: molgenis.home
value: /home/molgenis
- name: opencpu.uri.host
value: opencpu
- name: elasticsearch.transport.addresses
value: elasticsearch:9300
- name: elasticsearch.cluster.name
value: molgenis
- name: db_uri
value: "jdbc:postgresql://postgres/molgenis"
- name: db_user
value: molgenis
- name: db_password
value: molgenis
- name: admin.password
value: admin
- name: CATALINA_OPTS
value: "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
ports:
- containerPort: 8080
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /api/v2/version
port: http
resources:
limits:
cpu: 1
memory: 1250Mi
requests:
cpu: 200m
memory: 1Gi
- name: elasticsearch
image: "docker.elastic.co/elasticsearch/elasticsearch:5.5.3"
imagePullPolicy: IfNotPresent
env:
- name: cluster.name
value: molgenis
- name: bootstrap.memory_lock
value: true
- name: ES_JAVA_OPTS
value: "-Xms512m -Xmx512m"
- name: xpack.security.enabled
value: false
- name: discovery.type
value: single-node
ports:
- containerPort: 9200
- containerPort: 9300
limits:
cpu: 1
memory: 1500Mi
requests:
cpu: 100m
memory: 1Gi
- name: postgres
image: "postgres:9.6-alpine"
imagePullPolicy: IfNotPresent
env:
- name: POSTGRES_USER
value: molgenis
- name: POSTGRES_PASSWORD
value: molgenis
- name: POSTGRES_DB
value: molgenis
ports:
- containerPort: 5432
limits:
cpu: 1
memory: 250Mi
requests:
cpu: 100m
memory: 250Mi
- name: opencpu
image: "molgenis/opencpu:latest"
imagePullPolicy: Always
ports:
- containerPort: 8004
limits:
cpu: 1
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi

81
molgenis-preview/values.yaml Normal file
View File

@ -0,0 +1,81 @@
# Default values for molgenis.
replicaCount: 1
service:
type: LoadBalancer
port: 8080
ingress:
enabled: true
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
path: /
hosts:
- name: test.molgenis.org
tls: []
molgenis:
image:
repository: registry.molgenis.org/molgenis/molgenis-app
tag: 7.0.0-SNAPSHOT
pullPolicy: Always
adminPassword: admin
javaOpts: "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
resources:
limits:
cpu: 1
memory: 1250Mi
requests:
cpu: 200m
memory: 1Gi
postgres:
image:
repository: postgres
tag: 9.6-alpine
pullPolicy: IfNotPresent
user: molgenis
password: molgenis
db: molgenis
resources:
limits:
cpu: 1
memory: 250Mi
requests:
cpu: 100m
memory: 250Mi
elasticsearch:
image:
repository: docker.elastic.co/elasticsearch/elasticsearch
tag: 5.5.3
pullPolicy: IfNotPresent
javaOpts: "-Xms512m -Xmx512m"
clusterName: molgenis
resources:
limits:
cpu: 1
memory: 1500Mi
requests:
cpu: 100m
memory: 1Gi
opencpu:
image:
repository: molgenis/opencpu
tag: latest
pullPolicy: Always
resources:
limits:
cpu: 1
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
nodeSelector: {}
tolerations: []
affinity: {}

Some files were not shown because too many files have changed in this diff Show More