fix (jenkins) Fix skip verify value in vault secret

The new pod has label molgenisv2, the legacy one is still labeled molgenis so existing scripts will keep working.

README.md

@@ -33,29 +33,51 @@ When you want to use kubernetes there are some commands you need to know. Also r
 
 Commands that can be used to get information from a kubernetes cluster
 
-- ```kubectl get pods```
+**Pods**
+
+- ```kubectl get pods (optional: [--all-namspaces])```
   
   Gets alls running instances of containers from a certain deployment
+
+- ```kubectl describe pod #pod name# --namespace=#namesspace#```
+
+  Describes the pod initialization, also displays error messages more accurately if they occur
+
+- ```kubectl remove pod #pod name# --namespace=#namespace# (optional: [--force] [--grace-period=0])```
+
+  Removes a pod from the system (but will restart if the option is set in the deployment,yaml *[see note]*). 
+  
+  **note:** You can not do this while the deployment of the service is still there
+
+**Services**
+
 - ```kubectl get services```
 
   Gets all services from a deployment
+
+**Volumes**
+  
 - ```kubectl get pv```
   
   Gets all persistant volumes
 - ```kubectl get pvc```
   
   Gets all persistent volume claims
+
+**Deployments**
+
 - ```kubectl get deployments```
   
   Gets all deployments (comparable with docker-compose)
     
+
 ## Remote clusters
 
 When you want to see what is running on the clusters at the CIT you have to make a context switch.
 You can access the cluster with kubeconfig-files. You can obtain these by downloading them from the 
 MOLGENIS kubernetes cluster.
 
-- Go to https://rancher.molgenis.org:7443 and login
+- Go to https://rancher.molgenis.org:7777 and login
 - Go to Rancher --> Cluster: *#name#* --> *Kubeconfig File*
 - Go to a **Terminal** where ```kubectl``` is available
 - Add this configuration to ~/.kube/config (or place a new file besides this one)
@@ -63,7 +85,7 @@ MOLGENIS kubernetes cluster.
   *Example*: 
 ```bash
 # When you added the MOLGENIS configuration to the original configuration
-kubectl config user-context molgenis
+kubectl config use-context molgenis
 
 # or when you placed the MOLGENIS configuration besides the original one
 kubectl config use-context molgenis --kubeconfig=*full path to molgenis config*
@@ -82,17 +104,36 @@ This repository is serves also as a catalogue for Rancher. We have serveral apps
 - [Jenkins](molgenis-jenkins/README.md)
 - [NEXUS](molgenis-nexus/README.md)
 - [HTTPD](molgenis-httpd/README.md)
+- [MOLNIGES preview](molgenis-preview/README.md)
 
 ### Useful commands
+You can you need to know to easily develop and deploy helm-charts
 
-- ```helm install .```
+- ```helm lint .```
+
+  To test your helm chart for code errors.
+
+- ```helm install . --dry-run --debug```
+
+  Check if your configuration deploys on a kubernetes cluster and check the configuration
+
+- ```helm install . #release name# --namespace #remote namespace#```
   
   Do it in the root of the project where the Chart.yaml is located
   It installs a release of a kubernetes stack. You also store this as an artifact in a kubernetes repository
 - ```helm list```
   
   Lists all installed releases
-- ```helm delete #release#a```
+- ```helm delete #release#```
   
   Performs a sort of mvn clean on your workspace. Very handy for zombie persistent volumes or claims.
 
+- ```install tiller on remote cluster```
+
+  To install tiller on a remote cluster you need an rbac-config.yml.
+  ```kubectl create -f rbac-config.yaml```
+
+  When you have defined the yaml you can add the tiller to the cluster by following the steps below.
+  ```helm init --service-account tiller```  
+  
+  

httpd/v0.1.x/Chart.yaml

@@ -1,5 +0,0 @@
-apiVersion: v1
-appVersion: "1.0"
-description: A Helm chart for Kubernetes
-name: httpd
-version: 0.1.2

httpd/v0.1.x/questions.yml

@@ -1,64 +0,0 @@
-categories:
-- MOLGENIS
-questions:
-- variable: molgenisUsername
-  default: "molgenis"
-  description: "User of the application"
-  type: string
-  required: true
-  label: MOLGENIS username
-  group: "MOLGENIS Settings"
-- variable: molgenisEmail
-  default: "admin@molgenis.org"
-  description: "Admin email"
-  type: string
-  required: true
-  label: MOLGENIS admin email
-  group: "MOLGENIS Settings"
-- variable: persistence.enabled
-  default: "false"
-  description: "Enable persistent volume for MOLGENIS"
-  type: boolean
-  required: true
-  label: MOLGENIS Persistent Volume Enabled
-  show_subquestion_if: true
-  group: "MOLGENIS Settings"
-  subquestions:
-  - variable: persistence.size
-    default: "10Gi"
-    description: "Persistent Volume Size"
-    type: string
-    label: MOLGENIS Volume Size
-  - variable: persistence.storageClass
-    default: ""
-    description: "If undefined or null, uses the default StorageClass. Default to null"
-    type: storageclass
-    label: Default StorageClass for MOLGENIS
-- variable: ingress.hosts[0].name
-  default: "test.molgenis.org"
-  description: "Hostname for your stack"
-  type: hostname
-  required: true
-  group: "Services and Load Balancing"
-  label: Hostname
-- variable: httpd.hostname
-  default: "test.molgenis.org"
-  description: "Hostname for your services (comma separated, example: [hostname]:[port])"
-  type: string
-  required: false
-  group: "Apache configuration"
-  label: Hostname
-- variable: httpd.proxy
-  default: ""
-  description: "Proxy for your services (comma separated, example: [service]:[port]:[path])"
-  type: string
-  required: false
-  group: "Apache configuration"
-  label: Proxy
-- variable: httpd.redirect
-  default: ""
-  description: "Redirection urls for your services (comma separated, example: [redirection_url])"
-  type: string
-  required: false
-  group: "Apache configuration"
-  label: Redirection

molgenis-httpd/Chart.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+appVersion: "1.0"
+description: HTTPD for MOLGENIS
+name: molgenis-httpd
+version: 0.1.0
+sources:
+- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
+icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-httpd/catalogIcon-molgenis-httpd.svg

molgenis-httpd/README.md

@@ -0,0 +1,15 @@
+# MOLGENIS - HTTPD Helm Chart
+
+HTTPD (web)server for kubernetes to deploy on a kubernetes cluster with NFS-share
+
+## Chart Details
+
+This chart will deploy:
+
+- 1 HTTPD container
+
+## Installing the Chart
+
+etc.
+
+

molgenis-httpd/questions.yml

@@ -0,0 +1,31 @@
+categories:
+- MOLGENIS
+questions:
+- variable: ingress.hosts[0].name
+  default: "test.molgenis.org"
+  description: "Hostname for your stack"
+  type: hostname
+  required: true
+  group: "Services and Load Balancing"
+  label: Hostname
+- variable: httpd.hostname
+  default: "test.molgenis.org"
+  description: "Hostname for your services (comma separated, example: [hostname]:[port])"
+  type: string
+  required: false
+  group: "Apache configuration"
+  label: Hostname
+- variable: httpd.proxy
+  default: ""
+  description: "Proxy for your services (comma separated, example: [service]:[port]:[path])"
+  type: string
+  required: false
+  group: "Apache configuration"
+  label: Proxy
+- variable: httpd.redirect
+  default: ""
+  description: "Redirection urls for your services (comma separated, example: [redirection_url])"
+  type: string
+  required: false
+  group: "Apache configuration"
+  label: Redirection

molgenis-httpd/templates/deployment.yaml

@@ -24,9 +24,8 @@ spec:
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
-            - name: http
+            - name: {{ .Values.service.name }}
-              containerPort: 80
+              containerPort: {{ .Values.service.port }}
-              protocol: TCP
           env:
             - name: SERVER_NAME
               value: "{{ .Values.httpd.hostname }}"

molgenis-httpd/templates/service.yaml

@@ -10,10 +10,9 @@ metadata:
 spec:
   type: {{ .Values.service.type }}
   ports:
-    - port: {{ .Values.service.port }}
+  - name: {{ .Values.service.name }}
-      targetPort: http
+    port: {{ .Values.service.port }}
-      protocol: TCP
+
-      name: http
   selector:
     app: {{ template "httpd.name" . }}
     release: {{ .Release.Name }}

molgenis-httpd/values.yaml

@@ -10,6 +10,7 @@ image:
   pullPolicy: Always
 
 service:
+  name: httpd
   type: ClusterIP
   port: 80
 
@@ -17,12 +18,9 @@ httpd:
   proxy: httpd:80:/
   redirect: redirect.molgenis.local
   hostname: test.molgenis.local
-  volume:
-    username: molgenis
-    email: admin@molgenis.org
 
 ingress:
-  enabled: false
+  enabled: true
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"

molgenis-jenkins/Chart.yaml

@@ -1,7 +1,7 @@
 name: molgenis-jenkins
 home: https://jenkins.io/
-version: 0.2.1
+version: 0.7.0
-appVersion: 2.107
+appVersion: 2.121
 description: Molgenis installation for the jenkins chart.
 sources:
 - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git

molgenis-jenkins/README.md

@@ -1,10 +1,7 @@
 # Molgenis Jenkins Helm Chart
 
-Jenkins master and slave cluster utilizing the Jenkins Kubernetes plugin
+Jenkins master and slave cluster utilizing the Jenkins Kubernetes plugin.
-
+Wraps [the kuberenetes jenkins chart](https://github.com/kubernetes/charts/tree/master/stable/jenkins), see documentation there!
-* https://wiki.jenkins-ci.org/display/JENKINS/Kubernetes+Plugin
-
-Inspired by the awesome work of Carlos Sanchez <mailto:carlos@apache.org>
 
 ## Chart Details
 
@@ -15,223 +12,95 @@ This chart will do the following:
 
 ## Installing the Chart
 
-In the rancher UI, choose the molgenis-jenkins app from the catalog and deploy it.
+Usually, you'll be deploying this to the molgenis cluster.
+In the [Rancher Catalog](https://rancher.molgenis.org:7443/g/catalog), add the latest version of this repository.
+In the [molgenis cluster management page](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/apps), choose the 
+catalog, pick the molgenis-jenkins app from the catalog and deploy it.
 
 ## Configuration
 
-The following tables list the configurable parameters of the Jenkins chart and their default values.
+When deploying, you can paste values into the Rancher Answers to override the defaults in this chart.
-You can paste these values into the Rancher Answers if you like.
+Array values can be added as {value, value, value}.
-Array values can be added as {value, value, value}, e.g.
 ```
-jenkins.Master.InstallPlugins={kubernetes:1.8.4, workflow-aggregator:2.5, workflow-job:2.21, credentials-binding:1.16, git:3.9.1}
+jenkins.Master.HostName=jenkins.molgenis.org
+jenkins.Master.AdminPassword=pa$$word
+jenkins.Persistence.Enabled=false
+jenkins.Master.InstallPlugins={kubernetes:1.8.4, workflow-aggregator:2.5, workflow-job:2.21, credentials-binding:1.16, git:3.9.1, blueocean:1.6.2, github-oauth:0.29}
+jenkins.Master.Security.UseGitHub=false
+## if UseGitHub=true
+jenkins.Master.Security.GitHub.ClientID=id
+jenkins.Master.Security.GitHub.ClientSecret=S3cr3t
+## end UseGitHub=true
+PipelineSecrets.Env.PGPPassphrase=literal:S3cr3t
 ```
-> Because we use jenkins as a sub-chart, you should prefix all values with `jenkins`!
 
-### Jenkins Master
+You can use [all configuration values of the jenkins subchart](https://github.com/kubernetes/charts/tree/master/stable/jenkins).
-| Parameter                         | Description                          | Default                                                                      |
+> Because we use jenkins as a sub-chart, you should prefix all value keys with `jenkins`!
-| --------------------------------- | ------------------------------------ | ---------------------------------------------------------------------------- |
-| `nameOverride`                    | Override the resource name prefix    | `jenkins`                                                                    |
-| `fullnameOverride`                | Override the full resource names     | `jenkins-{release-name}` (or `jenkins` if release-name is `jenkins`)         |
-| `Master.Name`                     | Jenkins master name                  | `jenkins-master`                                                             |
-| `Master.Image`                    | Master image name                    | `jenkinsci/jenkins`                                                          |
-| `Master.ImageTag`                 | Master image tag                     | `lts`                                                                     |
-| `Master.ImagePullPolicy`          | Master image pull policy             | `Always`                                                                     |
-| `Master.ImagePullSecret`          | Master image pull secret             | Not set                                                                      |
-| `Master.Component`                | k8s selector key                     | `jenkins-master`                                                             |
-| `Master.UseSecurity`              | Use basic security                   | `true`                                                                       |
-| `Master.AdminUser`                | Admin username (and password) created as a secret if useSecurity is true | `admin`                                  |
-| `Master.Cpu`                      | Master requested cpu                 | `200m`                                                                       |
-| `Master.Memory`                   | Master requested memory              | `256Mi`                                                                      |
-| `Master.InitContainerEnv`         | Environment variables for Init Container                                 | Not set                                  |
-| `Master.ContainerEnv`             | Environment variables for Jenkins Container                              | Not set                                  |
-| `Master.RunAsUser`                | uid that jenkins runs with           | `0`                                                                          |
-| `Master.FsGroup`                  | uid that will be used for persistent volume | `0`                                                                   |
-| `Master.ServiceAnnotations`       | Service annotations                  | `{}`                                                                         |
-| `Master.ServiceType`              | k8s service type                     | `LoadBalancer`                                                               |
-| `Master.ServicePort`              | k8s service port                     | `8080`                                                                       |
-| `Master.NodePort`                 | k8s node port                        | Not set                                                                      |
-| `Master.HealthProbes`             | Enable k8s liveness and readiness probes | `true`                                                                   |
-| `Master.HealthProbesLivenessTimeout`      | Set the timeout for the liveness probe | `120`                                                       |
-| `Master.HealthProbesReadinessTimeout` | Set the timeout for the readiness probe | `60`                                                       |
-| `Master.HealthProbeLivenessFailureThreshold` | Set the failure threshold for the liveness probe | `12`                                                       |
-| `Master.ContainerPort`            | Master listening port                | `8080`                                                                       |
-| `Master.SlaveListenerPort`        | Listening port for agents            | `50000`                                                                      |
-| `Master.DisabledAgentProtocols`   | Disabled agent protocols             | `JNLP-connect JNLP2-connect`                                                                      |
-| `Master.CSRF.DefaultCrumbIssuer.Enabled` | Enable the default CSRF Crumb issuer | `true`                                                                      |
-| `Master.CSRF.DefaultCrumbIssuer.ProxyCompatability` | Enable proxy compatibility | `true`                                                                      |
-| `Master.CLI`                      | Enable CLI over remoting             | `false`                                                                      |
-| `Master.LoadBalancerSourceRanges` | Allowed inbound IP addresses         | `0.0.0.0/0`                                                                  |
-| `Master.LoadBalancerIP`           | Optional fixed external IP           | Not set                                                                      |
-| `Master.JMXPort`                  | Open a port, for JMX stats           | Not set                                                                      |
-| `Master.CustomConfigMap`          | Use a custom ConfigMap               | `false`                                                                      |
-| `Master.Ingress.Annotations`      | Ingress annotations                  | `{}`                                                                         |
-| `Master.Ingress.TLS`              | Ingress TLS configuration            | `[]`                                                                         |
-| `Master.InitScripts`              | List of Jenkins init scripts         | Not set                                                                      |
-| `Master.CredentialsXmlSecret`     | Kubernetes secret that contains a 'credentials.xml' file | Not set                                                  |
-| `Master.SecretsFilesSecret`       | Kubernetes secret that contains 'secrets' files | Not set                                                           |
-| `Master.Jobs`                     | Jenkins XML job configs              | Not set                                                                      |
-| `Master.InstallPlugins`           | List of Jenkins plugins to install   | `kubernetes:0.11 workflow-aggregator:2.5 credentials-binding:1.11 git:3.2.0` |
-| `Master.ScriptApproval`           | List of groovy functions to approve  | Not set                                                                      |
-| `Master.NodeSelector`             | Node labels for pod assignment       | `{}`                                                                         |
-| `Master.Affinity`                 | Affinity settings                    | `{}`                                                                         |
-| `Master.Tolerations`              | Toleration labels for pod assignment | `{}`                                                                         |
-| `NetworkPolicy.Enabled`           | Enable creation of NetworkPolicy resources. | `false`                                                               |
-| `NetworkPolicy.ApiVersion`        | NetworkPolicy ApiVersion             | `extensions/v1beta1`                                                         |
-| `rbac.install`                    | Create service account and ClusterRoleBinding for Kubernetes plugin | `false`                                       |
-| `rbac.apiVersion`                 | RBAC API version                     | `v1beta1`                                                                    |
-| `rbac.roleRef`                    | Cluster role name to bind to         | `cluster-admin`                                                              |
 
-### Jenkins Agent
+### GitHub Authentication delegation
+You need to setup a MOLGENIS - Jenkins GitHub OAuth App. You can do this by accessing this url: [add new OAuth app](https://github.com/settings/applications/new).
 
-| Parameter               | Description                                     | Default                |
+### Additional configuration
-| ----------------------- | ----------------------------------------------- | ---------------------- |
+There is one additional group of configuration items specific for this chart, so not prefixed with `jenkins`:
-| `Agent.AlwaysPullImage` | Always pull agent container image before build  | `false`                |
-| `Agent.Enabled`         | Enable Kubernetes plugin jnlp-agent podTemplate | `true`                 |
-| `Agent.Image`           | Agent image name                                | `jenkinsci/jnlp-slave` |
-| `Agent.ImagePullSecret` | Agent image pull secret                         | Not set                |
-| `Agent.ImageTag`        | Agent image tag                                 | `2.62`                 |
-| `Agent.Privileged`      | Agent privileged container                      | `false`                |
-| `Agent.Cpu`             | Agent requested cpu                             | `200m`                 |
-| `Agent.Memory`          | Agent requested memory                          | `256Mi`                |
-| `Agent.volumes`         | Additional volumes                              | `nil`                  |
 
+* PipelineSecrets
+
+   When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins and mounted in the jenkins 
+   build pods. The secrets, like the rest of the deployment, is namespaced so multiple instances can run beside
+   each other with their own secrets.
+
+   You can override the values at deploy time but otherwise also configure them 
+   [in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
+
+*  Vault
+
+   New vault token to be used by the pods to retrieve their tokens from the vault.
+   
+   | Parameter                         | Description                                | Default                                       |
+   | ----------------------------------|--------------------------------------------|-----------------------------------------------|
+   | `PipelineSecrets.Vault.Replace`   | Replace the molgenis-pipeline-vault secret |`true`                                         |
+   | `PipelineSecrets.Vault.Token`     | Token to log into the hashicorp vault      |`xxxx`                                         |
+   | `PipelineSecrets.Vault.Addr`      | Address of the vault                       |`https:vault-operator.vault-operator.svc:8200` |
+   | `PipelineSecrets.Vault.skipVerify`| Skip verification of the https connection  |`1`                                            |
+
+*  Env
+   
+   Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
+   in the slave pods.
+
+   | Parameter                              | Description                               | Default         |
+   | -------------------------------------- | ----------------------------------------- | --------------- |
+   | `PipelineSecrets.Env.Replace`          | Replace molgenis-pipeline-env secret      | `true`          |
+   | `PipelineSecrets.Env.PGPPassphrase`    | passphrase for the pgp signing key        | `literal:xxxx`  |
+   | `PipelineSecrets.Env.CodecovToken`     | token for codecov.io                      | `xxxx`          |
+   | `PipelineSecrets.Env.GitHubToken`      | token for GH molgenis-jenkins user        | `xxxx`          |
+   | `PipelineSecrets.Env.NexusPassword`    | token for molgenis-jenkins user in NEXUS  | `xxxx`          |
+   | `PipelineSecrets.Env.DockerHubPassword`| token for molgenis user in hub.docker.com | `xxxx`          |
+   | `PipelineSecrets.Env.SonarToken`       | token for sonarcloud.io                   | `xxxx`          |
+   | `PipelineSecrets.Env.NpmToken`         | token for npmjs.org                       | `xxxx`          | 
+   | `PipelineSecrets.Env.SauceAccessKey`   | token for saucelabs.com                   | `xxxx`          |
+
+* File
+
+  Environment variables stored in molgenis-pipeline-file secret, to be mounted as files
+  in the `/root/.m2` directory of the slave pods.
+  > The settings.xml file references the 
+
+  | Parameter                              | Description                           | Default                                                                         |
+  | -------------------------------------- | ------------------------------------- | ------------------------------------------------------------------------------- |
+  | `PipelineSecrets.File.Replace`         | Replace molgenis-pipeline-file secret | `true`                                                                          |
+  | `PipelineSecrets.File.PGPPrivateKeyAsc`| pgp signing key in ascii form         | `-----BEGIN PGP PRIVATE KEY BLOCK-----xxxxx-----END PGP PRIVATE KEY BLOCK-----` |
+  | `PipelineSecrets.File.MavenSettingsXML`| Maven settings.xml file               | `<settings>[...]</settings>` (see actual [values.yaml](values.yaml))            |
+
+## Command line use
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
 
-Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
+Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart.
+For example,
 
 ```bash
-$ helm install --name my-release -f values.yaml stable/jenkins
+$ helm install --name jenkins -f values.yaml molgenis-jenkins
 ```
 
 > **Tip**: You can use the default [values.yaml](values.yaml)
 
-## Mounting volumes into your Agent pods
-
-Your Jenkins Agents will run as pods, and it's possible to inject volumes where needed:
-
-```yaml
-Agent:
-  volumes:
-  - type: Secret
-    secretName: jenkins-mysecrets
-    mountPath: /var/run/secrets/jenkins-mysecrets
-```
-
-The supported volume types are: `ConfigMap`, `EmptyDir`, `HostPath`, `Nfs`, `Pod`, `Secret`. Each type supports a different set of configurable attributes, defined by [the corresponding Java class](https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes).
-
-## NetworkPolicy
-
-To make use of the NetworkPolicy resources created by default,
-install [a networking plugin that implements the Kubernetes
-NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin).
-
-For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting
-the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace:
-
-    kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}"
-
-Install helm chart with network policy enabled:
-
-    $ helm install stable/jenkins --set NetworkPolicy.Enabled=true
-
-## Persistence
-
-The Jenkins image stores persistence under `/var/jenkins_home` path of the container. A dynamically managed Persistent Volume
-Claim is used to keep the data across deployments, by default. This is known to work in GCE, AWS, and minikube. Alternatively,
-a previously configured Persistent Volume Claim can be used.
-
-It is possible to mount several volumes using `Persistence.volumes` and `Persistence.mounts` parameters.
-
-### Persistence Values
-
-| Parameter                   | Description                     | Default         |
-| --------------------------- | ------------------------------- | --------------- |
-| `Persistence.Enabled`       | Enable the use of a Jenkins PVC | `true`          |
-| `Persistence.ExistingClaim` | Provide the name of a PVC       | `nil`           |
-| `Persistence.AccessMode`    | The PVC access mode             | `ReadWriteOnce` |
-| `Persistence.Size`          | The size of the PVC             | `8Gi`           |
-| `Persistence.volumes`       | Additional volumes              | `nil`           |
-| `Persistence.mounts`        | Additional mounts               | `nil`           |
-
-#### Existing PersistentVolumeClaim
-
-1. Create the PersistentVolume
-1. Create the PersistentVolumeClaim
-1. Install the chart
-
-```bash
-$ helm install --name my-release --set Persistence.ExistingClaim=PVC_NAME stable/jenkins
-```
-
-## Custom ConfigMap
-
-When creating a new parent chart with this chart as a dependency, the `CustomConfigMap` parameter can be used to override the default config.xml provided.
-It also allows for providing additional xml configuration files that will be copied into `/var/jenkins_home`. In the parent chart's values.yaml,
-set the `jenkins.Master.CustomConfigMap` value to true like so
-
-```yaml
-jenkins:
-  Master:
-    CustomConfigMap: true
-```
-
-and provide the file `templates/config.tpl` in your parent chart for your use case. You can start by copying the contents of `config.yaml` from this chart into your parent charts `templates/config.tpl` as a basis for customization. Finally, you'll need to wrap the contents of `templates/config.tpl` like so:
-
-```yaml
-{{- define "override_config_map" }}
-    <CONTENTS_HERE>
-{{ end }}
-```
-
-## RBAC
-
-If running upon a cluster with RBAC enabled you will need to do the following:
-
-* `helm install stable/jenkins --set rbac.install=true`
-* Create a Jenkins credential of type Kubernetes service account with service account name provided in the `helm status` output.
-* Under configure Jenkins -- Update the credentials config in the cloud section to use the service account credential you created in the step above.
-
-## Run Jenkins as non root user
-
-The default settings of this helm chart let Jenkins run as root user with uid `0`.
-Due to security reasons you may want to run Jenkins as a non root user.
-Fortunately the default jenkins docker image `jenkins/jenkins` contains a user `jenkins` with uid `1000` that can be used for this purpose.
-
-Simply use the following settings to run Jenkins as `jenkins` user with uid `1000`.
-
-```yaml
-jenkins:
-  Master:
-    RunAsUser: 1000
-    FsGroup: 1000
-```
-
-Docs taken from https://github.com/jenkinsci/docker/blob/master/Dockerfile:
-_Jenkins is run with user `jenkins`, uid = 1000. If you bind mount a volume from the host or a data container,ensure you use the same uid_
-
-## Running behind a forward proxy
-
-The master pod uses an Init Container to install plugins etc. If you are behind a corporate proxy it may be useful to set `Master.InitContainerEnv` to add environment variables such as `http_proxy`, so that these can be downloaded.
-
-Additionally, you may want to add env vars for the Jenkins container, and the JVM (`Master.JavaOpts`).
-
-```yaml
-Master:
-  InitContainerEnv:
-    - name: http_proxy
-      value: "http://192.168.64.1:3128"
-    - name: https_proxy
-      value: "http://192.168.64.1:3128"
-    - name: no_proxy
-      value: ""
-  ContainerEnv:
-    - name: http_proxy
-      value: "http://192.168.64.1:3128"
-    - name: https_proxy
-      value: "http://192.168.64.1:3128"
-  JavaOpts: >-
-    -Dhttp.proxyHost=192.168.64.1
-    -Dhttp.proxyPort=3128
-    -Dhttps.proxyHost=192.168.64.1
-    -Dhttps.proxyPort=3128
-```

molgenis-jenkins/templates/config.tpl

@@ -15,162 +15,123 @@ data:
       <authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
         <denyAnonymousReadAccess>true</denyAnonymousReadAccess>
       </authorizationStrategy>
+{{- if .Values.Master.Security.UseGitHub }}
+      <securityRealm class="org.jenkinsci.plugins.GithubSecurityRealm">
+        <githubWebUri>https://github.com</githubWebUri>
+        <githubApiUri>https://api.github.com</githubApiUri>
+        <clientID>{{ .Values.Master.Security.GitHub.ClientID }}</clientID>
+        <clientSecret>{{ .Values.Master.Security.GitHub.ClientSecret }}</clientSecret>
+        <oauthScopes>read:org,user:email</oauthScopes>
+      </securityRealm>
+{{- else }}
       <securityRealm class="hudson.security.LegacySecurityRealm"/>
+{{- end }}
       <disableRememberMe>false</disableRememberMe>
       <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
       <workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULLNAME}</workspaceDir>
       <buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
       <markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
       <jdks/>
-      <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
-      <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
       <clouds>
         <org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud plugin="kubernetes@{{ template "jenkins.kubernetes-version" . }}">
           <name>kubernetes</name>
           <templates>
-{{- if .Values.Agent.Enabled }}
+{{- range $podName, $pod := .Values.Pods }}
             <org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
-              <inheritFrom></inheritFrom>
+              <inheritFrom>{{ $pod.InheritFrom | default "" }}</inheritFrom>
-              <name>default</name>
+              <name>{{ $podName }}</name>
               <instanceCap>2147483647</instanceCap>
               <idleMinutes>0</idleMinutes>
-              <label>{{ .Release.Name }}-{{ .Values.Agent.Component }}</label>
+              <label>{{ .Label }}</label>
               <nodeSelector>
                 {{- $local := dict "first" true }}
-                {{- range $key, $value := .Values.Agent.NodeSelector }}
+                {{- range $key, $value := .NodeSelector }}
                   {{- if not $local.first }},{{- end }}
                   {{- $key }}={{ $value }}
                   {{- $_ := set $local "first" false }}
                 {{- end }}</nodeSelector>
-                <nodeUsageMode>EXCLUSIVE</nodeUsageMode>
+                <nodeUsageMode>{{ .NodeUsageMode }}</nodeUsageMode>
               <volumes>
-{{- range $index, $volume := .Values.Agent.volumes }}
+{{- range $index, $volume := .volumes }}
-                <org.csanchez.jenkins.plugins.kubernetes.volumes.{{ $volume.type }}Volume>
+                <org.csanchez.jenkins.plugins.kubernetes.volumes.{{ .type }}Volume>
 {{- range $key, $value := $volume }}{{- if not (eq $key "type") }}
                   <{{ $key }}>{{ $value }}</{{ $key }}>
 {{- end }}{{- end }}
-                </org.csanchez.jenkins.plugins.kubernetes.volumes.{{ $volume.type }}Volume>
+                </org.csanchez.jenkins.plugins.kubernetes.volumes.{{ .type }}Volume>
 {{- end }}
               </volumes>
               <containers>
+{{- range $containerName, $container := .Containers }}
                 <org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
-                  <name>jnlp</name>
+                  <name>{{ $containerName }}</name>
-                  <image>{{ .Values.Agent.Image }}:{{ .Values.Agent.ImageTag }}</image>
+                  <image>{{ .Image }}:{{ .ImageTag | default "latest" }}</image>
-{{- if .Values.Agent.Privileged }}
+                  <ports>
+{{- range $index, $envVar := .Ports }}
+                    <org.csanchez.jenkins.plugins.kubernetes.PortMapping>
+                      <name>{{ .name }}</name>
+                      <containerPort>{{ .containerPort }}</containerPort>
+                      <hostPort>{{ .hostPort }}</hostPort>
+                    </org.csanchez.jenkins.plugins.kubernetes.PortMapping>
+{{- end }}
+                  </ports>
+{{- if .Privileged }}
                   <privileged>true</privileged>
 {{- else }}
                   <privileged>false</privileged>
 {{- end }}
-                  <alwaysPullImage>{{ .Values.Agent.AlwaysPullImage }}</alwaysPullImage>
+{{- if .AlwaysPullImage }}
-                  <workingDir>/home/jenkins</workingDir>
+                  <alwaysPullImage>true</alwaysPullImage>
-                  <command></command>
-                  <args>${computer.jnlpmac} ${computer.name}</args>
-                  <ttyEnabled>false</ttyEnabled>
-                  <resourceRequestCpu>{{.Values.Agent.Cpu}}</resourceRequestCpu>
-                  <resourceRequestMemory>{{.Values.Agent.Memory}}</resourceRequestMemory>
-                  <resourceLimitCpu>{{.Values.Agent.Cpu}}</resourceLimitCpu>
-                  <resourceLimitMemory>{{.Values.Agent.Memory}}</resourceLimitMemory>
-                  <envVars>
-                    <org.csanchez.jenkins.plugins.kubernetes.ContainerEnvVar>
-                      <key>JENKINS_URL</key>
-                      <value>http://{{ template "jenkins.fullname" . }}:{{.Values.Master.ServicePort}}{{ default "" .Values.Master.JenkinsUriPrefix }}</value>
-                    </org.csanchez.jenkins.plugins.kubernetes.ContainerEnvVar>
-                  </envVars>
-                </org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
-              </containers>
-              <envVars/>
-              <annotations/>
-{{- if .Values.Agent.ImagePullSecret }}
-              <imagePullSecrets>
-                <org.csanchez.jenkins.plugins.kubernetes.PodImagePullSecret>
-                  <name>{{ .Values.Agent.ImagePullSecret }}</name>
-                </org.csanchez.jenkins.plugins.kubernetes.PodImagePullSecret>
-              </imagePullSecrets>
 {{- else }}
-              <imagePullSecrets/>
+                  <alwaysPullImage>false</alwaysPullImage>
 {{- end }}
-              <nodeProperties/>
+                  <workingDir>{{ .WorkingDir | default "" }}</workingDir>
-            </org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
+                  <command>{{ .Command | default "" }}</command>
-{{- end -}}
+                  <args>{{ .Args | default "" }}</args>
-{{- if .Values.Pod.Enabled }}
+{{- if .TTY }}
-            <org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
-              <inheritFrom></inheritFrom>
-              <name>{{ .Values.Pod.Label }}</name>
-              <instanceCap>2147483647</instanceCap>
-              <idleMinutes>0</idleMinutes>
-              <label>{{ .Values.Pod.Label }}</label>
-              <nodeSelector>
-                {{- $local := dict "first" true }}
-                {{- range $key, $value := .Values.Pod.NodeSelector }}
-                  {{- if not $local.first }},{{- end }}
-                  {{- $key }}={{ $value }}
-                  {{- $_ := set $local "first" false }}
-                {{- end }}</nodeSelector>
-                <nodeUsageMode>NORMAL</nodeUsageMode>
-              <volumes>
-{{- range $index, $volume := .Values.Pod.volumes }}
-                <org.csanchez.jenkins.plugins.kubernetes.volumes.{{ $volume.type }}Volume>
-{{- range $key, $value := $volume }}{{- if not (eq $key "type") }}
-                  <{{ $key }}>{{ $value }}</{{ $key }}>
-{{- end }}{{- end }}
-                </org.csanchez.jenkins.plugins.kubernetes.volumes.{{ $volume.type }}Volume>
-{{- end }}
-              </volumes>
-              <containers>
-                <org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
-                  <name>{{ .Values.Pod.Label }}</name>
-                  <image>{{ .Values.Pod.Image }}:{{ .Values.Pod.ImageTag }}</image>
-{{- if .Values.Pod.Privileged }}
-                  <privileged>true</privileged>
-{{- else }}
-                  <privileged>false</privileged>
-{{- end }}
-                  <alwaysPullImage>{{ .Values.Pod.AlwaysPullImage }}</alwaysPullImage>
-                  <workingDir>/home/jenkins</workingDir>
-                  <command>{{ .Values.Pod.Command }}</command>
-                  <args>{{ .Values.Pod.Args }}</args>
-{{- if .Values.Pod.TTY }}
                   <ttyEnabled>true</ttyEnabled>
 {{- else }}
                   <ttyEnabled>false</ttyEnabled>
 {{- end }}
-                  <resourceRequestCpu>{{.Values.Pod.Cpu}}</resourceRequestCpu>
+                  <envVars>
-                  <resourceRequestMemory>{{.Values.Pod.Memory}}</resourceRequestMemory>
+{{- range $index, $envVar := .EnvVars }}
-                  <resourceLimitCpu>{{.Values.Pod.Cpu}}</resourceLimitCpu>
+                    <org.csanchez.jenkins.plugins.kubernetes.model.{{ .type }}EnvVar>
-                  <resourceLimitMemory>{{.Values.Pod.Memory}}</resourceLimitMemory>
+{{- range $key, $value := $envVar }}{{- if not (eq $key "type") }}
+                      <{{ $key }}>{{ $value }}</{{ $key }}>
+{{- end }}{{- end }}
+                    </org.csanchez.jenkins.plugins.kubernetes.model.{{ .type }}EnvVar>
+{{- end }}
+                  </envVars>
+{{- if .resources }}
+{{- if .resources.requests }}
+                  <resourceRequestCpu>{{ .resources.requests.cpu | default "" }}</resourceRequestCpu>
+                  <resourceRequestMemory>{{ .resources.requests.memory | default "" }}</resourceRequestMemory>
+{{- end }}
+{{- if .resources.limits }}
+                  <resourceLimitCpu>{{ .resources.limits.cpu | default "" }}</resourceLimitCpu>
+                  <resourceLimitMemory>{{ .resources.limits.memory | default "" }}</resourceLimitMemory>
+{{- end }}
+{{- end }}
                 </org.csanchez.jenkins.plugins.kubernetes.ContainerTemplate>
+{{- end }}
               </containers>
               <envVars>
-                <org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                  <org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar>
-                  <key>PGP_PASSPHRASE</key>
+                    <key>JENKINS_URL</key>
-                  <secretName>molgenis-pipeline-env-secret</secretName>
+                    <value>http://{{ template "jenkins.fullname" $ }}:{{$.Values.Master.ServicePort}}{{ default "" $.Values.Master.JenkinsUriPrefix }}</value>
-                  <secretKey>pgpPassphrase</secretKey>
+                  </org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar>
-                </org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+{{- range $index, $envVar := .EnvVars }}
-                <org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar>
+                <org.csanchez.jenkins.plugins.kubernetes.model.{{ .type }}EnvVar>
-                  <key>PGP_SECRETKEY</key>
+{{- range $key, $value := $envVar }}{{- if not (eq $key "type") }}
-                  <value>keyfile:/root/.m2/key.asc</value>
+                  <{{ $key }}>{{ $value }}</{{ $key }}>
-                </org.csanchez.jenkins.plugins.kubernetes.model.KeyValueEnvVar>
+{{- end }}{{- end }}
-                <org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
+                </org.csanchez.jenkins.plugins.kubernetes.model.{{ .type }}EnvVar>
-                  <key>SONAR_TOKEN</key>
+{{- end }}
-                  <secretName>molgenis-pipeline-env-secret</secretName>
-                  <secretKey>sonarToken</secretKey>
-                </org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
-                <org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
-                  <key>CODECOV_TOKEN</key>
-                  <secretName>molgenis-pipeline-env-secret</secretName>
-                  <secretKey>codecovToken</secretKey>
-                </org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
-                <org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
-                  <key>GITHUB_TOKEN</key>
-                  <secretName>molgenis-pipeline-env-secret</secretName>
-                  <secretKey>githubToken</secretKey>
-                </org.csanchez.jenkins.plugins.kubernetes.model.SecretEnvVar>
               </envVars>
               <annotations/>
-{{- if .Values.Pod.ImagePullSecret }}
+{{- if .ImagePullSecret }}
               <imagePullSecrets>
                 <org.csanchez.jenkins.plugins.kubernetes.PodImagePullSecret>
-                  <name>{{ .Values.Pod.ImagePullSecret }}</name>
+                  <name>{{ .ImagePullSecret }}</name>
                 </org.csanchez.jenkins.plugins.kubernetes.PodImagePullSecret>
               </imagePullSecrets>
 {{- else }}
@@ -178,31 +139,58 @@ data:
 {{- end }}
               <nodeProperties/>
             </org.csanchez.jenkins.plugins.kubernetes.PodTemplate>
-{{- end -}}
+{{- end }}
           </templates>
           <serverUrl>https://kubernetes.default</serverUrl>
           <skipTlsVerify>false</skipTlsVerify>
           <namespace>{{ .Release.Namespace }}</namespace>
           <jenkinsUrl>http://{{ template "jenkins.fullname" . }}:{{.Values.Master.ServicePort}}{{ default "" .Values.Master.JenkinsUriPrefix }}</jenkinsUrl>
           <jenkinsTunnel>{{ template "jenkins.fullname" . }}-agent:50000</jenkinsTunnel>
-          <containerCap>10</containerCap>
+          <containerCap>50</containerCap>
           <retentionTimeout>5</retentionTimeout>
           <connectTimeout>0</connectTimeout>
           <readTimeout>0</readTimeout>
         </org.csanchez.jenkins.plugins.kubernetes.KubernetesCloud>
       </clouds>
-      <quietPeriod>5</quietPeriod>
-      <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
       <views>
         <hudson.model.AllView>
           <owner class="hudson" reference="../../.."/>
-          <name>All</name>
+          <name>all</name>
           <filterExecutors>false</filterExecutors>
           <filterQueue>false</filterQueue>
           <properties class="hudson.model.View$PropertyList"/>
         </hudson.model.AllView>
+{{- range $viewName, $view := .Values.Master.Views }}
+        <listView>
+          <owner class="hudson" reference="../../.."/>
+          <name>{{ $viewName }}</name>
+          <filterExecutors>false</filterExecutors>
+          <filterQueue>false</filterQueue>
+          <properties class="hudson.model.View$PropertyList"/>
+          <jobNames>
+             <comparator class="hudson.util.CaseInsensitiveComparator" reference="../../../listView/jobNames/comparator"/>
+{{- range $index, $job := $view }}
+             <string>{{ $job }}</string>
+{{- end }}
+          </jobNames>
+          <jobFilters/>
+          <columns>
+            <hudson.views.StatusColumn/>
+            <hudson.views.WeatherColumn/>
+            <hudson.views.JobColumn/>
+            <hudson.views.LastSuccessColumn/>
+            <hudson.views.LastFailureColumn/>
+            <hudson.views.LastDurationColumn/>
+            <hudson.views.BuildButtonColumn/>
+            <hudson.plugins.favorite.column.FavoriteColumn plugin="favorite@2.3.2"/>
+          </columns>
+          <recurse>false</recurse>
+        </listView>
+{{- end }}
       </views>
-      <primaryView>All</primaryView>
+      <primaryView>{{ .Values.Master.DefaultView }}</primaryView>
+      <quietPeriod>5</quietPeriod>
+      <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
       <slaveAgentPort>50000</slaveAgentPort>
       <disabledAgentProtocols>
 {{- range .Values.Master.DisabledAgentProtocols }}

molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+# this is the jenkins id.
+  name: "molgenis-jenkins-dockerhub-secret"
+  labels:
+# so we know what type it is.
+    "jenkins.io/credentials-type": "usernamePassword"
+  annotations: {
+# description - can not be a label as spaces are not allowed
+    "jenkins.io/credentials-description" : "user to authenticate against Docker Hub (hub.docker.com)"
+  }
+type: Opaque
+data:
+  username: {{ "molgenisci" | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.DockerHubPassword | b64enc | quote }}

molgenis-jenkins/templates/molgenis-jenkins-github-secret.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+# this is the jenkins id.
+  name: "molgenis-jenkins-github-secret"
+  labels:
+# so we know what type it is.
+    "jenkins.io/credentials-type": "usernamePassword"
+  annotations: {
+# description - can not be a label as spaces are not allowed
+    "jenkins.io/credentials-description" : "oauth token for the molgenis-jenkins github user"
+  }
+type: Opaque
+data:
+  username: {{ "molgenis-jenkins" | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.GitHubToken | b64enc | quote }}

molgenis-jenkins/templates/molgenis-jenkins-gogs-secret.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+# this is the jenkins id.
+  name: "molgenis-jenkins-gogs-secret"
+  labels:
+# so we know what type it is.
+    "jenkins.io/credentials-type": "usernamePassword"
+  annotations: {
+# description - can not be a label as spaces are not allowed
+    "jenkins.io/credentials-description" : "user to authenticate against GOGS (git.webhosting.rug.nl)"
+  }
+type: Opaque
+data:
+  username: {{ "p281392" | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.GogsToken | b64enc | quote }}

molgenis-jenkins/templates/molgenis-jenkins-nexus-secret.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+# this is the jenkins id.
+  name: "molgenis-jenkins-nexus-secret"
+  labels:
+# so we know what type it is.
+    "jenkins.io/credentials-type": "usernamePassword"
+  annotations: {
+# description - can not be a label as spaces are not allowed
+    "jenkins.io/credentials-description" : "user to authenticate against NEXUS"
+  }
+type: Opaque
+data:
+  username: {{ "admin" | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.NexusPassword | b64enc | quote }}

molgenis-jenkins/templates/molgenis-jenkins-saucelabs-secret.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Secret
+metadata:
+# this is the jenkins id.
+  name: "molgenis-jenkins-saucelabs-secret"
+  labels:
+# so we know what type it is.
+    "jenkins.io/credentials-type": "usernamePassword"
+  annotations: {
+# description - can not be a label as spaces are not allowed
+    "jenkins.io/credentials-description" : "user to authenticate against Saucelabs (saucelabs.com)"
+  }
+type: Opaque
+data:
+  username: {{ "molgenis-jenkins" | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.SauceAccessKey | b64enc | quote }}

molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml

@@ -12,6 +12,7 @@ type: Opaque
 data:
   pgpPassphrase: {{ .Values.PipelineSecrets.Env.PGPPassphrase | b64enc | quote }}
   codecovToken: {{ .Values.PipelineSecrets.Env.CodecovToken | b64enc | quote }}
-  githubToken: {{ .Values.PipelineSecrets.Env.GithubToken | b64enc | quote }}
+  githubToken: {{ .Values.PipelineSecrets.Env.GitHubToken | b64enc | quote }}
   sonarToken: {{ .Values.PipelineSecrets.Env.SonarToken | b64enc | quote }}
+  npmToken: {{ .Values.PipelineSecrets.Env.NpmToken | b64enc | quote }}
 {{- end }}

molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml

@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: molgenis-pipeline-env-secret
+  name: molgenis-pipeline-file-secret
   labels:
     app: {{ template "jenkins.fullname" . }}
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
@@ -10,6 +10,6 @@ metadata:
     heritage: "{{ .Release.Service }}"
 type: Opaque
 data:
-  maven.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }}
   key.asc: {{ .Values.PipelineSecrets.File.PGPPrivateKeyAsc | b64enc | quote }}
+  settings.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }}
 {{- end }}

molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml

@@ -0,0 +1,16 @@
+{{- if .Values.PipelineSecrets.Vault.Replace }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: molgenis-pipeline-vault-secret
+  labels:
+    app: {{ template "jenkins.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+  token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }}
+  addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
+  skipVerify: {{ .Values.PipelineSecrets.Vault.SkipVerify | b64enc | quote }}
+{{- end }}

molgenis-jenkins/values.yaml

@@ -3,63 +3,358 @@ jenkins:
     HostName: jenkins.molgenis.org
     ServiceType: ClusterIP
     InstallPlugins:
-      - kubernetes:1.8.4
+      - kubernetes:1.12.3
       - workflow-aggregator:2.5
-      - workflow-job:2.21
+      - workflow-job:2.24
       - credentials-binding:1.16
       - git:3.9.1
+      - github-branch-source:2.3.6
+      - kubernetes-credentials-provider:0.9
+      - blueocean:1.8.2
+      - github-oauth:0.29
+      - gogs-webhook:1.0.14
+    Security:
+      UseGitHub: false
+      GitHub:
+        ClientID: ""
+        ClienSecret: ""
+    DefaultView: dev
+    Views:
+      dev:
+        - molgenis
+      ops:
+        - molgenis-ops-docker-httpd
+        - molgenis-ops-docker-maven
+        - molgenis-ops-docker-node
+        - molgenis-ops-tools
+        - molgenis-ops-tomcat
     Jobs: |-
       molgenis: |-
+        <?xml version='1.1' encoding='UTF-8'?>
+        <jenkins.branch.OrganizationFolder plugin="branch-api@2.0.20">
+          <actions/>
+          <description></description>
+          <properties>
+            <org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
+              <dockerLabel></dockerLabel>
+              <registry plugin="docker-commons@1.13"/>
+            </org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
+            <jenkins.branch.NoTriggerOrganizationFolderProperty>
+              <branches>.*</branches>
+            </jenkins.branch.NoTriggerOrganizationFolderProperty>
+          </properties>
+          <folderViews class="jenkins.branch.OrganizationFolderViewHolder">
+            <owner reference="../.."/>
+          </folderViews>
+          <healthMetrics>
+            <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
+              <nonRecursive>false</nonRecursive>
+            </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+          </healthMetrics>
+          <icon class="jenkins.branch.MetadataActionFolderIcon">
+            <owner class="jenkins.branch.OrganizationFolder" reference="../.."/>
+          </icon>
+          <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
+            <pruneDeadBranches>true</pruneDeadBranches>
+            <daysToKeep>-1</daysToKeep>
+            <numToKeep>-1</numToKeep>
+          </orphanedItemStrategy>
+          <triggers>
+            <com.cloudbees.hudson.plugins.folder.computed.PeriodicFolderTrigger plugin="cloudbees-folder@6.5.1">
+              <spec>H H * * *</spec>
+              <interval>86400000</interval>
+            </com.cloudbees.hudson.plugins.folder.computed.PeriodicFolderTrigger>
+          </triggers>
+          <disabled>false</disabled>
+          <navigators>
+            <org.jenkinsci.plugins.github__branch__source.GitHubSCMNavigator plugin="github-branch-source@2.3.6">
+              <repoOwner>molgenis</repoOwner>
+              <credentialsId>molgenis-jenkins-github-secret</credentialsId>
+              <traits>
+                <org.jenkinsci.plugins.github__branch__source.BranchDiscoveryTrait>
+                  <strategyId>1</strategyId>
+                </org.jenkinsci.plugins.github__branch__source.BranchDiscoveryTrait>
+                <org.jenkinsci.plugins.github__branch__source.OriginPullRequestDiscoveryTrait>
+                  <strategyId>1</strategyId>
+                </org.jenkinsci.plugins.github__branch__source.OriginPullRequestDiscoveryTrait>
+                <org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
+                  <strategyId>1</strategyId>
+                  <trust class="org.jenkinsci.plugins.github_branch_source.ForkPullRequestDiscoveryTrait$TrustPermission"/>
+                </org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
+              </traits>
+            </org.jenkinsci.plugins.github__branch__source.GitHubSCMNavigator>
+          </navigators>
+          <projectFactories>
+            <org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProjectFactory plugin="workflow-multibranch@2.19">
+              <scriptPath>Jenkinsfile</scriptPath>
+            </org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProjectFactory>
+          </projectFactories>
+          <buildStrategies/>
+        </jenkins.branch.OrganizationFolder>
+      molgenis-ops-docker-httpd: |-
         <?xml version='1.1' encoding='UTF-8'?>
         <org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch@2.19">
-            <actions/>
+          <actions/>
-            <description></description>
+          <description>HTTPD server that can be used for redirection and proxieing</description>
-            <properties>
+          <displayName>molgenis-ops-docker-httpd</displayName>
-                <org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3">
+          <properties>
-                    <dockerLabel></dockerLabel>
+            <org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
-                    <registry plugin="docker-commons@1.13"/>
+              <dockerLabel></dockerLabel>
-                </org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
+              <registry plugin="docker-commons@1.13"/>
-            </properties>
+            </org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
-            <folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api@2.0.20">
+          </properties>
-                <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          <folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api@2.0.20">
-            </folderViews>
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
-            <healthMetrics>
+          </folderViews>
-                <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
+          <healthMetrics>
-                    <nonRecursive>false</nonRecursive>
+            <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
-                </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+              <nonRecursive>false</nonRecursive>
-            </healthMetrics>
+            </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
-            <icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api@2.0.20">
+          </healthMetrics>
-                <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          <icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api@2.0.20">
-            </icon>
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
-            <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
+          </icon>
-                <pruneDeadBranches>true</pruneDeadBranches>
+          <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
-                <daysToKeep>-1</daysToKeep>
+            <pruneDeadBranches>true</pruneDeadBranches>
-                <numToKeep>-1</numToKeep>
+            <daysToKeep>-1</daysToKeep>
-            </orphanedItemStrategy>
+            <numToKeep>-1</numToKeep>
-            <triggers/>
+          </orphanedItemStrategy>
-            <disabled>false</disabled>
+          <triggers/>
-            <sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api@2.0.20">
+          <disabled>false</disabled>
-                <data>
+          <sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api@2.0.20">
-                    <jenkins.branch.BranchSource>
+            <data>
-                        <source class="jenkins.plugins.git.GitSCMSource" plugin="git@3.9.1">
+              <jenkins.branch.BranchSource>
-                            <id>a1f535cd-ab83-4d42-8993-0c3e59cf139f</id>
+                <source class="jenkins.plugins.git.GitSCMSource" plugin="git@3.9.1">
-                            <remote>http://github.com/molgenis/molgenis.git</remote>
+                  <id>a756941d-6c9d-4492-bcf9-327041764be6</id>
-                            <credentialsId></credentialsId>
+                  <remote>https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-httpd.git</remote>
-                            <traits>
+                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
-                                <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                  <traits>
-                            </traits>
+                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
-                        </source>
+                  </traits>
-                        <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
+                </source>
-                            <properties class="empty-list"/>
+                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
-                        </strategy>
+                  <properties class="empty-list"/>
-                    </jenkins.branch.BranchSource>
+                </strategy>
-                </data>
+              </jenkins.branch.BranchSource>
-                <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+            </data>
-            </sources>
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
-            <factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
+          </sources>
-                <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          <factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
-                <scriptPath>Jenkinsfile</scriptPath>
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
-            </factory>
+            <scriptPath>Jenkinsfile</scriptPath>
+          </factory>
+        </org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
+      molgenis-ops-docker-node: |-
+        <?xml version='1.1' encoding='UTF-8'?>
+        <org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch@2.19">
+          <actions/>
+          <description>NodeJS build container with Curl</description>
+          <displayName>molgenis-ops-docker-node</displayName>
+          <properties>
+            <org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
+              <dockerLabel></dockerLabel>
+              <registry plugin="docker-commons@1.13"/>
+            </org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
+          </properties>
+          <folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </folderViews>
+          <healthMetrics>
+            <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
+              <nonRecursive>false</nonRecursive>
+            </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+          </healthMetrics>
+          <icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </icon>
+          <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
+            <pruneDeadBranches>true</pruneDeadBranches>
+            <daysToKeep>-1</daysToKeep>
+            <numToKeep>-1</numToKeep>
+          </orphanedItemStrategy>
+          <triggers/>
+          <disabled>false</disabled>
+          <sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api@2.0.20">
+            <data>
+              <jenkins.branch.BranchSource>
+                <source class="jenkins.plugins.git.GitSCMSource" plugin="git@3.9.1">
+                  <id>a756941d-6c9d-4492-bcf9-327041764be6</id>
+                  <remote>https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-node.git</remote>
+                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
+                  <traits>
+                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                  </traits>
+                </source>
+                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
+                  <properties class="empty-list"/>
+                </strategy>
+              </jenkins.branch.BranchSource>
+            </data>
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </sources>
+          <factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+            <scriptPath>Jenkinsfile</scriptPath>
+          </factory>
+        </org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
+      molgenis-ops-docker-maven: |-
+        <?xml version='1.1' encoding='UTF-8'?>
+        <org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch@2.19">
+          <actions/>
+          <description>MAVEN build container with RPMbuild and Curl</description>
+          <displayName>molgenis-ops-docker-maven</displayName>
+          <properties>
+            <org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
+              <dockerLabel></dockerLabel>
+              <registry plugin="docker-commons@1.13"/>
+            </org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
+          </properties>
+          <folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </folderViews>
+          <healthMetrics>
+            <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
+              <nonRecursive>false</nonRecursive>
+            </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+          </healthMetrics>
+          <icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </icon>
+          <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
+            <pruneDeadBranches>true</pruneDeadBranches>
+            <daysToKeep>-1</daysToKeep>
+            <numToKeep>-1</numToKeep>
+          </orphanedItemStrategy>
+          <triggers/>
+          <disabled>false</disabled>
+          <sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api@2.0.20">
+            <data>
+              <jenkins.branch.BranchSource>
+                <source class="jenkins.plugins.git.GitSCMSource" plugin="git@3.9.1">
+                  <id>4702479a-6988-4a85-b4b7-e77fa2d05ffa</id>
+                  <remote>https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-maven.git</remote>
+                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
+                  <traits>
+                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                  </traits>
+                </source>
+                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
+                  <properties class="empty-list"/>
+                </strategy>
+              </jenkins.branch.BranchSource>
+            </data>
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </sources>
+          <factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+            <scriptPath>Jenkinsfile</scriptPath>
+          </factory>
+        </org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
+      molgenis-ops-tomcat: |-
+        <?xml version='1.1' encoding='UTF-8'?>
+        <org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch@2.19">
+          <actions/>
+          <description>MOLGENIS tomcat package to manage tomcat version on CentOS</description>
+          <displayName>molgenis-ops-tomcat</displayName>
+          <properties>
+            <org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
+              <dockerLabel></dockerLabel>
+              <registry plugin="docker-commons@1.13"/>
+            </org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
+          </properties>
+          <folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </folderViews>
+          <healthMetrics>
+            <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
+              <nonRecursive>false</nonRecursive>
+            </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+          </healthMetrics>
+          <icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </icon>
+          <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
+            <pruneDeadBranches>true</pruneDeadBranches>
+            <daysToKeep>-1</daysToKeep>
+            <numToKeep>-1</numToKeep>
+          </orphanedItemStrategy>
+          <triggers/>
+          <disabled>false</disabled>
+          <sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api@2.0.20">
+            <data>
+              <jenkins.branch.BranchSource>
+                <source class="jenkins.plugins.git.GitSCMSource" plugin="git@3.9.1">
+                  <id>4702479a-6988-4a85-b4b7-e77fa2d05ffa</id>
+                  <remote>https://git.webhosting.rug.nl/molgenis/molgenis-ops-tomcat.git</remote>
+                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
+                  <traits>
+                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                  </traits>
+                </source>
+                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
+                  <properties class="empty-list"/>
+                </strategy>
+              </jenkins.branch.BranchSource>
+            </data>
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </sources>
+          <factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+            <scriptPath>Jenkinsfile</scriptPath>
+          </factory>
+        </org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
+      molgenis-ops-tools: |-
+        <?xml version='1.1' encoding='UTF-8'?>
+        <org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch@2.19">
+          <actions/>
+          <description>MOLGENIS operations tools-package to configure firewall, apache, sudoers, etc.</description>
+          <displayName>molgenis-ops-tools</displayName>
+          <properties>
+            <org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig plugin="pipeline-model-definition@1.3.1">
+              <dockerLabel></dockerLabel>
+              <registry plugin="docker-commons@1.13"/>
+            </org.jenkinsci.plugins.pipeline.modeldefinition.config.FolderConfig>
+          </properties>
+          <folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </folderViews>
+          <healthMetrics>
+            <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder@6.5.1">
+              <nonRecursive>false</nonRecursive>
+            </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+          </healthMetrics>
+          <icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api@2.0.20">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </icon>
+          <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder@6.5.1">
+            <pruneDeadBranches>true</pruneDeadBranches>
+            <daysToKeep>-1</daysToKeep>
+            <numToKeep>-1</numToKeep>
+          </orphanedItemStrategy>
+          <triggers/>
+          <disabled>false</disabled>
+          <sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api@2.0.20">
+            <data>
+              <jenkins.branch.BranchSource>
+                <source class="jenkins.plugins.git.GitSCMSource" plugin="git@3.9.1">
+                  <id>4702479a-6988-4a85-b4b7-e77fa2d05ffa</id>
+                  <remote>https://git.webhosting.rug.nl/molgenis/molgenis-ops-tools.git</remote>
+                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
+                  <traits>
+                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                  </traits>
+                </source>
+                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
+                  <properties class="empty-list"/>
+                </strategy>
+              </jenkins.branch.BranchSource>
+            </data>
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+          </sources>
+          <factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
+            <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+            <scriptPath>Jenkinsfile</scriptPath>
+          </factory>
         </org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
     # Kubernetes secret that contains a 'credentials.xml' for Jenkins
     # CredentialsXmlSecret: jenkins-credentials
@@ -70,47 +365,207 @@ jenkins:
     CustomConfigMap: true
   rbac:
     install: true
-  # A second pod template for maven builds
+  Pods:
-  Pod:
+    molgenis:
-    Enabled: true
+      Label: molgenisv2
-    Image: "webhost12.service.rug.nl/molgenis/molgenis-maven"
+      NodeUsageMode: EXCLUSIVE
-    ImageTag: latest
+      volumes:
-  # ImagePullSecret: jenkins
+        - type: HostPath
-    Label: "molgenis-maven"
+          hostPath: "/var/run/docker.sock"
-    Privileged: false
+          mountPath: "/var/run/docker.sock"
-    Cpu: ""
+      Containers:
-    Memory: ""
+        maven:
-    # You may want to change this to true while testing a new image
+          Image: "registry.webhosting.rug.nl/molgenis/maven"
-    AlwaysPullImage: false
+          ImageTag: lts
-    Command: "/bin/sh -c"
+          AlwaysPullImage: true
-    Args: "cat"
+          Command: cat
-    TTY: true
+          WorkingDir: /home/jenkins
-    # You can define the volumes that you want to mount for this container
+          TTY: true
-    # Allowed types are: ConfigMap, EmptyDir, HostPath, Nfs, Pod, Secret
+          resources:
-    # Configure the attributes as they appear in the corresponding Java class for that type
+            requests:
-    # https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes
+              cpu: "1"
-    volumes:
+              memory: "4Gi"
-      - type: HostPath
+          EnvVars:
-        hostPath: "/var/run/docker.sock"
+            - type: KeyValue
-        mountPath: "/var/run/docker.sock"
+              key: MAVEN_OPTS
-      - type: Secret
+              value: "-Duser.home=/home/jenkins"
-        secretName: molgenis-pipeline-file-secret
+            - type: KeyValue
-        mountPath: "keyfile:/root/.m2"
+              key: MAVEN_CONFIG
-    NodeSelector: {}
+              value: "/home/jenkins/.m2"
-    # Key Value selectors. Ex:
+        alpine:
-    # jenkins-agent: v1
+          Image: "spotify/alpine"
+          Command: cat
+          WorkingDir: /home/jenkins
+          TTY: true
+        vault:
+          Image: "vault"
+          Command: cat
+          WorkingDir: /home/jenkins
+          TTY: true
+          EnvVars:
+            - type: Secret
+              key: VAULT_TOKEN
+              secretName: molgenis-pipeline-vault-secret
+              secretKey: token
+            - type: Secret
+              key: VAULT_SKIP_VERIFY
+              secretName: molgenis-pipeline-vault-secret
+              secretKey: skipVerify
+            - type: Secret
+              key: VAULT_ADDR
+              secretName: molgenis-pipeline-vault-secret
+              secretKey: addr
+      NodeSelector: {}
+    molgenis-legacy:
+      InheritFrom: molgenis
+      Label: molgenis
+      NodeUsageMode: NORMAL
+      volumes:
+        - type: Secret
+          secretName: molgenis-pipeline-file-secret
+          mountPath: "/home/jenkins/.m2"
+      Containers:
+      EnvVars:
+        - type: Secret
+          key: PGP_PASSPHRASE
+          secretName: molgenis-pipeline-env-secret
+          secretKey: pgpPassphrase
+        - type: KeyValue
+          key: PGP_SECRETKEY
+          value: "keyfile:/home.jenkins/.m2/key.asc"
+        - type: KeyValue
+          key: npm_config_registry
+          value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
+        - type: Secret
+          key: SONAR_TOKEN
+          secretName: molgenis-pipeline-env-secret
+          secretKey: sonarToken
+        - type: Secret
+          key: CODECOV_TOKEN
+          secretName: molgenis-pipeline-env-secret
+          secretKey: codecovToken
+        - type: Secret
+          key: GITHUB_TOKEN
+          secretName: molgenis-pipeline-env-secret
+          secretKey: githubToken
+      NodeSelector: {}
+    node:
+      Label: node-carbon
+      NodeUsageMode: EXCLUSIVE
+      Containers:
+        node:
+          Image: "registry.webhosting.rug.nl/molgenis/node"
+          ImageTag: lts
+          AlwaysPullImage: true
+          Command: cat
+          WorkingDir: /home/jenkins
+          TTY: true
+      EnvVars:
+        - type: KeyValue
+          key: npm_config_registry
+          value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
+        - type: Secret
+          key: CODECOV_TOKEN
+          secretName: molgenis-pipeline-env-secret
+          secretKey: codecovToken
+        - type: Secret
+          key: GITHUB_TOKEN
+          secretName: molgenis-pipeline-env-secret
+          secretKey: githubToken
+        - type: Secret
+          key: NPM_TOKEN
+          secretName: molgenis-pipeline-env-secret
+          secretKey: npmToken
+      NodeSelector: {}
+    molgenis-it:
+      InheritFrom: molgenis
+      Label: molgenis-it
+      NodeUsageMode: EXCLUSIVE
+      Containers:
+        elasticsearch:
+          Image: docker.elastic.co/elasticsearch/elasticsearch
+          ImageTag: 5.5.3
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "1Gi"
+            limits:
+              cpu: "1"
+              memory: "1500Mi"
+          EnvVars:
+          - type: KeyValue
+            key: ES_JAVA_OPTS
+            value: "-Xms512m -Xmx512m"
+          - type: KeyValue
+            key: cluster.name
+            value: molgenis
+          - type: KeyValue
+            key: bootstrap.memory_lock
+            value: "true"
+          - type: KeyValue
+            key: xpack.security.enabled
+            value: "false"
+          - type: KeyValue
+            key: discovery.type
+            value: single-node
+        postgres:
+          Image: postgres
+          ImageTag: 9.6-alpine
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "250Mi"
+            limits:
+              cpu: "1"
+              memory: "250Mi"
+          EnvVars:
+          - type: KeyValue
+            key: POSTGRES_USER
+            value: molgenis
+          - type: KeyValue
+            key: POSTGRES_PASSWORD
+            value: molgenis
+          - type: KeyValue
+            key: POSTGRES_DB
+            value: molgenis
+        opencpu:
+          Image: molgenis/opencpu
+          AlwaysPullImage: true
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "256Mi"
+            limits:
+              cpu: "1"
+              memory: "512Mi"
+      NodeSelector: {}
 PipelineSecrets:
+  Vault:
+    Replace: true
+    Token: xxxx
+    Addr: "https://vault-operator.vault-operator.svc:8200"
+    SkipVerify: 1
   Env:
     # Set to false to keep existing secret
     Replace: true
-    # Passphrase for the pgp private key file
+    # Passphrase for the pgp private key file, prefixed with literal:
-    pgpPassphrase: xxxx
+    PGPPassphrase: literal:xxxx
     # Token for codecov.io service
-    codecovToken: xxxx
+    CodecovToken: xxxx
     # Token for github bot account
-    githubToken: xxxx
+    GitHubToken: xxxx
+    # Token for github bot account
+    GogsToken: xxxx
     # Token for sonarcloud.io
-    sonarToken: xxxx
+    SonarToken: xxxx
+    # Token for npmjs.org
+    NpmToken: xxxx
+    # Password Local NEXUS
+    NexusPassword: xxxx
+    # Password hub.docker.com
+    DockerHubPassword: xxxx
+    # Access key for saucelabs.com
+    SauceAccessKey: xxxx
   File:
     # Set to false to keep existing secret
     Replace: true
@@ -122,28 +577,39 @@ PipelineSecrets:
     # maven.settings file
     MavenSettingsXML: |-
       <settings>
-        <!-- sets the local maven repository outside of the ~/.m2 folder for easier mounting of secrets and repo -->
         <localRepository>${user.home}/.mvnrepository</localRepository>
-        <!-- lets disable the download progress indicator that fills up logs -->
         <interactiveMode>false</interactiveMode>
         <mirrors>
           <mirror>
             <id>nexus</id>
             <mirrorOf>external:*</mirrorOf>
-            <url>https://registry.molgenis.org/repository/maven-central/</url>
+            <url>http://nexus.molgenis-nexus:8081/repository/maven-central/</url>
           </mirror>
         </mirrors>
         <servers>
+          <!-- for snapshot builds of the master -->
+          <server>
+            <id>sonatype-nexus-staging</id>
+            <username>molgenis</username>
+            <password>xxxx</password>
+          </server>
           <server>
             <id>local-nexus</id>
-            <url>https://registry.molgenis.org/repository/maven-central/</url>
+            <url>http://nexus.molgenis-nexus:8081/repository/maven-snapshots/</url>
             <username>admin</username>
             <password>xxxxx</password>
           </server>
+          <!-- for docker images-->
           <server>
-            <id>oss-sonatype-staging</id>
+            <id>registry.molgenis.org</id>
-            <username>molgenis</username>
+            <username>admin</username>
-            <password>xxxxx</password>
+            <password>xxxx</password>
+          </server>
+          <!-- to authenticate against GOGS for MAVEN release -->
+          <server>
+            <id>gogs</id>
+            <username>xxxx</username>
+            <password>xxxx</password>
           </server>
         </servers>
       </settings>

molgenis-nexus/Chart.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+appVersion: "1.0"
+description: Nexus stack for MOLGENIS
+name: molgenis-nexus
+version: 0.3.0
+sources:
+- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
+icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-nexus/catalogIcon-molgenis-nexus.svg

molgenis-nexus/README.md

@@ -0,0 +1,28 @@
+# MOLGENIS - NEXUS Helm Chart
+
+NEXUS repository for kubernetes to deploy on a kubernetes cluster with NFS-share
+
+## Chart Details
+
+This chart will deploy:
+
+- 1 NEXUS container
+- 1 MOLGENIS-httpd container ()to proxy the registry and docker to one domain)
+
+## Installing the Chart
+
+You can test in install the chart by executing:
+
+```helm lint .```
+
+To test if your helm chart-syntax is right and:
+
+```helm install . --dry-run --debug```
+
+To test if your hem chart works and:
+
+```helm install .```
+
+To deploy it on the cluster.
+
+

molgenis-nexus/templates/services/httpd-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.httpd.name }}
+  labels:
+    app: {{ .Values.httpd.name }}
+spec:
+  type: {{ .Values.httpd.service.type }}
+  ports:
+  - name: {{ .Values.httpd.name }}
+    port: {{ .Values.httpd.port }}
+  selector:
+    app: {{ .Values.httpd.selector }}

molgenis-nexus/templates/services/nexus-service.yaml

@@ -5,7 +5,7 @@ metadata:
   labels:
     app: {{ .Values.nexus.name }}
 spec:
-  type: ClusterIP
+  type: {{ .Values.nexus.service.type }}
   ports:
   - name: ui
     port: {{ .Values.nexus.port.ui }}

molgenis-nexus/v0.2.x/Chart.yaml

@@ -1,6 +0,0 @@
-apiVersion: v1
-appVersion: "1.0"
-description: Nexus stack for MOLGENIS
-name: molgenis-nexus
-version: 0.2.0
-icon: https://github.com/sidohaakma/molgenis-docker-helm/blob/master/nexus/catalogIcon-molgenis-nexus.svg

molgenis-nexus/values.yaml

@@ -6,10 +6,6 @@ replicaCount: 1
 
 environment: production
 
-service:
-  type: NodePort
-  port: 80
-
 nexus:
   name: nexus
   strategy:
@@ -25,6 +21,8 @@ nexus:
     ui: 8081
   path:
     dockerV2: v2
+  service:
+    type: ClusterIP
 
 httpd:
   name: httpd
@@ -38,6 +36,8 @@ httpd:
     tag: lts
     pullPolicy: Always
   port: 80
+  service:
+    type: LoadBalancer
 
 
 ingress:

molgenis-preview/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

molgenis-preview/Chart.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Kubernetes
+name: molgenis
+version: 0.2.0
+sources:
+- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
+icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-preview/catalogIcon-molgenis.svg

molgenis-preview/README.md

@@ -0,0 +1,11 @@
+# MOLGENIS preview
+Is used for integration testing purposes.
+
+## Containers
+This chart spins up a complete stack to run MOLGENIS. The created containers are:
+
+- MOLGENIS
+- PostgreSQL
+- Elasticsearch
+- OpenCPU
+

molgenis-preview/questions.yml

@@ -0,0 +1,44 @@
+
+categories:
+- MOLGENIS
+questions:
+- variable: ingress.hosts[0].name
+  default: "test.molgenis.org"
+  description: "Hostname for your stack"
+  type: hostname
+  required: true
+  group: "Services and Load Balancing"
+  label: Hostname
+- variable: molgenis.resources.limits.cpu
+  default: 1
+  description: "CPU limit for this MOLGENIS instance"
+  type: enum
+  options:
+  - "1"
+  - "2"
+  - "3"
+  - "4"
+  required: true
+  group: "MOLGENIS - Resource limits"
+  label: CPU limit
+- variable: molgenis.resources.limits.memory
+  default: 1250Mi
+  description: "Memory limit for this MOLGENIS instance"
+  type: enum
+  options:
+  - "1250Mi"
+  - "1500Mi"
+  - "2000Mi"
+  - "2500Mi"
+  required: true
+  group: "MOLGENIS - Resource limits"
+  label: Memory limit
+- variable: molgenis.javaOpts
+  default: "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
+  description: "Java runtime options for the MOLGENIS instance"
+  type: enum
+  options:
+  - "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
+  - "-Xmx2g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
+  group: "MOLGENIS - Resource limits"
+  label: Java memory options

molgenis-preview/templates/NOTES.txt

@@ -0,0 +1,19 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "molgenis.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ template "molgenis.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "molgenis.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "molgenis.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:80
+{{- end }}

molgenis-preview/templates/_helpers.tpl

@@ -0,0 +1,32 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "molgenis.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "molgenis.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "molgenis.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

molgenis-preview/templates/deployment.yaml

@@ -0,0 +1,124 @@
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  {{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+  {{- end }}
+  name: {{ template "molgenis.fullname" . }}
+  labels:
+    app: {{ template "molgenis.name" . }}
+    chart: {{ template "molgenis.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "molgenis.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "molgenis.name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      containers:
+        - name: molgenis
+        {{- with .Values.molgenis }}
+          image: "{{ .image.repository }}:{{ .image.tag }}"
+          imagePullPolicy: {{ .image.pullPolicy }}
+          env:
+            - name: molgenis.home
+              value: /home/molgenis
+            - name: opencpu.uri.host
+              value: localhost
+            - name: elasticsearch.transport.addresses
+              value: localhost:9300
+            - name: elasticsearch.cluster.name
+              value: {{ $.Values.elasticsearch.clusterName }}
+            - name: db_uri
+              value: "jdbc:postgresql://localhost/{{ $.Values.postgres.db }}"
+            - name: db_user
+              value: {{ $.Values.postgres.user }}
+            - name: db_password
+              value: {{ $.Values.postgres.password }}
+            - name: admin.password
+              value: {{ .adminPassword }}
+            - name: CATALINA_OPTS
+              value: "{{ .javaOpts }}"
+          ports:
+            - containerPort: 8080
+#          livenessProbe:
+#            httpGet:
+#              path: /
+#              port: 8080
+#          readinessProbe:
+#            httpGet:
+#              path: /api/v2/version
+#              port: 8080
+          resources:
+{{ toYaml .resources | indent 12 }}
+        {{- end }}
+
+        - name: elasticsearch
+        {{- with .Values.elasticsearch }}
+          image: "{{ .image.repository }}:{{ .image.tag }}"
+          imagePullPolicy: {{ .image.pullPolicy }}
+          env:
+            - name: cluster.name
+              value: {{ .clusterName }}
+            - name: bootstrap.memory_lock
+              value: "true"
+            - name: ES_JAVA_OPTS
+              value: "{{ .javaOpts }}"
+            - name: xpack.security.enabled
+              value: "false"
+            - name: discovery.type
+              value: single-node
+          ports:
+            - containerPort: 9200
+            - containerPort: 9300
+          resources:
+{{ toYaml .resources | indent 12 }}
+        {{- end }}
+
+        - name: postgres
+        {{- with .Values.postgres }}
+          image: "{{ .image.repository }}:{{ .image.tag }}"
+          imagePullPolicy: {{ .image.pullPolicy }}
+          env:
+            - name: POSTGRES_USER
+              value: {{ .user }}
+            - name: POSTGRES_PASSWORD
+              value: {{ .password }}
+            - name: POSTGRES_DB
+              value: {{ .db }}
+          ports:
+            - containerPort: 5432
+          resources:
+{{ toYaml .resources | indent 12 }}
+        {{- end }}
+
+        - name: opencpu
+        {{- with .Values.opencpu }}
+          image: "{{ .image.repository }}:{{ .image.tag }}"
+          imagePullPolicy: {{ .image.pullPolicy }}
+          ports:
+            - containerPort: 8004
+          resources:
+{{ toYaml .resources | indent 12 }}
+        {{- end }}
+
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}

molgenis-preview/templates/ingress.yaml

@@ -0,0 +1,38 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "molgenis.fullname" . -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    app: {{ template "molgenis.name" . }}
+    chart: {{ template "molgenis.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ .name }}
+      http:
+        paths:
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: 8080
+  {{- end }}
+{{- end }}

molgenis-preview/templates/service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "molgenis.fullname" . }}
+  labels:
+    app: {{ template "molgenis.name" . }}
+    chart: {{ template "molgenis.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - name: molgenis
+      port: {{ .Values.service.port }}
+  selector:
+    app: {{ template "molgenis.name" . }}
+    release: {{ .Release.Name }}

molgenis-preview/test.yaml

@@ -0,0 +1,120 @@
+# Source: molgenis/templates/deployment.yaml
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: lanky-ragdoll-molgenis
+  labels:
+    app: molgenis
+    chart: molgenis-0.1.0
+    release: lanky-ragdoll
+    heritage: Tiller
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: molgenis
+      release: lanky-ragdoll
+  template:
+    metadata:
+      labels:
+        app: molgenis
+        release: lanky-ragdoll
+    spec:
+      containers:
+        - name: molgenis
+          image: "registry.molgenis.org/molgenis/molgenis-app:latest"
+          imagePullPolicy: Always
+          env:
+            - name: molgenis.home
+              value: /home/molgenis
+            - name: opencpu.uri.host
+              value: opencpu
+            - name: elasticsearch.transport.addresses
+              value: elasticsearch:9300
+            - name: elasticsearch.cluster.name
+              value: molgenis
+            - name: db_uri
+              value: "jdbc:postgresql://postgres/molgenis"
+            - name: db_user
+              value: molgenis
+            - name: db_password
+              value: molgenis
+            - name: admin.password
+              value: admin
+            - name: CATALINA_OPTS
+              value: "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
+          ports:
+            - containerPort: 8080
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /api/v2/version
+              port: http
+          resources:
+            limits:
+              cpu: 1
+              memory: 1250Mi
+            requests:
+              cpu: 200m
+              memory: 1Gi
+
+
+        - name: elasticsearch
+          image: "docker.elastic.co/elasticsearch/elasticsearch:5.5.3"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: cluster.name
+              value: molgenis
+            - name: bootstrap.memory_lock
+              value: true
+            - name: ES_JAVA_OPTS
+              value: "-Xms512m -Xmx512m"
+            - name: xpack.security.enabled
+              value: false
+            - name: discovery.type
+              value: single-node
+          ports:
+            - containerPort: 9200
+            - containerPort: 9300
+            limits:
+              cpu: 1
+              memory: 1500Mi
+            requests:
+              cpu: 100m
+              memory: 1Gi
+
+
+        - name: postgres
+          image: "postgres:9.6-alpine"
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: POSTGRES_USER
+              value: molgenis
+            - name: POSTGRES_PASSWORD
+              value: molgenis
+            - name: POSTGRES_DB
+              value: molgenis
+          ports:
+            - containerPort: 5432
+            limits:
+              cpu: 1
+              memory: 250Mi
+            requests:
+              cpu: 100m
+              memory: 250Mi
+
+
+        - name: opencpu
+          image: "molgenis/opencpu:latest"
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8004
+            limits:
+              cpu: 1
+              memory: 512Mi
+            requests:
+              cpu: 100m
+              memory: 256Mi

molgenis-preview/values.yaml

@@ -0,0 +1,81 @@
+# Default values for molgenis.
+
+replicaCount: 1
+
+service:
+  type: LoadBalancer
+  port: 8080
+
+ingress:
+  enabled: true
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+  path: /
+  hosts:
+  - name: test.molgenis.org
+  tls: []
+
+molgenis:
+  image:
+    repository: registry.molgenis.org/molgenis/molgenis-app
+    tag: 7.0.0-SNAPSHOT
+    pullPolicy: Always
+  adminPassword: admin
+  javaOpts: "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
+  resources:
+   limits:
+    cpu: 1
+    memory: 1250Mi
+   requests:
+    cpu: 200m
+    memory: 1Gi
+
+postgres:
+  image:
+    repository: postgres
+    tag: 9.6-alpine
+    pullPolicy: IfNotPresent
+  user: molgenis
+  password: molgenis
+  db: molgenis
+  resources:
+   limits:
+    cpu: 1
+    memory: 250Mi
+   requests:
+    cpu: 100m
+    memory: 250Mi
+
+elasticsearch:
+  image:
+    repository: docker.elastic.co/elasticsearch/elasticsearch
+    tag: 5.5.3
+    pullPolicy: IfNotPresent
+  javaOpts: "-Xms512m -Xmx512m"
+  clusterName: molgenis
+  resources:
+   limits:
+    cpu: 1
+    memory: 1500Mi
+   requests:
+    cpu: 100m
+    memory: 1Gi
+
+opencpu:
+  image:
+    repository: molgenis/opencpu
+    tag: latest
+    pullPolicy: Always
+  resources:
+    limits:
+      cpu: 1
+      memory: 512Mi
+    requests:
+      cpu: 100m
+      memory: 256Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

rbac-config.yml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tiller
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: tiller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: tiller
+    namespace: kube-system