fix: Fix links to chart icons and READMEs

This reverts commit f94e6da6e3, reversing
changes made to b73fd578ea.

.gitignore

@@ -1,2 +1,3 @@
 .idea
-*.iml
+*.iml
+target

Jenkinsfile

@@ -0,0 +1,40 @@
+pipeline {
+    agent {
+        kubernetes {
+            label 'helm'
+        }
+    }
+    stages {
+        stage('Test') {
+            steps {
+                container('chart-testing') {
+                    sh "chart_test.sh --no-install --all"
+                }
+            }
+        }
+        stage('Package') {
+            steps {
+                container('chart-testing'){
+                    sh 'mkdir target'
+                    sh 'for dir in charts/*; do helm package --destination target "$dir"; done'
+                }
+            }
+        }
+        stage('Deploy') {
+            when {
+                branch 'master'
+            }
+            steps {
+                container('vault') {
+                    script {
+                        env.NEXUS_USER = sh(script: 'vault read -field=username secret/ops/account/nexus', returnStdout: true)
+                        env.NEXUS_PWD = sh(script: 'vault read -field=password secret/ops/account/nexus', returnStdout: true)
+                    }
+                }
+                container('alpine') {
+                    sh 'set +x; for chart in target/*; do curl -L -u $NEXUS_USER:$NEXUS_PWD http://registry.molgenis.org/repository/helm/ --upload-file "$chart"; done'
+                }
+            }
+        }
+    }
+}

README.md

@@ -101,11 +101,11 @@ kubectl get pods --namespace=*#namespace of application#*
 
 This repository is serves also as a catalogue for Rancher. We have serveral apps that are served through this repoistory. e.g.
 
-- [Jenkins](molgenis-jenkins/README.md)
-- [NEXUS](molgenis-nexus/README.md)
-- [HTTPD](molgenis-httpd/README.md)
-- [MOLGENIS preview](molgenis-preview/README.md)
-- [MOLGENIS vault](molgenis-vault/README.md)
+- [Jenkins](charts/molgenis-jenkins/README.md)
+- [NEXUS](charts/molgenis-nexus/README.md)
+- [HTTPD](charts/molgenis-httpd/README.md)
+- [MOLGENIS](charts/molgenis/README.md)
+- [MOLGENIS vault](charts/molgenis-vault/README.md)
 
 ### Useful commands
 You can you need to know to easily develop and deploy helm-charts
@@ -122,6 +122,26 @@ You can you need to know to easily develop and deploy helm-charts
   
   Do it in the root of the project where the Chart.yaml is located
   It installs a release of a kubernetes stack. You also store this as an artifact in a kubernetes repository
+- ```helm package .```
+  
+  You can create a package which can be uploaded in the molgenis helm repository
+  
+- ```helm publish```
+  You still have to create an ```index.yaml``` for the chart. You can do this by executing this command: ```helm repo index #directory name of helm chart#```
+  
+  Then you can upload it by executing:
+  
+  - ```curl -v --user #username#:#password# --upload-file index.yaml  https://registry.molgenis.org/repository/helm/#chart name#/index.yml```
+  - ```curl -v --user #username#:#password# --upload-file #chart name#-#version#.tgz https://registry.molgenis.org/repository/helm/#chart name#/#chart name#-#version#.tgz```
+  
+  Now you have to add the repository locally to use in your ```requirements.yaml```.
+  
+  - ```helm repo add #repository name# https://registry.molgenis.org/repository/helm/molgenis```
+
+- ```helm dep build```
+  
+  You can build your dependencies (create a ```charts``` directory and install the chart in it) of the helm-chart. 
+
 - ```helm list```
   
   Lists all installed releases

charts/index.yaml

@@ -1,16 +0,0 @@
-apiVersion: v1
-entries:
-  molgenis-preview:
-  - apiVersion: v1
-    appVersion: "1.0"
-    created: 2018-09-11T16:11:49.165533266+02:00
-    description: MOLGENIS - helm stack for testing purposes
-    digest: e1174bd0d8a71bf4d23f5463521cf4dbcac39dc93f16cd842c92cda1a963f6b2
-    icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-preview/catalogIcon-molgenis.svg
-    name: molgenis-preview
-    sources:
-    - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
-    urls:
-    - molgenis-preview-0.2.0.tgz
-    version: 0.2.0
-generated: 2018-09-11T16:11:49.158086031+02:00

charts/molgenis-httpd/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+appVersion: "1.0"
+description: HTTPD for MOLGENIS
+name: molgenis-httpd
+version: 0.1.0
+sources:
+- https://github.com/molgenis/molgenis-ops-docker-helm.git
+Icon: https://raw.githubusercontent.com/molgenis/molgenis-ops-docker-helm/master/charts/molgenis-httpd/catalogIcon-molgenis-httpd.svg
+home: http://httpd.apache.org
+maintainers:
+- name: sidohaakma
+- name: fdlk

charts/molgenis-httpd/values.yaml

@@ -48,4 +48,4 @@ nodeSelector: {}
 
 tolerations: []
 
-affinity: {}
+affinity: {}

charts/molgenis-jenkins/Chart.yaml

@@ -0,0 +1,11 @@
+name: molgenis-jenkins
+home: https://jenkins.io/
+version: 0.8.1
+appVersion: 2.138.1
+description: Molgenis installation for the jenkins chart.
+sources:
+- https://github.com/molgenis/molgenis-ops-docker-helm.git
+icon: https://raw.githubusercontent.com/molgenis/molgenis-ops-docker-helm/master/charts/molgenis-jenkins/catalogIcon-molgenis-jenkins.svg
+maintainers:
+- name: fdlk
+- name: sidohaakma

charts/molgenis-jenkins/README.md

@@ -75,6 +75,10 @@ Token used by Jenkins to authenticate on the [RuG Webhosting Gogs](https://git.w
 | `secret.gogs.user`  | username for the account | `p281392` |
 | `secret.gogs.token` | token for the account    | `xxxx`    |
 
+
+#### Slack
+The Slack integration is done mostly in the Jenkinsfile of each project. It is sufficient to only add the plugin to the Jenkins configuration in Helm.
+
 #### Legacy:
 
 ##### Docker Hub

charts/molgenis-jenkins/requirements.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: jenkins
   repository: https://kubernetes-charts.storage.googleapis.com/
-  version: 0.16.4
+  version: 0.18.0
 digest: sha256:39f694515489598fa545c9a5a4f1347749e8f2a8d7fae6ccae3e2acae1564685
-generated: 2018-06-27T14:36:23.172954738+02:00
+generated: 2018-09-27T11:00:15.795416984+02:00

charts/molgenis-jenkins/resources/README.md

@@ -0,0 +1,8 @@
+# Helm in Jenkins
+
+To be able to run helm inside a jenkins pod, you'll need to 
+* create a role in the namespace where tiller is installed
+* bind that role to the user that jenkins pods run as
+
+This directory contains yaml for these resources.
+See also https://github.com/helm/helm/blob/master/docs/rbac.md

charts/molgenis-jenkins/values.yaml

@@ -3,17 +3,18 @@ jenkins:
     HostName: jenkins.molgenis.org
     ServiceType: ClusterIP
     InstallPlugins:
-      - kubernetes:1.12.0
+      - kubernetes:1.12.6
       - workflow-aggregator:2.5
-      - workflow-job:2.21
+      - workflow-job:2.25
       - credentials-binding:1.16
       - git:3.9.1
       - github-branch-source:2.3.6
-      - kubernetes-credentials-provider:0.9
-      - blueocean:1.6.2
+      - kubernetes-credentials-provider:0.10
+      - blueocean:1.8.3
       - github-oauth:0.29
       - gogs-webhook:1.0.14
-      - sauce-ondemand:1.176
+      - github-scm-trait-commit-skip:0.1.1
+      - slack:2.3
     Security:
       UseGitHub: false
       GitHub:
@@ -82,6 +83,18 @@ jenkins:
                   <strategyId>1</strategyId>
                   <trust class="org.jenkinsci.plugins.github_branch_source.ForkPullRequestDiscoveryTrait$TrustPermission"/>
                 </org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
+                <org.jenkinsci.plugins.scm__filter.GitHubCommitSkipTrait plugin="github-scm-trait-commit-skip@0.1.1"/>
+                <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
+                  <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
+                    <localBranch>**</localBranch>
+                  </extension>
+                </jenkins.plugins.git.traits.LocalBranchTrait>
+                <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
+                  <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
+                    <name>MOLGENIS Jenkins</name>
+                    <email>molgenis+ci@gmail.com</email>
+                  </extension>
+                </jenkins.plugins.git.traits.UserIdentityTrait>
               </traits>
             </org.jenkinsci.plugins.github__branch__source.GitHubSCMNavigator>
           </navigators>
@@ -131,6 +144,17 @@ jenkins:
                   <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
                   <traits>
                     <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                    <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
+                      <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
+                        <localBranch>**</localBranch>
+                      </extension>
+                    </jenkins.plugins.git.traits.LocalBranchTrait>
+                    <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
+                      <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
+                        <name>MOLGENIS Jenkins</name>
+                        <email>molgenis+ci@gmail.com</email>
+                      </extension>
+                    </jenkins.plugins.git.traits.UserIdentityTrait>
                   </traits>
                 </source>
                 <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@@ -184,6 +208,17 @@ jenkins:
                   <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
                   <traits>
                     <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                    <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
+                      <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
+                        <localBranch>**</localBranch>
+                      </extension>
+                    </jenkins.plugins.git.traits.LocalBranchTrait>
+                    <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
+                      <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
+                        <name>MOLGENIS Jenkins</name>
+                        <email>molgenis+ci@gmail.com</email>
+                      </extension>
+                    </jenkins.plugins.git.traits.UserIdentityTrait>
                   </traits>
                 </source>
                 <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@@ -237,6 +272,17 @@ jenkins:
                   <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
                   <traits>
                     <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                    <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
+                      <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
+                        <localBranch>**</localBranch>
+                      </extension>
+                    </jenkins.plugins.git.traits.LocalBranchTrait>
+                    <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
+                      <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
+                        <name>MOLGENIS Jenkins</name>
+                        <email>molgenis+ci@gmail.com</email>
+                      </extension>
+                    </jenkins.plugins.git.traits.UserIdentityTrait>
                   </traits>
                 </source>
                 <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@@ -290,6 +336,17 @@ jenkins:
                   <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
                   <traits>
                     <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                    <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
+                      <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
+                        <localBranch>**</localBranch>
+                      </extension>
+                    </jenkins.plugins.git.traits.LocalBranchTrait>
+                    <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
+                      <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
+                        <name>MOLGENIS Jenkins</name>
+                        <email>molgenis+ci@gmail.com</email>
+                      </extension>
+                    </jenkins.plugins.git.traits.UserIdentityTrait>
                   </traits>
                 </source>
                 <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@@ -343,6 +400,17 @@ jenkins:
                   <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
                   <traits>
                     <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                    <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
+                      <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
+                        <localBranch>**</localBranch>
+                      </extension>
+                    </jenkins.plugins.git.traits.LocalBranchTrait>
+                    <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
+                      <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
+                        <name>MOLGENIS Jenkins</name>
+                        <email>molgenis+ci@gmail.com</email>
+                      </extension>
+                    </jenkins.plugins.git.traits.UserIdentityTrait>
                   </traits>
                 </source>
                 <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@@ -416,6 +484,12 @@ jenkins:
               key: VAULT_ADDR
               secretName: molgenis-pipeline-vault-secret
               secretKey: addr
+        helm:
+          Image: "lachlanevenson/k8s-helm"
+          ImageTag: "v2.10.0"
+          Command: cat
+          WorkingDir: /home/jenkins
+          TTY: true
       NodeSelector: {}
     node:
       Label: node-carbon
@@ -447,7 +521,104 @@ jenkins:
               secretName: molgenis-pipeline-vault-secret
               secretKey: addr
       NodeSelector: {}
-#secret contains configuration for the kubernetes secrets that jenkins can access
+    molgenis-it:
+      InheritFrom: molgenis
+      Label: molgenis-it
+      NodeUsageMode: EXCLUSIVE
+      Containers:
+        elasticsearch:
+          Image: docker.elastic.co/elasticsearch/elasticsearch
+          ImageTag: 5.5.3
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "1Gi"
+            limits:
+              cpu: "1"
+              memory: "1500Mi"
+          EnvVars:
+          - type: KeyValue
+            key: ES_JAVA_OPTS
+            value: "-Xms512m -Xmx512m"
+          - type: KeyValue
+            key: cluster.name
+            value: molgenis
+          - type: KeyValue
+            key: bootstrap.memory_lock
+            value: "true"
+          - type: KeyValue
+            key: xpack.security.enabled
+            value: "false"
+          - type: KeyValue
+            key: discovery.type
+            value: single-node
+        postgres:
+          Image: postgres
+          ImageTag: 9.6-alpine
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "250Mi"
+            limits:
+              cpu: "1"
+              memory: "250Mi"
+          EnvVars:
+          - type: KeyValue
+            key: POSTGRES_USER
+            value: molgenis
+          - type: KeyValue
+            key: POSTGRES_PASSWORD
+            value: molgenis
+          - type: KeyValue
+            key: POSTGRES_DB
+            value: molgenis
+        opencpu:
+          Image: molgenis/opencpu
+          AlwaysPullImage: true
+          resources:
+            requests:
+              cpu: "100m"
+              memory: "256Mi"
+            limits:
+              cpu: "1"
+              memory: "512Mi"
+      NodeSelector: {}
+    helm:
+      Label: helm
+      NodeUsageMode: EXCLUSIVE
+      Containers:
+        chart-testing:
+          Image: "quay.io/helmpack/chart-testing"
+          ImageTag: v1.1.0
+          Command: cat
+          WorkingDir: /home/jenkins
+          TTY: true
+        alpine:
+          Image: "spotify/alpine"
+          Command: cat
+          WorkingDir: /home/jenkins
+          TTY: true
+        vault:
+          Image: "vault"
+          Command: cat
+          WorkingDir: /home/jenkins
+          TTY: true
+          EnvVars:
+            - type: Secret
+              key: VAULT_TOKEN
+              secretName: molgenis-pipeline-vault-secret
+              secretKey: token
+            - type: Secret
+              key: VAULT_SKIP_VERIFY
+              secretName: molgenis-pipeline-vault-secret
+              secretKey: skipVerify
+            - type: Secret
+              key: VAULT_ADDR
+              secretName: molgenis-pipeline-vault-secret
+              secretKey: addr
+      NodeSelector: {}
+
+# secret contains configuration for the kubernetes secrets that jenkins can access
 secret:
   # vault configures the vault secret
   vault:
@@ -469,4 +640,4 @@ secret:
   # dockerHubPassword contains password for hub.docker.com
   dockerHub:
     user: molgenisci
-    password: xxxx
+    password: xxxx

charts/molgenis-nexus/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+appVersion: "1.0"
+description: Nexus stack for MOLGENIS
+name: molgenis-nexus
+version: 0.4.2
+sources:
+- https://github.com/molgenis/molgenis-ops-docker-helm.git
+icon: https://raw.githubusercontent.com/molgenis/molgenis-ops-docker-helm/master/charts/molgenis-nexus/catalogIcon-molgenis-nexus.svg
+home: https://www.sonatype.com/nexus-repository-oss
+maintainers:
+- name: sidohaakma
+- name: fdlk

charts/molgenis-nexus/README.md

@@ -0,0 +1,69 @@
+# MOLGENIS - NEXUS Helm Chart
+
+NEXUS repository for kubernetes to deploy on a kubernetes cluster with NFS-share
+
+## Chart Details
+
+This chart will deploy:
+
+- 1 NEXUS-nfs initialization container
+
+  We need this container to avoid permission issues on the NEXUS docker
+- 1 NEXUS container
+- 1 MOLGENIS-httpd container (to proxy the registry and docker to one domain)
+
+## Backup restore
+There are two steps in restoring the NEXUS.
+
+- Database
+- Blobstore
+
+### Restore the database
+Go to the commandline:
+
+```bash
+kubectl get pv
+```
+
+```bash
+| NAME | CAPACITY | ACCESS | MODES | RECLAIM | POLICY | STATUS | CLAIM | STORAGECLASS | REASON | AGE |
+| ---- | -------- | ------ | ----- | ------- | ------ | ------ | ----- | ------------ | ------ | --- |
+| pvc-45988f55-900f-11e8-a0b4-005056a51744 | 30G | RWX | | Retain | Bound | molgenis-nexus/molgenis-nfs-claim | nfs-provisioner-retain | | | 33d |
+| pvc-3984723d-220f-14e8-a98a-skjhf88823kk | 30G | RWO | | Delete | Bound | molgenis-test/molgenis-nfs-claim | nfs-provisioner | | | 33d |
+```
+
+The persistent volume is the one in the molgenis-nexus namespace. 
+
+Go to the NFS-provisioner to the path of the persistent volume:
+
+```bash
+ls -t --full-time | head -7 | xargs cp ../restore-from-backup/
+```
+
+### Restore the blobstore
+You can copy the directory ```blobs``` to the target persistent volume ```/ blobs```.
+
+You can now bring the NEXUS back up.
+
+## Installing the Chart
+
+You can test in install the chart by executing:
+
+```helm lint .```
+
+To test if your helm chart-syntax is right and:
+
+```helm install . --dry-run --debug```
+
+To test if your hem chart works and:
+
+```helm install .```
+
+To deploy it on the cluster.
+
+```curl -L -u xxxx:xxxx http://registry.molgenis.org/repository/helm/ --upload-file molgenis-x.x.x.tgz```
+
+To push it to the registry
+
+
+

charts/molgenis-nexus/templates/deployments/nexus-deployment.yaml

@@ -19,18 +19,14 @@ spec:
         app: {{ .Values.nexus.name }}
       creationTimestamp: null
     spec:
-      volumes:
-      - name: {{ .Values.persistence.name }}
-        persistentVolumeClaim:
-          claimName: {{ .Values.persistence.name }}
       restartPolicy: {{ .Values.nexus.restartPolicy }}
       initContainers:
-      - name: volume-mount-nexus
+      - name: nexus-nfs
         image: busybox
-        command: ["sh", "-c", "chown -R 200:200 {{ .Values.persistence.mountPath }}"]
+        command: ["sh", "-c", "chown -R 200:200 /nexus-data"]
         volumeMounts:
-        - name: {{ .Values.persistence.name }}
-          mountPath: "{{ .Values.persistence.mountPath }}"
+        - name: molgenis-nexus-nfs
+          mountPath: "/nexus-data"
       containers:
       - name: {{ .Values.nexus.name }}
         image: "{{ .Values.nexus.image.repository }}:{{ .Values.nexus.image.tag }}"
@@ -39,6 +35,31 @@ spec:
         - containerPort: {{ .Values.nexus.port.ui }}
         - containerPort: {{ .Values.nexus.port.docker }}
         volumeMounts:
-        - name: {{ .Values.persistence.name }}
-          mountPath: "/nexus-data"
+        - name: molgenis-nexus-nfs
+          mountPath: /nexus-data
+        livenessProbe:
+          httpGet:
+            path: /
+            port: {{ .Values.nexus.port.ui }}
+          initialDelaySeconds: 120
+          periodSeconds: 20
+          failureThreshold: 15
+          successThreshold: 1
+        readinessProbe:
+          httpGet:
+            path: /
+            port: {{ .Values.nexus.port.ui }}
+          initialDelaySeconds: 120
+          periodSeconds: 20
+          failureThreshold: 15
+          successThreshold: 1
 
+      volumes:
+        - name: molgenis-nexus-nfs
+          persistentVolumeClaim:
+            claimName: {{ .Values.persistence.claim }}
+
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}

charts/molgenis-nexus/templates/deployments/nexusProxy-deployment.yaml

@@ -0,0 +1,55 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  creationTimestamp: null
+  name: {{ .Values.nexusProxy.name }}
+  labels:
+    app: {{ .Values.nexusProxy.name }}
+    environment: {{ .Values.environment }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  strategy:
+    type: {{ .Values.nexusProxy.strategy.type }}
+  selector:
+    matchLabels:
+      app: {{ .Values.nexusProxy.selector }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.nexusProxy.name }}
+      creationTimestamp: null
+    spec:
+      restartPolicy: {{ .Values.nexusProxy.restartPolicy }}
+      containers:
+      - name: {{ .Values.nexusProxy.name }}
+        image: "{{ .Values.nexusProxy.image.repository }}:{{ .Values.nexusProxy.image.tag }}"
+        imagePullPolicy: {{ .Values.nexusProxy.image.pullPolicy }}
+        env:
+        - name: PROXY_SERVICE
+          value: "{{ .Values.nexus.name }}:{{ .Values.nexus.port.ui }},{{ .Values.nexus.name }}:{{ .Values.nexus.port.docker }}:{{ .Values.nexus.path.dockerV2 }}"
+        - name: SERVER_NAME
+          value: {{ .Values.nexusProxy.hostname }}
+        ports:
+        - containerPort: {{ .Values.nexusProxy.port }}
+        resources: {}
+        livenessProbe:
+          httpGet:
+            path: /
+            port: {{ .Values.nexusProxy.port }}
+          initialDelaySeconds: 1500
+          periodSeconds: 20
+          failureThreshold: 5
+          successThreshold: 1
+        readinessProbe:
+          httpGet:
+            path: /
+            port: {{ .Values.nexusProxy.port }}
+          initialDelaySeconds: 150
+          periodSeconds: 20
+          failureThreshold: 15
+          successThreshold: 1
+
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}

charts/molgenis-nexus/templates/ingress.yaml

@@ -5,7 +5,7 @@ kind: Ingress
 metadata:
   name: "{{ $.Release.Name }}-ingress"
   labels:
-    app: httpd
+    app: {{ $.Values.nexusProxy.name }}
     chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}"
     release: "{{ $.Release.Name }}"
     heritage: "{{ $.Release.Service }}"
@@ -25,8 +25,8 @@ spec:
       paths:
         - path: {{ default "/" .path }}
           backend:
-            serviceName: httpd
-            servicePort: 80
+            serviceName: {{ $.Values.nexusProxy.name }}
+            servicePort: {{ $.Values.nexusProxy.port }}
 {{- if .tls }}
   tls:
   - hosts:

charts/molgenis-nexus/templates/persistence/nexusPVC.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.persistence.enabled -}}
+apiVersion: extensions/v1beta1
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ .Values.persistence.claim }}
+  annotations:
+    volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain"
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size }}
+{{- end }}

charts/molgenis-nexus/templates/services/nexusProxy-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.nexusProxy.name }}
+  labels:
+    app: {{ .Values.nexusProxy.name }}
+spec:
+  type: {{ .Values.nexusProxy.service.type }}
+  ports:
+  - name: {{ .Values.nexusProxy.name }}
+    port: {{ .Values.nexusProxy.port }}
+  selector:
+    app: {{ .Values.nexusProxy.selector }}

charts/molgenis-nexus/values.yaml

@@ -0,0 +1,65 @@
+# Default values for nexus.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+environment: production
+
+nexus:
+  name: nexus
+  strategy:
+    type: Recreate
+  selector: nexus
+  restartPolicy: Always
+  image:
+    repository: molgenis/nexus3
+    tag: latest
+    pullPolicy: Always
+  port:
+    docker: 5000
+    ui: 8081
+  path:
+    dockerV2: v2
+  service:
+    type: ClusterIP
+
+nexusProxy:
+  name: nexus-proxy
+  hostname: registry.molgenis.org
+  strategy:
+    type: Recreate
+  selector: nexus-proxy
+  restartPolicy: Always
+  image:
+    repository: molgenis/httpd
+    tag: latest
+    pullPolicy: Always
+  port: 80
+  service:
+    type: LoadBalancer
+
+
+ingress:
+  enabled: true
+  annotations: {}
+  path: /
+  hosts:
+  - name: registry.molgenis.org
+  tls: []
+
+persistence:
+  enabled: true
+  claim: molgenis-nexus
+  size: 500Gi
+
+
+resources: {}
+
+nodeSelector: {
+  deployPod: "true"
+}
+
+tolerations: []
+
+affinity: {}

charts/molgenis-opencpu/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+appVersion: "1.0"
+description: Opencpu stack for MOLGENIS
+name: molgenis-opencpu
+version: 0.1.1
+sources:
+- https://github.com/molgenis/molgenis-ops-docker-helm.git
+icon: https://raw.githubusercontent.com/molgenis/molgenis-ops-docker-helm/master/charts/molgenis-opencpu/catalog-molgenis-opencpu.svg
+home: https://www.opencpu.org
+maintainers:
+- name: sidohaakma
+- name: fdlk

charts/molgenis-opencpu/README.md

@@ -0,0 +1,38 @@
+# MOLGENIS - OpenCPU Helm Chart
+
+NEXUS repository for kubernetes to deploy on a kubernetes cluster with NFS-share
+
+## Containers
+
+This chart will deploy the following containers:
+
+- OpenCPU
+- MOLGENIS-httpd (to proxy the registry and docker to one domain)
+
+## Provisioning
+You can choose for the OpenCPU image from which repository you want to pull. Experimental builds are pushed to registry.molgenis.org and the stable builds to hub.docker.com. 
+You need to fill out 2 properties to determine which repository you are going to use.
+
+- ```opencpu.image.repository```
+- ```opencpu.image.tag```
+
+You can do this in the questions in Rancher or in the ```values.yaml```.
+
+
+
+## Development
+You can test in install the chart by executing:
+
+```helm lint .```
+
+To test if your helm chart-syntax is right and:
+
+```helm install . --dry-run --debug```
+
+To test if your hem chart works and:
+
+```helm install .```
+
+To deploy it on the cluster.
+
+

charts/molgenis-opencpu/questions.yml

@@ -0,0 +1,28 @@
+
+categories:
+- MOLGENIS
+questions:
+- variable: ingress.enabled
+  label: Enable ingress
+  default: false
+  description: "Enable ingress"
+  type: boolean
+  required: true
+  group: "Load balancing"
+- variable: opencpu.image.repository
+  label: Registry
+  default: "registry.hub.docker.com"
+  description: "Select a registry to pull from"
+  type: enum
+  options:
+  - "registry.hub.docker.com"
+  - "registry.molgenis.org"
+  required: true
+  group: "Provisioning"
+- variable: opencpu.image.tag
+  label: Version
+  default: ""
+  description: "Select a OpenCPU version (check the registry.molgenis.org or hub.docker.com for released tags)"
+  type: string
+  required: true
+  group: "Provisioning"

charts/molgenis-opencpu/templates/_helpers.tpl

@@ -2,7 +2,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "molgenis.name" -}}
+{{- define "opencpu.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
@@ -11,7 +11,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "molgenis.fullname" -}}
+{{- define "opencpu.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
@@ -27,6 +27,6 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "molgenis.chart" -}}
+{{- define "opencpu.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

charts/molgenis-opencpu/templates/deployment.yaml

@@ -0,0 +1,35 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  {{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+  {{- end }}
+  name: {{ template "opencpu.fullname" . }}
+  labels:
+    app: {{ template "opencpu.name" . }}
+    chart: {{ template "opencpu.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "opencpu.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "opencpu.name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      containers:
+      {{- with .Values.opencpu }}
+      - name: {{ .name }}
+        image: "{{ .image.repository }}/{{ .image.name }}:{{ .image.tag }}"
+        imagePullPolicy: {{ .image.pullPolicy }}
+        ports:
+        - containerPort: {{ .service.port }}
+      {{- end }}
+
+

charts/molgenis-opencpu/templates/ingress.yaml

@@ -0,0 +1,36 @@
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: "{{ $.Release.Name }}-ingress"
+  labels:
+    app:  {{ $.Values.opencpu.name }}
+    chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}"
+    release: "{{ $.Release.Name }}"
+    heritage: "{{ $.Release.Service }}"
+  annotations:
+    {{- if .tls }}
+    ingress.kubernetes.io/secure-backends: "true"
+    {{- end }}
+    {{- range $key, $value := .annotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+spec:
+  rules:
+  - host: {{ .name }}
+    http:
+      paths:
+        - path: {{ default "/" .path }}
+          backend:
+            serviceName: {{ $.Values.opencpu.service.name }}
+            servicePort: {{ $.Values.opencpu.service.port }}
+{{- if .tls }}
+  tls:
+  - hosts:
+    - {{ .name }}
+    secretName: {{ .tlsSecret }}
+{{- end }}
+---
+{{- end }}
+{{- end }}

charts/molgenis-opencpu/templates/service.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.opencpu.service.name }}
+  labels:
+    app: {{ .Values.opencpu.service.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.opencpu.service.type }}
+  loadBalancerSourceRanges:
+  {{- range $index, $rule := .Values.opencpu.service.firewall }}
+    - {{ $rule }}
+  {{- end }}
+  ports:
+    - name: {{ .Values.opencpu.service.name }}
+      port: {{ .Values.opencpu.service.port }}
+  selector:
+    app: {{ template "opencpu.name" . }}
+    release: {{ .Release.Name }}

charts/molgenis-opencpu/values.yaml

@@ -0,0 +1,41 @@
+# Default values for nexus.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+environment: production
+
+opencpu:
+  name: opencpu
+  strategy:
+    type: Recreate
+  restartPolicy: Always
+  image:
+    repository: registry.hub.docker.com
+    name: molgenis/opencpu
+    tag: stable
+    pullPolicy: Always
+  service:
+    name: opencpu
+    type: LoadBalancer
+    port: 8004
+    firewall:
+    - 145.100.224.1/24
+
+ingress:
+  enabled: false
+  annotations: {
+    kubernetes.io/ingress.class: "nginx",
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+  }
+  path: /
+  hosts:
+  - name: opencpu.molgenis.org
+  tls: []
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

charts/molgenis-vault/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+appVersion: "1.0"
+description: MOLGENIS vault
+name: molgenis-vault
+version: 0.1.1
+sources:
+- https://github.com/molgenis/molgenis-ops-docker-helm.git
+icon: https://raw.githubusercontent.com/molgenis/molgenis-ops-docker-helm/master/charts/molgenis-vault/catalogIcon-molgenis-vault.svg
+home: https://github.com/coreos/vault-operator
+maintainers:
+- name: fdlk
+- name: sidohaakma

charts/molgenis-vault/values.yaml

@@ -70,10 +70,10 @@ ui:
     # limits:
     #  cpu: 100m
     #  memory: 128Mi
-    #requests:
+    # requests:
     #  cpu: 100m
     #  memory: 128Mi
   nodeSelector: {}
   vault:
     auth: GITHUB
-    url: https://vault.vault-operator:8200
+    url: https://vault.vault-operator:8200

charts/molgenis/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+appVersion: "1.0"
+description: MOLGENIS - helm stack (in BETA)
+name: molgenis
+version: 0.4.3
+sources:
+- https://github.com/molgenis/molgenis-ops-docker-helm.git
+icon: https://raw.githubusercontent.com/molgenis/molgenis-ops-docker-helm/master/charts/molgenis/catalogIcon-molgenis.svg
+home: http://molgenis.org
+maintainers:
+- name: sidohaakma
+- name: fdlk

charts/molgenis/README.md

@@ -5,6 +5,8 @@ This chart is used for acceptance and production use cases.
 This chart spins up a MOLGENIS instance with HTTPD. The created containers are:
 
 - MOLGENIS
+- ElasticSearch
+- PostgreSQL **(optional)**
 
 ## Provisioning
 You can choose from which registry you want to pull. There are 2 registries:
@@ -21,6 +23,19 @@ The three properties you need to specify are:
 Besides determining which image you want to pull, you also have to set an administrator password. You can do this by specifying the following property. 
 - ```molgenis.adminPassword```
 
+### Firewall
+Is defined at service level you can specify this attribute in the values:
+
+- ```molgenis.firewall.enabled``` default 'false' 
+
+If set to 'true' the following options are available. One of the options below has to be set.
+
+- ```molgenis.firewall.umcg.enabled``` default 'false'  
+- ```molgenis.firewall.cluster.enabled``` default 'false'
+
+UMCG = only available within the UMCG.
+Cluster = only available within the GCC cluster environment.
+
 ## Services
 When you start MOLGENIS you need:
 - an elasticsearch instance (5.5.6) 
@@ -82,15 +97,16 @@ Select the resources you need dependant on the customer you need to serve.
 ## Persistence
 You can enable persistence on your MOLGENIS stack by specifying the following property.
 
-- ```persistence.enabled```
+- ```persistence.enabled``` default 'true'
 
 You can also choose to retain the volume of the NFS.
-- ```persistence.retain```
+- ```persistence.retain``` default 'false'
 
 The size and claim name can be specified per service. There are now two services that can be persist.
 
 - MOLGENIS
 - ElasticSearch
+- PostgreSQL **(optional)**
 
 MOLGENIS persistent properties.
 - ```molgenis.persistence.claim```
@@ -100,6 +116,9 @@ ElasticSearch persistent properties.
 - ```elasticsearch.persistence.claim```
 - ```elasticsearch.persistence.size```
 
+PostgreSQL persistent properties.
+- ```postgres.persistence.claim```
+- ```postgres.persistence.size```
 
 ### Resolve you persistent volume
 You do not know which volume is attached to your MOLGENIS instance. You can resolve this by executing:
@@ -116,7 +135,4 @@ You can now view the persistent volume claims and the attached volumes.
 | pvc-3984723d-220f-14e8-a98a-skjhf88823kk | 30G | RWO | | Delete | Bound | molgenis-test/molgenis-nfs-claim | nfs-provisioner | | | 33d |
 
 You see the ```molgenis-test/molgenis-nfs-claim``` is bound to the volume: ```pvc-3984723d-220f-14e8-a98a-skjhf88823kk```.
-When you want to view the data in the this volume you can go to the nfs-provisioning pod and execute the shell. Go to the directory ```export``` and lookup the directory ```pvc-3984723d-220f-14e8-a98a-skjhf88823kk```. 
-
-## Firewall
-Is defined at cluster level. This chart does not facilitate firewall configuration.
+When you want to view the data in the this volume you can go to the nfs-provisioning pod and execute the shell. Go to the directory ```export``` and lookup the directory ```pvc-3984723d-220f-14e8-a98a-skjhf88823kk```. 

charts/molgenis/questions.yml

@@ -8,7 +8,7 @@ questions:
   description: "Hostname for your stack"
   type: hostname
   required: true
-  group: "Load Balancing"
+  group: "Load balancing"
 - variable: molgenis.image.repository
   label: Registry
   default: "registry.hub.docker.com"
@@ -33,6 +33,24 @@ questions:
   type: password
   required: true
   group: "Provisioning"
+- variable: service.firewall.enabled
+  label: Firewall enabled
+  default: false
+  description: "Firewall enabled (can be cluster or UMCG scoped)"
+  type: boolean
+  required: true
+  group: "Provisioning"
+  show_subquestion_if: true
+  subquestions:
+  - variable: service.firewall.kind
+    default: "umcg"
+    description: "Firewall kind. This can be 'umcg' or 'cluster' environment"
+    type: enum
+    required: true
+    options:
+    - umcg
+    - cluster
+    label: Firewall kind
 - variable: molgenis.services.opencpu.host
   label: OpenCPU cluster
   default: "localhost"
@@ -40,34 +58,43 @@ questions:
   type: string
   required: true
   group: "Services"
-- variable: molgenis.services.postgres.host
-  label: Postgres cluster location
-  default: "postgresql.molgenis-postgresql.svc"
-  description: "Set the location of the postgres cluster"
-  type: string
-  required: true
-  group: "Services"
-- variable: molgenis.services.postgres.scheme
-  label: Database scheme
-  default: "molgenis"
-  description: "Set the database scheme"
-  type: string
-  required: true
-  group: "Services"
-- variable: molgenis.services.postgres.user
-  label: Database username
-  default: "molgenis"
-  description: "Set user of the database scheme"
-  type: string
-  required: true
-  group: "Services"
-- variable: molgenis.services.postgres.password
-  label: Database password
-  default: "molgenis"
-  description: "Set the password of the database scheme"
-  type: string
+- variable: molgenis.services.postgres.embedded
+  label: Postgres embedded
+  default: false
+  description: "Do you want an embedded postgres"
+  type: boolean
   required: true
   group: "Services"
+  show_subquestion_if: false
+  subquestions:
+  - variable: molgenis.services.postgres.host
+    label: Postgres cluster location
+    default: ""
+    description: "Set the location of the postgres cluster. This can be localhost when the postgres is enabled else you need to specify a cluster location if you do not want a embedded postgres instance)"
+    type: string
+    required: true
+    group: "Services"
+  - variable: molgenis.services.postgres.scheme
+    label: Database scheme
+    default: "molgenis"
+    description: "Set the database scheme"
+    type: string
+    required: true
+    group: "Services"
+  - variable: molgenis.services.postgres.user
+    label: Database username
+    default: "molgenis"
+    description: "Set user of the database scheme"
+    type: string
+    required: true
+    group: "Services"
+  - variable: molgenis.services.postgres.password
+    label: Database password
+    default: "molgenis"
+    description: "Set the password of the database scheme"
+    type: string
+    required: true
+    group: "Services"
 - variable: molgenis.resources.limits.memory
   label: Container memory limit
   default: 1250Mi
@@ -98,7 +125,7 @@ questions:
   - "2g"
   group: "Resources"
 - variable: persistence.enabled
-  default: false
+  default: true
   description: "Do you want to use persistence"
   type: boolean
   required: true
@@ -112,20 +139,29 @@ questions:
     type: boolean
     label: Retain volume
   - variable: molgenis.persistence.size
-    default: "30Gi"
+    default: "5Gi"
     description: "Size of MOLGENIS filestore (PostgreSQL and ElasticSearch excluded)"
     type: enum
     options:
-    - "30Gi"
-    - "50Gi"
-    - "100Gi"
+    - "5Gi"
+    - "10Gi"
+    - "20Gi"
     label: Size MOLGENIS filestore
   - variable: elasticsearch.persistence.size
-    default: "50Gi"
+    default: "5Gi"
     description: "Size of ElasticSearch data (directory that is persist: /usr/share/elasticsearch/data)"
     type: enum
     options:
+    - "5Gi"
+    - "10Gi"
     - "50Gi"
-    - "100Gi"
-    - "200Gi"
-    label: Size for ElasticSearch data
+    label: Size for ElasticSearch data
+  - variable: postgres.persistence.size
+    default: "5Gi"
+    description: "Size of PostgreSQL data (directory that is persist: /var/lib/postgresql/data/pgdata)"
+    type: enum
+    options:
+    - "5Gi"
+    - "10Gi"
+    - "50Gi"
+    label: Size for PostgreSQL data

charts/molgenis/templates/deployment.yaml

@@ -17,6 +17,8 @@ spec:
     matchLabels:
       app: {{ template "molgenis.name" . }}
       release: {{ .Release.Name }}
+  strategy:
+    type: Recreate
   template:
     metadata:
       labels:
@@ -97,11 +99,33 @@ spec:
           - name: elasticsearch-nfs
             mountPath: /usr/share/elasticsearch/data
           {{- end }}
-
           resources:
 {{ toYaml .resources | indent 12 }}
         {{- end }}
 
+        - name: postgres
+        {{- with .Values.postgres }}
+          image: "{{ .image.repository }}:{{ .image.tag }}"
+          imagePullPolicy: {{ .image.pullPolicy }}
+          env:
+            - name: POSTGRES_USER
+              value: {{ $.Values.molgenis.services.postgres.user }}
+            - name: POSTGRES_PASSWORD
+              value: {{ $.Values.molgenis.services.postgres.password }}
+            - name: POSTGRES_DB
+              value: {{ $.Values.molgenis.services.postgres.scheme }}
+          ports:
+            - containerPort: 5432
+          resources:
+{{ toYaml .resources | indent 12 }}
+          {{- if $.Values.persistence.enabled }}
+          volumeMounts:
+          - name: postgres-nfs
+            mountPath: /var/lib/postgresql/data
+          {{- end }}
+        {{- end }}
+
+
 {{- if .Values.persistence.enabled }}
       volumes:
         - name: molgenis-nfs
@@ -110,6 +134,9 @@ spec:
         - name: elasticsearch-nfs
           persistentVolumeClaim:
             claimName: {{ .Values.elasticsearch.persistence.claim }}
+        - name: postgres-nfs
+          persistentVolumeClaim:
+            claimName: {{ .Values.postgres.persistence.claim }}
 {{- end }}
 
     {{- with .Values.nodeSelector }}

charts/molgenis/templates/ingress.yaml

@@ -4,7 +4,7 @@
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
-  name: {{ $fullName }}
+  name: "{{ $.Release.Name }}-ingress"
   labels:
     app: {{ template "molgenis.name" . }}
     chart: {{ template "molgenis.chart" . }}
@@ -33,6 +33,6 @@ spec:
           - path: {{ $ingressPath }}
             backend:
               serviceName: {{ $fullName }}
-              servicePort: 8080
+              servicePort: {{ $.Values.service.port }}
   {{- end }}
 {{- end }}

charts/molgenis/templates/persistence/postgresPVC.yaml

@@ -0,0 +1,21 @@
+{{- if .Values.molgenis.services.postgres.embedded }}
+{{- if .Values.persistence.enabled }}
+apiVersion: extensions/v1beta1
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ .Values.postgres.persistence.claim }}
+  annotations:
+    {{- if .Values.persistence.retain }}
+    volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain"
+    {{- else }}
+    volume.beta.kubernetes.io/storage-class: "nfs-provisioner"
+    {{- end }}
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .Values.postgres.persistence.size }}
+{{- end }}
+{{- end }}

charts/molgenis/templates/service.yaml

@@ -9,6 +9,18 @@ metadata:
     heritage: {{ .Release.Service }}
 spec:
   type: {{ .Values.service.type }}
+{{- if .Values.service.firewall.enabled }}
+  loadBalancerSourceRanges:
+{{- if .Values.service.firewall.kind eq "umcg" }}
+    {{- range $index, $rule := .Values.service.firewall.umcg.rules }}
+    - {{ $rule }}
+    {{- end }}
+{{- else }}
+    {{- range $index, $rule := .Values.service.firewall.cluster.rules }}
+    - {{ $rule }}
+    {{- end }}
+{{- end }}
+{{- end }}
   ports:
     - name: molgenis
       port: {{ .Values.service.port }}

charts/molgenis/values.yaml

@@ -4,6 +4,15 @@ replicaCount: 1
 
 service:
   type: LoadBalancer
+  firewall:
+    enabled: false
+    kind: "umcg"
+    umcg:
+      rules:
+      - 127.0.0.1/32
+    cluster:
+      rules:
+      - 127.0.0.1/32
   port: 8080
 
 ingress:
@@ -33,7 +42,7 @@ molgenis:
       memory: 1250Mi
   persistence:
     claim: molgenis-nfs-claim
-    size: 30Gi
+    size: 5Gi
   services:
     opencpu:
       host: localhost
@@ -41,6 +50,7 @@ molgenis:
       transportAddresses: localhost:9300
       clusterName: molgenis
     postgres:
+      embedded: false
       host: localhost
       scheme: molgenis
       user: molgenis
@@ -54,18 +64,34 @@ elasticsearch:
   javaOpts: "-Xms1g -Xmx1g"
   clusterName: molgenis
   resources:
-   limits:
-    cpu: 2
-    memory: 3Gi
-   requests:
-    cpu: 100m
-    memory: 1Gi
+    limits:
+      cpu: 2
+      memory: 3Gi
+    requests:
+      cpu: 100m
+      memory: 1Gi
   persistence:
     claim: elasticsearch-nfs-claim
-    size: 50Gi
+    size: 5Gi
+
+postgres:
+  image:
+    repository: postgres
+    tag: 9.6-alpine
+    pullPolicy: IfNotPresent
+  resources:
+    limits:
+      cpu: 1
+      memory: 250Mi
+    requests:
+      cpu: 100m
+      memory: 250Mi
+  persistence:
+    claim: postgres-nfs-claim
+    size: 5Gi
 
 persistence:
-  enabled: false
+  enabled: true
   retain: false
 
 nodeSelector: {

molgenis-httpd/Chart.yaml

@@ -1,8 +0,0 @@
-apiVersion: v1
-appVersion: "1.0"
-description: HTTPD for MOLGENIS
-name: molgenis-httpd
-version: 0.1.0
-sources:
-- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
-icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-httpd/catalogIcon-molgenis-httpd.svg

molgenis-jenkins/Chart.yaml

@@ -1,8 +0,0 @@
-name: molgenis-jenkins
-home: https://jenkins.io/
-version: 0.7.0
-appVersion: 2.121
-description: Molgenis installation for the jenkins chart.
-sources:
-- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
-icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-jenkins/catalogIcon-molgenis-jenkins.svg

molgenis-nexus/Chart.yaml

@@ -1,8 +0,0 @@
-apiVersion: v1
-appVersion: "1.0"
-description: Nexus stack for MOLGENIS
-name: molgenis-nexus
-version: 0.3.0
-sources:
-- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
-icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-nexus/catalogIcon-molgenis-nexus.svg

molgenis-nexus/README.md

@@ -1,28 +0,0 @@
-# MOLGENIS - NEXUS Helm Chart
-
-NEXUS repository for kubernetes to deploy on a kubernetes cluster with NFS-share
-
-## Chart Details
-
-This chart will deploy:
-
-- 1 NEXUS container
-- 1 MOLGENIS-httpd container ()to proxy the registry and docker to one domain)
-
-## Installing the Chart
-
-You can test in install the chart by executing:
-
-```helm lint .```
-
-To test if your helm chart-syntax is right and:
-
-```helm install . --dry-run --debug```
-
-To test if your hem chart works and:
-
-```helm install .```
-
-To deploy it on the cluster.
-
-

molgenis-nexus/templates/deployments/httpd-deployment.yaml

@@ -1,34 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  creationTimestamp: null
-  name: {{ .Values.httpd.name }}
-  labels:
-    app: {{ .Values.httpd.name }}
-    environment: {{ .Values.environment }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  strategy:
-    type: {{ .Values.httpd.strategy.type }}
-  selector:
-    matchLabels:
-      app: {{ .Values.httpd.selector }}
-  template:
-    metadata:
-      labels:
-        app: {{ .Values.httpd.name }}
-      creationTimestamp: null
-    spec:
-      restartPolicy: {{ .Values.httpd.restartPolicy }}
-      containers:
-      - name: {{ .Values.httpd.name }}
-        image: "{{ .Values.httpd.image.repository }}:{{ .Values.httpd.image.tag }}"
-        imagePullPolicy: {{ .Values.httpd.image.pullPolicy }}
-        env:
-        - name: PROXY_SERVICE
-          value: "{{ .Values.nexus.name }}:{{ .Values.nexus.port.ui }},{{ .Values.nexus.name }}:{{ .Values.nexus.port.docker }}:{{ .Values.nexus.path.dockerV2 }}"
-        - name: SERVER_NAME
-          value: {{ .Values.httpd.hostname }}
-        ports:
-        - containerPort: {{ .Values.httpd.port }}
-        resources: {}

molgenis-nexus/templates/services/httpd-service.yaml

@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Values.httpd.name }}
-  labels:
-    app: {{ .Values.httpd.name }}
-spec:
-  type: {{ .Values.httpd.service.type }}
-  ports:
-  - name: {{ .Values.httpd.name }}
-    port: {{ .Values.httpd.port }}
-  selector:
-    app: {{ .Values.httpd.selector }}

molgenis-nexus/templates/volumes/nexus-pv.yaml

@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: {{ .Values.persistence.name }}
-  labels:
-    name: nfs2
-spec:
-  storageClassName: {{ .Values.persistence.storageClass }}
-  capacity:
-    storage: {{ .Values.persistence.size }}
-  accessModes:
-    - {{ .Values.persistence.accessMode }}
-  persistentVolumeReclaimPolicy: {{ .Values.persistence.reclaimPolicy }}
-  nfs:
-    server: {{ .Values.persistence.server }}
-    path: {{ .Values.persistence.mountPath }}

molgenis-nexus/templates/volumes/nexus-pvc.yaml

@@ -1,11 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ .Values.persistence.name }}
-spec:
-  storageClassName: {{ .Values.persistence.storageClass }}
-  accessModes:
-    - {{ .Values.persistence.accessMode }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.size }}

molgenis-nexus/values.yaml

@@ -1,82 +0,0 @@
-# Default values for nexus.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-replicaCount: 1
-
-environment: production
-
-nexus:
-  name: nexus
-  strategy:
-    type: Recreate
-  selector: nexus
-  restartPolicy: Always
-  image:
-    repository: sonatype/nexus3
-    tag: latest
-    pullPolicy: Always
-  port:
-    docker: 5000
-    ui: 8081
-  path:
-    dockerV2: v2
-  service:
-    type: ClusterIP
-
-httpd:
-  name: httpd
-  hostname: registry.molgenis.org
-  strategy:
-    type: Recreate
-  selector: httpd
-  restartPolicy: Always
-  image:
-    repository: registry.webhosting.rug.nl/molgenis/httpd
-    tag: lts
-    pullPolicy: Always
-  port: 80
-  service:
-    type: LoadBalancer
-
-
-ingress:
-  enabled: true
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  path: /
-  hosts:
-  - name: registry.molgenis.org
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-persistence:
-  name: molgenis-nexus-data
-  storageClass: nfs-class
-  size: 30G
-  reclaimPolicy: Retain
-  server: 192.168.64.12
-  accessMode: ReadWriteMany
-  mountPath: /gcc/molgenis/nexus
-
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #  cpu: 100m
-  #  memory: 128Mi
-  # requests:
-  #  cpu: 100m
-  #  memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}

molgenis-preview/Chart.yaml

@@ -1,8 +0,0 @@
-apiVersion: v1
-appVersion: "1.0"
-description: MOLGENIS - helm stack for testing purposes
-name: molgenis-preview
-version: 0.2.0
-sources:
-- https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
-icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-preview/catalogIcon-molgenis.svg

molgenis-preview/README.md

@@ -1,16 +0,0 @@
-# MOLGENIS preview
-This chart is used for testing purposes. It can be used by data managers or developers to test MOLGENIS (e.g. integration testing).
-
-## Containers
-This chart spins up a complete stack to run MOLGENIS. The created containers are:
-
-- MOLGENIS
-- PostgreSQL
-- Elasticsearch
-- OpenCPU
-
-## Rancher
-You can spin up a test instance by navigating to https://rancher.molgenis.org:7777 and login with your LDAP-account.
-
-Go to the test-environment and click on "Launch". Search for MOLGENIS.
-

molgenis-preview/questions.yml

@@ -1,61 +0,0 @@
-
-categories:
-- MOLGENIS
-questions:
-- variable: ingress.hosts[0].name
-  default: "test.molgenis.org"
-  description: "Hostname for your stack"
-  type: hostname
-  required: true
-  group: "Services and Load Balancing"
-  label: Hostname
-- variable: molgenis.image.repository
-  default: "registry.hub.docker.com"
-  description: "Select a registry to pull from"
-  type: enum
-  options:
-  - "registry.hub.docker.com"
-  - "registry.molgenis.org"
-  required: true
-  group: "MOLGENIS - Version"
-  label: Registry
-- variable: molgenis.image.tag
-  default: "stable"
-  description: "Select a MOLGENIS version (check the registry.molgenis.org or hub.docker.com for other tags)"
-  type: string
-  required: true
-  group: "MOLGENIS - Version"
-  label: Version
-- variable: molgenis.resources.limits.cpu
-  default: 1
-  description: "CPU limit for this MOLGENIS instance"
-  type: enum
-  options:
-  - "1"
-  - "2"
-  - "3"
-  - "4"
-  required: true
-  group: "MOLGENIS - Resource limits"
-  label: CPU limit
-- variable: molgenis.resources.limits.memory
-  default: 1250Mi
-  description: "Memory limit for this MOLGENIS instance"
-  type: enum
-  options:
-  - "1250Mi"
-  - "1500Mi"
-  - "2000Mi"
-  - "2500Mi"
-  required: true
-  group: "MOLGENIS - Resource limits"
-  label: Memory limit
-- variable: molgenis.javaOpts
-  default: "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
-  description: "Java runtime options for the MOLGENIS instance"
-  type: enum
-  options:
-  - "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
-  - "-Xmx2g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
-  group: "MOLGENIS - Resource limits"
-  label: Java memory options