chore: add nodeSelectors to the charts

The default upgrade strategy would cause multiple instances of MOLGENIS to run on the same database.
Use Recreate strategy instead.

Fixes #75

README.md

@@ -104,6 +104,7 @@ This repository is serves also as a catalogue for Rancher. We have serveral apps
 - [Jenkins](molgenis-jenkins/README.md)
 - [NEXUS](molgenis-nexus/README.md)
 - [HTTPD](molgenis-httpd/README.md)
+- [MOLGENIS](molgenis/README.md)
 - [MOLGENIS preview](molgenis-preview/README.md)
 - [MOLGENIS vault](molgenis-vault/README.md)
 
@@ -122,6 +123,26 @@ You can you need to know to easily develop and deploy helm-charts
   
   Do it in the root of the project where the Chart.yaml is located
   It installs a release of a kubernetes stack. You also store this as an artifact in a kubernetes repository
+- ```helm package .```
+  
+  You can create a package which can be uploaded in the molgenis helm repository
+  
+- ```helm publish```
+  You still have to create an ```index.yaml``` for the chart. You can do this by executing this command: ```helm repo index #directory name of helm chart#```
+  
+  Then you can upload it by executing:
+  
+  - ```curl -v --user #username#:#password# --upload-file index.yaml  https://registry.molgenis.org/repository/helm/#chart name#/index.yml```
+  - ```curl -v --user #username#:#password# --upload-file #chart name#-#version#.tgz https://registry.molgenis.org/repository/helm/#chart name#/#chart name#-#version#.tgz```
+  
+  Now you have to add the repository locally to use in your ```requirements.yaml```.
+  
+  - ```helm repo add #repository name# https://registry.molgenis.org/repository/helm/molgenis```
+
+- ```helm dep build```
+  
+  You can build your dependencies (create a ```charts``` directory and install the chart in it) of the helm-chart. 
+
 - ```helm list```
   
   Lists all installed releases

molgenis-jenkins/Chart.yaml

@@ -1,6 +1,6 @@
 name: molgenis-jenkins
 home: https://jenkins.io/
-version: 0.7.0
+version: 0.7.1
 appVersion: 2.121
 description: Molgenis installation for the jenkins chart.
 sources:

molgenis-jenkins/requirements.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: jenkins
   repository: https://kubernetes-charts.storage.googleapis.com/
-  version: 0.16.4
+  version: 0.18.0
 digest: sha256:39f694515489598fa545c9a5a4f1347749e8f2a8d7fae6ccae3e2acae1564685
-generated: 2018-06-27T14:36:23.172954738+02:00
+generated: 2018-09-27T11:00:15.795416984+02:00

molgenis-jenkins/values.yaml

@@ -1,19 +1,21 @@
 jenkins:
   Master:
+    NodeSelector:
+      deployPod: "true"
     HostName: jenkins.molgenis.org
     ServiceType: ClusterIP
     InstallPlugins:
-      - kubernetes:1.12.0
+      - kubernetes:1.12.6
       - workflow-aggregator:2.5
-      - workflow-job:2.21
+      - workflow-job:2.25
       - credentials-binding:1.16
       - git:3.9.1
       - github-branch-source:2.3.6
-      - kubernetes-credentials-provider:0.9
+      - kubernetes-credentials-provider:0.10
-      - blueocean:1.6.2
+      - blueocean:1.8.3
       - github-oauth:0.29
       - gogs-webhook:1.0.14
-      - sauce-ondemand:1.176
+      - github-scm-trait-commit-skip:0.1.1
     Security:
       UseGitHub: false
       GitHub:
@@ -82,6 +84,18 @@ jenkins:
                   <strategyId>1</strategyId>
                   <trust class="org.jenkinsci.plugins.github_branch_source.ForkPullRequestDiscoveryTrait$TrustPermission"/>
                 </org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
+                <org.jenkinsci.plugins.scm__filter.GitHubCommitSkipTrait plugin="github-scm-trait-commit-skip@0.1.1"/>
+                <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
+                  <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
+                    <localBranch>**</localBranch>
+                  </extension>
+                </jenkins.plugins.git.traits.LocalBranchTrait>
+                <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
+                  <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
+                    <name>MOLGENIS Jenkins</name>
+                    <email>molgenis+ci@gmail.com</email>
+                  </extension>
+                </jenkins.plugins.git.traits.UserIdentityTrait>
               </traits>
             </org.jenkinsci.plugins.github__branch__source.GitHubSCMNavigator>
           </navigators>
@@ -131,6 +145,17 @@ jenkins:
                   <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
                   <traits>
                     <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                    <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
+                      <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
+                        <localBranch>**</localBranch>
+                      </extension>
+                    </jenkins.plugins.git.traits.LocalBranchTrait>
+                    <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
+                      <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
+                        <name>MOLGENIS Jenkins</name>
+                        <email>molgenis+ci@gmail.com</email>
+                      </extension>
+                    </jenkins.plugins.git.traits.UserIdentityTrait>
                   </traits>
                 </source>
                 <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@@ -184,6 +209,17 @@ jenkins:
                   <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
                   <traits>
                     <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                    <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
+                      <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
+                        <localBranch>**</localBranch>
+                      </extension>
+                    </jenkins.plugins.git.traits.LocalBranchTrait>
+                    <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
+                      <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
+                        <name>MOLGENIS Jenkins</name>
+                        <email>molgenis+ci@gmail.com</email>
+                      </extension>
+                    </jenkins.plugins.git.traits.UserIdentityTrait>
                   </traits>
                 </source>
                 <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@@ -237,6 +273,17 @@ jenkins:
                   <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
                   <traits>
                     <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                    <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
+                      <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
+                        <localBranch>**</localBranch>
+                      </extension>
+                    </jenkins.plugins.git.traits.LocalBranchTrait>
+                    <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
+                      <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
+                        <name>MOLGENIS Jenkins</name>
+                        <email>molgenis+ci@gmail.com</email>
+                      </extension>
+                    </jenkins.plugins.git.traits.UserIdentityTrait>
                   </traits>
                 </source>
                 <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@@ -290,6 +337,17 @@ jenkins:
                   <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
                   <traits>
                     <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                    <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
+                      <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
+                        <localBranch>**</localBranch>
+                      </extension>
+                    </jenkins.plugins.git.traits.LocalBranchTrait>
+                    <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
+                      <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
+                        <name>MOLGENIS Jenkins</name>
+                        <email>molgenis+ci@gmail.com</email>
+                      </extension>
+                    </jenkins.plugins.git.traits.UserIdentityTrait>
                   </traits>
                 </source>
                 <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@@ -343,6 +401,17 @@ jenkins:
                   <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
                   <traits>
                     <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
+                    <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
+                      <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
+                        <localBranch>**</localBranch>
+                      </extension>
+                    </jenkins.plugins.git.traits.LocalBranchTrait>
+                    <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
+                      <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
+                        <name>MOLGENIS Jenkins</name>
+                        <email>molgenis+ci@gmail.com</email>
+                      </extension>
+                    </jenkins.plugins.git.traits.UserIdentityTrait>
                   </traits>
                 </source>
                 <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@@ -422,7 +491,9 @@ jenkins:
           Command: cat
           WorkingDir: /home/jenkins
           TTY: true
-      NodeSelector: {}
+      NodeSelector: {
+        deployPod: "true"
+      }
     node:
       Label: node-carbon
       NodeUsageMode: EXCLUSIVE
@@ -452,7 +523,9 @@ jenkins:
               key: VAULT_ADDR
               secretName: molgenis-pipeline-vault-secret
               secretKey: addr
-      NodeSelector: {}
+      NodeSelector: {
+        deployPod: "true"
+      }
     molgenis-it:
       InheritFrom: molgenis
       Label: molgenis-it
@@ -514,7 +587,9 @@ jenkins:
             limits:
               cpu: "1"
               memory: "512Mi"
-      NodeSelector: {}
+      NodeSelector: {
+        deployPod: "true"
+      }
 
 #secret contains configuration for the kubernetes secrets that jenkins can access
 secret:

molgenis-nexus/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "1.0"
 description: Nexus stack for MOLGENIS
 name: molgenis-nexus
-version: 0.3.0
+version: 0.4.2
 sources:
 - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
 icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-nexus/catalogIcon-molgenis-nexus.svg

molgenis-nexus/README.md

@@ -6,8 +6,44 @@ NEXUS repository for kubernetes to deploy on a kubernetes cluster with NFS-share
 
 This chart will deploy:
 
+- 1 NEXUS-nfs initialization container
+
+  We need this container to avoid permission issues on the NEXUS docker
 - 1 NEXUS container
-- 1 MOLGENIS-httpd container ()to proxy the registry and docker to one domain)
+- 1 MOLGENIS-httpd container (to proxy the registry and docker to one domain)
+
+## Backup restore
+There are two steps in restoring the NEXUS.
+
+- Database
+- Blobstore
+
+### Restore the database
+Go to the commandline:
+
+```bash
+kubectl get pv
+```
+
+```bash
+| NAME | CAPACITY | ACCESS | MODES | RECLAIM | POLICY | STATUS | CLAIM | STORAGECLASS | REASON | AGE |
+| ---- | -------- | ------ | ----- | ------- | ------ | ------ | ----- | ------------ | ------ | --- |
+| pvc-45988f55-900f-11e8-a0b4-005056a51744 | 30G | RWX | | Retain | Bound | molgenis-nexus/molgenis-nfs-claim | nfs-provisioner-retain | | | 33d |
+| pvc-3984723d-220f-14e8-a98a-skjhf88823kk | 30G | RWO | | Delete | Bound | molgenis-test/molgenis-nfs-claim | nfs-provisioner | | | 33d |
+```
+
+The persistent volume is the one in the molgenis-nexus namespace. 
+
+Go to the NFS-provisioner to the path of the persistent volume:
+
+```bash
+ls -t --full-time | head -7 | xargs cp ../restore-from-backup/
+```
+
+### Restore the blobstore
+You can copy the directory ```blobs``` to the target persistent volume ```/ blobs```.
+
+You can now bring the NEXUS back up.
 
 ## Installing the Chart
 

molgenis-nexus/templates/deployments/httpd-deployment.yaml

@@ -1,34 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  creationTimestamp: null
-  name: {{ .Values.httpd.name }}
-  labels:
-    app: {{ .Values.httpd.name }}
-    environment: {{ .Values.environment }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  strategy:
-    type: {{ .Values.httpd.strategy.type }}
-  selector:
-    matchLabels:
-      app: {{ .Values.httpd.selector }}
-  template:
-    metadata:
-      labels:
-        app: {{ .Values.httpd.name }}
-      creationTimestamp: null
-    spec:
-      restartPolicy: {{ .Values.httpd.restartPolicy }}
-      containers:
-      - name: {{ .Values.httpd.name }}
-        image: "{{ .Values.httpd.image.repository }}:{{ .Values.httpd.image.tag }}"
-        imagePullPolicy: {{ .Values.httpd.image.pullPolicy }}
-        env:
-        - name: PROXY_SERVICE
-          value: "{{ .Values.nexus.name }}:{{ .Values.nexus.port.ui }},{{ .Values.nexus.name }}:{{ .Values.nexus.port.docker }}:{{ .Values.nexus.path.dockerV2 }}"
-        - name: SERVER_NAME
-          value: {{ .Values.httpd.hostname }}
-        ports:
-        - containerPort: {{ .Values.httpd.port }}
-        resources: {}

molgenis-nexus/templates/deployments/nexus-deployment.yaml

@@ -19,18 +19,14 @@ spec:
         app: {{ .Values.nexus.name }}
       creationTimestamp: null
     spec:
-      volumes:
-      - name: {{ .Values.persistence.name }}
-        persistentVolumeClaim:
-          claimName: {{ .Values.persistence.name }}
       restartPolicy: {{ .Values.nexus.restartPolicy }}
       initContainers:
-      - name: volume-mount-nexus
+      - name: nexus-nfs
         image: busybox
-        command: ["sh", "-c", "chown -R 200:200 {{ .Values.persistence.mountPath }}"]
+        command: ["sh", "-c", "chown -R 200:200 /nexus-data"]
         volumeMounts:
-        - name: {{ .Values.persistence.name }}
+        - name: molgenis-nexus-nfs
-          mountPath: "{{ .Values.persistence.mountPath }}"
+          mountPath: "/nexus-data"
       containers:
       - name: {{ .Values.nexus.name }}
         image: "{{ .Values.nexus.image.repository }}:{{ .Values.nexus.image.tag }}"
@@ -39,6 +35,31 @@ spec:
         - containerPort: {{ .Values.nexus.port.ui }}
         - containerPort: {{ .Values.nexus.port.docker }}
         volumeMounts:
-        - name: {{ .Values.persistence.name }}
+        - name: molgenis-nexus-nfs
-          mountPath: "/nexus-data"
+          mountPath: /nexus-data
+        livenessProbe:
+          httpGet:
+            path: /
+            port: {{ .Values.nexus.port.ui }}
+          initialDelaySeconds: 120
+          periodSeconds: 20
+          failureThreshold: 15
+          successThreshold: 1
+        readinessProbe:
+          httpGet:
+            path: /
+            port: {{ .Values.nexus.port.ui }}
+          initialDelaySeconds: 120
+          periodSeconds: 20
+          failureThreshold: 15
+          successThreshold: 1
 
+      volumes:
+        - name: molgenis-nexus-nfs
+          persistentVolumeClaim:
+            claimName: {{ .Values.persistence.claim }}
+
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}

molgenis-nexus/templates/deployments/nexusProxy-deployment.yaml

@@ -0,0 +1,55 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  creationTimestamp: null
+  name: {{ .Values.nexusProxy.name }}
+  labels:
+    app: {{ .Values.nexusProxy.name }}
+    environment: {{ .Values.environment }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  strategy:
+    type: {{ .Values.nexusProxy.strategy.type }}
+  selector:
+    matchLabels:
+      app: {{ .Values.nexusProxy.selector }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.nexusProxy.name }}
+      creationTimestamp: null
+    spec:
+      restartPolicy: {{ .Values.nexusProxy.restartPolicy }}
+      containers:
+      - name: {{ .Values.nexusProxy.name }}
+        image: "{{ .Values.nexusProxy.image.repository }}:{{ .Values.nexusProxy.image.tag }}"
+        imagePullPolicy: {{ .Values.nexusProxy.image.pullPolicy }}
+        env:
+        - name: PROXY_SERVICE
+          value: "{{ .Values.nexus.name }}:{{ .Values.nexus.port.ui }},{{ .Values.nexus.name }}:{{ .Values.nexus.port.docker }}:{{ .Values.nexus.path.dockerV2 }}"
+        - name: SERVER_NAME
+          value: {{ .Values.nexusProxy.hostname }}
+        ports:
+        - containerPort: {{ .Values.nexusProxy.port }}
+        resources: {}
+        livenessProbe:
+          httpGet:
+            path: /
+            port: {{ .Values.nexusProxy.port }}
+          initialDelaySeconds: 1500
+          periodSeconds: 20
+          failureThreshold: 5
+          successThreshold: 1
+        readinessProbe:
+          httpGet:
+            path: /
+            port: {{ .Values.nexusProxy.port }}
+          initialDelaySeconds: 150
+          periodSeconds: 20
+          failureThreshold: 15
+          successThreshold: 1
+
+    {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}

molgenis-nexus/templates/ingress.yaml

@@ -5,7 +5,7 @@ kind: Ingress
 metadata:
   name: "{{ $.Release.Name }}-ingress"
   labels:
-    app: httpd
+    app: {{ $.Values.nexusProxy.name }}
     chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}"
     release: "{{ $.Release.Name }}"
     heritage: "{{ $.Release.Service }}"
@@ -25,8 +25,8 @@ spec:
       paths:
         - path: {{ default "/" .path }}
           backend:
-            serviceName: httpd
+            serviceName: {{ $.Values.nexusProxy.name }}
-            servicePort: 80
+            servicePort: {{ $.Values.nexusProxy.port }}
 {{- if .tls }}
   tls:
   - hosts:

molgenis-nexus/templates/persistence/nexusPVC.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.persistence.enabled -}}
+apiVersion: extensions/v1beta1
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ .Values.persistence.claim }}
+  annotations:
+    volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain"
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size }}
+{{- end }}

molgenis-nexus/templates/services/httpd-service.yaml

@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ .Values.httpd.name }}
-  labels:
-    app: {{ .Values.httpd.name }}
-spec:
-  type: {{ .Values.httpd.service.type }}
-  ports:
-  - name: {{ .Values.httpd.name }}
-    port: {{ .Values.httpd.port }}
-  selector:
-    app: {{ .Values.httpd.selector }}

molgenis-nexus/templates/services/nexusProxy-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.nexusProxy.name }}
+  labels:
+    app: {{ .Values.nexusProxy.name }}
+spec:
+  type: {{ .Values.nexusProxy.service.type }}
+  ports:
+  - name: {{ .Values.nexusProxy.name }}
+    port: {{ .Values.nexusProxy.port }}
+  selector:
+    app: {{ .Values.nexusProxy.selector }}

molgenis-nexus/templates/volumes/nexus-pv.yaml

@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: {{ .Values.persistence.name }}
-  labels:
-    name: nfs2
-spec:
-  storageClassName: {{ .Values.persistence.storageClass }}
-  capacity:
-    storage: {{ .Values.persistence.size }}
-  accessModes:
-    - {{ .Values.persistence.accessMode }}
-  persistentVolumeReclaimPolicy: {{ .Values.persistence.reclaimPolicy }}
-  nfs:
-    server: {{ .Values.persistence.server }}
-    path: {{ .Values.persistence.mountPath }}

molgenis-nexus/templates/volumes/nexus-pvc.yaml

@@ -1,11 +0,0 @@
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ .Values.persistence.name }}
-spec:
-  storageClassName: {{ .Values.persistence.storageClass }}
-  accessModes:
-    - {{ .Values.persistence.accessMode }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.size }}

molgenis-nexus/values.yaml

@@ -13,7 +13,7 @@ nexus:
   selector: nexus
   restartPolicy: Always
   image:
-    repository: sonatype/nexus3
+    repository: molgenis/nexus3
     tag: latest
     pullPolicy: Always
   port:
@@ -24,16 +24,16 @@ nexus:
   service:
     type: ClusterIP
 
-httpd:
+nexusProxy:
-  name: httpd
+  name: nexus-proxy
   hostname: registry.molgenis.org
   strategy:
     type: Recreate
-  selector: httpd
+  selector: nexus-proxy
   restartPolicy: Always
   image:
-    repository: registry.webhosting.rug.nl/molgenis/httpd
+    repository: molgenis/httpd
-    tag: lts
+    tag: latest
     pullPolicy: Always
   port: 80
   service:
@@ -43,39 +43,22 @@ httpd:
 ingress:
   enabled: true
   annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
   path: /
   hosts:
   - name: registry.molgenis.org
   tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
 
 persistence:
-  name: molgenis-nexus-data
+  enabled: true
-  storageClass: nfs-class
+  claim: molgenis-nexus
-  size: 30G
+  size: 500Gi
-  reclaimPolicy: Retain
-  server: 192.168.64.12
-  accessMode: ReadWriteMany
-  mountPath: /gcc/molgenis/nexus
 
 
 resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #  cpu: 100m
-  #  memory: 128Mi
-  # requests:
-  #  cpu: 100m
-  #  memory: 128Mi
 
-nodeSelector: {}
+nodeSelector: {
+  deployPod: "true"
+}
 
 tolerations: []
 

molgenis-opencpu/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
 appVersion: "1.0"
-description: MOLGENIS - helm stack for testing purposes
+description: Opencpu stack for MOLGENIS
-name: molgenis-preview
+name: molgenis-opencpu
-version: 0.2.0
+version: 0.1.1
 sources:
 - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
-icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-preview/catalogIcon-molgenis.svg
+icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-opencpu/catalogIcon-molgenis-opencpu.svg

molgenis-opencpu/README.md

@@ -0,0 +1,38 @@
+# MOLGENIS - OpenCPU Helm Chart
+
+NEXUS repository for kubernetes to deploy on a kubernetes cluster with NFS-share
+
+## Containers
+
+This chart will deploy the following containers:
+
+- OpenCPU
+- MOLGENIS-httpd (to proxy the registry and docker to one domain)
+
+## Provisioning
+You can choose for the OpenCPU image from which repository you want to pull. Experimental builds are pushed to registry.molgenis.org and the stable builds to hub.docker.com. 
+You need to fill out 2 properties to determine which repository you are going to use.
+
+- ```opencpu.image.repository```
+- ```opencpu.image.tag```
+
+You can do this in the questions in Rancher or in the ```values.yaml```.
+
+
+
+## Development
+You can test in install the chart by executing:
+
+```helm lint .```
+
+To test if your helm chart-syntax is right and:
+
+```helm install . --dry-run --debug```
+
+To test if your hem chart works and:
+
+```helm install .```
+
+To deploy it on the cluster.
+
+

molgenis-opencpu/questions.yml

@@ -0,0 +1,28 @@
+
+categories:
+- MOLGENIS
+questions:
+- variable: ingress.enabled
+  label: Enable ingress
+  default: false
+  description: "Enable ingress"
+  type: boolean
+  required: true
+  group: "Load balancing"
+- variable: opencpu.image.repository
+  label: Registry
+  default: "registry.hub.docker.com"
+  description: "Select a registry to pull from"
+  type: enum
+  options:
+  - "registry.hub.docker.com"
+  - "registry.molgenis.org"
+  required: true
+  group: "Provisioning"
+- variable: opencpu.image.tag
+  label: Version
+  default: ""
+  description: "Select a OpenCPU version (check the registry.molgenis.org or hub.docker.com for released tags)"
+  type: string
+  required: true
+  group: "Provisioning"

molgenis-opencpu/templates/_helpers.tpl

@@ -2,7 +2,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "molgenis.name" -}}
+{{- define "opencpu.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
@@ -11,7 +11,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "molgenis.fullname" -}}
+{{- define "opencpu.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
@@ -27,6 +27,6 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "molgenis.chart" -}}
+{{- define "opencpu.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

molgenis-opencpu/templates/deployment.yaml

@@ -0,0 +1,37 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  {{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+  {{- end }}
+  name: {{ template "opencpu.fullname" . }}
+  labels:
+    app: {{ template "opencpu.name" . }}
+    chart: {{ template "opencpu.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "opencpu.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "opencpu.name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      containers:
+      {{- with .Values.opencpu }}
+      - name: {{ .name }}
+        image: "{{ .image.repository }}/{{ .image.name }}:{{ .image.tag }}"
+        imagePullPolicy: {{ .image.pullPolicy }}
+        ports:
+        - containerPort: {{ .service.port }}
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+      {{- end }}

molgenis-opencpu/templates/ingress.yaml

@@ -0,0 +1,36 @@
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: "{{ $.Release.Name }}-ingress"
+  labels:
+    app:  {{ $.Values.opencpu.name }}
+    chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}"
+    release: "{{ $.Release.Name }}"
+    heritage: "{{ $.Release.Service }}"
+  annotations:
+    {{- if .tls }}
+    ingress.kubernetes.io/secure-backends: "true"
+    {{- end }}
+    {{- range $key, $value := .annotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+spec:
+  rules:
+  - host: {{ .name }}
+    http:
+      paths:
+        - path: {{ default "/" .path }}
+          backend:
+            serviceName: {{ $.Values.opencpu.service.name }}
+            servicePort: {{ $.Values.opencpu.service.port }}
+{{- if .tls }}
+  tls:
+  - hosts:
+    - {{ .name }}
+    secretName: {{ .tlsSecret }}
+{{- end }}
+---
+{{- end }}
+{{- end }}

molgenis-opencpu/templates/service.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.opencpu.service.name }}
+  labels:
+    app: {{ .Values.opencpu.service.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.opencpu.service.type }}
+  loadBalancerSourceRanges:
+  {{- range $index, $rule := .Values.opencpu.service.firewall }}
+    - {{ $rule }}
+  {{- end }}
+  ports:
+    - name: {{ .Values.opencpu.service.name }}
+      port: {{ .Values.opencpu.service.port }}
+  selector:
+    app: {{ template "opencpu.name" . }}
+    release: {{ .Release.Name }}

molgenis-opencpu/values.yaml

@@ -0,0 +1,43 @@
+# Default values for nexus.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+environment: production
+
+opencpu:
+  name: opencpu
+  strategy:
+    type: Recreate
+  restartPolicy: Always
+  image:
+    repository: registry.hub.docker.com
+    name: molgenis/opencpu
+    tag: stable
+    pullPolicy: Always
+  service:
+    name: opencpu
+    type: LoadBalancer
+    port: 8004
+    firewall:
+    - 145.100.224.1/24
+
+ingress:
+  enabled: false
+  annotations: {
+    kubernetes.io/ingress.class: "nginx",
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+  }
+  path: /
+  hosts:
+  - name: opencpu.molgenis.org
+  tls: []
+
+nodeSelector: {
+  deployPod: "true"
+}
+
+tolerations: []
+
+affinity: {}

molgenis-preview/README.md

@@ -1,16 +0,0 @@
-# MOLGENIS preview
-This chart is used for testing purposes. It can be used by data managers or developers to test MOLGENIS (e.g. integration testing).
-
-## Containers
-This chart spins up a complete stack to run MOLGENIS. The created containers are:
-
-- MOLGENIS
-- PostgreSQL
-- Elasticsearch
-- OpenCPU
-
-## Rancher
-You can spin up a test instance by navigating to https://rancher.molgenis.org:7777 and login with your LDAP-account.
-
-Go to the test-environment and click on "Launch". Search for MOLGENIS.
-

molgenis-preview/questions.yml

@@ -1,61 +0,0 @@
-
-categories:
-- MOLGENIS
-questions:
-- variable: ingress.hosts[0].name
-  default: "test.molgenis.org"
-  description: "Hostname for your stack"
-  type: hostname
-  required: true
-  group: "Services and Load Balancing"
-  label: Hostname
-- variable: molgenis.image.repository
-  default: "registry.hub.docker.com"
-  description: "Select a registry to pull from"
-  type: enum
-  options:
-  - "registry.hub.docker.com"
-  - "registry.molgenis.org"
-  required: true
-  group: "MOLGENIS - Version"
-  label: Registry
-- variable: molgenis.image.tag
-  default: "stable"
-  description: "Select a MOLGENIS version (check the registry.molgenis.org or hub.docker.com for other tags)"
-  type: string
-  required: true
-  group: "MOLGENIS - Version"
-  label: Version
-- variable: molgenis.resources.limits.cpu
-  default: 1
-  description: "CPU limit for this MOLGENIS instance"
-  type: enum
-  options:
-  - "1"
-  - "2"
-  - "3"
-  - "4"
-  required: true
-  group: "MOLGENIS - Resource limits"
-  label: CPU limit
-- variable: molgenis.resources.limits.memory
-  default: 1250Mi
-  description: "Memory limit for this MOLGENIS instance"
-  type: enum
-  options:
-  - "1250Mi"
-  - "1500Mi"
-  - "2000Mi"
-  - "2500Mi"
-  required: true
-  group: "MOLGENIS - Resource limits"
-  label: Memory limit
-- variable: molgenis.javaOpts
-  default: "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
-  description: "Java runtime options for the MOLGENIS instance"
-  type: enum
-  options:
-  - "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
-  - "-Xmx2g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
-  group: "MOLGENIS - Resource limits"
-  label: Java memory options

molgenis-preview/templates/NOTES.txt

@@ -1,19 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "molgenis.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ template "molgenis.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "molgenis.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "molgenis.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:80
-{{- end }}

molgenis-preview/templates/deployment.yaml

@@ -1,124 +0,0 @@
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  {{- with .Values.ingress.annotations }}
-  annotations:
-{{ toYaml . | indent 4 }}
-  {{- end }}
-  name: {{ template "molgenis.fullname" . }}
-  labels:
-    app: {{ template "molgenis.name" . }}
-    chart: {{ template "molgenis.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      app: {{ template "molgenis.name" . }}
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ template "molgenis.name" . }}
-        release: {{ .Release.Name }}
-    spec:
-      containers:
-        - name: molgenis
-        {{- with .Values.molgenis }}
-          image: "{{ .image.repository }}/{{ .image.name }}:{{ .image.tag }}"
-          imagePullPolicy: {{ .image.pullPolicy }}
-          env:
-            - name: molgenis.home
-              value: /home/molgenis
-            - name: opencpu.uri.host
-              value: localhost
-            - name: elasticsearch.transport.addresses
-              value: localhost:9300
-            - name: elasticsearch.cluster.name
-              value: {{ $.Values.elasticsearch.clusterName }}
-            - name: db_uri
-              value: "jdbc:postgresql://localhost/{{ $.Values.postgres.db }}"
-            - name: db_user
-              value: {{ $.Values.postgres.user }}
-            - name: db_password
-              value: {{ $.Values.postgres.password }}
-            - name: admin.password
-              value: {{ .adminPassword }}
-            - name: CATALINA_OPTS
-              value: "{{ .javaOpts }}"
-          ports:
-            - containerPort: 8080
-#          livenessProbe:
-#            httpGet:
-#              path: /
-#              port: 8080
-#          readinessProbe:
-#            httpGet:
-#              path: /api/v2/version
-#              port: 8080
-          resources:
-{{ toYaml .resources | indent 12 }}
-        {{- end }}
-
-        - name: elasticsearch
-        {{- with .Values.elasticsearch }}
-          image: "{{ .image.repository }}:{{ .image.tag }}"
-          imagePullPolicy: {{ .image.pullPolicy }}
-          env:
-            - name: cluster.name
-              value: {{ .clusterName }}
-            - name: bootstrap.memory_lock
-              value: "true"
-            - name: ES_JAVA_OPTS
-              value: "{{ .javaOpts }}"
-            - name: xpack.security.enabled
-              value: "false"
-            - name: discovery.type
-              value: single-node
-          ports:
-            - containerPort: 9200
-            - containerPort: 9300
-          resources:
-{{ toYaml .resources | indent 12 }}
-        {{- end }}
-
-        - name: postgres
-        {{- with .Values.postgres }}
-          image: "{{ .image.repository }}:{{ .image.tag }}"
-          imagePullPolicy: {{ .image.pullPolicy }}
-          env:
-            - name: POSTGRES_USER
-              value: {{ .user }}
-            - name: POSTGRES_PASSWORD
-              value: {{ .password }}
-            - name: POSTGRES_DB
-              value: {{ .db }}
-          ports:
-            - containerPort: 5432
-          resources:
-{{ toYaml .resources | indent 12 }}
-        {{- end }}
-
-        - name: opencpu
-        {{- with .Values.opencpu }}
-          image: "{{ .image.repository }}:{{ .image.tag }}"
-          imagePullPolicy: {{ .image.pullPolicy }}
-          ports:
-            - containerPort: 8004
-          resources:
-{{ toYaml .resources | indent 12 }}
-        {{- end }}
-
-    {{- with .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.affinity }}
-      affinity:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.tolerations }}
-      tolerations:
-{{ toYaml . | indent 8 }}
-    {{- end }}

molgenis-preview/templates/ingress.yaml

@@ -1,38 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-{{- $fullName := include "molgenis.fullname" . -}}
-{{- $ingressPath := .Values.ingress.path -}}
-apiVersion: extensions/v1beta1
-kind: Ingress
-metadata:
-  name: {{ $fullName }}
-  labels:
-    app: {{ template "molgenis.name" . }}
-    chart: {{ template "molgenis.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-{{- with .Values.ingress.annotations }}
-  annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-spec:
-{{- if .Values.ingress.tls }}
-  tls:
-  {{- range .Values.ingress.tls }}
-    - hosts:
-      {{- range .hosts }}
-        - {{ . }}
-      {{- end }}
-      secretName: {{ .secretName }}
-  {{- end }}
-{{- end }}
-  rules:
-  {{- range .Values.ingress.hosts }}
-    - host: {{ .name }}
-      http:
-        paths:
-          - path: {{ $ingressPath }}
-            backend:
-              serviceName: {{ $fullName }}
-              servicePort: 8080
-  {{- end }}
-{{- end }}

molgenis-preview/templates/service.yaml

@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "molgenis.fullname" . }}
-  labels:
-    app: {{ template "molgenis.name" . }}
-    chart: {{ template "molgenis.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - name: molgenis
-      port: {{ .Values.service.port }}
-  selector:
-    app: {{ template "molgenis.name" . }}
-    release: {{ .Release.Name }}

molgenis-preview/values.yaml

@@ -1,82 +0,0 @@
-# Default values for molgenis.
-
-replicaCount: 1
-
-service:
-  type: LoadBalancer
-  port: 8080
-
-ingress:
-  enabled: true
-  annotations:
-    nginx.ingress.kubernetes.io/proxy-body-size: "0"
-  path: /
-  hosts:
-  - name: test.molgenis.org
-  tls: []
-
-molgenis:
-  image:
-    repository: registry.molgenis.org
-    name: molgenis/molgenis-app
-    tag: 7.0.0-SNAPSHOT
-    pullPolicy: Always
-  adminPassword: admin
-  javaOpts: "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
-  resources:
-   limits:
-    cpu: 1
-    memory: 1250Mi
-   requests:
-    cpu: 200m
-    memory: 1Gi
-
-postgres:
-  image:
-    repository: postgres
-    tag: 9.6-alpine
-    pullPolicy: IfNotPresent
-  user: molgenis
-  password: molgenis
-  db: molgenis
-  resources:
-   limits:
-    cpu: 1
-    memory: 250Mi
-   requests:
-    cpu: 100m
-    memory: 250Mi
-
-elasticsearch:
-  image:
-    repository: docker.elastic.co/elasticsearch/elasticsearch
-    tag: 5.5.3
-    pullPolicy: IfNotPresent
-  javaOpts: "-Xms512m -Xmx512m"
-  clusterName: molgenis
-  resources:
-   limits:
-    cpu: 1
-    memory: 1500Mi
-   requests:
-    cpu: 100m
-    memory: 1Gi
-
-opencpu:
-  image:
-    repository: molgenis/opencpu
-    tag: latest
-    pullPolicy: Always
-  resources:
-    limits:
-      cpu: 1
-      memory: 512Mi
-    requests:
-      cpu: 100m
-      memory: 256Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}

molgenis-vault/README.md

@@ -38,7 +38,7 @@ Parameter | Description | Default
 `ui.image.repository` | Vault UI container image repository | `djenriquez/vault-ui`
 `ui.image.tag` | Vault UI container image tag | `latest`
 `ui.resources` | Vault UI pod resource requests & limits | `{}`
-`ui.nodeSelector` | node labels for Vault UI pod assignment | `{}`
+`ui.nodeSelector` | node labels for Vault UI pod assignment | `{deployPod: "true"}`
 `ui.ingress.enabled` | If true, Vault UI Ingress will be created | `true`
 `ui.ingress.annotations` | Vault UI Ingress annotations | `{}`
 `ui.ingress.host` | Vault UI Ingress hostname | `vault.molgenis.org`

molgenis-vault/values.yaml

@@ -18,6 +18,10 @@ backupJob:
   # schedule gives the cron schedule for the backup job
   schedule: "0 12 * * 1"
 
+vault-operator:
+  nodeSelector:
+    deployPod: "true"
+
 ###
 # All of the config variables related to setting up the etcd-operator
 # If you want more information about the variables exposed, please visit:
@@ -44,6 +48,8 @@ etcd-operator:
   restoreOperator:
     image:
       tag: v0.9.2
+  nodeSelector:
+    deployPod: "true"
 
 ui:
   name: "vault-ui"
@@ -73,7 +79,8 @@ ui:
     #requests:
     #  cpu: 100m
     #  memory: 128Mi
-  nodeSelector: {}
+  nodeSelector:
+    deployPod: "true"
   vault:
     auth: GITHUB
     url: https://vault.vault-operator:8200

molgenis/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
 appVersion: "1.0"
 description: MOLGENIS - helm stack (in BETA)
-name: molgenis-beta
+name: molgenis
-version: 0.3.0
+version: 0.4.3
 sources:
 - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
 icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis/catalogIcon-molgenis.svg

molgenis/README.md

@@ -5,6 +5,8 @@ This chart is used for acceptance and production use cases.
 This chart spins up a MOLGENIS instance with HTTPD. The created containers are:
 
 - MOLGENIS
+- ElasticSearch
+- PostgreSQL **(optional)**
 
 ## Provisioning
 You can choose from which registry you want to pull. There are 2 registries:
@@ -21,6 +23,19 @@ The three properties you need to specify are:
 Besides determining which image you want to pull, you also have to set an administrator password. You can do this by specifying the following property. 
 - ```molgenis.adminPassword```
 
+### Firewall
+Is defined at service level you can specify this attribute in the values:
+
+- ```molgenis.firewall.enabled``` default 'false' 
+
+If set to 'true' the following options are available. One of the options below has to be set.
+
+- ```molgenis.firewall.umcg.enabled``` default 'false'  
+- ```molgenis.firewall.cluster.enabled``` default 'false'
+
+UMCG = only available within the UMCG.
+Cluster = only available within the GCC cluster environment.
+
 ## Services
 When you start MOLGENIS you need:
 - an elasticsearch instance (5.5.6) 
@@ -82,15 +97,16 @@ Select the resources you need dependant on the customer you need to serve.
 ## Persistence
 You can enable persistence on your MOLGENIS stack by specifying the following property.
 
-- ```persistence.enabled```
+- ```persistence.enabled``` default 'true'
 
 You can also choose to retain the volume of the NFS.
-- ```persistence.retain```
+- ```persistence.retain``` default 'false'
 
 The size and claim name can be specified per service. There are now two services that can be persist.
 
 - MOLGENIS
 - ElasticSearch
+- PostgreSQL **(optional)**
 
 MOLGENIS persistent properties.
 - ```molgenis.persistence.claim```
@@ -100,6 +116,9 @@ ElasticSearch persistent properties.
 - ```elasticsearch.persistence.claim```
 - ```elasticsearch.persistence.size```
 
+PostgreSQL persistent properties.
+- ```postgres.persistence.claim```
+- ```postgres.persistence.size```
 
 ### Resolve you persistent volume
 You do not know which volume is attached to your MOLGENIS instance. You can resolve this by executing:
@@ -116,7 +135,4 @@ You can now view the persistent volume claims and the attached volumes.
 | pvc-3984723d-220f-14e8-a98a-skjhf88823kk | 30G | RWO | | Delete | Bound | molgenis-test/molgenis-nfs-claim | nfs-provisioner | | | 33d |
 
 You see the ```molgenis-test/molgenis-nfs-claim``` is bound to the volume: ```pvc-3984723d-220f-14e8-a98a-skjhf88823kk```.
-When you want to view the data in the this volume you can go to the nfs-provisioning pod and execute the shell. Go to the directory ```export``` and lookup the directory ```pvc-3984723d-220f-14e8-a98a-skjhf88823kk```. 
+When you want to view the data in the this volume you can go to the nfs-provisioning pod and execute the shell. Go to the directory ```export``` and lookup the directory ```pvc-3984723d-220f-14e8-a98a-skjhf88823kk```. 
-
-## Firewall
-Is defined at cluster level. This chart does not facilitate firewall configuration.

molgenis/questions.yml

@@ -8,7 +8,7 @@ questions:
   description: "Hostname for your stack"
   type: hostname
   required: true
-  group: "Load Balancing"
+  group: "Load balancing"
 - variable: molgenis.image.repository
   label: Registry
   default: "registry.hub.docker.com"
@@ -33,6 +33,24 @@ questions:
   type: password
   required: true
   group: "Provisioning"
+- variable: service.firewall.enabled
+  label: Firewall enabled
+  default: false
+  description: "Firewall enabled (can be cluster or UMCG scoped)"
+  type: boolean
+  required: true
+  group: "Provisioning"
+  show_subquestion_if: true
+  subquestions:
+  - variable: service.firewall.kind
+    default: "umcg"
+    description: "Firewall kind. This can be 'umcg' or 'cluster' environment"
+    type: enum
+    required: true
+    options:
+    - umcg
+    - cluster
+    label: Firewall kind
 - variable: molgenis.services.opencpu.host
   label: OpenCPU cluster
   default: "localhost"
@@ -40,34 +58,43 @@ questions:
   type: string
   required: true
   group: "Services"
-- variable: molgenis.services.postgres.host
+- variable: molgenis.services.postgres.embedded
-  label: Postgres cluster location
+  label: Postgres embedded
-  default: "postgresql.molgenis-postgresql.svc"
+  default: false
-  description: "Set the location of the postgres cluster"
+  description: "Do you want an embedded postgres"
-  type: string
+  type: boolean
-  required: true
-  group: "Services"
-- variable: molgenis.services.postgres.scheme
-  label: Database scheme
-  default: "molgenis"
-  description: "Set the database scheme"
-  type: string
-  required: true
-  group: "Services"
-- variable: molgenis.services.postgres.user
-  label: Database username
-  default: "molgenis"
-  description: "Set user of the database scheme"
-  type: string
-  required: true
-  group: "Services"
-- variable: molgenis.services.postgres.password
-  label: Database password
-  default: "molgenis"
-  description: "Set the password of the database scheme"
-  type: string
   required: true
   group: "Services"
+  show_subquestion_if: false
+  subquestions:
+  - variable: molgenis.services.postgres.host
+    label: Postgres cluster location
+    default: ""
+    description: "Set the location of the postgres cluster. This can be localhost when the postgres is enabled else you need to specify a cluster location if you do not want a embedded postgres instance)"
+    type: string
+    required: true
+    group: "Services"
+  - variable: molgenis.services.postgres.scheme
+    label: Database scheme
+    default: "molgenis"
+    description: "Set the database scheme"
+    type: string
+    required: true
+    group: "Services"
+  - variable: molgenis.services.postgres.user
+    label: Database username
+    default: "molgenis"
+    description: "Set user of the database scheme"
+    type: string
+    required: true
+    group: "Services"
+  - variable: molgenis.services.postgres.password
+    label: Database password
+    default: "molgenis"
+    description: "Set the password of the database scheme"
+    type: string
+    required: true
+    group: "Services"
 - variable: molgenis.resources.limits.memory
   label: Container memory limit
   default: 1250Mi
@@ -98,7 +125,7 @@ questions:
   - "2g"
   group: "Resources"
 - variable: persistence.enabled
-  default: false
+  default: true
   description: "Do you want to use persistence"
   type: boolean
   required: true
@@ -112,20 +139,29 @@ questions:
     type: boolean
     label: Retain volume
   - variable: molgenis.persistence.size
-    default: "30Gi"
+    default: "5Gi"
     description: "Size of MOLGENIS filestore (PostgreSQL and ElasticSearch excluded)"
     type: enum
     options:
-    - "30Gi"
+    - "5Gi"
-    - "50Gi"
+    - "10Gi"
-    - "100Gi"
+    - "20Gi"
     label: Size MOLGENIS filestore
   - variable: elasticsearch.persistence.size
-    default: "50Gi"
+    default: "5Gi"
     description: "Size of ElasticSearch data (directory that is persist: /usr/share/elasticsearch/data)"
     type: enum
     options:
+    - "5Gi"
+    - "10Gi"
     - "50Gi"
-    - "100Gi"
+    label: Size for ElasticSearch data
-    - "200Gi"
+  - variable: postgres.persistence.size
-    label: Size for ElasticSearch data
+    default: "5Gi"
+    description: "Size of PostgreSQL data (directory that is persist: /var/lib/postgresql/data/pgdata)"
+    type: enum
+    options:
+    - "5Gi"
+    - "10Gi"
+    - "50Gi"
+    label: Size for PostgreSQL data

molgenis/templates/deployment.yaml

@@ -17,6 +17,8 @@ spec:
     matchLabels:
       app: {{ template "molgenis.name" . }}
       release: {{ .Release.Name }}
+  strategy:
+    type: Recreate
   template:
     metadata:
       labels:
@@ -97,11 +99,33 @@ spec:
           - name: elasticsearch-nfs
             mountPath: /usr/share/elasticsearch/data
           {{- end }}
-
           resources:
 {{ toYaml .resources | indent 12 }}
         {{- end }}
 
+        - name: postgres
+        {{- with .Values.postgres }}
+          image: "{{ .image.repository }}:{{ .image.tag }}"
+          imagePullPolicy: {{ .image.pullPolicy }}
+          env:
+            - name: POSTGRES_USER
+              value: {{ $.Values.molgenis.services.postgres.user }}
+            - name: POSTGRES_PASSWORD
+              value: {{ $.Values.molgenis.services.postgres.password }}
+            - name: POSTGRES_DB
+              value: {{ $.Values.molgenis.services.postgres.scheme }}
+          ports:
+            - containerPort: 5432
+          resources:
+{{ toYaml .resources | indent 12 }}
+          {{- if $.Values.persistence.enabled }}
+          volumeMounts:
+          - name: postgres-nfs
+            mountPath: /var/lib/postgresql/data
+          {{- end }}
+        {{- end }}
+
+
 {{- if .Values.persistence.enabled }}
       volumes:
         - name: molgenis-nfs
@@ -110,6 +134,9 @@ spec:
         - name: elasticsearch-nfs
           persistentVolumeClaim:
             claimName: {{ .Values.elasticsearch.persistence.claim }}
+        - name: postgres-nfs
+          persistentVolumeClaim:
+            claimName: {{ .Values.postgres.persistence.claim }}
 {{- end }}
 
     {{- with .Values.nodeSelector }}

molgenis/templates/ingress.yaml

@@ -4,7 +4,7 @@
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
-  name: {{ $fullName }}
+  name: "{{ $.Release.Name }}-ingress"
   labels:
     app: {{ template "molgenis.name" . }}
     chart: {{ template "molgenis.chart" . }}
@@ -33,6 +33,6 @@ spec:
           - path: {{ $ingressPath }}
             backend:
               serviceName: {{ $fullName }}
-              servicePort: 8080
+              servicePort: {{ $.Values.service.port }}
   {{- end }}
 {{- end }}

molgenis/templates/persistence/postgresPVC.yaml

@@ -0,0 +1,21 @@
+{{- if .Values.molgenis.services.postgres.embedded }}
+{{- if .Values.persistence.enabled }}
+apiVersion: extensions/v1beta1
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ .Values.postgres.persistence.claim }}
+  annotations:
+    {{- if .Values.persistence.retain }}
+    volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain"
+    {{- else }}
+    volume.beta.kubernetes.io/storage-class: "nfs-provisioner"
+    {{- end }}
+spec:
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: {{ .Values.postgres.persistence.size }}
+{{- end }}
+{{- end }}

molgenis/templates/service.yaml

@@ -9,6 +9,18 @@ metadata:
     heritage: {{ .Release.Service }}
 spec:
   type: {{ .Values.service.type }}
+{{- if .Values.service.firewall.enabled }}
+  loadBalancerSourceRanges:
+{{- if .Values.service.firewall.kind eq "umcg" }}
+    {{- range $index, $rule := .Values.service.firewall.umcg.rules }}
+    - {{ $rule }}
+    {{- end }}
+{{- else }}
+    {{- range $index, $rule := .Values.service.firewall.cluster.rules }}
+    - {{ $rule }}
+    {{- end }}
+{{- end }}
+{{- end }}
   ports:
     - name: molgenis
       port: {{ .Values.service.port }}

molgenis/values.yaml

@@ -4,6 +4,15 @@ replicaCount: 1
 
 service:
   type: LoadBalancer
+  firewall:
+    enabled: false
+    kind: "umcg"
+    umcg:
+      rules:
+      - 127.0.0.1/32
+    cluster:
+      rules:
+      - 127.0.0.1/32
   port: 8080
 
 ingress:
@@ -33,7 +42,7 @@ molgenis:
       memory: 1250Mi
   persistence:
     claim: molgenis-nfs-claim
-    size: 30Gi
+    size: 5Gi
   services:
     opencpu:
       host: localhost
@@ -41,6 +50,7 @@ molgenis:
       transportAddresses: localhost:9300
       clusterName: molgenis
     postgres:
+      embedded: false
       host: localhost
       scheme: molgenis
       user: molgenis
@@ -62,15 +72,30 @@ elasticsearch:
     memory: 1Gi
   persistence:
     claim: elasticsearch-nfs-claim
-    size: 50Gi
+    size: 5Gi
+
+postgres:
+  image:
+    repository: postgres
+    tag: 9.6-alpine
+    pullPolicy: IfNotPresent
+  resources:
+    limits:
+      cpu: 1
+      memory: 250Mi
+    requests:
+      cpu: 100m
+      memory: 250Mi
+  persistence:
+    claim: postgres-nfs-claim
+    size: 5Gi
 
 persistence:
-  enabled: false
+  enabled: true
   retain: false
 
-nodeSelector: {
+nodeSelector:
   deployPod: "true"
-}
 
 tolerations: []