chore: create indexed chart

2018-09-11 16:12:32 +02:00
61 changed files with 1816 additions and 964 deletions
--- a/README.md
+++ b/README.md
@@ -104,7 +104,6 @@ This repository is serves also as a catalogue for Rancher. We have serveral apps
 - [Jenkins](molgenis-jenkins/README.md)
 - [NEXUS](molgenis-nexus/README.md)
 - [HTTPD](molgenis-httpd/README.md)
 - [MOLGENIS](molgenis/README.md)
 - [MOLGENIS preview](molgenis-preview/README.md)
 - [MOLGENIS vault](molgenis-vault/README.md)
@@ -123,26 +122,6 @@ You can you need to know to easily develop and deploy helm-charts
  Do it in the root of the project where the Chart.yaml is located
  It installs a release of a kubernetes stack. You also store this as an artifact in a kubernetes repository
 - ```helm package .```
  You can create a package which can be uploaded in the molgenis helm repository
 - ```helm publish```
  You still have to create an ```index.yaml``` for the chart. You can do this by executing this command: ```helm repo index #directory name of helm chart#```
  Then you can upload it by executing:
  - ```curl -v --user #username#:#password# --upload-file index.yaml  https://registry.molgenis.org/repository/helm/#chart name#/index.yml```
  - ```curl -v --user #username#:#password# --upload-file #chart name#-#version#.tgz https://registry.molgenis.org/repository/helm/#chart name#/#chart name#-#version#.tgz```
  Now you have to add the repository locally to use in your ```requirements.yaml```.
  - ```helm repo add #repository name# https://registry.molgenis.org/repository/helm/molgenis```
 - ```helm dep build```
  You can build your dependencies (create a ```charts``` directory and install the chart in it) of the helm-chart. 
 - ```helm list```
  Lists all installed releases
--- a/charts/index.yaml
+++ b/charts/index.yaml
@@ -0,0 +1,16 @@
 apiVersion: v1
 entries:
  molgenis-preview:
  - apiVersion: v1
    appVersion: "1.0"
    created: 2018-09-11T16:11:49.165533266+02:00
    description: MOLGENIS - helm stack for testing purposes
    digest: e1174bd0d8a71bf4d23f5463521cf4dbcac39dc93f16cd842c92cda1a963f6b2
    icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-preview/catalogIcon-molgenis.svg
    name: molgenis-preview
    sources:
    - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
    urls:
    - molgenis-preview-0.2.0.tgz
    version: 0.2.0
 generated: 2018-09-11T16:11:49.158086031+02:00
--- a/charts/molgenis-preview-0.2.0.tgz
+++ b/charts/molgenis-preview-0.2.0.tgz
--- a/molgenis-jenkins/Chart.yaml
+++ b/molgenis-jenkins/Chart.yaml
@@ -1,6 +1,6 @@
 name: molgenis-jenkins
 home: https://jenkins.io/
-version: 0.8.0
+version: 0.7.0
 appVersion: 2.121
 description: Molgenis installation for the jenkins chart.
 sources:
--- a/molgenis-jenkins/README.md
+++ b/molgenis-jenkins/README.md
@@ -40,66 +40,57 @@ You can use [all configuration values of the jenkins subchart](https://github.co
 ### GitHub Authentication delegation
 You need to setup a MOLGENIS - Jenkins GitHub OAuth App. You can do this by accessing this url: [add new OAuth app](https://github.com/settings/applications/new).
-### Secrets
+### Additional configuration
 There is one additional group of configuration items specific for this chart, so not prefixed with `jenkins`:
-   When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins.
+* PipelineSecrets
   When deployed, the chart creates a couple of kubernetes secrets that get used by jenkins and mounted in the jenkins 
   build pods. The secrets, like the rest of the deployment, is namespaced so multiple instances can run beside
   each other with their own secrets.
   You can override the values at deploy time but otherwise also configure them 
   [in Rancher](https://rancher.molgenis.org:7443/p/c-mhkqb:project-2pf45/secrets) or through kubectl.
-#### Vault
+*  Vault
-The vault secret gets mounted in the vault pod so pipeline scripts can retrieve secrets from the vault.
+   New vault token to be used by the pods to retrieve their tokens from the vault.
   | Parameter                          | Description                                | Default                                        |
-| ------------------------- | ------------------------------------------ | ---------------------------------------------- |
+   | ---------------------------------- | ------------------------------------------ | ---------------------------------------------- |
-| `secret.vault.token`      | Token to log into the hashicorp vault      | `xxxx`                                         |
+   | `PipelineSecrets.Vault.Replace`    | Replace the molgenis-pipeline-vault secret | `true`                                         |
-| `secret.vault.addr`       | Address of the vault                       | `https:vault-operator.vault-operator.svc:8200` |
+   | `PipelineSecrets.Vault.Token`      | Token to log into the hashicorp vault      | `xxxx`                                         |
-| `secret.vault.skipVerify` | Skip verification of the https connection  | `1`                                            |
+   | `PipelineSecrets.Vault.Addr`       | Address of the vault                       | `https:vault-operator.vault-operator.svc:8200` |
   | `PipelineSecrets.Vault.SkipVerify` | Skip verification of the https connection  | `1`                                            |
-#### GitHub
+*  Env
-Token used by Jenkins to authenticate on GitHub.
+   Environment variables stored in molgenis-pipeline-env secret, to be added as environment variables
   in the slave pods.
   | Parameter                               | Description                               | Default         |
-| --------------------- | ------------------------ | ------------------ |
+   | --------------------------------------- | ----------------------------------------- | --------------- |
-| `secret.gitHub.user`  | username for the account | `molgenis-jenkins` |
+   | `PipelineSecrets.Env.Replace`           | Replace molgenis-pipeline-env secret      | `true`          |
-| `secret.gitHub.token` | token for the account    | `xxxx`             |
+   | `PipelineSecrets.Env.PGPPassphrase`     | passphrase for the pgp signing key        | `literal:xxxx`  |
   | `PipelineSecrets.Env.CodecovToken`      | token for codecov.io                      | `xxxx`          |
   | `PipelineSecrets.Env.GitHubToken`       | token for GH molgenis-jenkins user        | `xxxx`          |
   | `PipelineSecrets.Env.NexusPassword`     | token for molgenis-jenkins user in NEXUS  | `xxxx`          |
   | `PipelineSecrets.Env.DockerHubPassword` | token for molgenis user in hub.docker.com | `xxxx`          |
   | `PipelineSecrets.Env.SonarToken`        | token for sonarcloud.io                   | `xxxx`          |
   | `PipelineSecrets.Env.NpmToken`          | token for npmjs.org                       | `xxxx`          | 
   | `PipelineSecrets.Env.SauceAccessKey`    | token for saucelabs.com                   | `xxxx`          |
-#### Gogs
+* File
-Token used by Jenkins to authenticate on the [RuG Webhosting Gogs](https://git.webhosting.rug.nl).
+  Environment variables stored in molgenis-pipeline-file secret, to be mounted as files
  in the `/root/.m2` directory of the slave pods.
  > The settings.xml file references the 
  | Parameter                              | Description                           | Default                                                                         |
-| ------------------- | ------------------------ | --------- |
+  | -------------------------------------- | ------------------------------------- | ------------------------------------------------------------------------------- |
-| `secret.gogs.user`  | username for the account | `p281392` |
+  | `PipelineSecrets.File.Replace`         | Replace molgenis-pipeline-file secret | `true`                                                                          |
-| `secret.gogs.token` | token for the account    | `xxxx`    |
+  | `PipelineSecrets.File.PGPPrivateKeyAsc`| pgp signing key in ascii form         | `-----BEGIN PGP PRIVATE KEY BLOCK-----xxxxx-----END PGP PRIVATE KEY BLOCK-----` |
-
+  | `PipelineSecrets.File.MavenSettingsXML`| Maven settings.xml file               | `<settings>[...]</settings>` (see actual [values.yaml](values.yaml))            |
 #### Slack
 The Slack integration is done mostly in the Jenkinsfile of each project. It is sufficient to only add the plugin to the Jenkins configuration in Helm.
 #### Legacy:
 ##### Docker Hub
 Account used in pipeline builds to push docker images to `hub.docker.com`.
 > They should read `secret/gcc/account/dockerhub` from vault instead!
 | Parameter                   | Description              | Default         |
 | --------------------------- | ------------------------ | --------------- |
 | `secret.dockerHub.user`     | username for the account | `molgenisci`    |
 | `secret.dockerHub.password` | password for the account | `xxxx`          |
 ##### Registry
 Account used in pipeline builds to push docker images to `registry.molgenis.org`.
 > They should read `secret/ops/account/nexus` from vault instead!
 | Parameter                   | Description              | Default   |
 | --------------------------- | ------------------------ | --------- |
 | `secret.dockerHub.user`     | username for the account | `admin`   |
 | `secret.dockerHub.password` | password for the account | `xxxx`    |
 ## Command line use
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
--- a/molgenis-jenkins/charts/jenkins-0.16.4.tgz
+++ b/molgenis-jenkins/charts/jenkins-0.16.4.tgz
--- a/molgenis-jenkins/charts/jenkins-0.18.0.tgz
+++ b/molgenis-jenkins/charts/jenkins-0.18.0.tgz
--- a/molgenis-jenkins/requirements.lock
+++ b/molgenis-jenkins/requirements.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: jenkins
  repository: https://kubernetes-charts.storage.googleapis.com/
-  version: 0.18.0
+  version: 0.16.4
 digest: sha256:39f694515489598fa545c9a5a4f1347749e8f2a8d7fae6ccae3e2acae1564685
-generated: 2018-09-27T11:00:15.795416984+02:00
+generated: 2018-06-27T14:36:23.172954738+02:00
--- a/molgenis-jenkins/resources/README.md
+++ b/molgenis-jenkins/resources/README.md
@@ -1,8 +0,0 @@
 # Helm in Jenkins
 To be able to run helm inside a jenkins pod, you'll need to 
 * create a role in the namespace where tiller is installed
 * bind that role to the user that jenkins pods run as
 This directory contains yaml for these resources.
 See also https://github.com/helm/helm/blob/master/docs/rbac.md
--- a/molgenis-jenkins/resources/jenkins-default-tiller-user-rolebinding.yaml
+++ b/molgenis-jenkins/resources/jenkins-default-tiller-user-rolebinding.yaml
@@ -1,13 +0,0 @@
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
 metadata:
  name: tiller-jenkins-binding
  namespace: kube-system
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: tiller-user
 subjects:
 - kind: ServiceAccount
  name: default
  namespace: molgenis-jenkins
--- a/molgenis-jenkins/resources/tiller-user-role.yaml
+++ b/molgenis-jenkins/resources/tiller-user-role.yaml
@@ -1,18 +0,0 @@
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: Role
 metadata:
  name: tiller-user
  namespace: kube-system
 rules:
 - apiGroups:
  - ""
  resources:
  - pods/portforward
  verbs:
  - create
 - apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - list
--- a/molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-jenkins-dockerhub-secret.yaml
@@ -8,9 +8,9 @@ metadata:
    "jenkins.io/credentials-type": "usernamePassword"
  annotations: {
 # description - can not be a label as spaces are not allowed
-    "jenkins.io/credentials-description" : "(deprecated by vault) Account used in pipeline builds to push docker images to Docker Hub (hub.docker.com)"
+    "jenkins.io/credentials-description" : "user to authenticate against Docker Hub (hub.docker.com)"
  }
 type: Opaque
 data:
-  username: {{ .Values.secret.registry.user | b64enc | quote }}
+  username: {{ "molgenisci" | b64enc | quote }}
-  password: {{ .Values.secret.registry.password | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.DockerHubPassword | b64enc | quote }}
--- a/molgenis-jenkins/templates/molgenis-jenkins-github-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-jenkins-github-secret.yaml
@@ -8,9 +8,9 @@ metadata:
    "jenkins.io/credentials-type": "usernamePassword"
  annotations: {
 # description - can not be a label as spaces are not allowed
-    "jenkins.io/credentials-description" : "Oauth token for the {{.Values.secret.gitHub.user}} GitHub user"
+    "jenkins.io/credentials-description" : "oauth token for the molgenis-jenkins github user"
  }
 type: Opaque
 data:
-  username: {{ .Values.secret.gitHub.user | b64enc | quote }}
+  username: {{ "molgenis-jenkins" | b64enc | quote }}
-  password: {{ .Values.secret.gitHub.token | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.GitHubToken | b64enc | quote }}
--- a/molgenis-jenkins/templates/molgenis-jenkins-gogs-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-jenkins-gogs-secret.yaml
@@ -8,9 +8,9 @@ metadata:
    "jenkins.io/credentials-type": "usernamePassword"
  annotations: {
 # description - can not be a label as spaces are not allowed
-    "jenkins.io/credentials-description" : "Account used to authenticate against RuG Webhosting Gogs."
+    "jenkins.io/credentials-description" : "user to authenticate against GOGS (git.webhosting.rug.nl)"
  }
 type: Opaque
 data:
-  username: {{ .Values.secret.gogs.user | b64enc | quote }}
+  username: {{ "p281392" | b64enc | quote }}
-  password: {{ .Values.secret.gogs.token | b64enc | quote }}
+  password: {{ .Values.PipelineSecrets.Env.GogsToken | b64enc | quote }}
--- a/molgenis-jenkins/templates/molgenis-jenkins-nexus-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-jenkins-nexus-secret.yaml
@@ -0,0 +1,16 @@
 apiVersion: v1
 kind: Secret
 metadata:
 # this is the jenkins id.
  name: "molgenis-jenkins-nexus-secret"
  labels:
 # so we know what type it is.
    "jenkins.io/credentials-type": "usernamePassword"
  annotations: {
 # description - can not be a label as spaces are not allowed
    "jenkins.io/credentials-description" : "user to authenticate against NEXUS"
  }
 type: Opaque
 data:
  username: {{ "admin" | b64enc | quote }}
  password: {{ .Values.PipelineSecrets.Env.NexusPassword | b64enc | quote }}
--- a/molgenis-jenkins/templates/molgenis-jenkins-registry-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-jenkins-registry-secret.yaml
@@ -1,17 +0,0 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: molgenis-jenkins-registry-secret
  labels:
    app: {{ template "jenkins.fullname" . }}
    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    release: "{{ .Release.Name }}"
    heritage: "{{ .Release.Service }}"
  annotations: {
 # description - can not be a label as spaces are not allowed
    "jenkins.io/credentials-description" : "(deprecated by vault) Account used in pipeline builds to push docker images to registry.molgenis.org."
  }
 type: Opaque
 data:
  username: {{ .Values.secret.registry.user | b64enc | quote }}
  password: {{ .Values.secret.registry.password | b64enc | quote }}
--- a/molgenis-jenkins/templates/molgenis-jenkins-saucelabs-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-jenkins-saucelabs-secret.yaml
@@ -0,0 +1,16 @@
 apiVersion: v1
 kind: Secret
 metadata:
 # this is the jenkins id.
  name: "molgenis-jenkins-saucelabs-secret"
  labels:
 # so we know what type it is.
    "jenkins.io/credentials-type": "usernamePassword"
  annotations: {
 # description - can not be a label as spaces are not allowed
    "jenkins.io/credentials-description" : "user to authenticate against Saucelabs (saucelabs.com)"
  }
 type: Opaque
 data:
  username: {{ "molgenis-jenkins" | b64enc | quote }}
  password: {{ .Values.PipelineSecrets.Env.SauceAccessKey | b64enc | quote }}
--- a/molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-pipeline-env-secret.yaml
@@ -0,0 +1,18 @@
 {{- if .Values.PipelineSecrets.Env.Replace }}
 apiVersion: v1
 kind: Secret
 metadata:
  name: molgenis-pipeline-env-secret
  labels:
    app: {{ template "jenkins.fullname" . }}
    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    release: "{{ .Release.Name }}"
    heritage: "{{ .Release.Service }}"
 type: Opaque
 data:
  pgpPassphrase: {{ .Values.PipelineSecrets.Env.PGPPassphrase | b64enc | quote }}
  codecovToken: {{ .Values.PipelineSecrets.Env.CodecovToken | b64enc | quote }}
  githubToken: {{ .Values.PipelineSecrets.Env.GitHubToken | b64enc | quote }}
  sonarToken: {{ .Values.PipelineSecrets.Env.SonarToken | b64enc | quote }}
  npmToken: {{ .Values.PipelineSecrets.Env.NpmToken | b64enc | quote }}
 {{- end }}
--- a/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-pipeline-file-secret.yaml
@@ -0,0 +1,15 @@
 {{- if .Values.PipelineSecrets.File.Replace }}
 apiVersion: v1
 kind: Secret
 metadata:
  name: molgenis-pipeline-file-secret
  labels:
    app: {{ template "jenkins.fullname" . }}
    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    release: "{{ .Release.Name }}"
    heritage: "{{ .Release.Service }}"
 type: Opaque
 data:
  key.asc: {{ .Values.PipelineSecrets.File.PGPPrivateKeyAsc | b64enc | quote }}
  settings.xml: {{ .Values.PipelineSecrets.File.MavenSettingsXML | b64enc | quote }}
 {{- end }}
--- a/molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml
+++ b/molgenis-jenkins/templates/molgenis-pipeline-vault-secret.yaml
@@ -1,3 +1,4 @@
 {{- if .Values.PipelineSecrets.Vault.Replace }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -9,6 +10,7 @@ metadata:
    heritage: "{{ .Release.Service }}"
 type: Opaque
 data:
-  token: {{ .Values.secret.vault.token | b64enc | quote }}
+  token: {{ .Values.PipelineSecrets.Vault.Token | b64enc | quote }}
-  addr: {{ .Values.secret.vault.addr | b64enc | quote }}
+  addr: {{ .Values.PipelineSecrets.Vault.Addr | b64enc | quote }}
-  skipVerify: {{ .Values.secret.vault.skipVerify | b64enc | quote }}
+  skipVerify: {{ .Values.PipelineSecrets.Vault.SkipVerify | b64enc | quote }}
 {{- end }}
--- a/molgenis-jenkins/values.yaml
+++ b/molgenis-jenkins/values.yaml
@@ -3,18 +3,17 @@ jenkins:
    HostName: jenkins.molgenis.org
    ServiceType: ClusterIP
    InstallPlugins:
-      - kubernetes:1.12.6
+      - kubernetes:1.12.0
      - workflow-aggregator:2.5
-      - workflow-job:2.25
+      - workflow-job:2.21
      - credentials-binding:1.16
      - git:3.9.1
      - github-branch-source:2.3.6
-      - kubernetes-credentials-provider:0.10
+      - kubernetes-credentials-provider:0.9
-      - blueocean:1.8.3
+      - blueocean:1.6.2
      - github-oauth:0.29
      - gogs-webhook:1.0.14
-      - github-scm-trait-commit-skip:0.1.1
+      - sauce-ondemand:1.176
      - slack:2.3
    Security:
      UseGitHub: false
      GitHub:
@@ -83,18 +82,6 @@ jenkins:
                  <strategyId>1</strategyId>
                  <trust class="org.jenkinsci.plugins.github_branch_source.ForkPullRequestDiscoveryTrait$TrustPermission"/>
                </org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
                <org.jenkinsci.plugins.scm__filter.GitHubCommitSkipTrait plugin="github-scm-trait-commit-skip@0.1.1"/>
                <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
                  <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
                    <localBranch>**</localBranch>
                  </extension>
                </jenkins.plugins.git.traits.LocalBranchTrait>
                <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
                  <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
                    <name>MOLGENIS Jenkins</name>
                    <email>molgenis+ci@gmail.com</email>
                  </extension>
                </jenkins.plugins.git.traits.UserIdentityTrait>
              </traits>
            </org.jenkinsci.plugins.github__branch__source.GitHubSCMNavigator>
          </navigators>
@@ -144,17 +131,6 @@ jenkins:
                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
                  <traits>
                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
                    <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
                      <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
                        <localBranch>**</localBranch>
                      </extension>
                    </jenkins.plugins.git.traits.LocalBranchTrait>
                    <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
                      <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
                        <name>MOLGENIS Jenkins</name>
                        <email>molgenis+ci@gmail.com</email>
                      </extension>
                    </jenkins.plugins.git.traits.UserIdentityTrait>
                  </traits>
                </source>
                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@@ -208,17 +184,6 @@ jenkins:
                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
                  <traits>
                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
                    <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
                      <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
                        <localBranch>**</localBranch>
                      </extension>
                    </jenkins.plugins.git.traits.LocalBranchTrait>
                    <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
                      <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
                        <name>MOLGENIS Jenkins</name>
                        <email>molgenis+ci@gmail.com</email>
                      </extension>
                    </jenkins.plugins.git.traits.UserIdentityTrait>
                  </traits>
                </source>
                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@@ -272,17 +237,6 @@ jenkins:
                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
                  <traits>
                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
                    <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
                      <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
                        <localBranch>**</localBranch>
                      </extension>
                    </jenkins.plugins.git.traits.LocalBranchTrait>
                    <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
                      <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
                        <name>MOLGENIS Jenkins</name>
                        <email>molgenis+ci@gmail.com</email>
                      </extension>
                    </jenkins.plugins.git.traits.UserIdentityTrait>
                  </traits>
                </source>
                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@@ -336,17 +290,6 @@ jenkins:
                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
                  <traits>
                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
                    <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
                      <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
                        <localBranch>**</localBranch>
                      </extension>
                    </jenkins.plugins.git.traits.LocalBranchTrait>
                    <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
                      <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
                        <name>MOLGENIS Jenkins</name>
                        <email>molgenis+ci@gmail.com</email>
                      </extension>
                    </jenkins.plugins.git.traits.UserIdentityTrait>
                  </traits>
                </source>
                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@@ -400,17 +343,6 @@ jenkins:
                  <credentialsId>molgenis-jenkins-gogs-secret</credentialsId>
                  <traits>
                    <jenkins.plugins.git.traits.BranchDiscoveryTrait/>
                    <jenkins.plugins.git.traits.LocalBranchTrait plugin="git@3.9.1">
                      <extension class="hudson.plugins.git.extensions.impl.LocalBranch">
                        <localBranch>**</localBranch>
                      </extension>
                    </jenkins.plugins.git.traits.LocalBranchTrait>
                    <jenkins.plugins.git.traits.UserIdentityTrait plugin="git@3.9.1">
                      <extension class="hudson.plugins.git.extensions.impl.UserIdentity">
                        <name>MOLGENIS Jenkins</name>
                        <email>molgenis+ci@gmail.com</email>
                      </extension>
                    </jenkins.plugins.git.traits.UserIdentityTrait>
                  </traits>
                </source>
                <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
@@ -436,8 +368,8 @@ jenkins:
    install: true
  Pods:
    molgenis:
-      Label: molgenis
+      Label: molgenisv2
-      NodeUsageMode: NORMAL
+      NodeUsageMode: EXCLUSIVE
      volumes:
        - type: HostPath
          hostPath: "/var/run/docker.sock"
@@ -484,12 +416,39 @@ jenkins:
              key: VAULT_ADDR
              secretName: molgenis-pipeline-vault-secret
              secretKey: addr
-        helm:
+      NodeSelector: {}
-          Image: "lachlanevenson/k8s-helm"
+    molgenis-legacy:
-          ImageTag: "v2.10.0"
+      InheritFrom: molgenis
-          Command: cat
+      Label: molgenis
-          WorkingDir: /home/jenkins
+      NodeUsageMode: NORMAL
-          TTY: true
+      volumes:
        - type: Secret
          secretName: molgenis-pipeline-file-secret
          mountPath: "/home/jenkins/.m2"
      Containers:
      EnvVars:
        - type: Secret
          key: PGP_PASSPHRASE
          secretName: molgenis-pipeline-env-secret
          secretKey: pgpPassphrase
        - type: KeyValue
          key: PGP_SECRETKEY
          value: "keyfile:/home.jenkins/.m2/key.asc"
        - type: KeyValue
          key: npm_config_registry
          value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
        - type: Secret
          key: SONAR_TOKEN
          secretName: molgenis-pipeline-env-secret
          secretKey: sonarToken
        - type: Secret
          key: CODECOV_TOKEN
          secretName: molgenis-pipeline-env-secret
          secretKey: codecovToken
        - type: Secret
          key: GITHUB_TOKEN
          secretName: molgenis-pipeline-env-secret
          secretKey: githubToken
      NodeSelector: {}
    node:
      Label: node-carbon
@@ -502,24 +461,22 @@ jenkins:
          Command: cat
          WorkingDir: /home/jenkins
          TTY: true
        vault:
          Image: "vault"
          Command: cat
          WorkingDir: /home/jenkins
          TTY: true
      EnvVars:
        - type: KeyValue
          key: npm_config_registry
          value: "http://nexus.molgenis-nexus:8081/repository/npm-central/"
        - type: Secret
-              key: VAULT_TOKEN
+          key: CODECOV_TOKEN
-              secretName: molgenis-pipeline-vault-secret
+          secretName: molgenis-pipeline-env-secret
-              secretKey: token
+          secretKey: codecovToken
        - type: Secret
-              key: VAULT_SKIP_VERIFY
+          key: GITHUB_TOKEN
-              secretName: molgenis-pipeline-vault-secret
+          secretName: molgenis-pipeline-env-secret
-              secretKey: skipVerify
+          secretKey: githubToken
        - type: Secret
-              key: VAULT_ADDR
+          key: NPM_TOKEN
-              secretName: molgenis-pipeline-vault-secret
+          secretName: molgenis-pipeline-env-secret
-              secretKey: addr
+          secretKey: npmToken
      NodeSelector: {}
    molgenis-it:
      InheritFrom: molgenis
@@ -583,27 +540,76 @@ jenkins:
              cpu: "1"
              memory: "512Mi"
      NodeSelector: {}
-
+PipelineSecrets:
-#secret contains configuration for the kubernetes secrets that jenkins can access
+  Vault:
-secret:
+    Replace: true
-  # vault configures the vault secret
+    Token: xxxx
-  vault:
+    Addr: "https://vault-operator.vault-operator.svc:8200"
-    token: xxxx
+    SkipVerify: 1
-    addr: "https://vault-operator.vault-operator.svc:8200"
+  Env:
-    skipVerify: "1"
+    # Set to false to keep existing secret
-  # githubToken contains access token for jenkins bot account on github.com
+    Replace: true
-  gitHub:
+    # Passphrase for the pgp private key file, prefixed with literal:
-    user: "molgenis-jenkins"
+    PGPPassphrase: literal:xxxx
-    token: xxxx
+    # Token for codecov.io service
-  # gogs contains access token for jenkins bot account on RuG GoGs
+    CodecovToken: xxxx
-  gogs:
+    # Token for github bot account
-    user: p281392
+    GitHubToken: xxxx
-    token: xxxx
+    # Token for github bot account
-  # registry contains credentials for registry.molgenis.org
+    GogsToken: xxxx
-  registry:
+    # Token for sonarcloud.io
-    user: admin
+    SonarToken: xxxx
-    password: xxxx
+    # Token for npmjs.org
-  # dockerHubPassword contains password for hub.docker.com
+    NpmToken: xxxx
-  dockerHub:
+    # Password Local NEXUS
-    user: molgenisci
+    NexusPassword: xxxx
-    password: xxxx
+    # Password hub.docker.com
    DockerHubPassword: xxxx
    # Access key for saucelabs.com
    SauceAccessKey: xxxx
  File:
    # Set to false to keep existing secret
    Replace: true
    # PGP Private key in ascii format used to sign artifacts
    PGPPrivateKeyAsc: |-
      -----BEGIN PGP PRIVATE KEY BLOCK-----
      xxxxx
      -----END PGP PRIVATE KEY BLOCK-----
    # maven.settings file
    MavenSettingsXML: |-
      <settings>
        <localRepository>${user.home}/.mvnrepository</localRepository>
        <interactiveMode>false</interactiveMode>
        <mirrors>
          <mirror>
            <id>nexus</id>
            <mirrorOf>external:*</mirrorOf>
            <url>http://nexus.molgenis-nexus:8081/repository/maven-central/</url>
          </mirror>
        </mirrors>
        <servers>
          <!-- for snapshot builds of the master -->
          <server>
            <id>sonatype-nexus-staging</id>
            <username>molgenis</username>
            <password>xxxx</password>
          </server>
          <server>
            <id>local-nexus</id>
            <url>http://nexus.molgenis-nexus:8081/repository/maven-snapshots/</url>
            <username>admin</username>
            <password>xxxxx</password>
          </server>
          <!-- for docker images-->
          <server>
            <id>registry.molgenis.org</id>
            <username>admin</username>
            <password>xxxx</password>
          </server>
          <server>
            <id>registry.hub.docker.com</id>
            <username>molgenisci</username>
            <password>xxxx</password>
          </server>
        </servers>
      </settings>
--- a/molgenis-nexus/Chart.yaml
+++ b/molgenis-nexus/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "1.0"
 description: Nexus stack for MOLGENIS
 name: molgenis-nexus
-version: 0.4.2
+version: 0.3.0
 sources:
 - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
 icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-nexus/catalogIcon-molgenis-nexus.svg
--- a/molgenis-nexus/README.md
+++ b/molgenis-nexus/README.md
@@ -6,44 +6,8 @@ NEXUS repository for kubernetes to deploy on a kubernetes cluster with NFS-share
 This chart will deploy:
 - 1 NEXUS-nfs initialization container
  We need this container to avoid permission issues on the NEXUS docker
 - 1 NEXUS container
- 1 MOLGENIS-httpd container (to proxy the registry and docker to one domain)
+- 1 MOLGENIS-httpd container ()to proxy the registry and docker to one domain)
 ## Backup restore
 There are two steps in restoring the NEXUS.
 - Database
 - Blobstore
 ### Restore the database
 Go to the commandline:
 ```bash
 kubectl get pv
 ```
 ```bash
 | NAME | CAPACITY | ACCESS | MODES | RECLAIM | POLICY | STATUS | CLAIM | STORAGECLASS | REASON | AGE |
 | ---- | -------- | ------ | ----- | ------- | ------ | ------ | ----- | ------------ | ------ | --- |
 | pvc-45988f55-900f-11e8-a0b4-005056a51744 | 30G | RWX | | Retain | Bound | molgenis-nexus/molgenis-nfs-claim | nfs-provisioner-retain | | | 33d |
 | pvc-3984723d-220f-14e8-a98a-skjhf88823kk | 30G | RWO | | Delete | Bound | molgenis-test/molgenis-nfs-claim | nfs-provisioner | | | 33d |
 ```
 The persistent volume is the one in the molgenis-nexus namespace. 
 Go to the NFS-provisioner to the path of the persistent volume:
 ```bash
 ls -t --full-time | head -7 | xargs cp ../restore-from-backup/
 ```
 ### Restore the blobstore
 You can copy the directory ```blobs``` to the target persistent volume ```/ blobs```.
 You can now bring the NEXUS back up.
 ## Installing the Chart
@@ -61,9 +25,4 @@ To test if your hem chart works and:
 To deploy it on the cluster.
 ```curl -L -u xxxx:xxxx http://registry.molgenis.org/repository/helm/ --upload-file molgenis-x.x.x.tgz```
 To push it to the registry
--- a/molgenis-nexus/templates/deployments/httpd-deployment.yaml
+++ b/molgenis-nexus/templates/deployments/httpd-deployment.yaml
@@ -0,0 +1,34 @@
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
  creationTimestamp: null
  name: {{ .Values.httpd.name }}
  labels:
    app: {{ .Values.httpd.name }}
    environment: {{ .Values.environment }}
 spec:
  replicas: {{ .Values.replicaCount }}
  strategy:
    type: {{ .Values.httpd.strategy.type }}
  selector:
    matchLabels:
      app: {{ .Values.httpd.selector }}
  template:
    metadata:
      labels:
        app: {{ .Values.httpd.name }}
      creationTimestamp: null
    spec:
      restartPolicy: {{ .Values.httpd.restartPolicy }}
      containers:
      - name: {{ .Values.httpd.name }}
        image: "{{ .Values.httpd.image.repository }}:{{ .Values.httpd.image.tag }}"
        imagePullPolicy: {{ .Values.httpd.image.pullPolicy }}
        env:
        - name: PROXY_SERVICE
          value: "{{ .Values.nexus.name }}:{{ .Values.nexus.port.ui }},{{ .Values.nexus.name }}:{{ .Values.nexus.port.docker }}:{{ .Values.nexus.path.dockerV2 }}"
        - name: SERVER_NAME
          value: {{ .Values.httpd.hostname }}
        ports:
        - containerPort: {{ .Values.httpd.port }}
        resources: {}
--- a/molgenis-nexus/templates/deployments/nexus-deployment.yaml
+++ b/molgenis-nexus/templates/deployments/nexus-deployment.yaml
@@ -19,14 +19,18 @@ spec:
        app: {{ .Values.nexus.name }}
      creationTimestamp: null
    spec:
      volumes:
      - name: {{ .Values.persistence.name }}
        persistentVolumeClaim:
          claimName: {{ .Values.persistence.name }}
      restartPolicy: {{ .Values.nexus.restartPolicy }}
      initContainers:
-      - name: nexus-nfs
+      - name: volume-mount-nexus
        image: busybox
-        command: ["sh", "-c", "chown -R 200:200 /nexus-data"]
+        command: ["sh", "-c", "chown -R 200:200 {{ .Values.persistence.mountPath }}"]
        volumeMounts:
-        - name: molgenis-nexus-nfs
+        - name: {{ .Values.persistence.name }}
-          mountPath: "/nexus-data"
+          mountPath: "{{ .Values.persistence.mountPath }}"
      containers:
      - name: {{ .Values.nexus.name }}
        image: "{{ .Values.nexus.image.repository }}:{{ .Values.nexus.image.tag }}"
@@ -35,31 +39,6 @@ spec:
        - containerPort: {{ .Values.nexus.port.ui }}
        - containerPort: {{ .Values.nexus.port.docker }}
        volumeMounts:
-        - name: molgenis-nexus-nfs
+        - name: {{ .Values.persistence.name }}
-          mountPath: /nexus-data
+          mountPath: "/nexus-data"
        livenessProbe:
          httpGet:
            path: /
            port: {{ .Values.nexus.port.ui }}
          initialDelaySeconds: 120
          periodSeconds: 20
          failureThreshold: 15
          successThreshold: 1
        readinessProbe:
          httpGet:
            path: /
            port: {{ .Values.nexus.port.ui }}
          initialDelaySeconds: 120
          periodSeconds: 20
          failureThreshold: 15
          successThreshold: 1
      volumes:
        - name: molgenis-nexus-nfs
          persistentVolumeClaim:
            claimName: {{ .Values.persistence.claim }}
    {{- with .Values.nodeSelector }}
      nodeSelector:
 {{ toYaml . | indent 8 }}
    {{- end }}
--- a/molgenis-nexus/templates/deployments/nexusProxy-deployment.yaml
+++ b/molgenis-nexus/templates/deployments/nexusProxy-deployment.yaml
@@ -1,55 +0,0 @@
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
  creationTimestamp: null
  name: {{ .Values.nexusProxy.name }}
  labels:
    app: {{ .Values.nexusProxy.name }}
    environment: {{ .Values.environment }}
 spec:
  replicas: {{ .Values.replicaCount }}
  strategy:
    type: {{ .Values.nexusProxy.strategy.type }}
  selector:
    matchLabels:
      app: {{ .Values.nexusProxy.selector }}
  template:
    metadata:
      labels:
        app: {{ .Values.nexusProxy.name }}
      creationTimestamp: null
    spec:
      restartPolicy: {{ .Values.nexusProxy.restartPolicy }}
      containers:
      - name: {{ .Values.nexusProxy.name }}
        image: "{{ .Values.nexusProxy.image.repository }}:{{ .Values.nexusProxy.image.tag }}"
        imagePullPolicy: {{ .Values.nexusProxy.image.pullPolicy }}
        env:
        - name: PROXY_SERVICE
          value: "{{ .Values.nexus.name }}:{{ .Values.nexus.port.ui }},{{ .Values.nexus.name }}:{{ .Values.nexus.port.docker }}:{{ .Values.nexus.path.dockerV2 }}"
        - name: SERVER_NAME
          value: {{ .Values.nexusProxy.hostname }}
        ports:
        - containerPort: {{ .Values.nexusProxy.port }}
        resources: {}
        livenessProbe:
          httpGet:
            path: /
            port: {{ .Values.nexusProxy.port }}
          initialDelaySeconds: 1500
          periodSeconds: 20
          failureThreshold: 5
          successThreshold: 1
        readinessProbe:
          httpGet:
            path: /
            port: {{ .Values.nexusProxy.port }}
          initialDelaySeconds: 150
          periodSeconds: 20
          failureThreshold: 15
          successThreshold: 1
    {{- with .Values.nodeSelector }}
      nodeSelector:
 {{ toYaml . | indent 8 }}
    {{- end }}
--- a/molgenis-nexus/templates/ingress.yaml
+++ b/molgenis-nexus/templates/ingress.yaml
@@ -5,7 +5,7 @@ kind: Ingress
 metadata:
  name: "{{ $.Release.Name }}-ingress"
  labels:
-    app: {{ $.Values.nexusProxy.name }}
+    app: httpd
    chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}"
    release: "{{ $.Release.Name }}"
    heritage: "{{ $.Release.Service }}"
@@ -25,8 +25,8 @@ spec:
      paths:
        - path: {{ default "/" .path }}
          backend:
-            serviceName: {{ $.Values.nexusProxy.name }}
+            serviceName: httpd
-            servicePort: {{ $.Values.nexusProxy.port }}
+            servicePort: 80
 {{- if .tls }}
  tls:
  - hosts:
--- a/molgenis-nexus/templates/persistence/nexusPVC.yaml
+++ b/molgenis-nexus/templates/persistence/nexusPVC.yaml
@@ -1,15 +0,0 @@
 {{- if .Values.persistence.enabled -}}
 apiVersion: extensions/v1beta1
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: {{ .Values.persistence.claim }}
  annotations:
    volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain"
 spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: {{ .Values.persistence.size }}
 {{- end }}
--- a/molgenis-nexus/templates/services/httpd-service.yaml
+++ b/molgenis-nexus/templates/services/httpd-service.yaml
@@ -0,0 +1,13 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ .Values.httpd.name }}
  labels:
    app: {{ .Values.httpd.name }}
 spec:
  type: {{ .Values.httpd.service.type }}
  ports:
  - name: {{ .Values.httpd.name }}
    port: {{ .Values.httpd.port }}
  selector:
    app: {{ .Values.httpd.selector }}
--- a/molgenis-nexus/templates/services/nexusProxy-service.yaml
+++ b/molgenis-nexus/templates/services/nexusProxy-service.yaml
@@ -1,13 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ .Values.nexusProxy.name }}
  labels:
    app: {{ .Values.nexusProxy.name }}
 spec:
  type: {{ .Values.nexusProxy.service.type }}
  ports:
  - name: {{ .Values.nexusProxy.name }}
    port: {{ .Values.nexusProxy.port }}
  selector:
    app: {{ .Values.nexusProxy.selector }}
--- a/molgenis-nexus/templates/volumes/nexus-pv.yaml
+++ b/molgenis-nexus/templates/volumes/nexus-pv.yaml
@@ -0,0 +1,16 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
  name: {{ .Values.persistence.name }}
  labels:
    name: nfs2
 spec:
  storageClassName: {{ .Values.persistence.storageClass }}
  capacity:
    storage: {{ .Values.persistence.size }}
  accessModes:
    - {{ .Values.persistence.accessMode }}
  persistentVolumeReclaimPolicy: {{ .Values.persistence.reclaimPolicy }}
  nfs:
    server: {{ .Values.persistence.server }}
    path: {{ .Values.persistence.mountPath }}
--- a/molgenis-nexus/templates/volumes/nexus-pvc.yaml
+++ b/molgenis-nexus/templates/volumes/nexus-pvc.yaml
@@ -0,0 +1,11 @@
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: {{ .Values.persistence.name }}
 spec:
  storageClassName: {{ .Values.persistence.storageClass }}
  accessModes:
    - {{ .Values.persistence.accessMode }}
  resources:
    requests:
      storage: {{ .Values.persistence.size }}
--- a/molgenis-nexus/values.yaml
+++ b/molgenis-nexus/values.yaml
@@ -13,7 +13,7 @@ nexus:
  selector: nexus
  restartPolicy: Always
  image:
-    repository: molgenis/nexus3
+    repository: sonatype/nexus3
    tag: latest
    pullPolicy: Always
  port:
@@ -24,16 +24,16 @@ nexus:
  service:
    type: ClusterIP
-nexusProxy:
+httpd:
-  name: nexus-proxy
+  name: httpd
  hostname: registry.molgenis.org
  strategy:
    type: Recreate
-  selector: nexus-proxy
+  selector: httpd
  restartPolicy: Always
  image:
-    repository: molgenis/httpd
+    repository: registry.webhosting.rug.nl/molgenis/httpd
-    tag: latest
+    tag: lts
    pullPolicy: Always
  port: 80
  service:
@@ -43,22 +43,39 @@ nexusProxy:
 ingress:
  enabled: true
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
  path: /
  hosts:
  - name: registry.molgenis.org
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local
 persistence:
-  enabled: true
+  name: molgenis-nexus-data
-  claim: molgenis-nexus
+  storageClass: nfs-class
-  size: 500Gi
+  size: 30G
  reclaimPolicy: Retain
  server: 192.168.64.12
  accessMode: ReadWriteMany
  mountPath: /gcc/molgenis/nexus
 resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #  cpu: 100m
  #  memory: 128Mi
  # requests:
  #  cpu: 100m
  #  memory: 128Mi
-nodeSelector: {
+nodeSelector: {}
  deployPod: "true"
 }
 tolerations: []
--- a/molgenis-opencpu/README.md
+++ b/molgenis-opencpu/README.md
@@ -1,38 +0,0 @@
 # MOLGENIS - OpenCPU Helm Chart
 NEXUS repository for kubernetes to deploy on a kubernetes cluster with NFS-share
 ## Containers
 This chart will deploy the following containers:
 - OpenCPU
 - MOLGENIS-httpd (to proxy the registry and docker to one domain)
 ## Provisioning
 You can choose for the OpenCPU image from which repository you want to pull. Experimental builds are pushed to registry.molgenis.org and the stable builds to hub.docker.com. 
 You need to fill out 2 properties to determine which repository you are going to use.
 - ```opencpu.image.repository```
 - ```opencpu.image.tag```
 You can do this in the questions in Rancher or in the ```values.yaml```.
 ## Development
 You can test in install the chart by executing:
 ```helm lint .```
 To test if your helm chart-syntax is right and:
 ```helm install . --dry-run --debug```
 To test if your hem chart works and:
 ```helm install .```
 To deploy it on the cluster.
--- a/molgenis-opencpu/catalog-molgenis-opencpu.svg
+++ b/molgenis-opencpu/catalog-molgenis-opencpu.svg
--- a/molgenis-opencpu/questions.yml
+++ b/molgenis-opencpu/questions.yml
@@ -1,28 +0,0 @@
 categories:
 - MOLGENIS
 questions:
 - variable: ingress.enabled
  label: Enable ingress
  default: false
  description: "Enable ingress"
  type: boolean
  required: true
  group: "Load balancing"
 - variable: opencpu.image.repository
  label: Registry
  default: "registry.hub.docker.com"
  description: "Select a registry to pull from"
  type: enum
  options:
  - "registry.hub.docker.com"
  - "registry.molgenis.org"
  required: true
  group: "Provisioning"
 - variable: opencpu.image.tag
  label: Version
  default: ""
  description: "Select a OpenCPU version (check the registry.molgenis.org or hub.docker.com for released tags)"
  type: string
  required: true
  group: "Provisioning"
--- a/molgenis-opencpu/templates/deployment.yaml
+++ b/molgenis-opencpu/templates/deployment.yaml
@@ -1,35 +0,0 @@
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
  {{- with .Values.ingress.annotations }}
  annotations:
 {{ toYaml . | indent 4 }}
  {{- end }}
  name: {{ template "opencpu.fullname" . }}
  labels:
    app: {{ template "opencpu.name" . }}
    chart: {{ template "opencpu.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      app: {{ template "opencpu.name" . }}
      release: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app: {{ template "opencpu.name" . }}
        release: {{ .Release.Name }}
    spec:
      containers:
      {{- with .Values.opencpu }}
      - name: {{ .name }}
        image: "{{ .image.repository }}/{{ .image.name }}:{{ .image.tag }}"
        imagePullPolicy: {{ .image.pullPolicy }}
        ports:
        - containerPort: {{ .service.port }}
      {{- end }}
--- a/molgenis-opencpu/templates/ingress.yaml
+++ b/molgenis-opencpu/templates/ingress.yaml
@@ -1,36 +0,0 @@
 {{- if .Values.ingress.enabled }}
 {{- range .Values.ingress.hosts }}
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
  name: "{{ $.Release.Name }}-ingress"
  labels:
    app:  {{ $.Values.opencpu.name }}
    chart: "{{ $.Chart.Name }}-{{ $.Chart.Version }}"
    release: "{{ $.Release.Name }}"
    heritage: "{{ $.Release.Service }}"
  annotations:
    {{- if .tls }}
    ingress.kubernetes.io/secure-backends: "true"
    {{- end }}
    {{- range $key, $value := .annotations }}
    {{ $key }}: {{ $value | quote }}
    {{- end }}
 spec:
  rules:
  - host: {{ .name }}
    http:
      paths:
        - path: {{ default "/" .path }}
          backend:
            serviceName: {{ $.Values.opencpu.service.name }}
            servicePort: {{ $.Values.opencpu.service.port }}
 {{- if .tls }}
  tls:
  - hosts:
    - {{ .name }}
    secretName: {{ .tlsSecret }}
 {{- end }}
 ---
 {{- end }}
 {{- end }}
--- a/molgenis-opencpu/templates/service.yaml
+++ b/molgenis-opencpu/templates/service.yaml
@@ -1,20 +0,0 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ .Values.opencpu.service.name }}
  labels:
    app: {{ .Values.opencpu.service.name }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 spec:
  type: {{ .Values.opencpu.service.type }}
  loadBalancerSourceRanges:
  {{- range $index, $rule := .Values.opencpu.service.firewall }}
    - {{ $rule }}
  {{- end }}
  ports:
    - name: {{ .Values.opencpu.service.name }}
      port: {{ .Values.opencpu.service.port }}
  selector:
    app: {{ template "opencpu.name" . }}
    release: {{ .Release.Name }}
--- a/molgenis-opencpu/values.yaml
+++ b/molgenis-opencpu/values.yaml
@@ -1,41 +0,0 @@
 # Default values for nexus.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 replicaCount: 1
 environment: production
 opencpu:
  name: opencpu
  strategy:
    type: Recreate
  restartPolicy: Always
  image:
    repository: registry.hub.docker.com
    name: molgenis/opencpu
    tag: stable
    pullPolicy: Always
  service:
    name: opencpu
    type: LoadBalancer
    port: 8004
    firewall:
    - 145.100.224.1/24
 ingress:
  enabled: false
  annotations: {
    kubernetes.io/ingress.class: "nginx",
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
  }
  path: /
  hosts:
  - name: opencpu.molgenis.org
  tls: []
 nodeSelector: {}
 tolerations: []
 affinity: {}
--- a/molgenis-preview/.helmignore
+++ b/molgenis-preview/.helmignore
--- a/molgenis-preview/Chart.yaml
+++ b/molgenis-preview/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
 appVersion: "1.0"
-description: Opencpu stack for MOLGENIS
+description: MOLGENIS - helm stack for testing purposes
-name: molgenis-opencpu
+name: molgenis-preview
-version: 0.1.1
+version: 0.2.0
 sources:
 - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
-icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-opencpu/catalogIcon-molgenis-opencpu.svg
+icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis-preview/catalogIcon-molgenis.svg
--- a/molgenis-preview/README.md
+++ b/molgenis-preview/README.md
@@ -0,0 +1,16 @@
 # MOLGENIS preview
 This chart is used for testing purposes. It can be used by data managers or developers to test MOLGENIS (e.g. integration testing).
 ## Containers
 This chart spins up a complete stack to run MOLGENIS. The created containers are:
 - MOLGENIS
 - PostgreSQL
 - Elasticsearch
 - OpenCPU
 ## Rancher
 You can spin up a test instance by navigating to https://rancher.molgenis.org:7777 and login with your LDAP-account.
 Go to the test-environment and click on "Launch". Search for MOLGENIS.
--- a/molgenis-preview/catalogIcon-molgenis.svg
+++ b/molgenis-preview/catalogIcon-molgenis.svg
--- a/molgenis-preview/questions.yml
+++ b/molgenis-preview/questions.yml
@@ -0,0 +1,61 @@
 categories:
 - MOLGENIS
 questions:
 - variable: ingress.hosts[0].name
  default: "test.molgenis.org"
  description: "Hostname for your stack"
  type: hostname
  required: true
  group: "Services and Load Balancing"
  label: Hostname
 - variable: molgenis.image.repository
  default: "registry.hub.docker.com"
  description: "Select a registry to pull from"
  type: enum
  options:
  - "registry.hub.docker.com"
  - "registry.molgenis.org"
  required: true
  group: "MOLGENIS - Version"
  label: Registry
 - variable: molgenis.image.tag
  default: "stable"
  description: "Select a MOLGENIS version (check the registry.molgenis.org or hub.docker.com for other tags)"
  type: string
  required: true
  group: "MOLGENIS - Version"
  label: Version
 - variable: molgenis.resources.limits.cpu
  default: 1
  description: "CPU limit for this MOLGENIS instance"
  type: enum
  options:
  - "1"
  - "2"
  - "3"
  - "4"
  required: true
  group: "MOLGENIS - Resource limits"
  label: CPU limit
 - variable: molgenis.resources.limits.memory
  default: 1250Mi
  description: "Memory limit for this MOLGENIS instance"
  type: enum
  options:
  - "1250Mi"
  - "1500Mi"
  - "2000Mi"
  - "2500Mi"
  required: true
  group: "MOLGENIS - Resource limits"
  label: Memory limit
 - variable: molgenis.javaOpts
  default: "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
  description: "Java runtime options for the MOLGENIS instance"
  type: enum
  options:
  - "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
  - "-Xmx2g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
  group: "MOLGENIS - Resource limits"
  label: Java memory options
--- a/molgenis-preview/templates/NOTES.txt
+++ b/molgenis-preview/templates/NOTES.txt
@@ -0,0 +1,19 @@
 1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
 {{- range .Values.ingress.hosts }}
  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "molgenis.fullname" . }})
  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
  echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
           You can watch the status of by running 'kubectl get svc -w {{ template "molgenis.fullname" . }}'
  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "molgenis.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
  echo http://$SERVICE_IP:{{ .Values.service.port }}
 {{- else if contains "ClusterIP" .Values.service.type }}
  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "molgenis.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl port-forward $POD_NAME 8080:80
 {{- end }}
--- a/molgenis-preview/templates/_helpers.tpl
+++ b/molgenis-preview/templates/_helpers.tpl
@@ -2,7 +2,7 @@
 {{/*
 Expand the name of the chart.
 */}}
-{{- define "opencpu.name" -}}
+{{- define "molgenis.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
@@ -11,7 +11,7 @@ Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
-{{- define "opencpu.fullname" -}}
+{{- define "molgenis.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
@@ -27,6 +27,6 @@ If release name contains chart name it will be used as a full name.
 {{/*
 Create chart name and version as used by the chart label.
 */}}
-{{- define "opencpu.chart" -}}
+{{- define "molgenis.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
--- a/molgenis-preview/templates/deployment.yaml
+++ b/molgenis-preview/templates/deployment.yaml
@@ -0,0 +1,124 @@
 apiVersion: apps/v1beta2
 kind: Deployment
 metadata:
  {{- with .Values.ingress.annotations }}
  annotations:
 {{ toYaml . | indent 4 }}
  {{- end }}
  name: {{ template "molgenis.fullname" . }}
  labels:
    app: {{ template "molgenis.name" . }}
    chart: {{ template "molgenis.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      app: {{ template "molgenis.name" . }}
      release: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app: {{ template "molgenis.name" . }}
        release: {{ .Release.Name }}
    spec:
      containers:
        - name: molgenis
        {{- with .Values.molgenis }}
          image: "{{ .image.repository }}/{{ .image.name }}:{{ .image.tag }}"
          imagePullPolicy: {{ .image.pullPolicy }}
          env:
            - name: molgenis.home
              value: /home/molgenis
            - name: opencpu.uri.host
              value: localhost
            - name: elasticsearch.transport.addresses
              value: localhost:9300
            - name: elasticsearch.cluster.name
              value: {{ $.Values.elasticsearch.clusterName }}
            - name: db_uri
              value: "jdbc:postgresql://localhost/{{ $.Values.postgres.db }}"
            - name: db_user
              value: {{ $.Values.postgres.user }}
            - name: db_password
              value: {{ $.Values.postgres.password }}
            - name: admin.password
              value: {{ .adminPassword }}
            - name: CATALINA_OPTS
              value: "{{ .javaOpts }}"
          ports:
            - containerPort: 8080
 #          livenessProbe:
 #            httpGet:
 #              path: /
 #              port: 8080
 #          readinessProbe:
 #            httpGet:
 #              path: /api/v2/version
 #              port: 8080
          resources:
 {{ toYaml .resources | indent 12 }}
        {{- end }}
        - name: elasticsearch
        {{- with .Values.elasticsearch }}
          image: "{{ .image.repository }}:{{ .image.tag }}"
          imagePullPolicy: {{ .image.pullPolicy }}
          env:
            - name: cluster.name
              value: {{ .clusterName }}
            - name: bootstrap.memory_lock
              value: "true"
            - name: ES_JAVA_OPTS
              value: "{{ .javaOpts }}"
            - name: xpack.security.enabled
              value: "false"
            - name: discovery.type
              value: single-node
          ports:
            - containerPort: 9200
            - containerPort: 9300
          resources:
 {{ toYaml .resources | indent 12 }}
        {{- end }}
        - name: postgres
        {{- with .Values.postgres }}
          image: "{{ .image.repository }}:{{ .image.tag }}"
          imagePullPolicy: {{ .image.pullPolicy }}
          env:
            - name: POSTGRES_USER
              value: {{ .user }}
            - name: POSTGRES_PASSWORD
              value: {{ .password }}
            - name: POSTGRES_DB
              value: {{ .db }}
          ports:
            - containerPort: 5432
          resources:
 {{ toYaml .resources | indent 12 }}
        {{- end }}
        - name: opencpu
        {{- with .Values.opencpu }}
          image: "{{ .image.repository }}:{{ .image.tag }}"
          imagePullPolicy: {{ .image.pullPolicy }}
          ports:
            - containerPort: 8004
          resources:
 {{ toYaml .resources | indent 12 }}
        {{- end }}
    {{- with .Values.nodeSelector }}
      nodeSelector:
 {{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.affinity }}
      affinity:
 {{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
 {{ toYaml . | indent 8 }}
    {{- end }}
--- a/molgenis-preview/templates/ingress.yaml
+++ b/molgenis-preview/templates/ingress.yaml
@@ -0,0 +1,38 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "molgenis.fullname" . -}}
 {{- $ingressPath := .Values.ingress.path -}}
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
  name: {{ $fullName }}
  labels:
    app: {{ template "molgenis.name" . }}
    chart: {{ template "molgenis.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 {{- with .Values.ingress.annotations }}
  annotations:
 {{ toYaml . | indent 4 }}
 {{- end }}
 spec:
 {{- if .Values.ingress.tls }}
  tls:
  {{- range .Values.ingress.tls }}
    - hosts:
      {{- range .hosts }}
        - {{ . }}
      {{- end }}
      secretName: {{ .secretName }}
  {{- end }}
 {{- end }}
  rules:
  {{- range .Values.ingress.hosts }}
    - host: {{ .name }}
      http:
        paths:
          - path: {{ $ingressPath }}
            backend:
              serviceName: {{ $fullName }}
              servicePort: 8080
  {{- end }}
 {{- end }}
--- a/molgenis-preview/templates/service.yaml
+++ b/molgenis-preview/templates/service.yaml
@@ -0,0 +1,17 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "molgenis.fullname" . }}
  labels:
    app: {{ template "molgenis.name" . }}
    chart: {{ template "molgenis.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
 spec:
  type: {{ .Values.service.type }}
  ports:
    - name: molgenis
      port: {{ .Values.service.port }}
  selector:
    app: {{ template "molgenis.name" . }}
    release: {{ .Release.Name }}
--- a/molgenis-preview/values.yaml
+++ b/molgenis-preview/values.yaml
@@ -0,0 +1,82 @@
 # Default values for molgenis.
 replicaCount: 1
 service:
  type: LoadBalancer
  port: 8080
 ingress:
  enabled: true
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
  path: /
  hosts:
  - name: test.molgenis.org
  tls: []
 molgenis:
  image:
    repository: registry.molgenis.org
    name: molgenis/molgenis-app
    tag: 7.0.0-SNAPSHOT
    pullPolicy: Always
  adminPassword: admin
  javaOpts: "-Xmx1g -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
  resources:
   limits:
    cpu: 1
    memory: 1250Mi
   requests:
    cpu: 200m
    memory: 1Gi
 postgres:
  image:
    repository: postgres
    tag: 9.6-alpine
    pullPolicy: IfNotPresent
  user: molgenis
  password: molgenis
  db: molgenis
  resources:
   limits:
    cpu: 1
    memory: 250Mi
   requests:
    cpu: 100m
    memory: 250Mi
 elasticsearch:
  image:
    repository: docker.elastic.co/elasticsearch/elasticsearch
    tag: 5.5.3
    pullPolicy: IfNotPresent
  javaOpts: "-Xms512m -Xmx512m"
  clusterName: molgenis
  resources:
   limits:
    cpu: 1
    memory: 1500Mi
   requests:
    cpu: 100m
    memory: 1Gi
 opencpu:
  image:
    repository: molgenis/opencpu
    tag: latest
    pullPolicy: Always
  resources:
    limits:
      cpu: 1
      memory: 512Mi
    requests:
      cpu: 100m
      memory: 256Mi
 nodeSelector: {}
 tolerations: []
 affinity: {}
--- a/molgenis/Chart.yaml
+++ b/molgenis/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
 appVersion: "1.0"
 description: MOLGENIS - helm stack (in BETA)
-name: molgenis
+name: molgenis-beta
-version: 0.4.3
+version: 0.1.0
 sources:
 - https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm.git
 icon: https://git.webhosting.rug.nl/molgenis/molgenis-ops-docker-helm/raw/master/molgenis/catalogIcon-molgenis.svg
--- a/molgenis/README.md
+++ b/molgenis/README.md
@@ -5,8 +5,6 @@ This chart is used for acceptance and production use cases.
 This chart spins up a MOLGENIS instance with HTTPD. The created containers are:
 - MOLGENIS
 - ElasticSearch
 - PostgreSQL **(optional)**
 ## Provisioning
 You can choose from which registry you want to pull. There are 2 registries:
@@ -23,19 +21,6 @@ The three properties you need to specify are:
 Besides determining which image you want to pull, you also have to set an administrator password. You can do this by specifying the following property. 
 - ```molgenis.adminPassword```
 ### Firewall
 Is defined at service level you can specify this attribute in the values:
 - ```molgenis.firewall.enabled``` default 'false' 
 If set to 'true' the following options are available. One of the options below has to be set.
 - ```molgenis.firewall.umcg.enabled``` default 'false'  
 - ```molgenis.firewall.cluster.enabled``` default 'false'
 UMCG = only available within the UMCG.
 Cluster = only available within the GCC cluster environment.
 ## Services
 When you start MOLGENIS you need:
 - an elasticsearch instance (5.5.6) 
@@ -94,45 +79,5 @@ Specify memory usage for Java JVM:
 Select the resources you need dependant on the customer you need to serve.
-## Persistence
+## Firewall
-You can enable persistence on your MOLGENIS stack by specifying the following property.
+Is defined at cluster level. This chart does not facilitate firewall configuration.
 - ```persistence.enabled``` default 'true'
 You can also choose to retain the volume of the NFS.
 - ```persistence.retain``` default 'false'
 The size and claim name can be specified per service. There are now two services that can be persist.
 - MOLGENIS
 - ElasticSearch
 - PostgreSQL **(optional)**
 MOLGENIS persistent properties.
 - ```molgenis.persistence.claim```
 - ```molgenis.persistence.size```
 ElasticSearch persistent properties.
 - ```elasticsearch.persistence.claim```
 - ```elasticsearch.persistence.size```
 PostgreSQL persistent properties.
 - ```postgres.persistence.claim```
 - ```postgres.persistence.size```
 ### Resolve you persistent volume
 You do not know which volume is attached to your MOLGENIS instance. You can resolve this by executing:
 ```
 kubectl get pv
 ```
 You can now view the persistent volume claims and the attached volumes.
 | NAME | CAPACITY | ACCESS | MODES | RECLAIM | POLICY | STATUS | CLAIM | STORAGECLASS | REASON | AGE |
 | ---- | -------- | ------ | ----- | ------- | ------ | ------ | ----- | ------------ | ------ | --- |
 | pvc-45988f55-900f-11e8-a0b4-005056a51744 | 30G | RWX | | Retain | Bound | molgenis-solverd/molgenis-nfs-claim | nfs-provisioner-retain | | | 33d |
 | pvc-3984723d-220f-14e8-a98a-skjhf88823kk | 30G | RWO | | Delete | Bound | molgenis-test/molgenis-nfs-claim | nfs-provisioner | | | 33d |
 You see the ```molgenis-test/molgenis-nfs-claim``` is bound to the volume: ```pvc-3984723d-220f-14e8-a98a-skjhf88823kk```.
 When you want to view the data in the this volume you can go to the nfs-provisioning pod and execute the shell. Go to the directory ```export``` and lookup the directory ```pvc-3984723d-220f-14e8-a98a-skjhf88823kk```. 
--- a/molgenis/questions.yml
+++ b/molgenis/questions.yml
@@ -8,7 +8,7 @@ questions:
  description: "Hostname for your stack"
  type: hostname
  required: true
-  group: "Load balancing"
+  group: "Load Balancing"
 - variable: molgenis.image.repository
  label: Registry
  default: "registry.hub.docker.com"
@@ -33,24 +33,6 @@ questions:
  type: password
  required: true
  group: "Provisioning"
 - variable: service.firewall.enabled
  label: Firewall enabled
  default: false
  description: "Firewall enabled (can be cluster or UMCG scoped)"
  type: boolean
  required: true
  group: "Provisioning"
  show_subquestion_if: true
  subquestions:
  - variable: service.firewall.kind
    default: "umcg"
    description: "Firewall kind. This can be 'umcg' or 'cluster' environment"
    type: enum
    required: true
    options:
    - umcg
    - cluster
    label: Firewall kind
 - variable: molgenis.services.opencpu.host
  label: OpenCPU cluster
  default: "localhost"
@@ -58,19 +40,10 @@ questions:
  type: string
  required: true
  group: "Services"
 - variable: molgenis.services.postgres.embedded
  label: Postgres embedded
  default: false
  description: "Do you want an embedded postgres"
  type: boolean
  required: true
  group: "Services"
  show_subquestion_if: false
  subquestions:
 - variable: molgenis.services.postgres.host
  label: Postgres cluster location
-    default: ""
+  default: "postgresql.molgenis-postgresql.svc"
-    description: "Set the location of the postgres cluster. This can be localhost when the postgres is enabled else you need to specify a cluster location if you do not want a embedded postgres instance)"
+  description: "Set the location of the postgres cluster"
  type: string
  required: true
  group: "Services"
@@ -108,7 +81,7 @@ questions:
 - variable: molgenis.resources.requests.memory
  label: Container memory reservation
  default: 1250Mi
-  description: "Memory reservation for this MOLGENIS container (must fit in the selected memory limit for the container)"
+  description: "Memory reservation for this MOLGENIS container"
  type: enum
  options:
  - "1250Mi"
@@ -124,44 +97,3 @@ questions:
  - "1g"
  - "2g"
  group: "Resources"
 - variable: persistence.enabled
  default: true
  description: "Do you want to use persistence"
  type: boolean
  required: true
  group: "Persistence"
  label: Persistence
  show_subquestion_if: true
  subquestions:
  - variable: persistence.retain
    default: false
    description: "Do you want to retain the persistent volume"
    type: boolean
    label: Retain volume
  - variable: molgenis.persistence.size
    default: "5Gi"
    description: "Size of MOLGENIS filestore (PostgreSQL and ElasticSearch excluded)"
    type: enum
    options:
    - "5Gi"
    - "10Gi"
    - "20Gi"
    label: Size MOLGENIS filestore
  - variable: elasticsearch.persistence.size
    default: "5Gi"
    description: "Size of ElasticSearch data (directory that is persist: /usr/share/elasticsearch/data)"
    type: enum
    options:
    - "5Gi"
    - "10Gi"
    - "50Gi"
    label: Size for ElasticSearch data
  - variable: postgres.persistence.size
    default: "5Gi"
    description: "Size of PostgreSQL data (directory that is persist: /var/lib/postgresql/data/pgdata)"
    type: enum
    options:
    - "5Gi"
    - "10Gi"
    - "50Gi"
    label: Size for PostgreSQL data
--- a/molgenis/templates/deployment.yaml
+++ b/molgenis/templates/deployment.yaml
@@ -17,8 +17,6 @@ spec:
    matchLabels:
      app: {{ template "molgenis.name" . }}
      release: {{ .Release.Name }}
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
@@ -51,11 +49,6 @@ spec:
              value: "-Xmx{{ .javaOpts.maxHeapSpace }} -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled"
          ports:
            - containerPort: 8080
          {{- if $.Values.persistence.enabled }}
          volumeMounts:
          - name: molgenis-nfs
            mountPath: /home/molgenis
          {{- end }}
          livenessProbe:
            httpGet:
              path: /
@@ -94,50 +87,10 @@ spec:
          ports:
            - containerPort: 9200
            - containerPort: 9300
          {{- if $.Values.persistence.enabled }}
          volumeMounts:
          - name: elasticsearch-nfs
            mountPath: /usr/share/elasticsearch/data
          {{- end }}
          resources:
 {{ toYaml .resources | indent 12 }}
        {{- end }}
        - name: postgres
        {{- with .Values.postgres }}
          image: "{{ .image.repository }}:{{ .image.tag }}"
          imagePullPolicy: {{ .image.pullPolicy }}
          env:
            - name: POSTGRES_USER
              value: {{ $.Values.molgenis.services.postgres.user }}
            - name: POSTGRES_PASSWORD
              value: {{ $.Values.molgenis.services.postgres.password }}
            - name: POSTGRES_DB
              value: {{ $.Values.molgenis.services.postgres.scheme }}
          ports:
            - containerPort: 5432
          resources:
 {{ toYaml .resources | indent 12 }}
          {{- if $.Values.persistence.enabled }}
          volumeMounts:
          - name: postgres-nfs
            mountPath: /var/lib/postgresql/data
          {{- end }}
        {{- end }}
 {{- if .Values.persistence.enabled }}
      volumes:
        - name: molgenis-nfs
          persistentVolumeClaim:
            claimName: {{ .Values.molgenis.persistence.claim }}
        - name: elasticsearch-nfs
          persistentVolumeClaim:
            claimName: {{ .Values.elasticsearch.persistence.claim }}
        - name: postgres-nfs
          persistentVolumeClaim:
            claimName: {{ .Values.postgres.persistence.claim }}
 {{- end }}
    {{- with .Values.nodeSelector }}
      nodeSelector:
--- a/molgenis/templates/ingress.yaml
+++ b/molgenis/templates/ingress.yaml
@@ -4,7 +4,7 @@
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
-  name: "{{ $.Release.Name }}-ingress"
+  name: {{ $fullName }}
  labels:
    app: {{ template "molgenis.name" . }}
    chart: {{ template "molgenis.chart" . }}
@@ -33,6 +33,6 @@ spec:
          - path: {{ $ingressPath }}
            backend:
              serviceName: {{ $fullName }}
-              servicePort: {{ $.Values.service.port }}
+              servicePort: 8080
  {{- end }}
 {{- end }}
--- a/molgenis/templates/persistence/elasticsearchPVC.yaml
+++ b/molgenis/templates/persistence/elasticsearchPVC.yaml
@@ -1,19 +0,0 @@
 {{- if .Values.persistence.enabled -}}
 apiVersion: extensions/v1beta1
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: {{ .Values.elasticsearch.persistence.claim }}
  annotations:
    {{- if .Values.persistence.retain }}
    volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain"
    {{- else }}
    volume.beta.kubernetes.io/storage-class: "nfs-provisioner"
    {{- end }}
 spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: {{ .Values.elasticsearch.persistence.size }}
 {{- end }}
--- a/molgenis/templates/persistence/molgenisPVC.yaml
+++ b/molgenis/templates/persistence/molgenisPVC.yaml
@@ -1,19 +0,0 @@
 {{- if .Values.persistence.enabled -}}
 apiVersion: extensions/v1beta1
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: {{ .Values.molgenis.persistence.claim }}
  annotations:
    {{- if .Values.persistence.retain }}
    volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain"
    {{- else }}
    volume.beta.kubernetes.io/storage-class: "nfs-provisioner"
    {{- end }}
 spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: {{ .Values.molgenis.persistence.size }}
 {{- end }}
--- a/molgenis/templates/persistence/postgresPVC.yaml
+++ b/molgenis/templates/persistence/postgresPVC.yaml
@@ -1,21 +0,0 @@
 {{- if .Values.molgenis.services.postgres.embedded }}
 {{- if .Values.persistence.enabled }}
 apiVersion: extensions/v1beta1
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: {{ .Values.postgres.persistence.claim }}
  annotations:
    {{- if .Values.persistence.retain }}
    volume.beta.kubernetes.io/storage-class: "nfs-provisioner-retain"
    {{- else }}
    volume.beta.kubernetes.io/storage-class: "nfs-provisioner"
    {{- end }}
 spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: {{ .Values.postgres.persistence.size }}
 {{- end }}
 {{- end }}
--- a/molgenis/templates/service.yaml
+++ b/molgenis/templates/service.yaml
@@ -9,18 +9,6 @@ metadata:
    heritage: {{ .Release.Service }}
 spec:
  type: {{ .Values.service.type }}
 {{- if .Values.service.firewall.enabled }}
  loadBalancerSourceRanges:
 {{- if .Values.service.firewall.kind eq "umcg" }}
    {{- range $index, $rule := .Values.service.firewall.umcg.rules }}
    - {{ $rule }}
    {{- end }}
 {{- else }}
    {{- range $index, $rule := .Values.service.firewall.cluster.rules }}
    - {{ $rule }}
    {{- end }}
 {{- end }}
 {{- end }}
  ports:
    - name: molgenis
      port: {{ .Values.service.port }}
--- a/molgenis/values.yaml
+++ b/molgenis/values.yaml
@@ -4,15 +4,6 @@ replicaCount: 1
 service:
  type: LoadBalancer
  firewall:
    enabled: false
    kind: "umcg"
    umcg:
      rules:
      - 127.0.0.1/32
    cluster:
      rules:
      - 127.0.0.1/32
  port: 8080
 ingress:
@@ -40,9 +31,6 @@ molgenis:
   requests:
    cpu: 200m
    memory: 1250Mi
  persistence:
    claim: molgenis-nfs-claim
    size: 5Gi
  services:
    opencpu:
      host: localhost
@@ -50,7 +38,6 @@ molgenis:
      transportAddresses: localhost:9300
      clusterName: molgenis
    postgres:
      embedded: false
      host: localhost
      scheme: molgenis
      user: molgenis
@@ -70,33 +57,8 @@ elasticsearch:
   requests:
    cpu: 100m
    memory: 1Gi
  persistence:
    claim: elasticsearch-nfs-claim
    size: 5Gi
-postgres:
+nodeSelector: {}
  image:
    repository: postgres
    tag: 9.6-alpine
    pullPolicy: IfNotPresent
  resources:
    limits:
      cpu: 1
      memory: 250Mi
    requests:
      cpu: 100m
      memory: 250Mi
  persistence:
    claim: postgres-nfs-claim
    size: 5Gi
 persistence:
  enabled: true
  retain: false
 nodeSelector: {
  deployPod: "true"
 }
 tolerations: []