elixir-cloud-aai · trispera · Oct 24, 2025 · Oct 24, 2025 · Oct 24, 2025
diff --git a/deployment/Chart.yaml b/deployment/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-name: cwlwes
-description: A cwl-WES Helm chart for Kubernetes
+name: drs-filer
+description: A Helm chart for deploying a DRS (Data Repository Service) filer on Kubernetes, facilitating efficient data storage and retrieval.
 type: application
-version: 0.1.0
-appVersion: dev
+version: 2.0.0
+appVersion: 2.0.0
diff --git a/deployment/README.md b/deployment/README.md
@@ -91,26 +91,47 @@ See [`values.yaml`](values.yaml) for default values.
 | Key | Type | Description |
 | --- | --- | --- |
 | applicationDomain | string | where to reach the Kubernetes cluster |
+| clusterType | string | type of Kubernetes cluster; either 'kubernetes' or 'openshift' |
+| tlsSecret | string | secret for TLS encryption |
+| storageAccessMode | string | access mode for MongoDB and RabbitMQ PVC |
+| extra_config.folder | string | Application folder for WES |
+| extra_config.file | string | Name for the configMap |
 | autocert.apiServer | string | where to reach the Kubernetes API server |
 | autocert.createJob | string | create autocert cronjob |
 | autocert.email | string | email to inject into the certificate |
 | autocert.image | string | container image to be used to run Autocert |
 | autocert.schedule | string | schedule for certificate refreshment |
 | autocert.testCert | string | whether to use Let's Encrypt staging so as not to exceed quota |
+| flower.appName | string | Name for the flower app |
+| flower.basicAuth | string | Set the username and password for the Flower app |
+| flower.image | string | Container image to be used for Flower |
+| wes.appName | string | name of the main application on Kubernetes cluster |
+| wes.image | string | container image to be used for the main application |
+| wes.initResources | string | Set limits and requests cpu/memory for the WES initContainer (busybox) |
+| wes.resources | string | Set limits and requests cpu/memory for the WES container |
+| wes.netrc | string | login name for accessing the sFTP server |
+| wes.storageClass | string | type of storageClass for WES, must have RWX capability |
+| wes.volumeSize | string | size of volume reserved for the main application |
+| wes.redirect | boolean | Activate/deactivate the '/' to '/ga4gh/wes/v1/ui/' redirection |
+| wes.configWithJob | boolean | Set the creation of the certbot |
+| wes.appConfig | string | Contains the application configuration for WES |
 | celeryWorker.appName | string | name of the Celery app on Kubernetes cluster |
 | celeryWorker.image | string | container image to be used for the Celery application |
-| clusterType | string | type of Kubernetes cluster; either 'kubernetes' or 'openshift' |
+| celeryWorker.initResources | string | Set limits and requests cpu/memory for the Celery Worker initContainer (busybox) |
+| celeryWorker.resources | string | Set limits and requests cpu/memory for the Celery Worker container |
 | ingress.letsencryptSystem | string | for K8S, whether use system LetsEncrypt or not |
 | ingress.nginx_image | string | for K8S, container image to be used to run nginx |
-| ingress.scope.annotations.clusterissuer | string | for K8S, name of instance of letsencrypt cert manager |
-| ingress.scope.annotations.ingressclass | string | for K8S, name of class that takes care of ingress |
-| ingress.scope.annotations.tlsacme | string | for K8S, true if letsencrypt should be used |
+| ingress.tls_letsencrypt.annotations.clusterissuer | string | for K8S, name of instance of letsencrypt cert manager |
+| ingress.tls_letsencrypt.annotations.ingressclass | string | for K8S, name of class that takes care of ingress |
+| ingress.tls_letsencrypt.annotations.tlsacme | string | for K8S, true if letsencrypt should be used |
 | mongodb.appName | string | name of MongoDB app on Kubernetes cluster |
-| mongodb.databaseAdminPassword | string | admin password for MongoDB |
+| mongodb.secret.databaseRootUsername | string | root username for MongoDB |
+| mongodb.secret.databaseRootPassword | string | root password for MongoDB |
 | mongodb.databaseName | string | name of MongoDB database to be used in application |
 | mongodb.databasePassword | string | user password for MongoDB |
 | mongodb.databaseUser | string | username for MongoDB |
 | mongodb.image | string | container image to be used to run MongoDB |
+| mongodb.resources | string | Set limits and requests cpu/memory for MongoDB container |
 | mongodb.mountPath| string | for K8S, where to mount the PVC |
 | mongodb.pullPolicy | string | pull Policy for container image |
 | mongodb.securityContext.enabled | string | for K8S, whether security is enabled (to solve issues with newly created PVC) |
@@ -121,13 +142,5 @@ See [`values.yaml`](values.yaml) for default values.
 | rabbitmq.appName | string | name of RabbitMQ app on Kubernetes cluster |
 | rabbitmq.image | string | container image to be used to run RabbitMQ |
 | rabbitmq.volumeSize | string | size of volume reserved for RabbitMQ broker |
-| storageAccessMode | string | access mode for MongoDB and RabbitMQ PVC |
-| tlsSecret | string | secret for TLS encryption |
-| wes.appName | string | name of the main application on Kubernetes cluster |
-| wes.image | string | containger image to be used for the main application |
-| wes.netrcLogin | string | login name for accessing the sFTP server |
-| wes.netrcMachine | string | host name of sFTP server |
-| wes.netrcPassword | string | password for accessing the sFTP server |
-| wes.storageClass | string | type of storageClass for WES, must have RWX capability |
-| wes.volumeSize | string | size of volume reserved for the main application |
-| wes.redirect | boolean | Activate/deactivate the '/' to '/ga4gh/wes/v1/ui/' redirection |
+| rabbitmq.resources | string | Set limits and requests cpu/memory for RabbitMQ container |
+
diff --git a/deployment/templates/mongodb/mongo-init-script.yaml b/deployment/templates/mongodb/mongo-init-script.yaml
@@ -0,0 +1,41 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mongo-init-script
+data:
+  init-script.js: |
+    db = db.getSiblingDB('cwl-wes-db');
+    dbCWLWES = db.getSiblingDB('{{ tpl .Values.mongodb.secret.databaseName . }}')
+
+    dbCWLWES.createUser({
+      user: "{{ tpl .Values.mongodb.secret.databaseUser . }}",
+      pwd: "{{ tpl .Values.mongodb.secret.databasePassword . }}",
+      roles: [
+        {
+          role: "readWrite",
+          db: "{{ tpl .Values.mongodb.secret.databaseName . }}"
+        }
+      ]
+    });
+
+    // Create the 'runs' and 'service_info' collections
+    // Database configuration from https://github.com/elixir-cloud-aai/cwl-WES/blob/b4c6d431090f2db580c89e085f290f5e498f85f9/cwl_wes/config.yaml#L33
+    db.createCollection('runs');
+    db.runs.createIndex(
+      { run_id: 1, task_id: 1 },
+      { unique: true, sparse: true }
+    );
+    db.createCollection('service_info');
+    db.service_info.createIndex(
+      { id: 1 }
+    );
+
+    dbCWLWES.createCollection('runs');
+    dbCWLWES.runs.createIndex(
+      { run_id: 1, task_id: 1 },
+      { unique: true, sparse: true }
+    );
+    dbCWLWES.createCollection('service_info');
+    dbCWLWES.service_info.createIndex(
+      { id: 1}
+    );
diff --git a/deployment/templates/mongodb/mongodb-deployment.yaml b/deployment/templates/mongodb/mongodb-deployment.yaml
@@ -28,25 +28,30 @@ spec:
       {{ end }}
       containers:
         - env:
-          - name: MONGODB_USER
+          - name: MONGO_INITDB_ROOT_USERNAME
             valueFrom:
               secretKeyRef:
-                key: database-user
+                key: databaseRootUsername
                 name: {{ .Values.mongodb.appName }}
-          - name: MONGODB_PASSWORD
+          - name: MONGO_INITDB_ROOT_PASSWORD
             valueFrom:
               secretKeyRef:
-                key: database-password
+                key: databaseRootPassword
                 name: {{ .Values.mongodb.appName }}
-          - name: MONGODB_ADMIN_PASSWORD
+          - name: MONGO_INITDB_DATABASE
             valueFrom:
               secretKeyRef:
-                key: database-admin-password
+                key: databaseName
                 name: {{ .Values.mongodb.appName }}
-          - name: MONGODB_DATABASE
+          - name: MONGO_APP_USERNAME
             valueFrom:
               secretKeyRef:
-                key: database-name
+                key: databaseUser
+                name: {{ .Values.mongodb.appName }}
+          - name: MONGO_APP_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                key: databasePassword
                 name: {{ .Values.mongodb.appName }}
           image: {{ .Values.mongodb.image }}
           imagePullPolicy: IfNotPresent
@@ -69,26 +74,28 @@ spec:
                 - '-i'
                 - '-c'
                 - >-
-                  mongo 127.0.0.1:27017/$MONGODB_DATABASE -u $MONGODB_USER -p
-                  $MONGODB_PASSWORD --eval="quit()"
+                  mongosh --host 127.0.0.1:27017 -u $MONGO_INITDB_ROOT_USERNAME -p $MONGO_INITDB_ROOT_PASSWORD --authenticationDatabase admin $MONGO_INITDB_DATABASE --eval="quit()" 
             failureThreshold: 3
-            initialDelaySeconds: 3
+            initialDelaySeconds: 30
             periodSeconds: 10
             successThreshold: 1
-            timeoutSeconds: 1
-          resources:
-            limits:
-              memory: 512Mi
+            timeoutSeconds: 50
+          resources: {{- toYaml .Values.mongodb.resources | nindent 12 }}
           {{ if eq .Values.clusterType "kubernetes" }}
           securityContext:
             runAsNonRoot: {{ .Values.mongodb.securityContext.runAsNonRoot }}
             runAsUser: {{ .Values.mongodb.securityContext.runAsUser }}
           {{ end }}
           volumeMounts:
-            - mountPath: /var/lib/mongodb/data
+            - mountPath: {{ .Values.mongodb.mountPath }}
               name: mongodb-data
+            - name: init-script
+              mountPath: /docker-entrypoint-initdb.d/init-script.js
+              subPath: init-script.js
       volumes:
         - name: mongodb-data
           persistentVolumeClaim:
             claimName: {{ .Values.mongodb.appName }}-volume
-
+        - name: init-script
+          configMap:
+            name: mongo-init-script
diff --git a/deployment/templates/mongodb/mongodb-secret.yaml b/deployment/templates/mongodb/mongodb-secret.yaml
@@ -4,8 +4,6 @@ type: Opaque
 metadata:
   name: {{ .Values.mongodb.appName }}
 data:
-  database-admin-password: {{ .Values.mongodb.databaseAdminPassword  | b64enc }}
-  database-name: {{ .Values.mongodb.databaseName  | b64enc }}
-  database-password: {{ .Values.mongodb.databasePassword  | b64enc }}
-  database-user: {{ .Values.mongodb.databaseUser  | b64enc }}
-
+  {{- range $key, $val := .Values.mongodb.secret }}
+    "{{ $key }}": "{{ tpl $val $ | b64enc }}"
+  {{- end }}
diff --git a/deployment/templates/wes/celery-deployment.yaml b/deployment/templates/wes/celery-deployment.yaml
@@ -15,6 +15,7 @@ spec:
       - name: vol-init
         image: busybox
         command: [ 'mkdir' ]
+        resources: {{- toYaml .Values.celeryWorker.initResources | nindent 10 }}
         args: [ '-p', '/data/db', '/data/output', '/data/tmp' ]
         volumeMounts:
         - mountPath: /data
@@ -34,29 +35,23 @@ spec:
         - name: MONGO_USERNAME
           valueFrom:
             secretKeyRef:
-              key: database-user
+              key: databaseUser
               name: {{ .Values.mongodb.appName }}
         - name: MONGO_PASSWORD
           valueFrom:
             secretKeyRef:
-              key: database-password
+              key: databasePassword
               name: {{ .Values.mongodb.appName }}
         - name: MONGO_DBNAME
           valueFrom:
             secretKeyRef:
-              key: database-name
+              key: databaseName
               name: {{ .Values.mongodb.appName }}
         - name: RABBIT_HOST
           value: {{ .Values.rabbitmq.appName }}
         - name: RABBIT_PORT
           value: "5672"
-        resources:
-          requests:
-            memory: "512Mi"
-            cpu: "300m"
-          limits:
-            memory: "8Gi"
-            cpu: "1"
+        resources: {{- toYaml .Values.celeryWorker.resources | nindent 10 }}
         volumeMounts:
         - mountPath: /data
           name: wes-volume

diff --git a/deployment/templates/wes/wes-deployment.yaml b/deployment/templates/wes/wes-deployment.yaml
@@ -12,11 +12,24 @@ spec:
       labels:
         app: {{ .Values.wes.appName }}
     spec:
+      {{- if eq .Values.storageAccessMode "ReadWriteOnce" }}
+      affinity:
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app
+                operator: In
+                values:
+                - {{ .Values.celeryWorker.appName }}
+            topologyKey: "kubernetes.io/hostname"
+      {{- end }}
       initContainers:
       - name: vol-init
         image: busybox
         command: [ 'mkdir' ]
         args: [ '-p', '/data/db', '/data/output', '/data/tmp' ]
+        resources: {{- toYaml .Values.wes.initResources | nindent 10 }}
         volumeMounts:
         - mountPath: /data
           name: wes-volume
@@ -37,17 +50,17 @@ spec:
         - name: MONGO_USERNAME
           valueFrom:
             secretKeyRef:
-              key: database-user
+              key: databaseUser
               name: {{ .Values.mongodb.appName }}
         - name: MONGO_PASSWORD
           valueFrom:
             secretKeyRef:
-              key: database-password
+              key: databasePassword
               name: {{ .Values.mongodb.appName }}
         - name: MONGO_DBNAME
           valueFrom:
             secretKeyRef:
-              key: database-name
+              key: databaseName
               name: {{ .Values.mongodb.appName }}
         - name: RABBIT_HOST
           value: {{ .Values.rabbitmq.appName }}
@@ -64,13 +77,7 @@ spec:
             port: wes-port
           initialDelaySeconds: 3
           periodSeconds: 3
-        resources:
-          requests:
-            memory: "512Mi"
-            cpu: "300m"
-          limits:
-            memory: "8Gi"
-            cpu: "2"
+        resources: {{- toYaml .Values.wes.resources | nindent 10 }}
         ports:
         - containerPort: 8080
           name: wes-port

diff --git a/deployment/templates/wes/wes-ingress.yaml b/deployment/templates/wes/wes-ingress.yaml
@@ -58,11 +58,7 @@ status:
   loadBalancer: {}
 
 ---
-{{ if .Capabilities.APIVersions.Has "batch/v1" }}
 apiVersion: batch/v1
-{{ else }}
-apiVersion: batch/v1beta1
-{{ end }}
 kind: CronJob
 metadata:
   name: {{ .Values.wes.appName }}-certbot