The purpose of this repo is to run deployments for the items which comprise the Secondary Analysis component of the DCP.
As of present this deployment consists of three main components:
- Lira
- Falcon
- Pipeline Tools
In addition to this, this deployment also indicates which pipelines are activated. At present there are two pipelines in use:
- Smart-Seq2 from Illumina
- 10X Genomics
This repository contains scripts which allow deployments via Jenkins and via GitLab to a Kubernetes cluster
- Generates the Kubernetes service yaml
- Deploys the Kubernetes service to the cluster
- Generates a TLS cert keys (private, chain, cert and fullchain)
- Adds the TLS cert keys to Vault
- Renders the TLS cert files
- Adds the rendered TLS cert to the Kubernetes configuration secret for the cluster
- Renders the lira-ingress.yaml file
- Deploys the rendered ingress file to the Kubernetes cluster
- Retrieving caas service account key from vault
- Renders the Lira config file
- Deploys the lira config file with the caas key to the Kubernetes cluster
- Generates the lira deployment file
- Deploys the lira-deployment.yaml file to the Kubernetes cluster
Within the Jenkins instance a docker image which contains necessary software is used to render ctmpl files. In addition we have created two separate jobs which both rely on this repo and share the same configuration files:
- deploy-secondary-analysis-lira
- deploy-secondary-analysis-falcon
The docker instance which comprises the GitLab runner is expected to have all of the software required to deploy. The gitlab.yml file defines the pipeline for the deployment. This consists of two phases per stage:
- falcon deployment
- lira deployment
It is expected that unit tests and then later integration tests will be run as part of this pipeline setup.
In addition to the above scripts there are several other items which need to be set up to deploy lira for the first time:
This script does the following:
- Sets the GCloud project to use
- Creates the Service Account
- Grants the service account the necessary permissions
- Creates keys for the service account
- Adds the service account key to Vault
- Registers the service account in Firecloud
- Registers the service account in SAM
This script does the following:
- Creates the log sink
This script does the following:
- Create bluebox service account and key
- Add service account key to vault
- Gets the lira secret from vault
- Creates ss2 subscription
- Creates 10x subscription
This script returns the bearer token for a service account given the environment and the caas environment that you will be connecting to.