diff --git a/builds/SAML-K8S/Dockerfile b/builds/SAML-K8S/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..70b99c8c052e85fa5b26d3853f1fa2cb994df156
--- /dev/null
+++ b/builds/SAML-K8S/Dockerfile
@@ -0,0 +1,65 @@
+FROM ubuntu:18.04
+
+LABEL maintainer="456130@mail.muni.cz"
+
+# apache2 and mellon module installation
+RUN apt-get update &&\
+ apt-get install -y apache2 &&\
+ apt-get install -y libapache2-mod-auth-mellon &&\
+ apt-get clean
+
+RUN ln -sf /proc/self/fd/1 /var/log/apache2/access.log && \
+ ln -sf /proc/self/fd/2 /var/log/apache2/error.log
+
+COPY ./proxy.conf /etc/apache2/sites-available/proxy.conf
+COPY ./http_cbiood.edirex.ics.muni.cz_mellon.key \
+ ./http_cbiood.edirex.ics.muni.cz_mellon.cert \
+ /etc/apache2/mellon/
+COPY mellon.conf mellon.conf
+COPY start.sh start.sh
+COPY idp-metadata.xml idp-metadata.xml
+COPY http_cbiood.edirex.ics.muni.cz_mellon.xml /sp-metadata.xml
+
+
+RUN rm -rf /etc/apache2/sites-enabled/*
+
+RUN a2enmod proxy && \
+ a2enmod proxy_http && \
+ a2enmod rewrite && \
+ a2enmod ssl && \
+ a2enmod headers && \
+ a2ensite proxy.conf && \
+ mkdir /etc/apache2/ssl &&\
+ mkdir /etc/apache2/sites-enabled/routes
+
+
+
+ENV TZ=Europe/Prague
+
+RUN chmod +x start.sh
+
+EXPOSE 80
+
+#Flask
+RUN apt-get install -y python3 && \
+ apt-get install -y python3-pip && \
+ pip3 install Flask
+
+ENV LC_ALL=C.UTF-8 \
+ LANG=C.UTF-8 \
+ FLASK_APP=/secure-routing/app/app.py
+
+
+COPY ./secure-routing /secure-routing
+COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+
+RUN mkdir -p /var/log/supervisor
+
+#supervisor
+RUN apt-get update && \
+ apt-get install -y supervisor && \
+ apt-get clean
+
+EXPOSE 5000
+
+CMD [ "/start.sh" ]
diff --git a/builds/SAML-K8S/README.md b/builds/SAML-K8S/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..ca57ff352268cf01a665738bc286ca54e13664fc
--- /dev/null
+++ b/builds/SAML-K8S/README.md
@@ -0,0 +1,14 @@
+# APACHE SAML Configuration
+
+
+# Build
+command:
+ docker build -t <repo>/<image-name>:<tag>
+example:
+ docker build -t lpivo/k8s-saml:t1 .
+ docker build --build-arg SOURCE=/mylocation/secure-routing \
+ -t lpivo/k8s-saml:t1 .
+args:
+ SOURCE -> location of python app source code
+ -> default=./secure-routing
+
diff --git a/builds/SAML-K8S/before_build.sh b/builds/SAML-K8S/before_build.sh
new file mode 100755
index 0000000000000000000000000000000000000000..2d8a99359a17614b2371f894b3a9f553cba9ed44
--- /dev/null
+++ b/builds/SAML-K8S/before_build.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+#Run if you dont have sp metadata which are registered on idp
+#create metadata
+./helper.sh "http://cbiood.edirex.ics.muni.cz/mellon" "http://cbiood.edirex.ics.muni.cz/mellon"
diff --git a/builds/SAML-K8S/helper.sh b/builds/SAML-K8S/helper.sh
new file mode 100755
index 0000000000000000000000000000000000000000..fe029795077bc44afd8ddfc4d9cfb12156b80978
--- /dev/null
+++ b/builds/SAML-K8S/helper.sh
@@ -0,0 +1,92 @@
+#!/usr/bin/env bash
+set -e
+
+PROG="$(basename "$0")"
+
+printUsage() {
+ echo "Usage: $PROG ENTITY-ID ENDPOINT-URL"
+ echo ""
+ echo "Example:"
+ echo " $PROG urn:someservice https://sp.example.org/mellon"
+ echo ""
+}
+
+if [ "$#" -lt 2 ]; then
+ printUsage
+ exit 1
+fi
+
+ENTITYID="$1"
+if [ -z "$ENTITYID" ]; then
+ echo "$PROG: An entity ID is required." >&2
+ exit 1
+fi
+
+BASEURL="$2"
+if [ -z "$BASEURL" ]; then
+ echo "$PROG: The URL to the MellonEndpointPath is required." >&2
+ exit 1
+fi
+
+if ! echo "$BASEURL" | grep -q '^https\?://'; then
+ echo "$PROG: The URL must start with \"http://\" or \"https://\"." >&2
+ exit 1
+fi
+
+HOST="$(echo "$BASEURL" | sed 's#^[a-z]*://\([^:/]*\).*#\1#')"
+BASEURL="$(echo "$BASEURL" | sed 's#/$##')"
+
+OUTFILE="$(echo "$ENTITYID" | sed 's/[^0-9A-Za-z.]/_/g' | sed 's/__*/_/g')"
+echo "Output files:"
+echo "Private key: $OUTFILE.key"
+echo "Certificate: $OUTFILE.cert"
+echo "Metadata: $OUTFILE.xml"
+echo "Host: $HOST"
+echo
+echo "Endpoints:"
+echo "SingleLogoutService: $BASEURL/logout"
+echo "AssertionConsumerService: $BASEURL/postResponse"
+echo
+
+# No files should not be readable by the rest of the world.
+umask 0077
+
+TEMPLATEFILE="$(mktemp -t mellon_create_sp.XXXXXXXXXX)"
+
+cat >"$TEMPLATEFILE" <<EOF
+RANDFILE = /dev/urandom
+[req]
+default_bits = 2048
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+prompt = no
+policy = policy_anything
+[req_distinguished_name]
+commonName = $HOST
+EOF
+
+openssl req -utf8 -batch -config "$TEMPLATEFILE" -new -x509 -days 3652 -nodes -out "$OUTFILE.cert" -keyout "$OUTFILE.key" 2>/dev/null
+
+rm -f "$TEMPLATEFILE"
+
+CERT="$(grep -v '^-----' "$OUTFILE.cert")"
+
+cat >"$OUTFILE.xml" <<EOF
+<EntityDescriptor entityID="$ENTITYID" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>$CERT</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="$BASEURL/logout"/>
+ <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="$BASEURL/postResponse" index="0"/>
+ </SPSSODescriptor>
+</EntityDescriptor>
+EOF
+
+umask 0777
+chmod go+r "$OUTFILE.xml"
+chmod go+r "$OUTFILE.cert"
diff --git a/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.cert b/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.cert
new file mode 100644
index 0000000000000000000000000000000000000000..ab52fd5f820f718f50620f8763794b326ffe1956
--- /dev/null
+++ b/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.cert
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzzCCAbcCFBT9Z4ukaoX5prNGPZ526Sdxc95vMA0GCSqGSIb3DQEBCwUAMCQx
+IjAgBgNVBAMMGWNiaW9vZC5lZGlyZXguaWNzLm11bmkuY3owHhcNMTkwNDE3MDkz
+MjIwWhcNMjkwNDE2MDkzMjIwWjAkMSIwIAYDVQQDDBljYmlvb2QuZWRpcmV4Lmlj
+cy5tdW5pLmN6MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NQgk74l
+XyXwwdH5/mF6hQPbVNmuIkAI8c4JVsZcXzpzObhL+89y2XROteLvxqVSmCXH7x9h
+dwhaLzKCWQiUTNIXauimQHfRtyUGPisxcNzYf/sV3ecB/J9/ug5wtnfqAf8UWHB7
+QeTBGBgSgUlTZ7S4r5CB4sReFKtJuiiK1F9OUpDe2RInbZMuEiTgqkX1o6J0ABZA
+8xoW2XMxMoxI6mcI8sXlI2KJa351eWfS9cJ+m8RZEFT5DLF1kqeckah1tsdYxAD8
+SB1B2yV256baJjpgQEfXYDchLTh49HD2sEom5hKwuTWiB26wGTGTsr8a75jous7M
+nz/wg3GlzDd/AQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDTCSD2ipchyE4xHvTJ
+X12T15QLKrvvPnNZM2/LF2nAhR+JRjBKgHbMnuDWu6quwQ+uJiKASaM+hi+9XJqh
+SQZjvmUAvTzqUncjQ170bqfip5+JmUPYj0PIwD58Xnb28nXDOmQ4XxvP2i4YEdwW
+coUto0qkLusqz/ZPU8qQmPL18XB8zgewzgVbRBESy1lUtJSr53AwMjGstlqx4dMx
+DBSyGA2GO6dkVSqto9kBZ7s87kxxNCrA/tQZmB5km3CZwEyx6hCKyJqQw+Huh+Ex
+TO9R3dX2NRDztD8ZMQks+Uf6PfV/lqOpciHOE2FuiK8cceWzJgEueI6l6AXTxcnR
+pcO5
+-----END CERTIFICATE-----
diff --git a/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.key b/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.key
new file mode 100644
index 0000000000000000000000000000000000000000..6482e0aa27ee3474571ef7296512f40fa1fb9b40
--- /dev/null
+++ b/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc1CCTviVfJfDB
+0fn+YXqFA9tU2a4iQAjxzglWxlxfOnM5uEv7z3LZdE614u/GpVKYJcfvH2F3CFov
+MoJZCJRM0hdq6KZAd9G3JQY+KzFw3Nh/+xXd5wH8n3+6DnC2d+oB/xRYcHtB5MEY
+GBKBSVNntLivkIHixF4Uq0m6KIrUX05SkN7ZEidtky4SJOCqRfWjonQAFkDzGhbZ
+czEyjEjqZwjyxeUjYolrfnV5Z9L1wn6bxFkQVPkMsXWSp5yRqHW2x1jEAPxIHUHb
+JXbnptomOmBAR9dgNyEtOHj0cPawSibmErC5NaIHbrAZMZOyvxrvmOi6zsyfP/CD
+caXMN38BAgMBAAECggEAW8kv4Tjff7TdZTJJnpoVusPnnlT8M/A5x4fECfVY35wD
+2LHpoziOnCPjs2YoE4ET23mYqKN6d2dZVNTBqRAP0/5fDWi18YXb/Su+dIivfCHP
+OyK57AngoYgKJuNppe4hrcLASiI2mSTjvYgD6Qj5SdmsCg0eb4r/L8giVOYVDj/o
+4jm4x7GNTyRN20P4h+tfum3kYHjvmDrL6RWunaChR6+Y33JGO7pW/q6uhonZCUxX
+vUqkZ/UKuMRa43lFWWo2QHt2f0ELRjtZwFA9LSqBnf6rZ/p7dubN7g5+l57PScAT
+4vWYsC5JLT8OM989w4urvVae4jrN3DafOg13qnV6IQKBgQD8lf4psasvIfE6isAL
+uh3nRLV7cpU1YFfZM17j2lleXlHmqu+9oXK5oCtAXoXLvh4N33F5BskXOByKwAMP
++0XDdM7rhVqQdyOe/WYObcCQqCMeuj+XxGyhwRoXjTX3yzwZN9oGAlIhRvGsaLnc
+3dANzsVKVVMDuzR+BfLNEW/UIwKBgQDf0D8mhHUh8Mu01HCZlOwQHuRCxje9mNN+
+fuTJ977X0tJw2z3t74yLN5x2Y/U0OQUxHXBBhqNjsWeMF9kFAZn1mMqTCVlo0NZz
+UNXC3wZAY//cVtY4E8M8Fl4q6bLF+byAYdIoSrWNkznElTM0425EwSvE9SS4qQ8G
+Ebad3JBwiwKBgQDu3YYLtfp2SzoOq9JsBKls4RxjTvvuC1toi10sS3yCct4vLu4j
+vf95rg/ZAsqy3+saIXn1A0a+T5EmYelDftP9wIRCVM1Nm22zWF3gPUiDRI5Z67Zh
+9x7oZW4gYals2eTO0HO9hQpYb/fynONQDPBJboZDAqfL+ojsuQFhjyDbUwKBgFqO
+sw6Np6ss9+9ZyZmKtR0ssqUF+MXBEUnsY/wIPvKqfbVmMB+WvmISBT+t4CfaLmya
+AbKxnGiY/lGj0I6DAF1sDgMCVGfhn/OWsHchsDDbhUoM5K5Z6LPmRQHN/yS1kHzN
+l6/v0pfPCx+sUsTChPpSwrf1jH8fAFIvVpl3BgZTAoGATZbsq6cX3lbq0EFnLY/G
+nhTXoyrywxrnhMUfhhxuSBY7ENFrjf/p5lXum3UuY730ss2nKHkfzZHne0+r9D1/
+Y1wPE/4HYyJ5p3Z45fOwoEz0Ik9hNrzs0mVRaCni7ZyVso+iavJIAu4jTYaxjYfp
+2l5/pzZ5owWLz0OZk1BAYUA=
+-----END PRIVATE KEY-----
diff --git a/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.xml b/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.xml
new file mode 100644
index 0000000000000000000000000000000000000000..64daa7827b84ccbb5b720aa2327993be3c584cd4
--- /dev/null
+++ b/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.xml
@@ -0,0 +1,28 @@
+<EntityDescriptor entityID="http://cbiood.edirex.ics.muni.cz/mellon" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>MIICzzCCAbcCFBT9Z4ukaoX5prNGPZ526Sdxc95vMA0GCSqGSIb3DQEBCwUAMCQx
+IjAgBgNVBAMMGWNiaW9vZC5lZGlyZXguaWNzLm11bmkuY3owHhcNMTkwNDE3MDkz
+MjIwWhcNMjkwNDE2MDkzMjIwWjAkMSIwIAYDVQQDDBljYmlvb2QuZWRpcmV4Lmlj
+cy5tdW5pLmN6MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NQgk74l
+XyXwwdH5/mF6hQPbVNmuIkAI8c4JVsZcXzpzObhL+89y2XROteLvxqVSmCXH7x9h
+dwhaLzKCWQiUTNIXauimQHfRtyUGPisxcNzYf/sV3ecB/J9/ug5wtnfqAf8UWHB7
+QeTBGBgSgUlTZ7S4r5CB4sReFKtJuiiK1F9OUpDe2RInbZMuEiTgqkX1o6J0ABZA
+8xoW2XMxMoxI6mcI8sXlI2KJa351eWfS9cJ+m8RZEFT5DLF1kqeckah1tsdYxAD8
+SB1B2yV256baJjpgQEfXYDchLTh49HD2sEom5hKwuTWiB26wGTGTsr8a75jous7M
+nz/wg3GlzDd/AQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDTCSD2ipchyE4xHvTJ
+X12T15QLKrvvPnNZM2/LF2nAhR+JRjBKgHbMnuDWu6quwQ+uJiKASaM+hi+9XJqh
+SQZjvmUAvTzqUncjQ170bqfip5+JmUPYj0PIwD58Xnb28nXDOmQ4XxvP2i4YEdwW
+coUto0qkLusqz/ZPU8qQmPL18XB8zgewzgVbRBESy1lUtJSr53AwMjGstlqx4dMx
+DBSyGA2GO6dkVSqto9kBZ7s87kxxNCrA/tQZmB5km3CZwEyx6hCKyJqQw+Huh+Ex
+TO9R3dX2NRDztD8ZMQks+Uf6PfV/lqOpciHOE2FuiK8cceWzJgEueI6l6AXTxcnR
+pcO5</ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://cbiood.edirex.ics.muni.cz/mellon/logout"/>
+ <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://cbiood.edirex.ics.muni.cz/mellon/postResponse" index="0"/>
+ </SPSSODescriptor>
+</EntityDescriptor>
diff --git a/builds/SAML-K8S/idp-metadata.xml b/builds/SAML-K8S/idp-metadata.xml
new file mode 100644
index 0000000000000000000000000000000000000000..a18d65b2967a79bcc092263dd277757537f72729
--- /dev/null
+++ b/builds/SAML-K8S/idp-metadata.xml
@@ -0,0 +1,55 @@
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+ xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
+ xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ entityID="https://login.europdx.eu/idp/">
+ <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <md:Extensions>
+ <shibmd:Scope regexp="false">europdx.eu</shibmd:Scope>
+ <mdui:UIInfo><mdui:DisplayName xml:lang="en">EuroPDX research infrastructure AAI</mdui:DisplayName>
+ <mdui:Description xml:lang="en">
+ This service is identity provider for EuroPDX community.
+ </mdui:Description>
+ <mdui:InformationURL xml:lang="en">https://europdx.eu</mdui:InformationURL>
+ <mdui:PrivacyStatementURL xml:lang="en">https://TBA</mdui:PrivacyStatementURL>
+ <mdui:Keywords xml:lang="en">EuroPDX proxy biology life sciences</mdui:Keywords>
+ <mdui:Logo width="96" height="96">
+ https://login.elixir-czech.org/media/elixir-96x96.jpg
+ </mdui:Logo>
+ </mdui:UIInfo>
+ </md:Extensions>
+ <md:KeyDescriptor use="signing">
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIEUTCCAzmgAwIBAgIJALuWjo0j1/fcMA0GCSqGSIb3DQEBCwUAMIG+MQswCQYDVQQGEwJDWjEQMA4GA1UECAwHTW9yYXZpYTENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSTWFzYXJ5ayBVbml2ZXJzaXR5MSYwJAYDVQQLDB1JbnN0aXR1dGUgb2YgQ29tcHV0ZXIgU2NpZW5jZTEbMBkGA1UEAwwSKi5lbGl4aXItY3plY2gub3JnMSwwKgYJKoZIhvcNAQkBFh1hYWktY29udGFjdEBlbGl4aXItZXVyb3BlLm9yZzAeFw0xNjA4MTAwODA5MTNaFw0yNjA4MDgwODA5MTNaMIG+MQswCQYDVQQGEwJDWjEQMA4GA1UECAwHTW9yYXZpYTENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSTWFzYXJ5ayBVbml2ZXJzaXR5MSYwJAYDVQQLDB1JbnN0aXR1dGUgb2YgQ29tcHV0ZXIgU2NpZW5jZTEbMBkGA1UEAwwSKi5lbGl4aXItY3plY2gub3JnMSwwKgYJKoZIhvcNAQkBFh1hYWktY29udGFjdEBlbGl4aXItZXVyb3BlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvZy0XHUJ/NW/ffIuSMzcpWJp+6gL3OXhl7oG8MPZHe1JmzgBrxQ9sLzFhRl34NVfSA8flN+nKbcekp8jpeoTY/hnr/IWIWNDYfg3xLCQxCSoN/QiSqrr8FizSam8IT2vTu+BUvnCngrwia/upGCHb7hivsEDfTroQcAEPDe/S9uVWCvv5ERGwfBKgH3+06xjrdGVpFNzoy+9m+/ZLkdqmPHVc6E87o2hy0jLrV+g55nCxwJ79Z5LTLPcn2WHkg0nWoh1BITYoyfg503OpUL1ja+IL7FlofIb0s6YfV0a1duSrwc7nG/V7KFjrWJS5RCh74SfWTaGiSN5XcqdwJsgECAwEAAaNQME4wHQYDVR0OBBYEFN/3g/caCmGJG1w+35mgGhAzryLnMB8GA1UdIwQYMBaAFN/3g/caCmGJG1w+35mgGhAzryLnMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGlWHgjzeZ7VLn7ajPRr36aK/oXTOTetvzI7XcepAhDB/8suLabq55rV6ydtmuzA18ZJ/cdcb+LoIp/rqyY24siGYrNjwbjTgz9ai3legz5lFq7qnjYuAbGhc2OX4uJmzk/+jL5npKuMxkQSjgSqscYoBXsbNyJ/ou7PTXmalGkbFsr2ch0q1/McWSpDLAVzWTf1yZ85h3UYdxRyK0Evt4MWHYJ3DITK7xELYqNDg/Nrlr9So1sojSd1QIJ2yvOl8l9McMWlDwd31rPdNiT589F/UrryPEG2Xiapo75DgSyshNUOYxHKub4FYvDAZLjStjcmvhzeZo1v35jqLINp/bg=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </md:KeyDescriptor>
+ <md:KeyDescriptor use="encryption">
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIEUTCCAzmgAwIBAgIJALuWjo0j1/fcMA0GCSqGSIb3DQEBCwUAMIG+MQswCQYDVQQGEwJDWjEQMA4GA1UECAwHTW9yYXZpYTENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSTWFzYXJ5ayBVbml2ZXJzaXR5MSYwJAYDVQQLDB1JbnN0aXR1dGUgb2YgQ29tcHV0ZXIgU2NpZW5jZTEbMBkGA1UEAwwSKi5lbGl4aXItY3plY2gub3JnMSwwKgYJKoZIhvcNAQkBFh1hYWktY29udGFjdEBlbGl4aXItZXVyb3BlLm9yZzAeFw0xNjA4MTAwODA5MTNaFw0yNjA4MDgwODA5MTNaMIG+MQswCQYDVQQGEwJDWjEQMA4GA1UECAwHTW9yYXZpYTENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSTWFzYXJ5ayBVbml2ZXJzaXR5MSYwJAYDVQQLDB1JbnN0aXR1dGUgb2YgQ29tcHV0ZXIgU2NpZW5jZTEbMBkGA1UEAwwSKi5lbGl4aXItY3plY2gub3JnMSwwKgYJKoZIhvcNAQkBFh1hYWktY29udGFjdEBlbGl4aXItZXVyb3BlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvZy0XHUJ/NW/ffIuSMzcpWJp+6gL3OXhl7oG8MPZHe1JmzgBrxQ9sLzFhRl34NVfSA8flN+nKbcekp8jpeoTY/hnr/IWIWNDYfg3xLCQxCSoN/QiSqrr8FizSam8IT2vTu+BUvnCngrwia/upGCHb7hivsEDfTroQcAEPDe/S9uVWCvv5ERGwfBKgH3+06xjrdGVpFNzoy+9m+/ZLkdqmPHVc6E87o2hy0jLrV+g55nCxwJ79Z5LTLPcn2WHkg0nWoh1BITYoyfg503OpUL1ja+IL7FlofIb0s6YfV0a1duSrwc7nG/V7KFjrWJS5RCh74SfWTaGiSN5XcqdwJsgECAwEAAaNQME4wHQYDVR0OBBYEFN/3g/caCmGJG1w+35mgGhAzryLnMB8GA1UdIwQYMBaAFN/3g/caCmGJG1w+35mgGhAzryLnMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGlWHgjzeZ7VLn7ajPRr36aK/oXTOTetvzI7XcepAhDB/8suLabq55rV6ydtmuzA18ZJ/cdcb+LoIp/rqyY24siGYrNjwbjTgz9ai3legz5lFq7qnjYuAbGhc2OX4uJmzk/+jL5npKuMxkQSjgSqscYoBXsbNyJ/ou7PTXmalGkbFsr2ch0q1/McWSpDLAVzWTf1yZ85h3UYdxRyK0Evt4MWHYJ3DITK7xELYqNDg/Nrlr9So1sojSd1QIJ2yvOl8l9McMWlDwd31rPdNiT589F/UrryPEG2Xiapo75DgSyshNUOYxHKub4FYvDAZLjStjcmvhzeZo1v35jqLINp/bg=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </md:KeyDescriptor>
+ <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.europdx.eu/proxy/saml2/idp/SingleLogoutService.php"/>
+ <md:NameIDFormat>
+ urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+ </md:NameIDFormat>
+ <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.europdx.eu/proxy/saml2/idp/SSOService.php"/>
+</md:IDPSSODescriptor>
+<md:Organization>
+ <md:OrganizationName xml:lang="en">EuroPDX</md:OrganizationName>
+ <md:OrganizationDisplayName xml:lang="en">EuroPDX</md:OrganizationDisplayName>
+ <md:OrganizationURL xml:lang="en">https://europdx.eu</md:OrganizationURL>
+</md:Organization>
+<md:ContactPerson contactType="technical">
+ <md:GivenName>EuroPDX</md:GivenName>
+ <md:SurName>AAI</md:SurName>
+ <md:EmailAddress>vyskocilpavel@muni.cz</md:EmailAddress>
+</md:ContactPerson>
+</md:EntityDescriptor>
diff --git a/builds/SAML-K8S/mellon.conf b/builds/SAML-K8S/mellon.conf
new file mode 100644
index 0000000000000000000000000000000000000000..d56a641ef3be53e5263e18ebd321d7930f603a98
--- /dev/null
+++ b/builds/SAML-K8S/mellon.conf
@@ -0,0 +1,3 @@
+AuthType Mellon
+MellonEnable auth
+Require valid-user
diff --git a/builds/SAML-K8S/proxy.conf b/builds/SAML-K8S/proxy.conf
new file mode 100644
index 0000000000000000000000000000000000000000..c7de943dc30aaecb1f2a7ee6edc80d9f2a6b0db2
--- /dev/null
+++ b/builds/SAML-K8S/proxy.conf
@@ -0,0 +1,25 @@
+include /etc/apache2/fqdn.conf
+<VirtualHost *:80>
+ ServerName ${SERVERNAME}
+ ServerAdmin ${EMAILADMIN}
+
+ ErrorLog "/var/log/apache2/error.log"
+ CustomLog "/var/log/apache2/access.log" common
+ TransferLog "/var/log/apache2/access.log"
+
+ ProxyPreserveHost On
+ <Location / >
+ MellonSPPrivateKeyFile /etc/apache2/mellon/sp_key.pem
+ MellonSPCertFile /etc/apache2/mellon/sp_cert.pem
+ MellonSPMetadataFile /etc/apache2/mellon/sp-metadata.xml
+ MellonIdPMetadataFile /etc/apache2/mellon/idp-metadata.xml
+
+ # Mapping of attribute names to something readable
+ MellonSetEnv "name" "urn:oid:2.16.840.1.113730.3.1.241"
+ MellonSetEnv "mail" "urn:oid:0.9.2342.19200300.100.1.3"
+ MellonSetEnv "eppn" "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
+ MellonSetEnv "entitlement" "urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
+ MellonSetEnv "eduPersonUniqueId" "urn:oid:1.3.6.1.4.1.5923.1.1.1.13"
+ </Location>
+ IncludeOptional /etc/apache2/sites-enabled/routes/*.conf
+</Virtualhost>
diff --git a/builds/SAML-K8S/start.sh b/builds/SAML-K8S/start.sh
new file mode 100644
index 0000000000000000000000000000000000000000..d06b155a92bc4f63ae6f37598b3cd09c2662d091
--- /dev/null
+++ b/builds/SAML-K8S/start.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+mellon=/etc/apache2/mellon
+mellonconf=/etc/apache2/sites-enabled/mellon/
+
+cd /$mellon
+
+# move mellon metadata
+mv /sp-metadata.xml /${mellon}/sp-metadata.xml
+mv /idp-metadata.xml $mellon
+mv ${mellon}/*.cert ${mellon}/sp_cert.pem
+mv ${mellon}/*.key ${mellon}/sp_key.pem
+
+# mellon conf
+mkdir $mellonconf
+mv /mellon.conf ${mellonconf}
+
+# create fqdn.conf
+echo "Define FQDN ${HOST}" >/etc/apache2/fqdn.conf
+echo "Define EMAILADMIN ${ADMIN_USER}" >> /etc/apache2/fqdn.conf
+
+# run Apache
+#/usr/sbin/apache2ctl -D FOREGROUND
+
+#run supervisor
+/usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf
diff --git a/builds/SAML-K8S/supervisord.conf b/builds/SAML-K8S/supervisord.conf
new file mode 100644
index 0000000000000000000000000000000000000000..66c07fd4bc28c01d693ba7c07af8bdd20a4f005b
--- /dev/null
+++ b/builds/SAML-K8S/supervisord.conf
@@ -0,0 +1,24 @@
+[supervisorctl]
+
+[supervisord]
+nodaemon=true
+
+[program:flaskAPI]
+stdout_logfile=/dev/stdout
+stdout_maxbytes=0
+stdout_logfile_maxbytes=0
+command=flask run --host=0.0.0.0
+
+[program:apache2]
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stdout_maxbytes=0
+stderr_maxbytes=0
+stdout_logfile_maxbytes=0
+stdout_logfile=/dev/stdout
+
+user=root
+killasgroup=true
+stopasgroup=true
+
+command=/usr/sbin/apache2ctl -D FOREGROUND
diff --git a/builds/cbioapp/Dockerfile b/builds/cbioapp/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..74132b35252e4b63e043bfc91e3bdde8e9a42808
--- /dev/null
+++ b/builds/cbioapp/Dockerfile
@@ -0,0 +1,45 @@
+ARG TAG=2.0.0
+FROM cbioportal/cbioportal:$TAG AS build
+MAINTAINER Luboslav Pivarc <456130@muni.cz>
+COPY ./log4j.properties /cbioportal/src/main/resources/log4j.properties
+COPY ./portal.properties /cbioportal/src/main/resources/portal.properties
+COPY ./settings.xml /root/.m2/settings.xml
+COPY ./context.xml /usr/local/tomcat/conf/context.xml
+COPY ./logo_EurOPDX.png /cbioportal/portal/src/main/webapp/images/logo_EurOPDX.png
+
+RUN mvn -DskipTests clean install
+
+RUN ls $PORTAL_HOME/portal/target/
+
+FROM tomcat:8-jre8
+MAINTAINER Luboslav Pivarc <456130@muni.cz>
+ENV APP_NAME="cbioportal" \
+ PORTAL_HOME="/cbioportal"
+#======== Install Prerequisites ===============#
+RUN apt-get update && apt-get install -y --no-install-recommends \
+ libmysql-java \
+ patch \
+ python3 \
+ python3-jinja2 \
+ python3-mysqldb \
+ python3-requests \
+ && ln -s /usr/share/java/mysql-connector-java.jar "$CATALINA_HOME"/lib/ \
+ && rm -rf $CATALINA_HOME/webapps/examples \
+ && rm -rf /var/lib/apt/lists/*
+
+#======== Copy from first stage ===========================#
+
+COPY --from=build $PORTAL_HOME/portal/target/cbioportal.war $CATALINA_HOME/webapps/cbioportal.war
+COPY --from=build $PORTAL_HOME/core/src/main/scripts/ $PORTAL_HOME/core/src/main/scripts/
+COPY --from=build $PORTAL_HOME/scripts/target/scripts*.jar $PORTAL_HOME/scripts/target/
+
+COPY --from=build /usr/local/tomcat/conf/context.xml /usr/local/tomcat/conf/context.xml
+COPY --from=build /cbioportal/src/main/resources/portal.properties /cbioportal/portal.properties
+COPY ./data-loading /etc/data-loading
+COPY ./start.sh /start.sh
+
+RUN chmod +x /start.sh
+WORKDIR $PORTAL_HOME
+EXPOSE 8080
+#======== symbol links & subtitute db host & run app ===============#
+CMD /start.sh
diff --git a/builds/cbioapp/context.xml b/builds/cbioapp/context.xml
new file mode 100644
index 0000000000000000000000000000000000000000..1da4e84178d95f11b29c5196cdf8c156b447598d
--- /dev/null
+++ b/builds/cbioapp/context.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!-- The contents of this file will be loaded for each web application -->
+<Context>
+
+ <!-- Default set of monitored resources. If one of these changes, the -->
+ <!-- web application will be reloaded. -->
+ <WatchedResource>WEB-INF/web.xml</WatchedResource>
+ <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
+
+ <!-- Uncomment this to disable session persistence across Tomcat restarts -->
+ <!--
+ <Manager pathname="" />
+ -->
+
+ <Resource name="jdbc/cbioportal" auth="Container" type="javax.sql.DataSource"
+ maxActive="100" maxIdle="30" maxWait="10000"
+ username="cbio" password="P@ssword1"
+ driverClassName="com.mysql.jdbc.Driver"
+ connectionProperties="zeroDateTimeBehavior=convertToNull;"
+ url="jdbc:mysql://cbiodb:3306/cbioportal"/>
+</Context>
diff --git a/builds/cbioapp/log4j.properties b/builds/cbioapp/log4j.properties
new file mode 100644
index 0000000000000000000000000000000000000000..964f33b538cdf5e1c37a1e3817e9a8c48e7799cd
--- /dev/null
+++ b/builds/cbioapp/log4j.properties
@@ -0,0 +1,19 @@
+# Change INFO to DEBUG, if you want to see debugging info on underlying libraries we use.
+log4j.rootLogger=INFO, a
+
+# Change INFO to DEBUG, if you want see debugging info on our packages and spring security packages.
+log4j.category.org.mskcc=INFO
+log4j.logger.org.springframework.security=INFO
+
+# Use the JVM option, e.g.: "java -DPORTAL_HOME=/pathto/portal_homedir",
+# or - "java -DPORTAL_HOME=$PORTAL_HOME", where PORTAL_HOME is shell (environment) variable.
+
+## IMPORTANT - THRESHOLD SHOULD NOT BE DEBUG FOR PRODUCTION, CREDENTIALS CAN BE DISPLAYED!
+
+log4j.appender.a = org.apache.log4j.rolling.RollingFileAppender
+log4j.appender.a.rollingPolicy = org.apache.log4j.rolling.TimeBasedRollingPolicy
+log4j.appender.a.rollingPolicy.FileNamePattern = ${java.io.tmpdir}/cbioportal.log.%d.gz
+log4j.appender.a.File = ${java.io.tmpdir}/cbioportal.log
+log4j.appender.a.layout = org.apache.log4j.PatternLayout
+log4j.appender.a.layout.ConversionPattern = %d{yyyy-MM-dd HH:mm:ss} [%t] %-5p %c - %m%n
+log4j.appender.a.append = true
\ No newline at end of file
diff --git a/builds/cbioapp/logo_EurOPDX.png b/builds/cbioapp/logo_EurOPDX.png
new file mode 100644
index 0000000000000000000000000000000000000000..1aa9f993c49b96914889a84078e44a0feeb813ed
Binary files /dev/null and b/builds/cbioapp/logo_EurOPDX.png differ
diff --git a/builds/cbioapp/portal.properties b/builds/cbioapp/portal.properties
new file mode 100644
index 0000000000000000000000000000000000000000..c39b3cc6703f3471795339ed0af98362e90225ae
--- /dev/null
+++ b/builds/cbioapp/portal.properties
@@ -0,0 +1,218 @@
+# app name
+app.name=cbioportal1
+
+# database
+db.user=cbio
+db.password=P@ssword1
+db.host=cbiodb
+db.portal_db_name=cbioportal
+db.driver=com.mysql.jdbc.Driver
+db.connection_string=jdbc:mysql://cbiodb/
+db.tomcat_resource_name=jdbc/cbioportal
+# this should normally be set to false. In some cases you could set this to true (e.g. for testing a feature of a newer release that is not related to the schema change in expected db version above):
+db.suppress_schema_version_mismatch_errors=false
+app.version=${timestamp}
+db.version=${db.version}
+
+# web page cosmetics
+skin.title=EurOPDX cBioPortal
+skin.email_contact=it at europdx eu
+skin.authorization_message=Access to this portal is only available to authorized users of EurOPDX consortium.
+skin.example_study_queries=tcga\ntcga -provisional\ntcga -moratorium\ntcga OR icgc\n-"cell line"\nprostate mskcc\nesophageal OR stomach\nserous\nbreast
+skin.data_sets_header=The portal currently contains data from the following cancer genomics studies. The table below lists the number of available samples per data type and tumor.
+skin.data_sets_footer=
+#skin.examples_right_column_html=<ul><li><a href="case.do#/patient?studyId=ucec_tcga_pub&caseId=TCGA-BK-A0CC">Patient view of an endometrial cancer case</a></li></ul>
+
+# documentation pages
+#skin.documentation.baseurl=https://raw.githubusercontent.com/cBioPortal/cbioportal/master/docs/
+skin.documentation.baseurl=https://gitlab.ics.muni.cz/europdx/cbioportal/cbio-public-info/raw/master/
+skin.documentation.markdown=true
+skin.documentation.faq=FAQ.md
+skin.documentation.about=About-Us.md
+skin.documentation.skin.news=News.md
+skin.documentation.oql=Onco-Query-Language.md
+
+# setting controlling the logos
+skin.right_logo=logo_EurOPDX.png
+skin.tag_line_image=tag_line.png
+
+# setting controlling which tabs to hide.
+skin.show_news_tab=true
+skin.show_data_tab=true
+skin.show_web_api_tab=true
+skin.show_r_matlab_tab=true
+skin.show_tutorials_tab=false
+skin.show_faqs_tab=true
+skin.show_tools_tab=true
+skin.show_about_tab=true
+
+# settings controlling the whats new blurb
+skin.right_nav.whats_new_blurb=<a class="twitter-timeline" href="https://twitter.com/europdx" data-tweet-limit="1"> Tweets by @EurOPDX </a>
+
+# setting controlling the blurb
+skin.blurb=<p>Welcome to the european instance of cBioPortal which provides <b>visualization</b>, <b>analysis</b> and <b>download</b> of large-scale cancer genomics datasets of EurOPDX consortium. This portal is run by <a href="https://www.cerit-sc.cz/about/news/cerit-sc-member-participates-in-eu-h2020-project-as-the-it-task-leader">Masaryk University</a> for <a href="https://cordis.europa.eu/project/rcn/212589_en.html">EDIReX: European Distributed Infrastructure for Research on patient-derived cancer Xenografts</a> project with kind support of cBioPortal developers from Weill Cornell Medicine (WCM, New York, NY, USA).</p><p>Please adhere to <u><a href="http://cancergenome.nih.gov/abouttcga/policies/publicationguidelines"> the TCGA publication guidelines</a></u> when using TCGA data in your publications.</p> <p><b>Please cite</b> <a href="http://www.ncbi.nlm.nih.gov/pubmed/23550210">Gao et al. <i>Sci. Signal.</i> 2013</a> & <a href="http://cancerdiscovery.aacrjournals.org/content/2/5/401.abstract">Cerami et al. <i>Cancer Discov.</i> 2012</a> when publishing results based on cBioPortal.</p>
+
+# setting controlling the footer
+skin.footer= | <a href="http://www.mskcc.org/mskcc/html/44.cfm">MSKCC</a> | <a href="http://europdx.eu/">EurOPDX</a> | <a href="http://www.ics.muni.cz/">ICS MU</a>
+
+# setting controlling html for the contact
+skin.login.contact_html=If you think you have received this message in error, please contact us at <a style="color:#FF0000" href="mailto:europdx-cbioportal@googlegroups.com">europdx-cbioportal@googlegroups.com</a>
+
+# setting controlling the saml registration
+skin.login.saml.registration_html=Sign in
+
+# settings controlling what to show in the right navigation bar
+skin.right_nav.show_data_sets=true
+skin.right_nav.show_examples=true
+skin.right_nav.show_testimonials=false
+
+# settings controlling what to show in the right navigation bar
+skin.study_view.link_text=To build your own case set, try out our enhanced Study View.
+
+# authentication
+## is authorization enabled at all? (true, false)
+authorization=false
+## enable and set this property to specify a study group to be used to identify public studies for which no specific authorization entries are needed in the `authorities` table
+# always_show_study_group=
+## which method of authentication to use (false, googleplus, saml, openid, ad, ldap, noauthsessionservice)
+authenticate=false
+## Should the permissions for groups and users be filtered by this instance's app.name?
+## (true means the system only handles "CBIOPORTAL:someGroupPermission" groups, false means "someGroupPermission" works)
+filter_groups_by_appname=true
+## settings to connect to googleplus auth infrastructure
+googleplus.consumer.key=
+googleplus.consumer.secret=
+
+## SAML settings
+saml.sp.metadata.entityid=
+saml.idp.metadata.location=
+saml.idp.metadata.entityid=
+# saml keystore settings:
+saml.keystore.location=
+saml.keystore.password=
+saml.keystore.private-key.key=
+saml.keystore.private-key.password=
+saml.keystore.default-key=
+# How to send SAML request messages to the IDP.
+# Set to "specificBinding" to configure specific binding:
+saml.idp.comm.binding.settings=defaultBinding
+# Configure the specific binding if above is specificBinding. Leave empty if defaultBinding.
+# Options: bindings:HTTP-POST, bindings:HTTP-Redirect, bindings:PAOS, profiles:holder-of-key:SSO:browser
+saml.idp.comm.binding.type=
+# Change this to configure your custom UserDetails parser (default: org.cbioportal.security.spring.authentication.saml.SAMLUserDetailsServiceImpl)
+saml.custom.userservice.class=org.cbioportal.security.spring.authentication.saml.SAMLUserDetailsServiceImpl
+# Change this to configure to configure a custom logout URL: (default: /login.jsp?logout_success=true)
+saml.logout.url=/login.jsp?logout_success=true
+
+## settings to connect to an Active Directory domain controller
+ad.domain=
+ad.url=
+## configuration for the LDAP access
+ldap.user_search_base=DC=example,DC=com
+ldap.url=ldap://ldap.example.com
+ldap.manager.dn=CN=manager-user,DC=example,DC=com
+ldap.manager.password=PASSWORD
+## The following attributes for are good for ActiveDirectory, for OpenLDAP use "uid" for username
+ldap.attributes.username=sAMAccountName
+#ldap.attributes.username=uid
+ldap.attributes.last_name=sn
+ldap.attributes.given_name=givenName
+ldap.attributes.email=mail
+
+# study view settings
+# always show studies with this group
+always_show_study_group=
+mdacc.heatmap.study.meta.url=//bioinformatics.mdanderson.org/study2url?studyid=
+mdacc.heatmap.study.url=//bioinformatics.mdanderson.org/TCGA/NGCHMPortal/?
+
+# patient view settings
+patient_view_placeholder=false
+patient_view_genomic_overview_cna_cutoff=0.2,1.5
+digitalslidearchive.iframe.url=http://cancer.digitalslidearchive.net/index_mskcc.php?slide_name=
+digitalslidearchive.meta.url=http://cancer.digitalslidearchive.net/local_php/get_slide_list_from_db_groupid_not_needed.php?slide_name_filter=
+tumor_image.url=http://cbio.mskcc.org/cancergenomics/tcga-tumor-images/
+tcga_path_report.url=https://github.com/cbioportal/datahub/raw/master/tcga/pathology_reports/pathology_reports.txt
+mdacc.heatmap.patient.url=//bioinformatics.mdanderson.org/TCGA/NGCHMPortal/?participant=
+mdacc.heatmap.meta.url=//bioinformatics.mdanderson.org/participant2maps?participant=
+
+# various url's
+segfile.url=http://cbio.mskcc.org/cancergenomics/gdac-portal/seg/
+
+# Enable OncoKB annotation (true, false)
+show.oncokb=true
+
+# Enable Chang's hotspot list (true, false)
+show.hotspot=true
+hotspots.url=http://cancerhotspots.org/api/
+
+# Enable Civic variant annotation (true, false)
+show.civic=false
+
+# Link to My Cancer Genome. Please disable (set to false) when using cBioPortal with patient identifiable data due My Cancer Genome license restrictions.
+mycancergenome.show=true
+
+# igv bam linking
+igv.bam.linking=
+# colon delimited
+igv.bam.linking.studies=
+openssl.binary=
+signature.key=
+encryption.key=
+broad.bam.url=
+broad.bam.checking.url=
+
+# pathway settings
+include_networks=true
+pathway_commons.url=http://www.pathwaycommons.org/pc2
+
+# bitly, please use your bitly user and apiKey
+bitly.url=
+# the new API uses the v3 of bitly API, and a java library to make the API call, so you only need to provide the access token
+bitly.access.token=
+
+# google analytics
+google_analytics_profile_id=UA-120520301-1
+
+# genomespace linking
+genomespace=true
+
+# set this to true if you update cancer studies in your production database without shutting the web server
+recache_study_after_update=false
+
+# session-service url: http://[host]:[port]/[session_service_app]/api/sessions/[portal_instance]/
+# example session-service url: http://localhost:8080/session_service/api/sessions/public_portal/
+# see: https://github.com/cBioPortal/session-service
+# excluding this value or setting it to an empty string will revert to the previous bookmarking method
+# WARNING: do not use session service with authenticate=false
+# either use authentication or change to authenticate=noauthsessionservice
+session.service.url=
+# Only allow requests from here:
+# e.g. session.service.origin=http://dashi-dev.cbio.mskcc.org:8080
+session.service.origin=*
+
+# disabled tabs, | delimited
+# possible values: cancer_types_summary, mutual_exclusivity, plots, mutations, co_expression, enrichments, survival, network, download, bookmark, IGV
+disabled_tabs=
+
+# study ids and categories to force to top of study selector
+# format is category1#study1a,study1b,study1c;category2#study2
+priority_studies=
+
+# species and genomic information
+species=human
+ncbi.build=37
+ucsc.build=hg19
+
+# default view in oncoprint (sample, patient (default))
+oncoprint.defaultview=patient
+
+# OncoPrint driver mutation annotations
+# oncoprint.custom_driver_annotation.binary.menu_label=Custom driver annotation
+# oncoprint.custom_driver_annotation.tiers.menu_label=Custom driver tiers
+# oncoprint.custom_driver_annotation.default=true
+# oncoprint.custom_driver_tiers_annotation.default=true
+# oncoprint.oncokb_hotspots.default=custom
+# oncoprint.hide_vus.default=false
+
+# Custom gene sets
+# querypage.setsofgenes.location=file:/<path>
diff --git a/builds/cbioapp/settings.xml b/builds/cbioapp/settings.xml
new file mode 100644
index 0000000000000000000000000000000000000000..55f7437730610f6a055e42fc0026e1c529692fe6
--- /dev/null
+++ b/builds/cbioapp/settings.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0"?>
+<settings>
+ <servers>
+ <server>
+ <id>settingsKey</id>
+ <username>cbio</username>
+ <password>P@ssword1</password>
+ </server>
+ </servers>
+</settings>
\ No newline at end of file
diff --git a/builds/cbioapp/start.sh b/builds/cbioapp/start.sh
new file mode 100644
index 0000000000000000000000000000000000000000..f3d25320190a9aee8d7e7d7539bba597a638490a
--- /dev/null
+++ b/builds/cbioapp/start.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+find $PWD/core/src/main/scripts/ -type f -executable \! -name '*.pl' -print0 | xargs -0 -- ln -st /usr/local/bin
+
+sed -i "s/cbiodb/${DBHOST}/g" /cbioportal/portal.properties &&
+sed -i "s/cbiodb/$DBHOST/g" /usr/local/tomcat/conf/context.xml
+
+mv $CATALINA_HOME/webapps/cbioportal.war $CATALINA_HOME/webapps/${MOVE}.war
+sh $CATALINA_HOME/bin/catalina.sh run
diff --git a/builds/cbiodb/.gitlab-ci.yml b/builds/cbiodb/.gitlab-ci.yml
new file mode 100644
index 0000000000000000000000000000000000000000..08a000001f6ad9ed2366a3f5dc13ecffe089523f
--- /dev/null
+++ b/builds/cbiodb/.gitlab-ci.yml
@@ -0,0 +1,28 @@
+# This file is a template, and might need editing before it works on your project.
+# Official docker image.
+image: docker:latest
+
+services:
+ - docker:dind
+
+before_script:
+ - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
+
+build-master:
+ stage: build
+ script:
+# - export DOCKER_CONTENT_TRUST=1
+ - docker build --pull -t "$CI_REGISTRY_IMAGE" .
+ - docker push "$CI_REGISTRY_IMAGE"
+ only:
+ - master
+
+build:
+ stage: build
+ script:
+# - export DOCKER_CONTENT_TRUST=1
+ - docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" .
+ - export DOCKER_CONTENT_TRUST=0
+ - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
+ except:
+ - master
diff --git a/builds/cbiodb/Dockerfile b/builds/cbiodb/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..c81e2ab1db057513a813ee19e424cd13c0e3ce58
--- /dev/null
+++ b/builds/cbiodb/Dockerfile
@@ -0,0 +1,24 @@
+FROM registry.gitlab.ics.muni.cz:443/2780/mysql
+MAINTAINER Luboslav Pivarc <456130@muni.cz>
+
+# Copy the database schema to the /data directory
+COPY files/run_db files/init_db /tmp/
+RUN chmod +x /tmp/run_db && chmod +x /tmp/init_db
+#ADD http://dior.ics.muni.cz/~cuda/seed-cbioportal_hg19_v2.4.0.sql /tmp/
+#ADD http://dior.ics.muni.cz/~cuda/cgds.sql /tmp/
+
+ADD https://raw.githubusercontent.com/cBioPortal/cbioportal/v2.0.0/db-scripts/src/main/resources/cgds.sql /tmp/
+ADD ./seed-cbioportal_hg19_v2.7.3.sql /tmp/
+
+# init_db will create the default
+# database from epcis_schema.sql, then
+# stop mysqld, and finally copy the /var/lib/mysql directory
+# to default_mysql_db.tar.gz
+RUN /tmp/init_db
+
+# run_db starts mysqld, but first it checks
+# to see if the /var/lib/mysql directory is empty, if
+# it is it is seeded with default_mysql_db.tar.gz before
+# the mysql is fired up
+
+ENTRYPOINT "/tmp/run_db"
diff --git a/builds/cbiodb/README.md b/builds/cbiodb/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..10c3e8a44314dc2c29b228eb6fc656429a1393af
--- /dev/null
+++ b/builds/cbiodb/README.md
@@ -0,0 +1 @@
+# Cbioportal database
\ No newline at end of file
diff --git a/builds/cbiodb/env/.env b/builds/cbiodb/env/.env
new file mode 100644
index 0000000000000000000000000000000000000000..d5b67e37f0476552eb5f82f766dde9f9e35e2a49
--- /dev/null
+++ b/builds/cbiodb/env/.env
@@ -0,0 +1,5 @@
+MYSQL_ROOT_PASSWORD=P@ssword1
+MYSQL_USER=cbio
+MYSQL_PASSWORD=P@ssword1
+MYSQL_DATABASE=cbioportal
+
diff --git a/builds/cbiodb/files/init_db b/builds/cbiodb/files/init_db
new file mode 100644
index 0000000000000000000000000000000000000000..67bcd183421735553e903f071f92e1091fb212cb
--- /dev/null
+++ b/builds/cbiodb/files/init_db
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+# Initialize MySQL database.
+# ADD this file into the container via Dockerfile.
+# Assuming you specify a VOLUME ["/var/lib/mysql"] or `-v /var/lib/mysql` on the `docker run` command…
+# Once built, do e.g. `docker run your_image /path/to/docker-mysql-initialize.sh`
+# Again, make sure MySQL is persisting data outside the container for this to have any effect.
+
+set -e
+set -x
+
+#mysql_install_db --datadir=/var/lib/mysql
+/usr/sbin/mysqld -u mysql --initialize-insecure
+
+# Start the MySQL daemon in the background.
+#/usr/sbin/mysqld &
+/usr/sbin/mysqld -u mysql &
+mysql_pid=$!
+
+#until mysqladmin ping >/dev/null 2>&1; do
+# echo -n "."; sleep 0.2
+#done
+sleep 20
+echo "probouzim se"
+
+# Permit root login without password from outside container.
+#mysql -e "GRANT ALL ON *.* TO root@'%' IDENTIFIED BY '' WITH GRANT OPTION"
+
+mysql -e "GRANT ALL ON *.* to cbio@'%' IDENTIFIED BY 'P@ssword1';"
+
+
+# create the default database from the ADDed file.
+
+mysql -e "create database cbioportal;"
+cat /tmp/cgds.sql | mysql cbioportal
+# cat /tmp/seed-cbioportal_hg19_v2.4.0.sql |mysql cbioportal
+cat /tmp/seed-cbioportal_hg19_v2.7.3.sql |mysql cbioportal
+
+# Tell the MySQL daemon to shutdown.
+mysqladmin shutdown
+
+# Wait for the MySQL daemon to exit.
+wait $mysql_pid
+
+# create a tar file with the database as it currently exists
+#tar czvf default_mysql.tar.gz /var/lib/mysql
+
+# the tarfile contains the initialized state of the database.
+# when the container is started, if the database is empty (/var/lib/mysql)
+# then it is unpacked from default_mysql.tar.gz from
+# the ENTRYPOINT /tmp/run_db script
diff --git a/builds/cbiodb/files/run_db b/builds/cbiodb/files/run_db
new file mode 100644
index 0000000000000000000000000000000000000000..9998897f99a4599121dddaa07f7d922282a12566
--- /dev/null
+++ b/builds/cbiodb/files/run_db
@@ -0,0 +1,10 @@
+#!/bin/bash
+# start db
+
+set -e
+set -x
+
+# first, if the /var/lib/mysql directory is empty, unpack it from our predefined db
+# [ "$(ls -A /var/lib/mysql)" ] && echo "Running with existing database in /var/lib/mysql" || ( echo 'Populate initial db'; tar xpzvf default_mysql.tar.gz )
+
+/usr/sbin/mysqld -u mysql
\ No newline at end of file
diff --git a/builds/cbiodb/mysql/conf/mysql.conf b/builds/cbiodb/mysql/conf/mysql.conf
new file mode 100644
index 0000000000000000000000000000000000000000..7d079f53f479da7f4bdbdfd0a8112862bd692c04
--- /dev/null
+++ b/builds/cbiodb/mysql/conf/mysql.conf
@@ -0,0 +1,57 @@
+# Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+#
+# The MySQL Server configuration file.
+#
+# For explanations see
+# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
+
+[mysqld]
+pid-file = /var/run/mysqld/mysqld.pid
+socket = /var/run/mysqld/mysqld.sock
+datadir = /var/lib/mysql
+#log-error = /var/log/mysql/error.log
+# By default we only accept connections from localhost
+#bind-address = 127.0.0.1
+# Disabling symbolic-links is recommended to prevent assorted security risks
+symbolic-links=0
+
+#
+# * Fine Tuning
+#
+
+key_buffer_size = 4G
+max_heap_table_size = 512M
+tmp_table_size = 512M
+max_allowed_packet = 256M
+thread_stack = 256K
+thread_cache_size = 20
+# This replaces the startup script and checks MyISAM tables if needed
+# the first time they are touched
+myisam-recover-options = BACKUP
+max_connections = 214
+#table_cache = 64
+#thread_concurrency = 10
+#
+# * Query Cache Configuration
+#
+query_cache_limit = 1M
+query_cache_size = 0
+query_cache_type = 0
+
+
+join_buffer_size = 16M
+table_open_cache = 400
diff --git a/builds/cbiodb/mysql/docker-entrypoint-initdb.d/.gitignore b/builds/cbiodb/mysql/docker-entrypoint-initdb.d/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..5e7d2734cfc60289debf74293817c0a8f572ff32
--- /dev/null
+++ b/builds/cbiodb/mysql/docker-entrypoint-initdb.d/.gitignore
@@ -0,0 +1,4 @@
+# Ignore everything in this directory
+*
+# Except this file
+!.gitignore
diff --git a/builds/job/Dockerfile b/builds/job/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..4f736230e07ac1dcf5006785849d1f08a120c286
--- /dev/null
+++ b/builds/job/Dockerfile
@@ -0,0 +1,4 @@
+From appropriate/curl
+MAINTAINER Luboslav Pivarc <456130@muni.cz>
+
+CMD curl -X DELETE 'cbio-api/v1/cbioondemand?id=${INSTANCE}&user.userId=${USER}'
diff --git a/yaml/cbio-api/api-deployment.yml b/yaml/cbio-api/api-deployment.yml
new file mode 100644
index 0000000000000000000000000000000000000000..b783118e8b432f8d36986f4a004920b0007ce489
--- /dev/null
+++ b/yaml/cbio-api/api-deployment.yml
@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: cbio-on-demand
+ name: cbio-api
+ annotations:
+ maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+ selector:
+ matchLabels:
+ app: cbio-api
+ type: ondemand
+ strategy:
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 0
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app: cbio-api
+ type: ondemand
+ spec:
+ containers:
+ - name: cbio-api
+ image: lpivo/api:tr1
+ ports:
+ - name: http
+ containerPort: 8080
+ livenessProbe:
+ httpGet:
+ path: /actuator/health
+ port: http
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 2
+ readinessProbe:
+ httpGet:
+ path: /actuator/health
+ port: http
+ initialDelaySeconds: 1
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 2
diff --git a/yaml/cbio-api/api-service.yml b/yaml/cbio-api/api-service.yml
new file mode 100644
index 0000000000000000000000000000000000000000..00a9d40688f3e116fcc17d82f569fef6163af104
--- /dev/null
+++ b/yaml/cbio-api/api-service.yml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: cbio-api
+ namespace: cbio-on-demand
+ labels:
+ app: cbio-api
+ type: ondemand
+ annotations:
+ maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+ selector:
+ app: cbio-api
+ type: ondemand
+ ports:
+ - port: 80
+ targetPort: http
diff --git a/yaml/cbio-api/identifier.yml b/yaml/cbio-api/identifier.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9eda8084f98ff1ab17d629fe78caaf5423499d9c
--- /dev/null
+++ b/yaml/cbio-api/identifier.yml
@@ -0,0 +1,7 @@
+apiVersion: example.com/v1beta1
+kind: identifier
+metadata:
+ generateName: cod
+ namespace: cbio-on-demand
+ # annotations:
+ # maintainer: Luboslav Pivarc <456130@muni.cz>
diff --git a/yaml/cbio-api/registerIdentifier.yml b/yaml/cbio-api/registerIdentifier.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9a95b94bd62d752816e642979c3f8ad6a86e329b
--- /dev/null
+++ b/yaml/cbio-api/registerIdentifier.yml
@@ -0,0 +1,14 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: identifiers.example.com
+ annotations:
+ maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+ scope: Namespaced
+ group: example.com
+ version: v1beta1
+ names:
+ kind: identifier
+ singular: identifier
+ plural: identifiers
diff --git a/yaml/cbio-app/cbio-replicaset.yml b/yaml/cbio-app/cbio-replicaset.yml
new file mode 100644
index 0000000000000000000000000000000000000000..3e4e1c932d72a127a4761315d1171de55f9aa779
--- /dev/null
+++ b/yaml/cbio-app/cbio-replicaset.yml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: ReplicaSet
+metadata:
+ generateName: cbio-on-demand
+ namespace: cbio-on-demand
+ labels:
+ app: cbio
+ type: ondemand
+ annotations:
+ maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: cbio
+ type: ondemand
+ # generated by API by user id from request
+ #user: Luboslav
+ # generated by API unique for user
+ #instance: "1"
+ template:
+ metadata:
+ labels:
+ app: cbio
+ type: ondemand
+ # generated by API by user id from request
+ #user: Luboslav
+ # generated by API unique for user
+ #instance: "1"
+ spec:
+ containers:
+ - name: cbio
+ image: lpivo/cbioportal:test7
+ ports:
+ - name: http
+ containerPort: 8080
+ env:
+ - name: DBHOST
+ # generated by API from service name
+ value: cbio-on-demand-dbpjvrw
+ - name: IMPORT
+ value: /etc/data-loading/cbio-client.py
+ - name: ID
+ # generated by API from user request
+ value: "4"
+ - name: MOVE
+ #generated by API from generated url
+ value: cbioportal
+ # lifecycle:
+ # postStart:
+ # exec:
+ # command: ["python3", "$IMPORT"]
diff --git a/yaml/cbio-app/cbio-service.yml b/yaml/cbio-app/cbio-service.yml
new file mode 100644
index 0000000000000000000000000000000000000000..bbcfabdebb7fe2434dc61bf5a8598ba0fd163b87
--- /dev/null
+++ b/yaml/cbio-app/cbio-service.yml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Service
+metadata:
+ generateName: cbio-on-demand
+ namespace: cbio-on-demand
+ labels:
+ app: cbio
+ type: ondemand
+ # generated by API by user id from request
+ #user: Luboslav
+ # generated by API unique for user
+ #instance: "1"
+ annotations:
+ maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+ selector:
+ app: cbio
+ type: ondemand
+ # generated by API by user id from request
+ #user: Luboslav
+ # generated by API unique for user
+ #instance: "1"
+ ports:
+ - port: 80
+ targetPort: http
diff --git a/yaml/cbio-db/cbiodb-replicaset.yml b/yaml/cbio-db/cbiodb-replicaset.yml
new file mode 100644
index 0000000000000000000000000000000000000000..741744a987e762c3d681d313205d0a4dd9afea0b
--- /dev/null
+++ b/yaml/cbio-db/cbiodb-replicaset.yml
@@ -0,0 +1,71 @@
+apiVersion: apps/v1
+kind: ReplicaSet
+metadata:
+ generateName: cbiodb
+ namespace: cbio-on-demand
+ annotations:
+ maintainer: Luboslav Pivarc <456130@muni.cz>
+ labels:
+ app: cbioDB
+ type: ondemand
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: cbioDB
+ type: ondemand
+ # generated by API by user id from request
+ #user: Luboslav
+ # generated by API unique for user
+ #instance: "1"
+ template:
+ metadata:
+ labels:
+ app: cbioDB
+ type: ondemand
+ # generated by API by user id from request
+ #user: Luboslav
+ # generated by API unique for user
+ #instance: "1"
+ spec:
+ containers:
+ - name: cbio
+ image: lpivo/cbiodb:v1
+ ports:
+ - name: mysql
+ containerPort: 3306
+ livenessProbe:
+ exec:
+ command:
+ - sh
+ - -c
+ - "mysqladmin ping -u cbio -pP@ssword1"
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 3
+ readinessProbe:
+ exec:
+ command:
+ - sh
+ - -c
+ - "mysqladmin ping -u cbio -pP@ssword1"
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 3
+ volumeMounts:
+ - name: config
+ mountPath: /etc/mysql/mysql.conf.d
+ subPath: mysql.conf.d
+ readOnly: true
+ envFrom:
+ - secretRef:
+ name: mysql-env
+ # we use 1 config for all on-demand databeses
+ volumes:
+ - name: config
+ configMap:
+ name: mysql-cbio-db
diff --git a/yaml/cbio-db/cbiodb-service.yml b/yaml/cbio-db/cbiodb-service.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1c208977adb15b93496955684e1fafd34bed8777
--- /dev/null
+++ b/yaml/cbio-db/cbiodb-service.yml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Service
+metadata:
+ generateName: cbio-on-demand-db
+ namespace: cbio-on-demand
+ labels:
+ app: cbioDB
+ type: ondemand
+ # generated by API by user id from request
+ #user: Luboslav
+ # generated by API unique for user
+ #instance: "1"
+ annotations:
+ maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+ selector:
+ app: cbioDB
+ type: ondemand
+ # generated by API by user id from request
+ #user: Luboslav
+ # generated by API unique for user
+ #instance: "1"
+ ports:
+ - port: 3306
+ targetPort: mysql
diff --git a/yaml/cbio-db/config.yml b/yaml/cbio-db/config.yml
new file mode 100644
index 0000000000000000000000000000000000000000..15efb9ce32b53ffe1a5156c53d4f082594f799af
--- /dev/null
+++ b/yaml/cbio-db/config.yml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: mysql-cbio-db
+ namespace: cbio-on-demand
+data:
+ mysql.conf: "# Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights
+ reserved.\n#\n# This program is free software; you can redistribute it and/or
+ modify\n# it under the terms of the GNU General Public License as published
+ by\n# the Free Software Foundation; version 2 of the License.\n#\n# This program
+ is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY;
+ without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You
+ should have received a copy of the GNU General Public License\n# along with
+ this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin
+ St, Fifth Floor, Boston, MA 02110-1301 USA\n\n#\n# The MySQL Server configuration
+ file.\n#\n# For explanations see\n# http://dev.mysql.com/doc/mysql/en/server-system-variables.html\n\n[mysqld]\npid-file\t=
+ /var/run/mysqld/mysqld.pid\nsocket\t\t= /var/run/mysqld/mysqld.sock\ndatadir\t\t=
+ /var/lib/mysql\n#log-error\t= /var/log/mysql/error.log\n# By default we only
+ accept connections from localhost\n#bind-address\t= 127.0.0.1\n# Disabling symbolic-links
+ is recommended to prevent assorted security risks\nsymbolic-links=0\n\n#\n#
+ * Fine Tuning\n#\n\nkey_buffer_size = 4G\nmax_heap_table_size =
+ 512M\ntmp_table_size = 512M\nmax_allowed_packet = 256M\nthread_stack
+ \ = 256K\nthread_cache_size = 20\n# This replaces the startup
+ script and checks MyISAM tables if needed\n# the first time they are touched\nmyisam-recover-options
+ \ = BACKUP\nmax_connections = 214\n#table_cache = 64\n#thread_concurrency
+ \ = 10\n#\n# * Query Cache Configuration\n#\nquery_cache_limit = 1M\nquery_cache_size
+ \ = 0\nquery_cache_type = 0\n\n\njoin_buffer_size = 16M\ntable_open_cache
+ = 400\n"
diff --git a/yaml/cbio-db/secret.yml b/yaml/cbio-db/secret.yml
new file mode 100644
index 0000000000000000000000000000000000000000..faf738b3a00164d6ce58206343bc3fd9a843eb35
--- /dev/null
+++ b/yaml/cbio-db/secret.yml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: mysql-env
+ namespace: cbio-on-demand
+data:
+ .env: TVlTUUxfUk9PVF9QQVNTV09SRD1QQHNzd29yZDEKTVlTUUxfVVNFUj1jYmlvCk1ZU1FMX1BBU1NXT1JEPVBAc3N3b3JkMQpNWVNRTF9EQVRBQkFTRT1jYmlvcG9ydGFsCgo=
+type: Opaque
diff --git a/yaml/cbio-delete/deletecronjob.yml b/yaml/cbio-delete/deletecronjob.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5fbaab37a7e458448cad46a48fde12346ccf3585
--- /dev/null
+++ b/yaml/cbio-delete/deletecronjob.yml
@@ -0,0 +1,34 @@
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+ generateName: cbio-delete
+ namespace: cbio-on-demand
+ labels:
+ app: cbio
+ type: ondemand
+ # generated by API by user id from request
+ #user: Luboslav
+ # generated by API unique for user
+ #instance: "1"
+ annotations:
+ maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+ # generated by API
+ #schedule: "*/1 * * * *"
+ startingDeadlineSeconds: 21600
+ jobTemplate:
+ spec:
+ completions: 1
+ template:
+ spec:
+ containers:
+ - name: deletetion
+ image: lpivo/job:tr1
+ env:
+ # generated by API by usr id from request
+ #- name: USER
+ # value: string
+ # generated by API unique for user
+ #- name: INSTANCE
+ # value: codpgfjr
+ restartPolicy: OnFailure
diff --git a/yaml/cbio-on-demand-namespace.yml b/yaml/cbio-on-demand-namespace.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0741955b84700e3b3644574c274482c2cab397ee
--- /dev/null
+++ b/yaml/cbio-on-demand-namespace.yml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: cbio-on-demand
diff --git a/yaml/cbio-security/security.yml b/yaml/cbio-security/security.yml
new file mode 100644
index 0000000000000000000000000000000000000000..361005ebf02f949cb3576c6133e15079628a04ec
--- /dev/null
+++ b/yaml/cbio-security/security.yml
@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: cbio-on-demand
+ name: cbio-proxy
+ annotations:
+ maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+ selector:
+ matchLabels:
+ app: cbio-proxy
+ type: ondemand
+ strategy:
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 0
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app: cbio-proxy
+ type: ondemand
+ spec:
+ containers:
+ - name: cbio-proxy
+ image: lpivo/k8s-saml:t4
+ ports:
+ - name: http
+ containerPort: 80
+ - name: api
+ containerPort: 5000
+ livenessProbe:
+ httpGet:
+ path: /
+ port: http
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 3
+ readinessProbe:
+ httpGet:
+ path: /
+ port: http
+ initialDelaySeconds: 1
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 2
+ env:
+ - name: SERVERNAME
+ value: cbiood.edirex.ics.muni.cz
+ - name: EMAILADMIN
+ value: 456130@mail.muni.cz
diff --git a/yaml/cbio-security/service-api.yml b/yaml/cbio-security/service-api.yml
new file mode 100644
index 0000000000000000000000000000000000000000..59643c8f99d5095fcb15ed3ae487fea5e34fcc2a
--- /dev/null
+++ b/yaml/cbio-security/service-api.yml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: cbio-proxy-api
+ namespace: cbio-on-demand
+ labels:
+ app: cbio-proxy
+ type: ondemand
+ annotations:
+ maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+ selector:
+ app: cbio-proxy
+ type: ondemand
+ ports:
+ - port: 80
+ targetPort: api
diff --git a/yaml/cbio-security/service-proxy.yml b/yaml/cbio-security/service-proxy.yml
new file mode 100644
index 0000000000000000000000000000000000000000..b3bbf992198a293b82e19c109626d58acdf4a6dd
--- /dev/null
+++ b/yaml/cbio-security/service-proxy.yml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: cbio-proxy
+ namespace: cbio-on-demand
+ labels:
+ app: cbio-proxy
+ type: ondemand
+ annotations:
+ maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+ selector:
+ app: cbio-proxy
+ type: ondemand
+ ports:
+ - port: 80
+ targetPort: http
diff --git a/yaml/complete/bind.yml b/yaml/complete/bind.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5c85d9a7fb593089916324fe093d89d91de103c9
--- /dev/null
+++ b/yaml/complete/bind.yml
@@ -0,0 +1,30 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: cbio-api
+subjects:
+- kind: ServiceAccount
+ name: cbio-api
+ namespace: cbio-on-demand
+roleRef:
+ kind: ClusterRole
+ name: cbio-api
+ apiGroup: rbac.authorization.k8s.io
+
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+ name: fabric8-rbac
+subjects:
+ - kind: ServiceAccount
+ # Reference to upper's `metadata.name`
+ name: cbio-api
+ # Reference to upper's `metadata.namespace`
+ namespace: cbio-on-demand
+roleRef:
+ kind: ClusterRole
+ name: cluster-admin
+ apiGroup: rbac.authorization.k8s.io
diff --git a/yaml/complete/cbio-setup.yml b/yaml/complete/cbio-setup.yml
new file mode 100644
index 0000000000000000000000000000000000000000..66b42ad061a3ab15671f4577fab624627fbb0e1e
--- /dev/null
+++ b/yaml/complete/cbio-setup.yml
@@ -0,0 +1,233 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: cbio-on-demand
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: cbio-on-demand
+ name: cbio-api
+ annotations:
+ maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+ selector:
+ matchLabels:
+ app: cbio-api
+ type: ondemand
+ strategy:
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 0
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app: cbio-api
+ type: ondemand
+ spec:
+ serviceAccountName: cbio-api
+ containers:
+ - name: cbio-api
+ image: lpivo/api:tr3
+ ports:
+ - name: http
+ containerPort: 8080
+ livenessProbe:
+ httpGet:
+ path: /actuator/health
+ port: http
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 2
+ readinessProbe:
+ httpGet:
+ path: /actuator/health
+ port: http
+ initialDelaySeconds: 1
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 2
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: cbio-api
+ namespace: cbio-on-demand
+ labels:
+ app: cbio-api
+ type: ondemand
+ annotations:
+ maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+ selector:
+ app: cbio-api
+ type: ondemand
+ ports:
+ - port: 80
+ targetPort: http
+
+---
+
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: identifiers.example.com
+ annotations:
+ maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+ scope: Namespaced
+ group: example.com
+ version: v1beta1
+ names:
+ kind: identifier
+ singular: identifier
+ plural: identifiers
+
+---
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: mysql-cbio-db
+ namespace: cbio-on-demand
+data:
+ mysql.conf: "# Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights
+ reserved.\n#\n# This program is free software; you can redistribute it and/or
+ modify\n# it under the terms of the GNU General Public License as published
+ by\n# the Free Software Foundation; version 2 of the License.\n#\n# This program
+ is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY;
+ without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You
+ should have received a copy of the GNU General Public License\n# along with
+ this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin
+ St, Fifth Floor, Boston, MA 02110-1301 USA\n\n#\n# The MySQL Server configuration
+ file.\n#\n# For explanations see\n# http://dev.mysql.com/doc/mysql/en/server-system-variables.html\n\n[mysqld]\npid-file\t=
+ /var/run/mysqld/mysqld.pid\nsocket\t\t= /var/run/mysqld/mysqld.sock\ndatadir\t\t=
+ /var/lib/mysql\n#log-error\t= /var/log/mysql/error.log\n# By default we only
+ accept connections from localhost\n#bind-address\t= 127.0.0.1\n# Disabling symbolic-links
+ is recommended to prevent assorted security risks\nsymbolic-links=0\n\n#\n#
+ * Fine Tuning\n#\n\nkey_buffer_size = 4G\nmax_heap_table_size =
+ 512M\ntmp_table_size = 512M\nmax_allowed_packet = 256M\nthread_stack
+ \ = 256K\nthread_cache_size = 20\n# This replaces the startup
+ script and checks MyISAM tables if needed\n# the first time they are touched\nmyisam-recover-options
+ \ = BACKUP\nmax_connections = 214\n#table_cache = 64\n#thread_concurrency
+ \ = 10\n#\n# * Query Cache Configuration\n#\nquery_cache_limit = 1M\nquery_cache_size
+ \ = 0\nquery_cache_type = 0\n\n\njoin_buffer_size = 16M\ntable_open_cache
+ = 400\n"
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: mysql-env
+ namespace: cbio-on-demand
+data:
+ .env: TVlTUUxfUk9PVF9QQVNTV09SRD1QQHNzd29yZDEKTVlTUUxfVVNFUj1jYmlvCk1ZU1FMX1BBU1NXT1JEPVBAc3N3b3JkMQpNWVNRTF9EQVRBQkFTRT1jYmlvcG9ydGFsCgo=
+type: Opaque
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ namespace: cbio-on-demand
+ name: cbio-proxy
+ annotations:
+ maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+ selector:
+ matchLabels:
+ app: cbio-proxy
+ type: ondemand
+ strategy:
+ rollingUpdate:
+ maxSurge: 1
+ maxUnavailable: 0
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ app: cbio-proxy
+ type: ondemand
+ spec:
+ containers:
+ - name: cbio-proxy
+ image: lpivo/k8s-saml:t6
+ ports:
+ - name: http
+ containerPort: 80
+ - name: api
+ containerPort: 5000
+ livenessProbe:
+ httpGet:
+ path: /
+ port: http
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 3
+ readinessProbe:
+ httpGet:
+ path: /
+ port: http
+ initialDelaySeconds: 1
+ periodSeconds: 10
+ timeoutSeconds: 1
+ successThreshold: 1
+ failureThreshold: 2
+ env:
+ - name: SERVERNAME
+ value: cbiood.edirex.ics.muni.cz
+ - name: EMAILADMIN
+ value: 456130@mail.muni.cz
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: cbio-proxy-api
+ namespace: cbio-on-demand
+ labels:
+ app: cbio-proxy
+ type: ondemand
+ annotations:
+ maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+ selector:
+ app: cbio-proxy
+ type: ondemand
+ ports:
+ - port: 80
+ targetPort: api
+
+---
+
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: cbio-proxy
+ namespace: cbio-on-demand
+ labels:
+ app: cbio-proxy
+ type: ondemand
+ annotations:
+ maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+ selector:
+ app: cbio-proxy
+ type: ondemand
+ ports:
+ - port: 80
+ targetPort: http
diff --git a/yaml/complete/cbiood.crt b/yaml/complete/cbiood.crt
new file mode 100644
index 0000000000000000000000000000000000000000..21de259846b3f7bd2d973b6a20cdc04637973ad4
--- /dev/null
+++ b/yaml/complete/cbiood.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDszCCApugAwIBAgIUJMKNctTo0DplMqRD/9X5y3tbid8wDQYJKoZIhvcNAQEL
+BQAwaTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEiMCAGA1UEAwwZY2Jpb29kLmVkaXJl
+eC5pY3MubXVuaS5jejAeFw0xOTA2MDcxNjQ5NTFaFw0yMDA2MDYxNjQ5NTFaMGkx
+CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
+cm5ldCBXaWRnaXRzIFB0eSBMdGQxIjAgBgNVBAMMGWNiaW9vZC5lZGlyZXguaWNz
+Lm11bmkuY3owggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJfesKYdSq
+kb603X/O2tt1vfzNv2SEJQhJ7423vZQuKVxPD8zjouHuDP1X9qAVFm5kXABu3ysB
+4t/mmDYjD5TtMTO5qIvHc+i4I+vaLgGDN1BmdSrtSHkWP6PWAAES3PrH93TCD48b
+DiIwB8xLVX5xN8s/+gGvCR+a4ZfGiH2x36PI/LqnF2Fp7Za2QtFvnL1ED93FSSxg
+HKyBEyGn3tgZg0zbMPlACfLPPsSSBs23WfsU+pvwCbFJh1soSv7G0eIK3TYf4dzK
+10FCd/DQSRjhwADC39I++IO4WHaHtAXz7KyqYbXwIs1NSZ3IVUZRUq8bc5oHzIdP
+hYn95QPhi6yLAgMBAAGjUzBRMB0GA1UdDgQWBBQVa4WaF2IDcU/6W6n2B4zTz9WG
++jAfBgNVHSMEGDAWgBQVa4WaF2IDcU/6W6n2B4zTz9WG+jAPBgNVHRMBAf8EBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBwdYhTxtf3z6ooF06MWkU2FnN/TphwP4+l
+/MB7aWtP/O05Wz2I/hel5ZimhgLJe0dmk/GFZxDLqMd7YlMuvqOjm2KNqh9sHAd4
+XyEBpie5ibv8prRxvZVukC2skiXwu7GX9HAlcnM/gzQZ3+CVRZtQfbsk+BLjsIb/
+aZHSokWWvEUI5EPixeOWLYyDvSH6Une9XezZzsRaQyiGuGqSXyH/O24uJ+FQVG+X
+yPTlCwuTbdmcEwBPEM8TjNzCTTyodDcTtTt1AKVbZDYid1BQpb0JVvgpVpWfuprA
+glzRYbtQY7Adrx45+UA3eNlEydjWTB2G/qpw7PR65pdwJn91OE9+
+-----END CERTIFICATE-----
diff --git a/yaml/complete/ingress-api.yml b/yaml/complete/ingress-api.yml
new file mode 100644
index 0000000000000000000000000000000000000000..ae3de6b69921aeb5424a4712eed871aa5848baa0
--- /dev/null
+++ b/yaml/complete/ingress-api.yml
@@ -0,0 +1,13 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: cbio
+ namespace: cbio-on-demand
+spec:
+ rules:
+ - http:
+ paths:
+ - path: /api
+ backend:
+ serviceName: cbio-api
+ servicePort: 80
diff --git a/yaml/complete/ingress-proxy.yml b/yaml/complete/ingress-proxy.yml
new file mode 100644
index 0000000000000000000000000000000000000000..29041b0f6d79c7aeeaeeeea6ff7fd6f9a884805e
--- /dev/null
+++ b/yaml/complete/ingress-proxy.yml
@@ -0,0 +1,14 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: cbio-proxy
+ namespace: cbio-on-demand
+spec:
+ rules:
+ - host: cbiood.edirex.ics.muni.cz
+ http:
+ paths:
+ - path: /
+ backend:
+ serviceName: cbio-proxy
+ servicePort: 80
diff --git a/yaml/complete/role.yml b/yaml/complete/role.yml
new file mode 100644
index 0000000000000000000000000000000000000000..471b46560be671d9386ab80a5553e77cbad6b260
--- /dev/null
+++ b/yaml/complete/role.yml
@@ -0,0 +1,8 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: cbio-api
+rules:
+- apiGroups: [""]
+ resources: ["identifiers"]
+ verbs: ["VerbAll"]
diff --git a/yaml/complete/serviceAccount.yml b/yaml/complete/serviceAccount.yml
new file mode 100644
index 0000000000000000000000000000000000000000..1b7679c6daa47b74fb26bf418b6195d53ad51e62
--- /dev/null
+++ b/yaml/complete/serviceAccount.yml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: cbio-api
+ namespace: cbio-on-demand