From 2cf87aa16b13ea4beb769c478080092f8b0e8ca7 Mon Sep 17 00:00:00 2001
From: 456130 <456130@mail.muni.cz>
Date: Tue, 11 Jun 2019 23:18:21 +0200
Subject: [PATCH] init

---
 builds/SAML-K8S/Dockerfile                    |  65 +++++
 builds/SAML-K8S/README.md                     |  14 ++
 builds/SAML-K8S/before_build.sh               |   4 +
 builds/SAML-K8S/helper.sh                     |  92 +++++++
 ...http_cbiood.edirex.ics.muni.cz_mellon.cert |  18 ++
 .../http_cbiood.edirex.ics.muni.cz_mellon.key |  28 +++
 .../http_cbiood.edirex.ics.muni.cz_mellon.xml |  28 +++
 builds/SAML-K8S/idp-metadata.xml              |  55 +++++
 builds/SAML-K8S/mellon.conf                   |   3 +
 builds/SAML-K8S/proxy.conf                    |  25 ++
 builds/SAML-K8S/start.sh                      |  25 ++
 builds/SAML-K8S/supervisord.conf              |  24 ++
 builds/cbioapp/Dockerfile                     |  45 ++++
 builds/cbioapp/context.xml                    |  37 +++
 builds/cbioapp/log4j.properties               |  19 ++
 builds/cbioapp/logo_EurOPDX.png               | Bin 0 -> 10869 bytes
 builds/cbioapp/portal.properties              | 218 ++++++++++++++++
 builds/cbioapp/settings.xml                   |  10 +
 builds/cbioapp/start.sh                       |   8 +
 builds/cbiodb/.gitlab-ci.yml                  |  28 +++
 builds/cbiodb/Dockerfile                      |  24 ++
 builds/cbiodb/README.md                       |   1 +
 builds/cbiodb/env/.env                        |   5 +
 builds/cbiodb/files/init_db                   |  51 ++++
 builds/cbiodb/files/run_db                    |  10 +
 builds/cbiodb/mysql/conf/mysql.conf           |  57 +++++
 .../docker-entrypoint-initdb.d/.gitignore     |   4 +
 builds/job/Dockerfile                         |   4 +
 yaml/cbio-api/api-deployment.yml              |  47 ++++
 yaml/cbio-api/api-service.yml                 |  17 ++
 yaml/cbio-api/identifier.yml                  |   7 +
 yaml/cbio-api/registerIdentifier.yml          |  14 ++
 yaml/cbio-app/cbio-replicaset.yml             |  52 ++++
 yaml/cbio-app/cbio-service.yml                |  25 ++
 yaml/cbio-db/cbiodb-replicaset.yml            |  71 ++++++
 yaml/cbio-db/cbiodb-service.yml               |  25 ++
 yaml/cbio-db/config.yml                       |  29 +++
 yaml/cbio-db/secret.yml                       |   8 +
 yaml/cbio-delete/deletecronjob.yml            |  34 +++
 yaml/cbio-on-demand-namespace.yml             |   4 +
 yaml/cbio-security/security.yml               |  54 ++++
 yaml/cbio-security/service-api.yml            |  17 ++
 yaml/cbio-security/service-proxy.yml          |  17 ++
 yaml/complete/bind.yml                        |  30 +++
 yaml/complete/cbio-setup.yml                  | 233 ++++++++++++++++++
 yaml/complete/cbiood.crt                      |  22 ++
 yaml/complete/ingress-api.yml                 |  13 +
 yaml/complete/ingress-proxy.yml               |  14 ++
 yaml/complete/role.yml                        |   8 +
 yaml/complete/serviceAccount.yml              |   5 +
 50 files changed, 1648 insertions(+)
 create mode 100644 builds/SAML-K8S/Dockerfile
 create mode 100644 builds/SAML-K8S/README.md
 create mode 100755 builds/SAML-K8S/before_build.sh
 create mode 100755 builds/SAML-K8S/helper.sh
 create mode 100644 builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.cert
 create mode 100644 builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.key
 create mode 100644 builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.xml
 create mode 100644 builds/SAML-K8S/idp-metadata.xml
 create mode 100644 builds/SAML-K8S/mellon.conf
 create mode 100644 builds/SAML-K8S/proxy.conf
 create mode 100644 builds/SAML-K8S/start.sh
 create mode 100644 builds/SAML-K8S/supervisord.conf
 create mode 100644 builds/cbioapp/Dockerfile
 create mode 100644 builds/cbioapp/context.xml
 create mode 100644 builds/cbioapp/log4j.properties
 create mode 100644 builds/cbioapp/logo_EurOPDX.png
 create mode 100644 builds/cbioapp/portal.properties
 create mode 100644 builds/cbioapp/settings.xml
 create mode 100644 builds/cbioapp/start.sh
 create mode 100644 builds/cbiodb/.gitlab-ci.yml
 create mode 100644 builds/cbiodb/Dockerfile
 create mode 100644 builds/cbiodb/README.md
 create mode 100644 builds/cbiodb/env/.env
 create mode 100644 builds/cbiodb/files/init_db
 create mode 100644 builds/cbiodb/files/run_db
 create mode 100644 builds/cbiodb/mysql/conf/mysql.conf
 create mode 100644 builds/cbiodb/mysql/docker-entrypoint-initdb.d/.gitignore
 create mode 100644 builds/job/Dockerfile
 create mode 100644 yaml/cbio-api/api-deployment.yml
 create mode 100644 yaml/cbio-api/api-service.yml
 create mode 100644 yaml/cbio-api/identifier.yml
 create mode 100644 yaml/cbio-api/registerIdentifier.yml
 create mode 100644 yaml/cbio-app/cbio-replicaset.yml
 create mode 100644 yaml/cbio-app/cbio-service.yml
 create mode 100644 yaml/cbio-db/cbiodb-replicaset.yml
 create mode 100644 yaml/cbio-db/cbiodb-service.yml
 create mode 100644 yaml/cbio-db/config.yml
 create mode 100644 yaml/cbio-db/secret.yml
 create mode 100644 yaml/cbio-delete/deletecronjob.yml
 create mode 100644 yaml/cbio-on-demand-namespace.yml
 create mode 100644 yaml/cbio-security/security.yml
 create mode 100644 yaml/cbio-security/service-api.yml
 create mode 100644 yaml/cbio-security/service-proxy.yml
 create mode 100644 yaml/complete/bind.yml
 create mode 100644 yaml/complete/cbio-setup.yml
 create mode 100644 yaml/complete/cbiood.crt
 create mode 100644 yaml/complete/ingress-api.yml
 create mode 100644 yaml/complete/ingress-proxy.yml
 create mode 100644 yaml/complete/role.yml
 create mode 100644 yaml/complete/serviceAccount.yml

diff --git a/builds/SAML-K8S/Dockerfile b/builds/SAML-K8S/Dockerfile
new file mode 100644
index 0000000..70b99c8
--- /dev/null
+++ b/builds/SAML-K8S/Dockerfile
@@ -0,0 +1,65 @@
+FROM ubuntu:18.04
+
+LABEL maintainer="456130@mail.muni.cz"
+
+# apache2 and mellon module installation
+RUN apt-get update &&\
+    apt-get install -y apache2  &&\
+    apt-get install -y libapache2-mod-auth-mellon &&\
+    apt-get clean
+
+RUN ln -sf /proc/self/fd/1 /var/log/apache2/access.log && \
+    ln -sf /proc/self/fd/2 /var/log/apache2/error.log
+
+COPY ./proxy.conf /etc/apache2/sites-available/proxy.conf
+COPY ./http_cbiood.edirex.ics.muni.cz_mellon.key \
+     ./http_cbiood.edirex.ics.muni.cz_mellon.cert \
+     /etc/apache2/mellon/
+COPY mellon.conf mellon.conf
+COPY start.sh start.sh
+COPY idp-metadata.xml idp-metadata.xml
+COPY http_cbiood.edirex.ics.muni.cz_mellon.xml /sp-metadata.xml
+
+
+RUN rm -rf /etc/apache2/sites-enabled/*
+
+RUN a2enmod proxy && \
+    a2enmod proxy_http && \
+    a2enmod rewrite && \
+    a2enmod ssl && \
+    a2enmod headers && \
+    a2ensite proxy.conf && \
+    mkdir /etc/apache2/ssl &&\
+    mkdir /etc/apache2/sites-enabled/routes
+
+
+
+ENV TZ=Europe/Prague
+
+RUN chmod +x start.sh
+
+EXPOSE 80
+
+#Flask
+RUN apt-get install -y python3 && \
+    apt-get install -y python3-pip && \
+    pip3 install Flask
+    
+ENV LC_ALL=C.UTF-8 \
+    LANG=C.UTF-8 \
+    FLASK_APP=/secure-routing/app/app.py
+
+
+COPY ./secure-routing /secure-routing
+COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+
+RUN mkdir -p /var/log/supervisor
+
+#supervisor
+RUN apt-get update && \
+    apt-get install -y supervisor && \
+    apt-get clean
+
+EXPOSE 5000
+
+CMD [ "/start.sh" ]
diff --git a/builds/SAML-K8S/README.md b/builds/SAML-K8S/README.md
new file mode 100644
index 0000000..ca57ff3
--- /dev/null
+++ b/builds/SAML-K8S/README.md
@@ -0,0 +1,14 @@
+# APACHE SAML Configuration
+
+
+# Build
+command:
+  docker build -t <repo>/<image-name>:<tag>
+example:
+  docker build -t lpivo/k8s-saml:t1 .
+  docker build --build-arg SOURCE=/mylocation/secure-routing \
+               -t lpivo/k8s-saml:t1 .
+args:
+  SOURCE -> location of python app source code
+         -> default=./secure-routing
+ 
diff --git a/builds/SAML-K8S/before_build.sh b/builds/SAML-K8S/before_build.sh
new file mode 100755
index 0000000..2d8a993
--- /dev/null
+++ b/builds/SAML-K8S/before_build.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+#Run if you dont have sp metadata which are registered on idp
+#create metadata
+./helper.sh "http://cbiood.edirex.ics.muni.cz/mellon" "http://cbiood.edirex.ics.muni.cz/mellon"
diff --git a/builds/SAML-K8S/helper.sh b/builds/SAML-K8S/helper.sh
new file mode 100755
index 0000000..fe02979
--- /dev/null
+++ b/builds/SAML-K8S/helper.sh
@@ -0,0 +1,92 @@
+#!/usr/bin/env bash
+set -e
+
+PROG="$(basename "$0")"
+
+printUsage() {
+    echo "Usage: $PROG ENTITY-ID ENDPOINT-URL"
+    echo ""
+    echo "Example:"
+    echo "  $PROG urn:someservice https://sp.example.org/mellon"
+    echo ""
+}
+
+if [ "$#" -lt 2 ]; then
+    printUsage
+    exit 1
+fi
+
+ENTITYID="$1"
+if [ -z "$ENTITYID" ]; then
+    echo "$PROG: An entity ID is required." >&2
+    exit 1
+fi
+
+BASEURL="$2"
+if [ -z "$BASEURL" ]; then
+    echo "$PROG: The URL to the MellonEndpointPath is required." >&2
+    exit 1
+fi
+
+if ! echo "$BASEURL" | grep -q '^https\?://'; then
+    echo "$PROG: The URL must start with \"http://\" or \"https://\"." >&2
+    exit 1
+fi
+
+HOST="$(echo "$BASEURL" | sed 's#^[a-z]*://\([^:/]*\).*#\1#')"
+BASEURL="$(echo "$BASEURL" | sed 's#/$##')"
+
+OUTFILE="$(echo "$ENTITYID" | sed 's/[^0-9A-Za-z.]/_/g' | sed 's/__*/_/g')"
+echo "Output files:"
+echo "Private key:               $OUTFILE.key"
+echo "Certificate:               $OUTFILE.cert"
+echo "Metadata:                  $OUTFILE.xml"
+echo "Host:                      $HOST"
+echo
+echo "Endpoints:"
+echo "SingleLogoutService:       $BASEURL/logout"
+echo "AssertionConsumerService:  $BASEURL/postResponse"
+echo
+
+# No files should not be readable by the rest of the world.
+umask 0077
+
+TEMPLATEFILE="$(mktemp -t mellon_create_sp.XXXXXXXXXX)"
+
+cat >"$TEMPLATEFILE" <<EOF
+RANDFILE           = /dev/urandom
+[req]
+default_bits       = 2048
+default_keyfile    = privkey.pem
+distinguished_name = req_distinguished_name
+prompt             = no
+policy             = policy_anything
+[req_distinguished_name]
+commonName         = $HOST
+EOF
+
+openssl req -utf8 -batch -config "$TEMPLATEFILE" -new -x509 -days 3652 -nodes -out "$OUTFILE.cert" -keyout "$OUTFILE.key" 2>/dev/null
+
+rm -f "$TEMPLATEFILE"
+
+CERT="$(grep -v '^-----' "$OUTFILE.cert")"
+
+cat >"$OUTFILE.xml" <<EOF
+<EntityDescriptor entityID="$ENTITYID" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <KeyDescriptor use="signing">
+      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:X509Data>
+          <ds:X509Certificate>$CERT</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </KeyDescriptor>
+    <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="$BASEURL/logout"/>
+    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="$BASEURL/postResponse" index="0"/>
+  </SPSSODescriptor>
+</EntityDescriptor>
+EOF
+
+umask 0777
+chmod go+r "$OUTFILE.xml"
+chmod go+r "$OUTFILE.cert"
diff --git a/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.cert b/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.cert
new file mode 100644
index 0000000..ab52fd5
--- /dev/null
+++ b/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.cert
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzzCCAbcCFBT9Z4ukaoX5prNGPZ526Sdxc95vMA0GCSqGSIb3DQEBCwUAMCQx
+IjAgBgNVBAMMGWNiaW9vZC5lZGlyZXguaWNzLm11bmkuY3owHhcNMTkwNDE3MDkz
+MjIwWhcNMjkwNDE2MDkzMjIwWjAkMSIwIAYDVQQDDBljYmlvb2QuZWRpcmV4Lmlj
+cy5tdW5pLmN6MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NQgk74l
+XyXwwdH5/mF6hQPbVNmuIkAI8c4JVsZcXzpzObhL+89y2XROteLvxqVSmCXH7x9h
+dwhaLzKCWQiUTNIXauimQHfRtyUGPisxcNzYf/sV3ecB/J9/ug5wtnfqAf8UWHB7
+QeTBGBgSgUlTZ7S4r5CB4sReFKtJuiiK1F9OUpDe2RInbZMuEiTgqkX1o6J0ABZA
+8xoW2XMxMoxI6mcI8sXlI2KJa351eWfS9cJ+m8RZEFT5DLF1kqeckah1tsdYxAD8
+SB1B2yV256baJjpgQEfXYDchLTh49HD2sEom5hKwuTWiB26wGTGTsr8a75jous7M
+nz/wg3GlzDd/AQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDTCSD2ipchyE4xHvTJ
+X12T15QLKrvvPnNZM2/LF2nAhR+JRjBKgHbMnuDWu6quwQ+uJiKASaM+hi+9XJqh
+SQZjvmUAvTzqUncjQ170bqfip5+JmUPYj0PIwD58Xnb28nXDOmQ4XxvP2i4YEdwW
+coUto0qkLusqz/ZPU8qQmPL18XB8zgewzgVbRBESy1lUtJSr53AwMjGstlqx4dMx
+DBSyGA2GO6dkVSqto9kBZ7s87kxxNCrA/tQZmB5km3CZwEyx6hCKyJqQw+Huh+Ex
+TO9R3dX2NRDztD8ZMQks+Uf6PfV/lqOpciHOE2FuiK8cceWzJgEueI6l6AXTxcnR
+pcO5
+-----END CERTIFICATE-----
diff --git a/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.key b/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.key
new file mode 100644
index 0000000..6482e0a
--- /dev/null
+++ b/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc1CCTviVfJfDB
+0fn+YXqFA9tU2a4iQAjxzglWxlxfOnM5uEv7z3LZdE614u/GpVKYJcfvH2F3CFov
+MoJZCJRM0hdq6KZAd9G3JQY+KzFw3Nh/+xXd5wH8n3+6DnC2d+oB/xRYcHtB5MEY
+GBKBSVNntLivkIHixF4Uq0m6KIrUX05SkN7ZEidtky4SJOCqRfWjonQAFkDzGhbZ
+czEyjEjqZwjyxeUjYolrfnV5Z9L1wn6bxFkQVPkMsXWSp5yRqHW2x1jEAPxIHUHb
+JXbnptomOmBAR9dgNyEtOHj0cPawSibmErC5NaIHbrAZMZOyvxrvmOi6zsyfP/CD
+caXMN38BAgMBAAECggEAW8kv4Tjff7TdZTJJnpoVusPnnlT8M/A5x4fECfVY35wD
+2LHpoziOnCPjs2YoE4ET23mYqKN6d2dZVNTBqRAP0/5fDWi18YXb/Su+dIivfCHP
+OyK57AngoYgKJuNppe4hrcLASiI2mSTjvYgD6Qj5SdmsCg0eb4r/L8giVOYVDj/o
+4jm4x7GNTyRN20P4h+tfum3kYHjvmDrL6RWunaChR6+Y33JGO7pW/q6uhonZCUxX
+vUqkZ/UKuMRa43lFWWo2QHt2f0ELRjtZwFA9LSqBnf6rZ/p7dubN7g5+l57PScAT
+4vWYsC5JLT8OM989w4urvVae4jrN3DafOg13qnV6IQKBgQD8lf4psasvIfE6isAL
+uh3nRLV7cpU1YFfZM17j2lleXlHmqu+9oXK5oCtAXoXLvh4N33F5BskXOByKwAMP
++0XDdM7rhVqQdyOe/WYObcCQqCMeuj+XxGyhwRoXjTX3yzwZN9oGAlIhRvGsaLnc
+3dANzsVKVVMDuzR+BfLNEW/UIwKBgQDf0D8mhHUh8Mu01HCZlOwQHuRCxje9mNN+
+fuTJ977X0tJw2z3t74yLN5x2Y/U0OQUxHXBBhqNjsWeMF9kFAZn1mMqTCVlo0NZz
+UNXC3wZAY//cVtY4E8M8Fl4q6bLF+byAYdIoSrWNkznElTM0425EwSvE9SS4qQ8G
+Ebad3JBwiwKBgQDu3YYLtfp2SzoOq9JsBKls4RxjTvvuC1toi10sS3yCct4vLu4j
+vf95rg/ZAsqy3+saIXn1A0a+T5EmYelDftP9wIRCVM1Nm22zWF3gPUiDRI5Z67Zh
+9x7oZW4gYals2eTO0HO9hQpYb/fynONQDPBJboZDAqfL+ojsuQFhjyDbUwKBgFqO
+sw6Np6ss9+9ZyZmKtR0ssqUF+MXBEUnsY/wIPvKqfbVmMB+WvmISBT+t4CfaLmya
+AbKxnGiY/lGj0I6DAF1sDgMCVGfhn/OWsHchsDDbhUoM5K5Z6LPmRQHN/yS1kHzN
+l6/v0pfPCx+sUsTChPpSwrf1jH8fAFIvVpl3BgZTAoGATZbsq6cX3lbq0EFnLY/G
+nhTXoyrywxrnhMUfhhxuSBY7ENFrjf/p5lXum3UuY730ss2nKHkfzZHne0+r9D1/
+Y1wPE/4HYyJ5p3Z45fOwoEz0Ik9hNrzs0mVRaCni7ZyVso+iavJIAu4jTYaxjYfp
+2l5/pzZ5owWLz0OZk1BAYUA=
+-----END PRIVATE KEY-----
diff --git a/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.xml b/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.xml
new file mode 100644
index 0000000..64daa78
--- /dev/null
+++ b/builds/SAML-K8S/http_cbiood.edirex.ics.muni.cz_mellon.xml
@@ -0,0 +1,28 @@
+<EntityDescriptor entityID="http://cbiood.edirex.ics.muni.cz/mellon" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+  <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <KeyDescriptor use="signing">
+      <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:X509Data>
+          <ds:X509Certificate>MIICzzCCAbcCFBT9Z4ukaoX5prNGPZ526Sdxc95vMA0GCSqGSIb3DQEBCwUAMCQx
+IjAgBgNVBAMMGWNiaW9vZC5lZGlyZXguaWNzLm11bmkuY3owHhcNMTkwNDE3MDkz
+MjIwWhcNMjkwNDE2MDkzMjIwWjAkMSIwIAYDVQQDDBljYmlvb2QuZWRpcmV4Lmlj
+cy5tdW5pLmN6MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NQgk74l
+XyXwwdH5/mF6hQPbVNmuIkAI8c4JVsZcXzpzObhL+89y2XROteLvxqVSmCXH7x9h
+dwhaLzKCWQiUTNIXauimQHfRtyUGPisxcNzYf/sV3ecB/J9/ug5wtnfqAf8UWHB7
+QeTBGBgSgUlTZ7S4r5CB4sReFKtJuiiK1F9OUpDe2RInbZMuEiTgqkX1o6J0ABZA
+8xoW2XMxMoxI6mcI8sXlI2KJa351eWfS9cJ+m8RZEFT5DLF1kqeckah1tsdYxAD8
+SB1B2yV256baJjpgQEfXYDchLTh49HD2sEom5hKwuTWiB26wGTGTsr8a75jous7M
+nz/wg3GlzDd/AQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQDTCSD2ipchyE4xHvTJ
+X12T15QLKrvvPnNZM2/LF2nAhR+JRjBKgHbMnuDWu6quwQ+uJiKASaM+hi+9XJqh
+SQZjvmUAvTzqUncjQ170bqfip5+JmUPYj0PIwD58Xnb28nXDOmQ4XxvP2i4YEdwW
+coUto0qkLusqz/ZPU8qQmPL18XB8zgewzgVbRBESy1lUtJSr53AwMjGstlqx4dMx
+DBSyGA2GO6dkVSqto9kBZ7s87kxxNCrA/tQZmB5km3CZwEyx6hCKyJqQw+Huh+Ex
+TO9R3dX2NRDztD8ZMQks+Uf6PfV/lqOpciHOE2FuiK8cceWzJgEueI6l6AXTxcnR
+pcO5</ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </KeyDescriptor>
+    <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://cbiood.edirex.ics.muni.cz/mellon/logout"/>
+    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://cbiood.edirex.ics.muni.cz/mellon/postResponse" index="0"/>
+  </SPSSODescriptor>
+</EntityDescriptor>
diff --git a/builds/SAML-K8S/idp-metadata.xml b/builds/SAML-K8S/idp-metadata.xml
new file mode 100644
index 0000000..a18d65b
--- /dev/null
+++ b/builds/SAML-K8S/idp-metadata.xml
@@ -0,0 +1,55 @@
+<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+  xmlns:shibmd="urn:mace:shibboleth:metadata:1.0"
+  xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
+  xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+  entityID="https://login.europdx.eu/idp/">
+  <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+    <md:Extensions>
+      <shibmd:Scope regexp="false">europdx.eu</shibmd:Scope>
+      <mdui:UIInfo><mdui:DisplayName xml:lang="en">EuroPDX research infrastructure AAI</mdui:DisplayName>
+      <mdui:Description xml:lang="en">
+        This service is identity provider for EuroPDX community.
+      </mdui:Description>
+      <mdui:InformationURL xml:lang="en">https://europdx.eu</mdui:InformationURL>
+      <mdui:PrivacyStatementURL xml:lang="en">https://TBA</mdui:PrivacyStatementURL>
+      <mdui:Keywords xml:lang="en">EuroPDX proxy biology life sciences</mdui:Keywords>
+      <mdui:Logo width="96" height="96">
+        https://login.elixir-czech.org/media/elixir-96x96.jpg
+      </mdui:Logo>
+    </mdui:UIInfo>
+  </md:Extensions>
+  <md:KeyDescriptor use="signing">
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>
+          MIIEUTCCAzmgAwIBAgIJALuWjo0j1/fcMA0GCSqGSIb3DQEBCwUAMIG+MQswCQYDVQQGEwJDWjEQMA4GA1UECAwHTW9yYXZpYTENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSTWFzYXJ5ayBVbml2ZXJzaXR5MSYwJAYDVQQLDB1JbnN0aXR1dGUgb2YgQ29tcHV0ZXIgU2NpZW5jZTEbMBkGA1UEAwwSKi5lbGl4aXItY3plY2gub3JnMSwwKgYJKoZIhvcNAQkBFh1hYWktY29udGFjdEBlbGl4aXItZXVyb3BlLm9yZzAeFw0xNjA4MTAwODA5MTNaFw0yNjA4MDgwODA5MTNaMIG+MQswCQYDVQQGEwJDWjEQMA4GA1UECAwHTW9yYXZpYTENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSTWFzYXJ5ayBVbml2ZXJzaXR5MSYwJAYDVQQLDB1JbnN0aXR1dGUgb2YgQ29tcHV0ZXIgU2NpZW5jZTEbMBkGA1UEAwwSKi5lbGl4aXItY3plY2gub3JnMSwwKgYJKoZIhvcNAQkBFh1hYWktY29udGFjdEBlbGl4aXItZXVyb3BlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvZy0XHUJ/NW/ffIuSMzcpWJp+6gL3OXhl7oG8MPZHe1JmzgBrxQ9sLzFhRl34NVfSA8flN+nKbcekp8jpeoTY/hnr/IWIWNDYfg3xLCQxCSoN/QiSqrr8FizSam8IT2vTu+BUvnCngrwia/upGCHb7hivsEDfTroQcAEPDe/S9uVWCvv5ERGwfBKgH3+06xjrdGVpFNzoy+9m+/ZLkdqmPHVc6E87o2hy0jLrV+g55nCxwJ79Z5LTLPcn2WHkg0nWoh1BITYoyfg503OpUL1ja+IL7FlofIb0s6YfV0a1duSrwc7nG/V7KFjrWJS5RCh74SfWTaGiSN5XcqdwJsgECAwEAAaNQME4wHQYDVR0OBBYEFN/3g/caCmGJG1w+35mgGhAzryLnMB8GA1UdIwQYMBaAFN/3g/caCmGJG1w+35mgGhAzryLnMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGlWHgjzeZ7VLn7ajPRr36aK/oXTOTetvzI7XcepAhDB/8suLabq55rV6ydtmuzA18ZJ/cdcb+LoIp/rqyY24siGYrNjwbjTgz9ai3legz5lFq7qnjYuAbGhc2OX4uJmzk/+jL5npKuMxkQSjgSqscYoBXsbNyJ/ou7PTXmalGkbFsr2ch0q1/McWSpDLAVzWTf1yZ85h3UYdxRyK0Evt4MWHYJ3DITK7xELYqNDg/Nrlr9So1sojSd1QIJ2yvOl8l9McMWlDwd31rPdNiT589F/UrryPEG2Xiapo75DgSyshNUOYxHKub4FYvDAZLjStjcmvhzeZo1v35jqLINp/bg=
+        </ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </md:KeyDescriptor>
+  <md:KeyDescriptor use="encryption">
+    <ds:KeyInfo>
+      <ds:X509Data>
+        <ds:X509Certificate>
+          MIIEUTCCAzmgAwIBAgIJALuWjo0j1/fcMA0GCSqGSIb3DQEBCwUAMIG+MQswCQYDVQQGEwJDWjEQMA4GA1UECAwHTW9yYXZpYTENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSTWFzYXJ5ayBVbml2ZXJzaXR5MSYwJAYDVQQLDB1JbnN0aXR1dGUgb2YgQ29tcHV0ZXIgU2NpZW5jZTEbMBkGA1UEAwwSKi5lbGl4aXItY3plY2gub3JnMSwwKgYJKoZIhvcNAQkBFh1hYWktY29udGFjdEBlbGl4aXItZXVyb3BlLm9yZzAeFw0xNjA4MTAwODA5MTNaFw0yNjA4MDgwODA5MTNaMIG+MQswCQYDVQQGEwJDWjEQMA4GA1UECAwHTW9yYXZpYTENMAsGA1UEBwwEQnJubzEbMBkGA1UECgwSTWFzYXJ5ayBVbml2ZXJzaXR5MSYwJAYDVQQLDB1JbnN0aXR1dGUgb2YgQ29tcHV0ZXIgU2NpZW5jZTEbMBkGA1UEAwwSKi5lbGl4aXItY3plY2gub3JnMSwwKgYJKoZIhvcNAQkBFh1hYWktY29udGFjdEBlbGl4aXItZXVyb3BlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvZy0XHUJ/NW/ffIuSMzcpWJp+6gL3OXhl7oG8MPZHe1JmzgBrxQ9sLzFhRl34NVfSA8flN+nKbcekp8jpeoTY/hnr/IWIWNDYfg3xLCQxCSoN/QiSqrr8FizSam8IT2vTu+BUvnCngrwia/upGCHb7hivsEDfTroQcAEPDe/S9uVWCvv5ERGwfBKgH3+06xjrdGVpFNzoy+9m+/ZLkdqmPHVc6E87o2hy0jLrV+g55nCxwJ79Z5LTLPcn2WHkg0nWoh1BITYoyfg503OpUL1ja+IL7FlofIb0s6YfV0a1duSrwc7nG/V7KFjrWJS5RCh74SfWTaGiSN5XcqdwJsgECAwEAAaNQME4wHQYDVR0OBBYEFN/3g/caCmGJG1w+35mgGhAzryLnMB8GA1UdIwQYMBaAFN/3g/caCmGJG1w+35mgGhAzryLnMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGlWHgjzeZ7VLn7ajPRr36aK/oXTOTetvzI7XcepAhDB/8suLabq55rV6ydtmuzA18ZJ/cdcb+LoIp/rqyY24siGYrNjwbjTgz9ai3legz5lFq7qnjYuAbGhc2OX4uJmzk/+jL5npKuMxkQSjgSqscYoBXsbNyJ/ou7PTXmalGkbFsr2ch0q1/McWSpDLAVzWTf1yZ85h3UYdxRyK0Evt4MWHYJ3DITK7xELYqNDg/Nrlr9So1sojSd1QIJ2yvOl8l9McMWlDwd31rPdNiT589F/UrryPEG2Xiapo75DgSyshNUOYxHKub4FYvDAZLjStjcmvhzeZo1v35jqLINp/bg=
+        </ds:X509Certificate>
+      </ds:X509Data>
+    </ds:KeyInfo>
+  </md:KeyDescriptor>
+  <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.europdx.eu/proxy/saml2/idp/SingleLogoutService.php"/>
+  <md:NameIDFormat>
+    urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+  </md:NameIDFormat>
+  <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.europdx.eu/proxy/saml2/idp/SSOService.php"/>
+</md:IDPSSODescriptor>
+<md:Organization>
+  <md:OrganizationName xml:lang="en">EuroPDX</md:OrganizationName>
+  <md:OrganizationDisplayName xml:lang="en">EuroPDX</md:OrganizationDisplayName>
+  <md:OrganizationURL xml:lang="en">https://europdx.eu</md:OrganizationURL>
+</md:Organization>
+<md:ContactPerson contactType="technical">
+  <md:GivenName>EuroPDX</md:GivenName>
+  <md:SurName>AAI</md:SurName>
+  <md:EmailAddress>vyskocilpavel@muni.cz</md:EmailAddress>
+</md:ContactPerson>
+</md:EntityDescriptor>
diff --git a/builds/SAML-K8S/mellon.conf b/builds/SAML-K8S/mellon.conf
new file mode 100644
index 0000000..d56a641
--- /dev/null
+++ b/builds/SAML-K8S/mellon.conf
@@ -0,0 +1,3 @@
+AuthType Mellon
+MellonEnable auth
+Require valid-user
diff --git a/builds/SAML-K8S/proxy.conf b/builds/SAML-K8S/proxy.conf
new file mode 100644
index 0000000..c7de943
--- /dev/null
+++ b/builds/SAML-K8S/proxy.conf
@@ -0,0 +1,25 @@
+include /etc/apache2/fqdn.conf
+<VirtualHost *:80>
+  ServerName ${SERVERNAME}
+  ServerAdmin ${EMAILADMIN}
+
+  ErrorLog "/var/log/apache2/error.log"
+  CustomLog "/var/log/apache2/access.log" common
+  TransferLog "/var/log/apache2/access.log"
+
+  ProxyPreserveHost On
+  <Location / >
+      MellonSPPrivateKeyFile /etc/apache2/mellon/sp_key.pem
+      MellonSPCertFile /etc/apache2/mellon/sp_cert.pem
+      MellonSPMetadataFile /etc/apache2/mellon/sp-metadata.xml
+      MellonIdPMetadataFile /etc/apache2/mellon/idp-metadata.xml
+
+      # Mapping of attribute names to something readable
+      MellonSetEnv "name" "urn:oid:2.16.840.1.113730.3.1.241"
+      MellonSetEnv "mail" "urn:oid:0.9.2342.19200300.100.1.3"
+      MellonSetEnv "eppn" "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
+      MellonSetEnv "entitlement" "urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
+      MellonSetEnv "eduPersonUniqueId" "urn:oid:1.3.6.1.4.1.5923.1.1.1.13"
+  </Location>
+  IncludeOptional /etc/apache2/sites-enabled/routes/*.conf
+</Virtualhost>
diff --git a/builds/SAML-K8S/start.sh b/builds/SAML-K8S/start.sh
new file mode 100644
index 0000000..d06b155
--- /dev/null
+++ b/builds/SAML-K8S/start.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+mellon=/etc/apache2/mellon
+mellonconf=/etc/apache2/sites-enabled/mellon/
+
+cd /$mellon
+
+# move mellon metadata
+mv /sp-metadata.xml /${mellon}/sp-metadata.xml
+mv /idp-metadata.xml $mellon
+mv ${mellon}/*.cert ${mellon}/sp_cert.pem
+mv ${mellon}/*.key ${mellon}/sp_key.pem
+
+# mellon conf
+mkdir $mellonconf
+mv /mellon.conf ${mellonconf}
+
+# create fqdn.conf
+echo "Define FQDN ${HOST}" >/etc/apache2/fqdn.conf
+echo "Define EMAILADMIN ${ADMIN_USER}" >> /etc/apache2/fqdn.conf
+
+# run Apache
+#/usr/sbin/apache2ctl -D FOREGROUND
+
+#run supervisor
+/usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf
diff --git a/builds/SAML-K8S/supervisord.conf b/builds/SAML-K8S/supervisord.conf
new file mode 100644
index 0000000..66c07fd
--- /dev/null
+++ b/builds/SAML-K8S/supervisord.conf
@@ -0,0 +1,24 @@
+[supervisorctl]
+
+[supervisord]
+nodaemon=true
+
+[program:flaskAPI]
+stdout_logfile=/dev/stdout
+stdout_maxbytes=0
+stdout_logfile_maxbytes=0
+command=flask run --host=0.0.0.0
+
+[program:apache2]
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+stdout_maxbytes=0
+stderr_maxbytes=0
+stdout_logfile_maxbytes=0
+stdout_logfile=/dev/stdout
+
+user=root
+killasgroup=true
+stopasgroup=true
+
+command=/usr/sbin/apache2ctl -D FOREGROUND
diff --git a/builds/cbioapp/Dockerfile b/builds/cbioapp/Dockerfile
new file mode 100644
index 0000000..74132b3
--- /dev/null
+++ b/builds/cbioapp/Dockerfile
@@ -0,0 +1,45 @@
+ARG TAG=2.0.0
+FROM cbioportal/cbioportal:$TAG AS build
+MAINTAINER Luboslav Pivarc <456130@muni.cz>
+COPY ./log4j.properties /cbioportal/src/main/resources/log4j.properties
+COPY ./portal.properties /cbioportal/src/main/resources/portal.properties
+COPY ./settings.xml /root/.m2/settings.xml
+COPY ./context.xml /usr/local/tomcat/conf/context.xml
+COPY ./logo_EurOPDX.png /cbioportal/portal/src/main/webapp/images/logo_EurOPDX.png
+
+RUN mvn -DskipTests clean install
+
+RUN ls $PORTAL_HOME/portal/target/
+
+FROM tomcat:8-jre8
+MAINTAINER Luboslav Pivarc <456130@muni.cz>
+ENV APP_NAME="cbioportal" \
+    PORTAL_HOME="/cbioportal"
+#======== Install Prerequisites ===============#
+RUN apt-get update && apt-get install -y --no-install-recommends \
+        libmysql-java \
+        patch \
+        python3 \
+        python3-jinja2 \
+        python3-mysqldb \
+        python3-requests \
+    && ln -s /usr/share/java/mysql-connector-java.jar "$CATALINA_HOME"/lib/ \
+    && rm -rf $CATALINA_HOME/webapps/examples \
+    && rm -rf /var/lib/apt/lists/*
+
+#======== Copy from first stage ===========================#
+
+COPY --from=build $PORTAL_HOME/portal/target/cbioportal.war $CATALINA_HOME/webapps/cbioportal.war
+COPY --from=build $PORTAL_HOME/core/src/main/scripts/ $PORTAL_HOME/core/src/main/scripts/
+COPY --from=build $PORTAL_HOME/scripts/target/scripts*.jar $PORTAL_HOME/scripts/target/
+
+COPY --from=build /usr/local/tomcat/conf/context.xml /usr/local/tomcat/conf/context.xml
+COPY --from=build /cbioportal/src/main/resources/portal.properties /cbioportal/portal.properties
+COPY ./data-loading /etc/data-loading
+COPY ./start.sh /start.sh
+
+RUN chmod +x /start.sh
+WORKDIR $PORTAL_HOME
+EXPOSE 8080
+#======== symbol links & subtitute db host & run app ===============#
+CMD  /start.sh
diff --git a/builds/cbioapp/context.xml b/builds/cbioapp/context.xml
new file mode 100644
index 0000000..1da4e84
--- /dev/null
+++ b/builds/cbioapp/context.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- The contents of this file will be loaded for each web application -->
+<Context>
+
+    <!-- Default set of monitored resources. If one of these changes, the    -->
+    <!-- web application will be reloaded.                                   -->
+    <WatchedResource>WEB-INF/web.xml</WatchedResource>
+    <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
+
+    <!-- Uncomment this to disable session persistence across Tomcat restarts -->
+    <!--
+    <Manager pathname="" />
+    -->
+
+    <Resource name="jdbc/cbioportal" auth="Container" type="javax.sql.DataSource"
+       maxActive="100" maxIdle="30" maxWait="10000"
+       username="cbio" password="P@ssword1"
+       driverClassName="com.mysql.jdbc.Driver"
+       connectionProperties="zeroDateTimeBehavior=convertToNull;"
+       url="jdbc:mysql://cbiodb:3306/cbioportal"/>
+</Context>
diff --git a/builds/cbioapp/log4j.properties b/builds/cbioapp/log4j.properties
new file mode 100644
index 0000000..964f33b
--- /dev/null
+++ b/builds/cbioapp/log4j.properties
@@ -0,0 +1,19 @@
+# Change INFO to DEBUG, if you want to see debugging info on underlying libraries we use.
+log4j.rootLogger=INFO, a
+
+# Change INFO to DEBUG, if you want see debugging info on our packages and spring security packages.
+log4j.category.org.mskcc=INFO
+log4j.logger.org.springframework.security=INFO
+
+# Use the JVM option, e.g.: "java -DPORTAL_HOME=/pathto/portal_homedir",
+# or - "java -DPORTAL_HOME=$PORTAL_HOME", where PORTAL_HOME is shell (environment) variable.
+
+## IMPORTANT - THRESHOLD SHOULD NOT BE DEBUG FOR PRODUCTION, CREDENTIALS CAN BE DISPLAYED!
+
+log4j.appender.a = org.apache.log4j.rolling.RollingFileAppender
+log4j.appender.a.rollingPolicy = org.apache.log4j.rolling.TimeBasedRollingPolicy
+log4j.appender.a.rollingPolicy.FileNamePattern = ${java.io.tmpdir}/cbioportal.log.%d.gz
+log4j.appender.a.File = ${java.io.tmpdir}/cbioportal.log
+log4j.appender.a.layout = org.apache.log4j.PatternLayout
+log4j.appender.a.layout.ConversionPattern = %d{yyyy-MM-dd HH:mm:ss} [%t] %-5p %c - %m%n
+log4j.appender.a.append = true
\ No newline at end of file
diff --git a/builds/cbioapp/logo_EurOPDX.png b/builds/cbioapp/logo_EurOPDX.png
new file mode 100644
index 0000000000000000000000000000000000000000..1aa9f993c49b96914889a84078e44a0feeb813ed
GIT binary patch
literal 10869
zcmeAS@N?(olHy`uVBq!ia0y~yV2op6V2I*iV_;zTaMo@I0|SF(iEBhjaDG}zd16s2
zgJVj5QmTSyZen_BP-<dIW#P$G8wLhuwak!+k_cZPtK|G#y+n{2y^7od1`x2ZuP8`N
z&Q2{+NJ>r5%(GQ`zk9!uLS~AsQn;zFfp39xYDT6<RZ(him0w75Rd%vvijuvZf=z{0
zMQ%ZEYDuC(MQ%=Bu~mhw64+d;ykaYmu)dN4SV>8?trEmh5xxNm&iO^D3Z{Byy2%EH
zCJN@3dWNQE=9cC<3PuKoCi(^z`bGx229{Q)##RPK3Q(YAr(jc*l4cd;;s&*=C?(BS
zDWjyMz)D}gyu4hm+*mKaC|%#s($Z4jz)0W7NVg~@O}Dr*uOzWTH?LS3W`av<adJ^+
zK}lwQo&w0k#H9Sv5?duDsIe8f1#n~YilM=joS&;-kyxN_sAmB362z~$1-`!cmFDKc
zRTq~8r6Sym)!^cg%7Rq=pw#00(xT+lpwu*FkedpuoQqNuOY)0C^7C_Gp%{>nUy@&(
zkzb(T><kVy1&#2`yp;U%Vok6fUtcTFyyB9?yyR3*7h9!@+ycGK%oHm#6ANQ=6DJEt
z7YiptLst_gS0g72OIJfPCsRWULo;)jUYGpj(%jU%5}4i;gkDRWdO^tn6eLzIsYRJ(
zsVQzn`MC;UZ(C*Jc8eKK^PqZDaJ$7Er(S(K1si=(<RV2jOeo034a5YeOHdlMQ$QsC
z)Vvg1r6MJJyZTwZCJYQ}Pd!~6Ln>~)iRGLlV*1UG_k?YOIhRH=`#g?y+V_~0I+Py0
zQrOg`q;&j12m33o)hjx>#LpOXG-+!oH2seaabUDODt%N~aHsxM=R}5`FaLk{-G6P<
ziYq1GOTLGgR{oK@I(d)R(x8*mr%#`LMC*3ihfc4Rr%v@cDW*P*Z{v#BWtqyD-f;Ng
zDvh4&JriQOZ*cw3wLDx{?{V`I=kmYpH5Pwf@0?uqCbVsmS96qI`IOX^zrxx|SEWWq
z{$SZ!u$FUO--cH|c2~8f${y+Gu-p)O<WEJ%{hs@`KRj1s$vbsoL!HwbuM_KBZhY_f
z{pr}l>;Ho${kgg>_OnRLtmPX#${Olfjqjg6s2#pGO1R7TJ#XPoi=&nQW%uY!s(<o#
zd&#=}8jp|dF!>-*$(_34%KD%B+;yBa^ZGxP7*tGdJa**L<+E*5*bTNZ^=)G^Fmt@H
zQPpGJtPdBh8UtgGtz-4@Kfd`M<NmvK8MoIO+C9$suz6`j%KpWL=MR^PRoF;<+-`WM
zx={1^+yh(0rsp3pK5%)$|DRGjPd~BtYd!O-q2V3p4xcMpJzlj8=e~coo?<#-%Dpcs
zmus@NeSh#=_rWU78WZWyy@#UXPD_60GI{EL`)T@rkqL`dv+VQu!D#Z$a>qADi?h5Q
z|N6!980(mR#y7k!`0%-+{jJ$f%^vps95elIoNPGmm^Rhlal4J)`sxNf)4#7L*2nkH
zGUhQ^s?M8Zb3^Ke%6joSJ;v`|hA*r%h37E;OUya{F_t-M3Cn};7eBB!tz~%jU*zJU
zdY6B<-Iy}{7&j-&vE{MUaqVF;3O;zf;qS6JwtRUn1n-|*KevtX-WT?}MKW)_omanD
zyhgBLKJ$-n+yx)Mefw>&O=6X2uV90fNX#*@dD_k;Le|r~59V)p+!m8xAS$1+JG?_^
z;o|2EyZ&<@a{ut^tl8>I8@IkQz7UyIC3nY;Yp3ml)J3BIbz(S{*_L&mcq6b*OSV*W
zrMXPk<#W|4JH&oid@u|wd&bXHlfLEj`FX<6f3Nj$klg63rN4jm(TaRNhlaAt=E-~d
zCzomq->Lg)d+LO#*ekWeUuU~~zS~=#)jmId^#>d8mLI<CP5)be*u=0qnmygokbXJm
z)24Qgw>Qh#mNr%~zF%OQ|LxUs9@egT8I!KZwK|zscLc2dX>Z{8{`H;C*mCt(H}%V<
zoO{3d6c~RfeIRUeguOw(<GE$VkJ3pOHfTQxlC2T?5mJ!+A@o7B$#$F8>U(Z+Nr56<
zlP8u(|I7B6d42jH^QnA6?y?!X-R8wjDT?jgpIIjHPRZM#Zi1A0irit-^NHGiYA>cu
z6uh%gO0cSAi*sEW%hI_~skeF3oJ&4uRb-rRxy}25jl1OLiMlOL3pZ?U+|kf!eM4O9
z@T;QhSLRf%JaKx3Uh>Pr8*Jxw8RS!2?_QXb)Vtto-Kxx-H#TvX7}if+#8$uMiR1HY
zWvZWyE<W8Cck1ryMB^u`mj`&C5$XMQ|ADeelFZF3uKUbR*y`NA`GC9I^Pjrm?w-!;
zZ}r-~zi9TZ=bw1)#NiHwt)a<}ef5<hcJ8dW*izuR%3*rR;m>cK%z3iitEJVKnq?eW
z_q{lAk>O?4)ut7VZcEml|Gb~ohQ<DM<Nb>rf^({GzT@OvAm;AgDP|>oprS^|@q3L{
zqny&?CbnH{6_@+1vJcJQ`FgM1(nr#N&p%%m-Q(@=`z5qaKfvVGT&<kPC5ult2WTEq
zyUq4zq1zH|hIb0HZSJ00<~q~H^s#>7|FxbBv9rvNt=PbOyVt_LFj_!*72`dVg~z3z
zr)vK7ns;g5OIh}~H$wAFw>|%n%p9<1j!W_8r*gA=a`g{B*zIkVX1<vrce$=iqI0sx
zyvZep1H~2}m?|_QH*3@Jj7JuRcjVr0y~(hC;iV<srVsbuvEBRp(WNsHzZd3mMkSkG
zOlNmVj#<&UPJRkk)At1@Q<kai>V2F)OD&0YYkkvmrkZS3hucf9AGNn}`SqyQjxQ_O
z^uTPpD;~mj=hc5!`wRd3-Z168knfK|#?|VNO&<EnDEJDW?y<P^{83v!<DBJF8A|+*
zKb7PcoaH!=rwFXKWS80>_xVrq=cUbv*4N-#%%{#2=3gR}A1m%V^`3zGY4b(>`qPEo
zH;YW~HnDT4>V3p;x68<C)dImt{&xb4rROuoIeRM4U0b+O-l)9R@pkTxHJyt09U1Q(
zZVK^ai0Cf3xuVnVu;Opo3dQ$~`}vlMyT^W5J<IQkUrd3qDc=X#HHS{mE-g|1^s)GY
z^lHX?CJT;BKmTYgx27}h_2M<_I1E0#n)BJ1IU;pmcj1*3_T;?jHyvBc6SUU__c!E+
zlogyv)!v)V_fpfQ+RJK7<Ywzg&5O>ypHDkxTHFj;)yMVQB`oaJBRTHdx>j4;on9CI
zZCuv0&$zf-I&A9qj?a_J9y~iAotJa|<J8+v)AK+7RM+-VevrC%*9p}>M<h(1e^0&t
zkcsbaH{<=66ZTHHwVD0JCRv{E9?y+G{C#=pA2Z_~UwwTGR)s72n_lk9{rpv3eedMY
zk&EVCUi))`mE<X@4AI;_db9V6=d!JDv$bB^{@lg+{<5EYQvb<&uX@rh8e}Xt@8aiv
z(<gstJ-ht$wcdxVUirs2UH0!cJNbB-PV?_GXa2@22OoR<@2lOfDOT}G?~EUmKk!{{
z>oV=-2Yt8Atlz)v;9PL>YJ0QIhn8nE$`#7Z-bKD=+O_As>C*eg&8uJUxcc~A$xjBy
zixoTX7~WQ`>G{&qx#-ob=RTnq&wiNqP{^$NzwHf^`IFgV+^TNR-ykCzDE(|7n>l~R
zr0c)_&D?2!gkw+Lt&qC)?bm*EpMRa;v6O$UC(DOh3_BPeob<e7ZsW#qB}3ieozQe!
zQ8~u>k3V+k?MU~u>aFPQHUGKgPvf$m?W;dLGl@-NiG6NRz;|G~UsKzOrH;`i52rGJ
zkS*nAE@Ru^_sVRsz0o}u#-8A*-#--yeQ%L`b)jtM!b^MQzVB(-67OvuU~pjeEU$CD
zAyR4{pX)8#CZ0Zb&$#LxmxJU~eg`>Y<_jBLz4ur4{CK3s@MOBy9_3l$Kgw8cl!;wP
zt*yK2Ecx)ox^%0iCdPYDg88@pf2G40t=_o1c_$}FY{`x%(>I?gx%spI()mU4ENidt
z+!GvL*u2R%u9e|Q;C9uA$4r>wni988QsMdVSB>j~tWNvPpw1N!4JSPa>%V<TP^2f^
z`P0dr&)?{L$mKuxVrBG=1J0ty?JueHSI_ecc(^xlu1jyCm(<k2oeWPts`&o6#W3yr
zdbvWDdqQvP9X_ybDAGQAbJj$r=hkhS@BhxI?q-`iEyd*C6`}Ufv%g+Ce&_%7{Y=a+
zkD~9|+vWEEY&ceV@kUp3QvH{$ObXRk=B@6G6FE>N;bo?FV&$>x4dvMl^CxG1Hr>9T
zRc_KbhX<h#Ur*Va74TST`YNUGTB|c`qTO6$cIhn74*wB#B<x52Y019d&ZnmNS-kD|
zqdvLnjMw8$&%&y=Gn6d0`@7}+nLAVe&VF+7&4Vq)f!!;zF8h?+FWhZ3g=3NBivr&}
z;fyu&Wmg6qW7v23LS|{m!`kY%M=II#oKIf%60>p>{<33->do1!e@j;63;C%=X2x8*
zD?jUEvA@iB-|%<BJX3QHNPj8%yt_Bt{Pn-tm)=J`i(X_c&JZXbYkKg!lrFdKyGaVa
z1k!K1?67Bvm9yOF9-o=_bw}V*OUYp8tPCrM@7)!z*Qwb^?am0;!gjw*hJjbFE^}$;
zyeaQyMKW2hi)7jm*=M0QuahCSe#-MX%nKdPJc-JB@m1)~>dTY(yB^&;yX?hdrf4md
zIX@I%RL!0AF{>edaxr_}zssEF{)|4~7y0bG6TV&1e*3j0)6XAf_mVX}Fk4FNWZT(`
zJHE>VM2Slkdj9b>&N-YJXL<Ns;rEM1Z<cz?tJm>qs>%BC_;ME*zOwo<*Yii*m&<Zm
z3-+B)UE<5y*sUM6YQy>6jB(DYYJMs;@lC%=CtLkql;QI7S8cua)90JtR7)5;UpeA?
zTKRa;#V2LUl;@p3y3?pwrQB$;vm1ZJgQxpuH2cieG+bL@vCnfWN1<lgH18j;G~TTh
znqb6r>zVpahIanTTlT&4O-W+7q<uABy`6Jc%*3$stQ|W&S|=Bt&6sBq&{%$Xo_V#d
z`Hsk>TS1d%|2}u-DPKVJ<s~{=M=jobl`a%oA?=X3XXX09Mm=8({hcmXCp<4$ZuC6p
z*Rcn`5A-iH){t1=#t{0%WI++*S@ZTobADJF_Bxmw&-^O7z&rf!#Z$E_O`q#dJ9+i&
z;-`vt>hCqK`Y6T4_qKCm;m_W(pKEl&n<|y`zt4PHwm_csZ;w8^hTM|CU1jP89sc@l
z-L{WDhg6s*s86?O`X=#YbK{&3IStn*=zCs|IQ2tk{;oeqvL5fXVtkr<{f))yb5~<x
zPVExxt@WREUHq=u9L_>}mV`^9>*u$hh?w%Rd&1(`s(U5<3MN{L{b}OLmr8B89<ZRn
zT;uTV88I_1WT?;Zk5js|^Kq^R!;4G2`8}6r8%|&KVc!*3^$3T3w(cTQI;WnAO`0G*
zFHio!jf%_7B~pv;?~yvC##F&Obw=NX7WGFnR)|mir^4N*QqkhSaINs%<%f=+c&)Li
zbqQmf^FHOf7j~SP?E6{!r^ftUwG3y{>{hDYo%lu7s*aQ4<lm*YD>}X~UZ{H|WEXH!
zFjDUbt6uWNveuGc3~Uvb8{W;HD*Z`9E$nMxSZSr<Jo%MNqh@`$`cX~8eTV&HMW^~N
z>UWh=9({6K8ZUA9YKy=01Jft&ml)q4v^%vpPx77F=bu4d$1@L2Kgzjl&Kl{}U)(JM
zC%=2J^%8#}%ir5Ja+hV#?>xnjUlp{J;d$*`wLc#6PcNR`CSi17c9B(_@II4sUv?b&
zn$lm<l(#XB=fsC8j|AnE{xkl#W^`b7U5Mp@%J`S*4{CMOV@!M9wrq>7`xY1cHOOmM
zb9jA+^X<KS)1z%&*iLaCxfrCs)c$I-^0M&M?-tB^GF@gep4;sgz4GnkKeCfgJY2i*
z2gib=zSHk~`}bhe7gfV$M@!;92s~V=U7PF~%(s0{+)LY1spj{F2WCs%nya*c=aWHN
zX3ybMA;C^>yV@Qt6Pxv6eNyCH_0{*|f`4%a@9Ozz(mBK2;gD^-2=k5p2S4kL56rH)
z#Oo@YJK0wA!2M6szCTXdoxJa9`0RE-k;nE|@Bd0%e#xKrM6h0(p(K;@(@&9#Womu@
z9wes(ooC1w@-+V$q<iqZrTGEgSJqG8ov(ftJpIY<ht~gNh39Q^ulRl8%z?A_qO%t*
zKR$u4Kkxlp#ZO8O+f|mYbBQ@q@oaJ4dbW4>f3IP@_vF&Dl<XC;(IOYvZYr#h|Fkc1
zXUyNHWsh{j*UyceRVjVBR_1%gjuWa~a=h^x&MOxkpZfci<FCN;y+S1~XMXCsG=K8(
z!}j_9E@_PWZ1OkEZudxk^8A%TUB?23_f}8q_MCmmS#vBm^TLJ__lsM!pVq{#x)bhw
zHh=p3x!=@J{c^c|HuRw@SDs0qI=}lwwu952pLuDMdgEujx^N1o;u6>Y4+7<slvD1<
zGw<nKCONtIhvV~|E`QgCo^BEn|CM{Ty`bz{pGijiWRr)n^YYA=)Mch*lx)AA*<SA>
z{I{?1$P(tf(hmlrc7bm07xSEo&3Ei{|1+22)cVOEq-+mpn-rE9R;y;{r8%B@BdwSC
zrt$YQm5b-jwilTH*&ez<+~1|+_{AN*83l8H&sjcO{La^$?xra^igH&|b7ls{9*<L9
z#xj>PeM;l8C5-Q0CcJBOSU*uuZqa1MY4cqs%H@7xwsBEYn7i;~h4_-wZ?&vf?4M_x
zv3%JjO_sJj+gjJeeOu*Ns*@1S=Jqq};{Fe9t0Y}J(odTHDR=W&=bF>{f7_ggJM5R_
zyllDr&)H69U(vfIa(S#aLVp@=)lYQ3er>w=nxlXFeJj+}U)6@>XBsY%x%bdbl*@MA
zm)UJBUGL`3-2J{&t@7uo+DnbX6X$5YvwyK^Ver({vs-mc&!5^*cVh01tw-9q_uVNh
zDXsY+Jn@<2wA7DZ8m679{&?(5+0UEY{025>7#gm621JF3oZ^&MOZA;@`|e5Uyso^5
zJZHJfT^V=1S#!MV0qgYNWnO6q8Ec+<xEIZLTVns{zHs;!2j=&0wH)0(Npx0ozcHU_
zR$Fv#SK4&(g2}ygdfz`pO!Euhu2Ug<;IC%G-|B`RRWaK|OZgP1cHW;Ercol|@K5BA
zUHr-b?XCaq*lbE0wmk`EzO%z}%@e&q^^8X=|85K0cJu8Y?fLgR_q|tVc&7j0EW_j6
zAG-|>C!NoHd+2F-%XH@Or1hOYyne(=KD^5Cpglb$LdNvSBG30<GaO#}%sdreciNnJ
z#iEyg=CNPDdL+>EQCR=}WeWR4_Pl6+v+Yw~-BBBj&-o`#zjtJdv%kckSz*3i|6N4<
zBvIWh%J+Hx<saC3PnKDl|Cx_|tpb1lCo{dLYnA8ZBpsi|oLfH6kYkF}#&zX=$DVRK
zly!faH>Z~4<r!bsWjiID&HR>!MPGDniSxUoxOVmXc00#ay6=6@-PD~GwWwV<Mz8X1
zad36bG`_U<>a@Fl^Y3krNU=LDb+>sP!wb9o4ePITl<rY<cym?5VY<V#_lic*OMjRo
zT)eRNjB;$#hVIA*-?C;{S+?Jnzoh=f^69%IG3`R9S8Ec3i`2@p?UrofIm+zMaDVFe
zGiR1chZ|pf<Xx;R^-KJ6?0Pwe>lH>z=4J3bVCvL9*vk-i-<@$+4*QnZuhizgWUFvy
z;y>Qgn&CJ5jo|-9I%0;)+FUM8IcfPt_)VSbX{Ic{@}TI@jg_heLVfGPmD~K^8eSBu
ztJt-5$35e!O$UAJcio)O%-Zsj??~ypEy?Pyca&Czonb$p$ed}v<!w@Pt>#kSPrMoD
z79Kz3!ti95#N`JyrzGV*%BJ$)y}~~`Y%OOe=acBO98=v-^|$zNueWXRp1fvLF5C3$
zS^E}F&|+QRCR?ojwPWRmsQ9=5zVGwfN?t$w7qvsKZ_6p~d*31zxAN{ck6L)azv7zG
zpE!deuXA;Lk1tf5R^GQQ^vk|aeXgksuGw0zbx$n(`Qo<8{zvksE1$5>+xz~Zq-|~a
zvKtGgou9f@r*z8H#H$;0UVA+G9uQ-EFjQb#=l;{F5n+~fF6TBX?&%QRC;svFN9i@&
zlnS!l+O~3T-0$#Byk+f6gGIHSvM-)qIFf9_d;a?Ao>cY?A=Y0n^BgaVkH5sqvngQF
zzDw)<ZnviEd~mc3ZmvJ=+){URUrbnz<kJHa6rCMa8}!}x?h0KVQgP1j(jq?QJ#9Ra
zRtb&Mt0!Jqv-I}AFVc+nW$R9rOMZUIBWWZOqNQ_Z)9R?LtG--$vEq*JvKWs^oIA^T
zKS&v+oCtVypxpGp^gbr>Y?pJ6f7~ZTKbmeM9o($w+{Wa;HT$~ChfAg*+uwiofADK{
z*xH*9+W*WlzRn|QBvQe&;F9YXwhehZKLl$1ioG$(@7R@u6B8D0S#ao(uJr2A)xV_c
z;uZ>8a(>KK2!AF0QUYw|rM4sNGrJc@Wx2d~e1}1*Xr<mO!vonTCM+yrj(<1J-Q4Kz
zKJ70}7XD|1mpVbsTXg7<ZZyce#h2c%Iu_b0Ibn8Y!}SS@&TT^M`?wkR-O<{%(CrD+
z5&!l(t1g|GZ)hrEl%k=#vh3}wI~DV+AE#!zOlv+Lu{Fy#an<LvJ12Q0jiyXvad^7%
zt4(BNd04dU2Z6;OrHrPiU0I%K*YC7Tu4dV<*FV!)80Qtbr~fyXn|rZ%I{)W;v%{af
zJ!x{WW@qH@zj8`%7g_cm&e+q&^HaJcd*z3?jfY(xXC)-RYdsTO@7`?Rutwg0`@iJ{
zy8`T=)@GeGXefRglD6W_(&^$kT|wKfZaHaL{5NFQiQlX{3Y0%{Pu!j_H09aL9ed`#
z`hK+d=b5t=Y1-2*-n~CHS-N5`lhOTOFQirW?3tjp{p0MGFaM?<`aVPB>3og@4<D}H
z`t+9ktjBrm2F31c7c!l)nej#Qa;)mrCkHm)T6g&T`KiAbuDN<J-}zaRrI+2$1Ke^?
zLUtcCjX4zldxOu+db#L0wPS8>l}yLHOiZ4?T%q%W^Fhe^m(N@d#7*Dx>2JlElbUtR
zu?vkp@d{PW;*@qjDzcy5y4Pi{-))gIq9OduCEtH9<G9WBVXu3`_L+?LrZl`yVt9Sl
ztA2*A|Lq_0DN#!wO?k8_<HTPX-noYta-I8NqTD3&{lk;6BIUP&74N5N)!f=3zvZOY
zqKoqtrJnj+Zkgn)ar?ON44Jz#?24FUrGNb6`S4V6wfk+8hgK~0N7f$B|26AUN??kx
z+YPDS$mVB<ghPJpkY-|Y-=M7^Uo<iG`3cE?%}Wn2nY8iAMGb$CgMZ)fy!LYU)~#D?
zlfB+;-?lySsp8J-1QP#PGw%<7TwZ$7?7CI%-Hz1?To2Ta<a!-(XIvl@@mu3B<6Pex
z_Y^Lx-JHjl`j~}T>;+rMwO+lC?3^3ky8W4!bm`GXXP<oQl=6%eqbHBwG@N;F_-wNL
z`|{XZg-we0d*AQieEClM*-e>U?|MI5K6UwQ$6mvGX=YSUO)299-@qv+<xZ&HZFM`<
zRhqN>`u1iS(>q2Jey*MIMa%2oc89Y5_L#_(&59H6Mj!hAVEc+Uq5iQNvphHJ_APvG
z^dX1wGPkV57eT$7Wejc-{f6=i4!@>f)O=*+ShmV{o3UO$r^D?`>qixnKGfzV=zbSk
z^7+8_Re#UF{LT8Y{K38JIiJ*5Z{WTC&RN>Y!oS<XzhU-VpX98WliqdrmF#@TYrZv;
zTW<b=te-PV?6y}myw{P_X88~syy`%AS9z<5%31#JUQg411cV%s`B~e%Cq(ylt@ILy
z|ExPF@XQYHc)OZ+hFMfq*c<0N$8~Z}=x$#6y`yG<N7b8!mcMUs7u_~hILpa<PAz<6
z>*tWGzYESs|F|31>aU^3d-Q&DPLzM?^0Pwq<&XDHdS18f`)}DoWfgtJ%5yg-eVaMa
zt9Qf2OFKh~H{Y+C;S_OGkFh*qUu=rp<WI8?*|<oF9Llt+Wctpt<>Wo3_XSP5J#(LF
z6y#s5`w`3bcpszLO!bfor3|)1{}Z{NZ(k^V?&hpN<<qN*dUSj4mkL}uxw$p<v5~>2
z-lxC$iaq<E*Y8z0pIm#hal`eaCdEpZ_5?i1I`LQc%KYW7??rxB@}KzoAn;lJ#*e4&
z9Ct93-e9;XZzJFN$@!ZM7~h`fowIYfj{kSt_}0DhKjgwYESv7{X>PdvGw6E7f*1QU
z%_jeT?G@SE?!(KV)cDm!Q@rofCe{a@bBq_r&Q0s@XJxtDasG|o*VgnIf3@yEtT@;*
z{X<V=#WnvOMt^u2&9}{s{1X@SU9M-w50$$oCxumuKgeD4&qmgAq8hv0l$)WqQmT6;
zta~aaoNlWLdRDpUYnFva)yi$#<htKU-VGFd-PLx`>p*Xtv?u==Mc4YwhKa@Rba#F?
zTxsx!<GA3H1M1v6TpQYXXP^Ejb;AA3q$Z_~C$Dbt&#?U+;5q$g!qQ}A$>tKyW5!qJ
z8*i(;#OQM4Y?|lVJ<CF7?N*I__EqwvyYcL4U+pW8cdPF2Ws%wRR<@Bn)WM2nVfcZy
z2e&V5?7wy*Y|5AQliMb$KK-fIDE>0VbKfSH;s-|#?Yv|Vxs2uNZB~~X1{v06c{)xE
z$?NaO+|zfedG2&)`w7+qGnO-bxUFT=JYV(v;%{~mA9-EZEi-u{&l0eiCE?tpg;gqh
zJ)F-?d7jpJ#%<%ov|Doa9<S72pY*(RBigg-aF^z9twmSeI!YJl|L{I(fBLPF<XhWm
zM;e))2jwwz)N;h}#c|X{?K@v-w)6FqD(y$lJ9K7#{atx+iNE;F(@WNVcl_fs`%OC2
z3a?Y1?rWFGl^?Z@Ke6}pfy+zIPV3*oEIO}SL0qA3#*_M;C*ockY=0x<x@zMLg*gXK
zr~jSBQvE(I(|ED%k*tnqx5K~v(hUthy#L~jXWq>fp>395Q<NHQFHi3HAChA3sOJAh
z^SQ_2?h6qozHa@yS7g)VB~9)*8`k`I@Ayu8_MM^=f@j1tKc#bi__C4LbtZoqS9r6(
z^N-^{tS@!z9=X4HQAK`Jq528G&5Ta=7sXcG^%MSJ5p|%b&-wT1zD+gKH@8eQpLni2
zu%sj0DR1Z7O6DVFcO5QuWn_PMcN2Ds?=-s~vV}M6+~3T;1(6Kl^FBq#zqzZ=eWO<A
zdz{j(E@?rVOyfPwFW+o?`Z|vBm)fGrty2=S*YO_sS!;dEL`ik74C5BtCuuh>?T!{<
zRCnNMo)cRft)o2IJ(F$ob4{))_D|)veHlHHn@T)RE_!cjcDZ-kw}ngYzHNTfueYh@
z|JQ9rJv}zlvU1Mup7P8kefHTZ*_69}`f+KKJD+rKarmtB{KMbWi#@l!j(g_ro2Ox|
zufBQ$=RSrj(y1XAZ!f-EeC00Nrn!aZ|6F3a_daL;^-iySE;&1M12p|v<25CpaSNK5
z-)O59oV9vo#7wi>;yX<*Nw<Eve(MY)f2GfaJ=~Rk4s&~73npEO*P0rz^NF%p)%}la
z_EsDV`}+J%^|ZxGZcj4YBBh=h+lk*6)^@7Cb6xoR^Xe1pH#V=kz&88XvYcfT=ihy|
z{iwgN?u=*Lx7hS2eUes})iD()i#mSVHrS-n%1x~z%jufr_tkGJCm!Y$w?36E`fl^>
z=GR%LrXK$1Y9@R-anZ(iQv#cdJ>tXKu4O0xcqYHA<u8++O6LLTw>EB-naZbFABb6>
z+PW*Ibndyb<0lS!hT7&_+nsZ2(x#hhO27R&`|YCqr(c{6-`oxP`8M5*oO;E1s>_F^
zogd^HUX>duU3$puo;Tn5o&A*$h4)W|Fu&)EK6+pEut8W=SOt?@|J?|^*63J<8@U~C
zSC(?DczUWmLYcQ>vq?<W<nm0lZ!04Gg?^vqsysLGlIN6;MKeNHX1z9<vqksR@tmW@
z`;JtXOei{iINz_ucKO8qwCLTZCjEb_SJ=8JQsd{e*RIU-v>bj*-j}YNq3ZBwN6Y7(
z?=$Cx$DXQ*G<>#}D`{Q9>;*CJnWSc$P7ZFr<-_Xbldvn)>uJ)TH`Sp<E9Z3O3F!sC
zwFx=%;-t2o$k7+tQbnsb%h=lUFxc@q>~VP|ar=zBriL`rhtmvK^^bfBy`OAyw^NPl
zMBfrk*6+1bwH{mz+}4nnY_jC0nSzaL+tiN?cRdW#uL!<fyXx!=`AHAAOt$#4Tx?eA
z{H@ayGdE4QfA=Nh&eWs}DN3^b+isXyGOn;Wu-)R8Uh0I0Ohux~b5~|exO}8XVB<#L
zEt$WWkA6G%gWqP4(vNwk1>()Q0#-j_ymzi>?TU@3t)5zRhAr@#zUQ8=<(m`T-XD0v
z<I@==Osmf&pJAJDc6({mG<Lp<N`;UAn!8_maLb;WnfGtSBEAaCQ_lB(cOSF1o_cyE
z<D&Zv0iB6+GTuC1_;*wDLz|%V6PMTgs(-M(@c;LVHtu03LVd4HdU)c(yJYqTosQ*6
z3mfH`)7D=S$h<J+BWv!)2ZBZ_cBc=EeVxm#u_yA(=Tik@(R<7vE$v{d+u?m@VquBR
znvyv^710N_N6-1$WwNW;lp$T-GT^dpaNDalKb7ac$a(og%4_ilE3MhLUM0>d+Q(co
z^X!?4imN}pF%r#56Waaq$l93xqACCFw(j2@GLgw)cFmEedaOsR>V+JZZ1Qt>Gvm#K
z$F@JGEn8gVas2J>OYdjjWADvLb4;&v{S+AK=4xMU)BS9!@{zN?;oFtJ>le<rH|M<7
zwWB7RV%#>(5wV?m-fP=TN9KLI53tmo)7%qq=R{2F^U{oY(F_iEIqJk?81{+Z;l3m5
z6MXFQ1I~n5J2RI3$Y0c89`xd?jOag;*}ZyVNzA)EE!7NN9<O@6&~{VP9EGB?thI)v
zDL2<$^|E;L+h<+4<)=FlmHsg*(lyH7EA@+>bWi=A61``VUvKH7xSwqDo_1nhkKgL>
zp5?AsnV72dw^;W4V%~xUy7Kc+e2qH(_xkQ7+mA1eIX~&o?bBV`c0JR(KVNt?|Eeo*
z?f=FzZVqQK`+BgwaASi3V-IiH5??d9S*q9DC&XDw??}DzsyfB*8S~CEr$3Hnky!^O
zT0J#g^FP4kKp&riuKwZt-+w=|^6$D>@_-?>FYI*oyn~5$wt-bQUnQ*+I8bi7qdVa&
zvs{|7wX9Ob)mWdRH$S*oX1r&K*L-Gk?P#!YYSx0!Uu1P^LVoeHNc4+cKJd(fA$==P
zwfwQKMHd%EB)*Vy4&B@RENq`a`t9i_tLnY2nr-{OZ1?>2{qd=XtkxXgb`{T^>&{ad
z*S#fU!G8ZOyF{6unViw@+Md9v;qgAIa(%@azMKUzLcNFg&i8&kMe~;SSpj94_aD}p
zY^eNEy;@gxmULd&!{kkSbE3c4KYQ{(=VN88{<G<um&EmKGksS6bZ(wVg8GW$Pq|Zd
z{bf2Y%zYIXqc75{6}*M_`G-E^3tt*zwf5b%R`IQSeEse-)=4h?r^^4gZ|I8)xTohE
zcjTdE?5V0v&MX_&PC569gR${q(EOEw=bZjjFrM6|<Q?qlE2(&9`*mjVQ`7khS>7$x
zz8jU<f82}RSmyi>uX$VD#mYWd>l}M8n#5-1=BB@^b7kQtnO)uM9Id#$ZpMVL99R>4
zA!H?M@xK>AhFeWT?oFO37<@r#<?}1g)D`#k#+lu-+4_IYTk%U0<{1YPH|v<@=^i**
za$jg)K-*No-|_BG-(590CRn#~Pm1kIncYX9{aASRXwJeV+k-wC3jefl+_G5NwYfH~
z>W{W-+)b0qIWMnTtdTs+sc~n2(509R>ALbOB6`)^S+^CvQ0x0E&T-?9&aCQrhx1;#
z@xL(1W4wQD()|-$TMTCv{qdH(yw;DQyKWk<OL3z65y@L8^{PXkc+9l0?*13_Z?!VF
zTg$(oxJxVNYVQ62a?!(_$$$JD|5VNPow-bQ*VMV1yfg2~3qRR?`{4AsH=~ov*C{B}
zuFlxVn^W|7Y4OgGwyV>w-29y@wdm7}EpMOR546%z_tjXZEV_NQ7{lDnOPVbX8O~BJ
zxcL3rOh0%2gsMCD^a}N@r>0f7DZjkJH~E-f|D=9F`|}gkncnSGk~Tb^Gg0t757V;6
zdbi&HojPmxm4(4q=l?tR`f22R>nHbH{(StDtNd?gw@c-W$JfLP&ZphnpHz^UwOfjT
zuhZ@S#2bq;SFcr7e(L<BR%c`JWX>C>3+I<P-FtI<wt~=Y6>0Xn_n%oldcn9s{GqOo
z=h4t@GK=;-yz`gm;g|5WjUS4AHGeiA`Qz~U==DuA4ojY&n8A8v?hB#gik9x?*A?qx
ztfo)C*>CQs@-FSlp<5OQ9wtc6`jg<LnU}R%rdu^d^wIs;GrVnH(=Bd2U3G4EOvBc$
zo@FIbwbq8-K9&MpCj%b6P!-)KZ9XwELiOwOeY};+D!gLWu|(Zkq3xCK_BLyRrrdvl
zvpNhB=h(L#nL2spoRWLW&!){j;$wJ+@q`R#oUZK4fLXFUAEdfkcf4rc=5g!dDv$SP
zQ~M|HDdRN`d6TiIe@1qO{#vc4r%o#0T46pz=#y-$z8W)=ZtaWAOHX2$o;$B&++byE
qY4O`X`h&;P_<gg(zWit6Vc7im=j$hXmMef3f_l38xvX<aXaWFMrqM6}

literal 0
HcmV?d00001

diff --git a/builds/cbioapp/portal.properties b/builds/cbioapp/portal.properties
new file mode 100644
index 0000000..c39b3cc
--- /dev/null
+++ b/builds/cbioapp/portal.properties
@@ -0,0 +1,218 @@
+# app name
+app.name=cbioportal1
+
+# database
+db.user=cbio
+db.password=P@ssword1
+db.host=cbiodb
+db.portal_db_name=cbioportal
+db.driver=com.mysql.jdbc.Driver
+db.connection_string=jdbc:mysql://cbiodb/
+db.tomcat_resource_name=jdbc/cbioportal
+# this should normally be set to false. In some cases you could set this to true (e.g. for testing a feature of a newer release that is not related to the schema change in expected db version above):
+db.suppress_schema_version_mismatch_errors=false
+app.version=${timestamp}
+db.version=${db.version}
+
+# web page cosmetics
+skin.title=EurOPDX cBioPortal
+skin.email_contact=it at europdx eu
+skin.authorization_message=Access to this portal is only available to authorized users of EurOPDX consortium.
+skin.example_study_queries=tcga\ntcga -provisional\ntcga -moratorium\ntcga OR icgc\n-"cell line"\nprostate mskcc\nesophageal OR stomach\nserous\nbreast
+skin.data_sets_header=The portal currently contains data from the following cancer genomics studies.  The table below lists the number of available samples per data type and tumor.
+skin.data_sets_footer=
+#skin.examples_right_column_html=<ul><li><a href="case.do#/patient?studyId=ucec_tcga_pub&caseId=TCGA-BK-A0CC">Patient view of an endometrial cancer case</a></li></ul>
+
+# documentation pages
+#skin.documentation.baseurl=https://raw.githubusercontent.com/cBioPortal/cbioportal/master/docs/
+skin.documentation.baseurl=https://gitlab.ics.muni.cz/europdx/cbioportal/cbio-public-info/raw/master/
+skin.documentation.markdown=true
+skin.documentation.faq=FAQ.md
+skin.documentation.about=About-Us.md
+skin.documentation.skin.news=News.md
+skin.documentation.oql=Onco-Query-Language.md
+
+# setting controlling the logos
+skin.right_logo=logo_EurOPDX.png
+skin.tag_line_image=tag_line.png
+
+# setting controlling which tabs to hide.
+skin.show_news_tab=true
+skin.show_data_tab=true
+skin.show_web_api_tab=true
+skin.show_r_matlab_tab=true
+skin.show_tutorials_tab=false
+skin.show_faqs_tab=true
+skin.show_tools_tab=true
+skin.show_about_tab=true
+
+# settings controlling the whats new blurb
+skin.right_nav.whats_new_blurb=<a class="twitter-timeline" href="https://twitter.com/europdx" data-tweet-limit="1"> Tweets by @EurOPDX </a>
+
+# setting controlling the blurb
+skin.blurb=<p>Welcome to the european instance of cBioPortal which provides <b>visualization</b>, <b>analysis</b> and <b>download</b> of large-scale cancer genomics datasets of EurOPDX consortium. This portal is run by <a href="https://www.cerit-sc.cz/about/news/cerit-sc-member-participates-in-eu-h2020-project-as-the-it-task-leader">Masaryk University</a> for <a href="https://cordis.europa.eu/project/rcn/212589_en.html">EDIReX: European Distributed Infrastructure for Research on patient-derived cancer Xenografts</a> project with kind support of cBioPortal developers from Weill Cornell Medicine (WCM, New York, NY, USA).</p><p>Please adhere to <u><a href="http://cancergenome.nih.gov/abouttcga/policies/publicationguidelines"> the TCGA publication guidelines</a></u> when using TCGA data in your publications.</p> <p><b>Please cite</b> <a href="http://www.ncbi.nlm.nih.gov/pubmed/23550210">Gao et al. <i>Sci. Signal.</i> 2013</a> &amp;  <a href="http://cancerdiscovery.aacrjournals.org/content/2/5/401.abstract">Cerami et al. <i>Cancer Discov.</i> 2012</a> when publishing results based on cBioPortal.</p>
+
+# setting controlling the footer
+skin.footer= | <a href="http://www.mskcc.org/mskcc/html/44.cfm">MSKCC</a> | <a href="http://europdx.eu/">EurOPDX</a> | <a href="http://www.ics.muni.cz/">ICS MU</a>
+
+# setting controlling html for the contact
+skin.login.contact_html=If you think you have received this message in error, please contact us at <a style="color:#FF0000" href="mailto:europdx-cbioportal@googlegroups.com">europdx-cbioportal@googlegroups.com</a>
+
+# setting controlling the saml registration
+skin.login.saml.registration_html=Sign in
+
+# settings controlling what to show in the right navigation bar
+skin.right_nav.show_data_sets=true
+skin.right_nav.show_examples=true
+skin.right_nav.show_testimonials=false
+
+# settings controlling what to show in the right navigation bar
+skin.study_view.link_text=To build your own case set, try out our enhanced Study View.
+
+# authentication
+## is authorization enabled at all? (true, false)
+authorization=false
+## enable and set this property to specify a study group to be used to identify public studies for which no specific authorization entries are needed in the `authorities` table
+# always_show_study_group=
+## which method of authentication to use (false, googleplus, saml, openid, ad, ldap, noauthsessionservice)
+authenticate=false
+## Should the permissions for groups and users be filtered by this instance's app.name?
+## (true means the system only handles "CBIOPORTAL:someGroupPermission" groups, false means "someGroupPermission" works)
+filter_groups_by_appname=true
+## settings to connect to googleplus auth infrastructure
+googleplus.consumer.key=
+googleplus.consumer.secret=
+
+## SAML settings
+saml.sp.metadata.entityid=
+saml.idp.metadata.location=
+saml.idp.metadata.entityid=
+# saml keystore settings:
+saml.keystore.location=
+saml.keystore.password=
+saml.keystore.private-key.key=
+saml.keystore.private-key.password=
+saml.keystore.default-key=
+# How to send SAML request messages to the IDP.
+# Set to "specificBinding" to configure specific binding:
+saml.idp.comm.binding.settings=defaultBinding
+# Configure the specific binding if above is specificBinding. Leave empty if defaultBinding.
+# Options: bindings:HTTP-POST, bindings:HTTP-Redirect, bindings:PAOS, profiles:holder-of-key:SSO:browser
+saml.idp.comm.binding.type=
+# Change this to configure your custom UserDetails parser (default: org.cbioportal.security.spring.authentication.saml.SAMLUserDetailsServiceImpl)
+saml.custom.userservice.class=org.cbioportal.security.spring.authentication.saml.SAMLUserDetailsServiceImpl
+# Change this to configure to configure a custom logout URL: (default: /login.jsp?logout_success=true)
+saml.logout.url=/login.jsp?logout_success=true
+
+## settings to connect to an Active Directory domain controller
+ad.domain=
+ad.url=
+## configuration for the LDAP access
+ldap.user_search_base=DC=example,DC=com
+ldap.url=ldap://ldap.example.com
+ldap.manager.dn=CN=manager-user,DC=example,DC=com
+ldap.manager.password=PASSWORD
+## The following attributes for are good for ActiveDirectory, for OpenLDAP use "uid" for username
+ldap.attributes.username=sAMAccountName
+#ldap.attributes.username=uid
+ldap.attributes.last_name=sn
+ldap.attributes.given_name=givenName
+ldap.attributes.email=mail
+
+# study view settings
+# always show studies with this group
+always_show_study_group=
+mdacc.heatmap.study.meta.url=//bioinformatics.mdanderson.org/study2url?studyid=
+mdacc.heatmap.study.url=//bioinformatics.mdanderson.org/TCGA/NGCHMPortal/?
+
+# patient view settings
+patient_view_placeholder=false
+patient_view_genomic_overview_cna_cutoff=0.2,1.5
+digitalslidearchive.iframe.url=http://cancer.digitalslidearchive.net/index_mskcc.php?slide_name=
+digitalslidearchive.meta.url=http://cancer.digitalslidearchive.net/local_php/get_slide_list_from_db_groupid_not_needed.php?slide_name_filter=
+tumor_image.url=http://cbio.mskcc.org/cancergenomics/tcga-tumor-images/
+tcga_path_report.url=https://github.com/cbioportal/datahub/raw/master/tcga/pathology_reports/pathology_reports.txt
+mdacc.heatmap.patient.url=//bioinformatics.mdanderson.org/TCGA/NGCHMPortal/?participant=
+mdacc.heatmap.meta.url=//bioinformatics.mdanderson.org/participant2maps?participant=
+
+# various url's
+segfile.url=http://cbio.mskcc.org/cancergenomics/gdac-portal/seg/
+
+# Enable OncoKB annotation (true, false)
+show.oncokb=true
+
+# Enable Chang's hotspot list (true, false)
+show.hotspot=true
+hotspots.url=http://cancerhotspots.org/api/
+
+# Enable Civic variant annotation (true, false)
+show.civic=false
+
+# Link to My Cancer Genome. Please disable (set to false) when using cBioPortal with patient identifiable data due My Cancer Genome license restrictions.
+mycancergenome.show=true
+
+# igv bam linking
+igv.bam.linking=
+# colon delimited
+igv.bam.linking.studies=
+openssl.binary=
+signature.key=
+encryption.key=
+broad.bam.url=
+broad.bam.checking.url=
+
+# pathway settings
+include_networks=true
+pathway_commons.url=http://www.pathwaycommons.org/pc2
+
+# bitly, please use your bitly user and apiKey
+bitly.url=
+# the new API uses the v3 of bitly API, and a java library to make the API call, so you only need to provide the access token
+bitly.access.token=
+
+# google analytics
+google_analytics_profile_id=UA-120520301-1
+
+# genomespace linking
+genomespace=true
+
+# set this to true if you update cancer studies in your production database without shutting the web server
+recache_study_after_update=false
+
+# session-service url: http://[host]:[port]/[session_service_app]/api/sessions/[portal_instance]/
+# example session-service url: http://localhost:8080/session_service/api/sessions/public_portal/
+# see: https://github.com/cBioPortal/session-service
+# excluding this value or setting it to an empty string will revert to the previous bookmarking method
+# WARNING: do not use session service with authenticate=false
+#  either use authentication or change to authenticate=noauthsessionservice
+session.service.url=
+# Only allow requests from here:
+#  e.g. session.service.origin=http://dashi-dev.cbio.mskcc.org:8080
+session.service.origin=*
+
+# disabled tabs, | delimited
+# possible values: cancer_types_summary, mutual_exclusivity, plots, mutations, co_expression, enrichments, survival, network, download, bookmark, IGV
+disabled_tabs=
+
+# study ids and categories to force to top of study selector
+# format is category1#study1a,study1b,study1c;category2#study2
+priority_studies=
+
+# species and genomic information
+species=human
+ncbi.build=37
+ucsc.build=hg19
+
+# default view in oncoprint (sample, patient (default))
+oncoprint.defaultview=patient
+
+# OncoPrint driver mutation annotations
+# oncoprint.custom_driver_annotation.binary.menu_label=Custom driver annotation
+# oncoprint.custom_driver_annotation.tiers.menu_label=Custom driver tiers
+# oncoprint.custom_driver_annotation.default=true
+# oncoprint.custom_driver_tiers_annotation.default=true
+# oncoprint.oncokb_hotspots.default=custom
+# oncoprint.hide_vus.default=false
+
+# Custom gene sets
+# querypage.setsofgenes.location=file:/<path>
diff --git a/builds/cbioapp/settings.xml b/builds/cbioapp/settings.xml
new file mode 100644
index 0000000..55f7437
--- /dev/null
+++ b/builds/cbioapp/settings.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0"?>
+<settings>
+  <servers>
+    <server>
+      <id>settingsKey</id>
+      <username>cbio</username>
+      <password>P@ssword1</password>
+   </server>
+ </servers>
+</settings>
\ No newline at end of file
diff --git a/builds/cbioapp/start.sh b/builds/cbioapp/start.sh
new file mode 100644
index 0000000..f3d2532
--- /dev/null
+++ b/builds/cbioapp/start.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+find $PWD/core/src/main/scripts/ -type f -executable \! -name '*.pl'  -print0 | xargs -0 -- ln -st /usr/local/bin
+
+sed -i "s/cbiodb/${DBHOST}/g" /cbioportal/portal.properties &&
+sed -i "s/cbiodb/$DBHOST/g" /usr/local/tomcat/conf/context.xml
+
+mv $CATALINA_HOME/webapps/cbioportal.war $CATALINA_HOME/webapps/${MOVE}.war
+sh $CATALINA_HOME/bin/catalina.sh run
diff --git a/builds/cbiodb/.gitlab-ci.yml b/builds/cbiodb/.gitlab-ci.yml
new file mode 100644
index 0000000..08a0000
--- /dev/null
+++ b/builds/cbiodb/.gitlab-ci.yml
@@ -0,0 +1,28 @@
+# This file is a template, and might need editing before it works on your project.
+# Official docker image.
+image: docker:latest
+
+services:
+  - docker:dind
+
+before_script:
+  - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
+
+build-master:
+  stage: build
+  script:
+#    - export DOCKER_CONTENT_TRUST=1
+    - docker build --pull -t "$CI_REGISTRY_IMAGE" .
+    - docker push "$CI_REGISTRY_IMAGE"
+  only:
+    - master
+
+build:
+  stage: build
+  script:
+#    - export DOCKER_CONTENT_TRUST=1
+    - docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" .
+    - export DOCKER_CONTENT_TRUST=0
+    - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
+  except:
+    - master
diff --git a/builds/cbiodb/Dockerfile b/builds/cbiodb/Dockerfile
new file mode 100644
index 0000000..c81e2ab
--- /dev/null
+++ b/builds/cbiodb/Dockerfile
@@ -0,0 +1,24 @@
+FROM registry.gitlab.ics.muni.cz:443/2780/mysql
+MAINTAINER Luboslav Pivarc <456130@muni.cz>
+
+# Copy the database schema to the /data directory
+COPY files/run_db files/init_db /tmp/
+RUN chmod +x /tmp/run_db && chmod +x /tmp/init_db
+#ADD http://dior.ics.muni.cz/~cuda/seed-cbioportal_hg19_v2.4.0.sql /tmp/
+#ADD http://dior.ics.muni.cz/~cuda/cgds.sql /tmp/
+
+ADD https://raw.githubusercontent.com/cBioPortal/cbioportal/v2.0.0/db-scripts/src/main/resources/cgds.sql /tmp/
+ADD ./seed-cbioportal_hg19_v2.7.3.sql /tmp/
+
+# init_db will create the default
+# database from epcis_schema.sql, then
+# stop mysqld, and finally copy the /var/lib/mysql directory
+# to default_mysql_db.tar.gz
+RUN /tmp/init_db
+
+# run_db starts mysqld, but first it checks
+# to see if the /var/lib/mysql directory is empty, if
+# it is it is seeded with default_mysql_db.tar.gz before
+# the mysql is fired up
+
+ENTRYPOINT "/tmp/run_db"
diff --git a/builds/cbiodb/README.md b/builds/cbiodb/README.md
new file mode 100644
index 0000000..10c3e8a
--- /dev/null
+++ b/builds/cbiodb/README.md
@@ -0,0 +1 @@
+# Cbioportal database
\ No newline at end of file
diff --git a/builds/cbiodb/env/.env b/builds/cbiodb/env/.env
new file mode 100644
index 0000000..d5b67e3
--- /dev/null
+++ b/builds/cbiodb/env/.env
@@ -0,0 +1,5 @@
+MYSQL_ROOT_PASSWORD=P@ssword1
+MYSQL_USER=cbio
+MYSQL_PASSWORD=P@ssword1
+MYSQL_DATABASE=cbioportal
+
diff --git a/builds/cbiodb/files/init_db b/builds/cbiodb/files/init_db
new file mode 100644
index 0000000..67bcd18
--- /dev/null
+++ b/builds/cbiodb/files/init_db
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+# Initialize MySQL database.
+# ADD this file into the container via Dockerfile.
+# Assuming you specify a VOLUME ["/var/lib/mysql"] or `-v /var/lib/mysql` on the `docker run` command…
+# Once built, do e.g. `docker run your_image /path/to/docker-mysql-initialize.sh`
+# Again, make sure MySQL is persisting data outside the container for this to have any effect.
+
+set -e
+set -x
+
+#mysql_install_db --datadir=/var/lib/mysql
+/usr/sbin/mysqld -u mysql --initialize-insecure
+
+# Start the MySQL daemon in the background.
+#/usr/sbin/mysqld &
+/usr/sbin/mysqld -u mysql &
+mysql_pid=$!
+
+#until mysqladmin ping >/dev/null 2>&1; do
+#  echo -n "."; sleep 0.2
+#done
+sleep 20
+echo "probouzim se"
+
+# Permit root login without password from outside container.
+#mysql -e "GRANT ALL ON *.* TO root@'%' IDENTIFIED BY '' WITH GRANT OPTION"
+
+mysql -e "GRANT ALL ON *.* to cbio@'%' IDENTIFIED BY 'P@ssword1';"
+
+
+# create the default database from the ADDed file.
+
+mysql -e "create database cbioportal;"
+cat /tmp/cgds.sql | mysql cbioportal
+# cat /tmp/seed-cbioportal_hg19_v2.4.0.sql |mysql cbioportal
+cat /tmp/seed-cbioportal_hg19_v2.7.3.sql |mysql cbioportal
+
+# Tell the MySQL daemon to shutdown.
+mysqladmin shutdown
+
+# Wait for the MySQL daemon to exit.
+wait $mysql_pid
+
+# create a tar file with the database as it currently exists
+#tar czvf default_mysql.tar.gz /var/lib/mysql
+
+# the tarfile contains the initialized state of the database.
+# when the container is started, if the database is empty (/var/lib/mysql)
+# then it is unpacked from default_mysql.tar.gz from
+# the ENTRYPOINT /tmp/run_db script
diff --git a/builds/cbiodb/files/run_db b/builds/cbiodb/files/run_db
new file mode 100644
index 0000000..9998897
--- /dev/null
+++ b/builds/cbiodb/files/run_db
@@ -0,0 +1,10 @@
+#!/bin/bash
+# start db
+
+set -e
+set -x
+
+# first, if the /var/lib/mysql directory is empty, unpack it from our predefined db
+# [ "$(ls -A /var/lib/mysql)" ] && echo "Running with existing database in /var/lib/mysql" || ( echo 'Populate initial db'; tar xpzvf default_mysql.tar.gz )
+
+/usr/sbin/mysqld -u mysql
\ No newline at end of file
diff --git a/builds/cbiodb/mysql/conf/mysql.conf b/builds/cbiodb/mysql/conf/mysql.conf
new file mode 100644
index 0000000..7d079f5
--- /dev/null
+++ b/builds/cbiodb/mysql/conf/mysql.conf
@@ -0,0 +1,57 @@
+# Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
+
+#
+# The MySQL  Server configuration file.
+#
+# For explanations see
+# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
+
+[mysqld]
+pid-file	= /var/run/mysqld/mysqld.pid
+socket		= /var/run/mysqld/mysqld.sock
+datadir		= /var/lib/mysql
+#log-error	= /var/log/mysql/error.log
+# By default we only accept connections from localhost
+#bind-address	= 127.0.0.1
+# Disabling symbolic-links is recommended to prevent assorted security risks
+symbolic-links=0
+
+#
+# * Fine Tuning
+#
+
+key_buffer_size         = 4G
+max_heap_table_size     = 512M
+tmp_table_size          = 512M
+max_allowed_packet      = 256M
+thread_stack            = 256K
+thread_cache_size       = 20
+# This replaces the startup script and checks MyISAM tables if needed
+# the first time they are touched
+myisam-recover-options  = BACKUP
+max_connections        = 214
+#table_cache            = 64
+#thread_concurrency     = 10
+#
+# * Query Cache Configuration
+#
+query_cache_limit       = 1M
+query_cache_size        = 0
+query_cache_type        = 0
+
+
+join_buffer_size = 16M
+table_open_cache = 400
diff --git a/builds/cbiodb/mysql/docker-entrypoint-initdb.d/.gitignore b/builds/cbiodb/mysql/docker-entrypoint-initdb.d/.gitignore
new file mode 100644
index 0000000..5e7d273
--- /dev/null
+++ b/builds/cbiodb/mysql/docker-entrypoint-initdb.d/.gitignore
@@ -0,0 +1,4 @@
+# Ignore everything in this directory
+*
+# Except this file
+!.gitignore
diff --git a/builds/job/Dockerfile b/builds/job/Dockerfile
new file mode 100644
index 0000000..4f73623
--- /dev/null
+++ b/builds/job/Dockerfile
@@ -0,0 +1,4 @@
+From appropriate/curl
+MAINTAINER Luboslav Pivarc <456130@muni.cz>
+
+CMD curl -X DELETE 'cbio-api/v1/cbioondemand?id=${INSTANCE}&user.userId=${USER}'
diff --git a/yaml/cbio-api/api-deployment.yml b/yaml/cbio-api/api-deployment.yml
new file mode 100644
index 0000000..b783118
--- /dev/null
+++ b/yaml/cbio-api/api-deployment.yml
@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: cbio-on-demand
+  name: cbio-api
+  annotations:
+    maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+  selector:
+    matchLabels:
+      app: cbio-api
+      type: ondemand
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: cbio-api
+        type: ondemand
+    spec:
+      containers:
+      - name: cbio-api
+        image: lpivo/api:tr1
+        ports:
+        - name: http
+          containerPort: 8080
+        livenessProbe:
+          httpGet:
+            path: /actuator/health
+            port: http
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          timeoutSeconds: 1
+          successThreshold: 1
+          failureThreshold: 2
+        readinessProbe:
+          httpGet:
+            path: /actuator/health
+            port: http
+          initialDelaySeconds: 1
+          periodSeconds: 10
+          timeoutSeconds: 1
+          successThreshold: 1
+          failureThreshold: 2
diff --git a/yaml/cbio-api/api-service.yml b/yaml/cbio-api/api-service.yml
new file mode 100644
index 0000000..00a9d40
--- /dev/null
+++ b/yaml/cbio-api/api-service.yml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: cbio-api
+  namespace: cbio-on-demand
+  labels:
+    app: cbio-api
+    type: ondemand
+  annotations:
+    maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+  selector:
+    app: cbio-api
+    type: ondemand
+  ports:
+  - port: 80
+    targetPort: http
diff --git a/yaml/cbio-api/identifier.yml b/yaml/cbio-api/identifier.yml
new file mode 100644
index 0000000..9eda808
--- /dev/null
+++ b/yaml/cbio-api/identifier.yml
@@ -0,0 +1,7 @@
+apiVersion: example.com/v1beta1
+kind: identifier
+metadata:
+  generateName: cod
+  namespace: cbio-on-demand
+  # annotations:
+  #   maintainer: Luboslav Pivarc <456130@muni.cz>
diff --git a/yaml/cbio-api/registerIdentifier.yml b/yaml/cbio-api/registerIdentifier.yml
new file mode 100644
index 0000000..9a95b94
--- /dev/null
+++ b/yaml/cbio-api/registerIdentifier.yml
@@ -0,0 +1,14 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: identifiers.example.com
+  annotations:
+    maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+  scope: Namespaced
+  group: example.com
+  version: v1beta1
+  names:
+    kind: identifier
+    singular: identifier
+    plural: identifiers
diff --git a/yaml/cbio-app/cbio-replicaset.yml b/yaml/cbio-app/cbio-replicaset.yml
new file mode 100644
index 0000000..3e4e1c9
--- /dev/null
+++ b/yaml/cbio-app/cbio-replicaset.yml
@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: ReplicaSet
+metadata:
+  generateName: cbio-on-demand
+  namespace: cbio-on-demand
+  labels:
+    app: cbio
+    type: ondemand
+  annotations:
+    maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cbio
+      type: ondemand
+      # generated by API by user id from request
+      #user: Luboslav
+      # generated by API unique for user
+      #instance: "1"
+  template:
+    metadata:
+      labels:
+        app: cbio
+        type: ondemand
+        # generated by API by user id from request
+        #user: Luboslav
+        # generated by API unique for user
+        #instance: "1"
+    spec:
+      containers:
+      - name: cbio
+        image: lpivo/cbioportal:test7
+        ports:
+        - name: http
+          containerPort: 8080
+        env:
+        - name: DBHOST
+        # generated by API from service name
+          value: cbio-on-demand-dbpjvrw
+        - name: IMPORT
+          value: /etc/data-loading/cbio-client.py
+        - name: ID
+        # generated by API from user request
+          value: "4"
+        - name: MOVE
+        #generated by API from generated url
+          value: cbioportal
+        # lifecycle:
+        #   postStart:
+        #     exec:
+        #       command: ["python3", "$IMPORT"]
diff --git a/yaml/cbio-app/cbio-service.yml b/yaml/cbio-app/cbio-service.yml
new file mode 100644
index 0000000..bbcfabd
--- /dev/null
+++ b/yaml/cbio-app/cbio-service.yml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Service
+metadata:
+  generateName: cbio-on-demand
+  namespace: cbio-on-demand
+  labels:
+    app: cbio
+    type: ondemand
+    # generated by API by user id from request
+    #user: Luboslav
+    # generated by API unique for user
+    #instance: "1"
+  annotations:
+    maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+  selector:
+    app: cbio
+    type: ondemand
+    # generated by API by user id from request
+    #user: Luboslav
+    # generated by API unique for user
+    #instance: "1"
+  ports:
+  - port: 80
+    targetPort: http
diff --git a/yaml/cbio-db/cbiodb-replicaset.yml b/yaml/cbio-db/cbiodb-replicaset.yml
new file mode 100644
index 0000000..741744a
--- /dev/null
+++ b/yaml/cbio-db/cbiodb-replicaset.yml
@@ -0,0 +1,71 @@
+apiVersion: apps/v1
+kind: ReplicaSet
+metadata:
+  generateName: cbiodb
+  namespace: cbio-on-demand
+  annotations:
+    maintainer: Luboslav Pivarc <456130@muni.cz>
+  labels:
+    app: cbioDB
+    type: ondemand
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cbioDB
+      type: ondemand
+      # generated by API by user id from request
+      #user: Luboslav
+      # generated by API unique for user
+      #instance: "1"
+  template:
+    metadata:
+      labels:
+        app: cbioDB
+        type: ondemand
+        # generated by API by user id from request
+        #user: Luboslav
+        # generated by API unique for user
+        #instance: "1"
+    spec:
+      containers:
+      - name: cbio
+        image: lpivo/cbiodb:v1
+        ports:
+        - name: mysql
+          containerPort: 3306
+        livenessProbe:
+          exec:
+            command:
+              - sh
+              - -c
+              - "mysqladmin ping -u cbio -pP@ssword1"
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 5
+          successThreshold: 1
+          failureThreshold: 3
+        readinessProbe:
+          exec:
+            command:
+              - sh
+              - -c
+              - "mysqladmin ping -u cbio -pP@ssword1"
+          initialDelaySeconds:  5
+          periodSeconds: 10
+          timeoutSeconds: 1
+          successThreshold: 1
+          failureThreshold: 3
+        volumeMounts:
+        - name: config
+          mountPath: /etc/mysql/mysql.conf.d
+          subPath: mysql.conf.d
+          readOnly: true
+        envFrom:
+            - secretRef:
+                name: mysql-env
+      # we use 1 config for all on-demand databeses
+      volumes:
+      - name: config
+        configMap:
+          name: mysql-cbio-db
diff --git a/yaml/cbio-db/cbiodb-service.yml b/yaml/cbio-db/cbiodb-service.yml
new file mode 100644
index 0000000..1c20897
--- /dev/null
+++ b/yaml/cbio-db/cbiodb-service.yml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Service
+metadata:
+  generateName: cbio-on-demand-db
+  namespace: cbio-on-demand
+  labels:
+    app: cbioDB
+    type: ondemand
+    # generated by API by user id from request
+    #user: Luboslav
+    # generated by API unique for user
+    #instance: "1"
+  annotations:
+    maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+  selector:
+    app: cbioDB
+    type: ondemand
+    # generated by API by user id from request
+    #user: Luboslav
+    # generated by API unique for user
+    #instance: "1"
+  ports:
+  - port: 3306
+    targetPort: mysql
diff --git a/yaml/cbio-db/config.yml b/yaml/cbio-db/config.yml
new file mode 100644
index 0000000..15efb9c
--- /dev/null
+++ b/yaml/cbio-db/config.yml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mysql-cbio-db
+  namespace: cbio-on-demand
+data:
+  mysql.conf: "# Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights
+    reserved.\n#\n# This program is free software; you can redistribute it and/or
+    modify\n# it under the terms of the GNU General Public License as published
+    by\n# the Free Software Foundation; version 2 of the License.\n#\n# This program
+    is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY;
+    without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR
+    PURPOSE.  See the\n# GNU General Public License for more details.\n#\n# You
+    should have received a copy of the GNU General Public License\n# along with
+    this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin
+    St, Fifth Floor, Boston, MA  02110-1301 USA\n\n#\n# The MySQL  Server configuration
+    file.\n#\n# For explanations see\n# http://dev.mysql.com/doc/mysql/en/server-system-variables.html\n\n[mysqld]\npid-file\t=
+    /var/run/mysqld/mysqld.pid\nsocket\t\t= /var/run/mysqld/mysqld.sock\ndatadir\t\t=
+    /var/lib/mysql\n#log-error\t= /var/log/mysql/error.log\n# By default we only
+    accept connections from localhost\n#bind-address\t= 127.0.0.1\n# Disabling symbolic-links
+    is recommended to prevent assorted security risks\nsymbolic-links=0\n\n#\n#
+    * Fine Tuning\n#\n\nkey_buffer_size         = 4G\nmax_heap_table_size     =
+    512M\ntmp_table_size          = 512M\nmax_allowed_packet      = 256M\nthread_stack
+    \           = 256K\nthread_cache_size       = 20\n# This replaces the startup
+    script and checks MyISAM tables if needed\n# the first time they are touched\nmyisam-recover-options
+    \ = BACKUP\nmax_connections        = 214\n#table_cache            = 64\n#thread_concurrency
+    \    = 10\n#\n# * Query Cache Configuration\n#\nquery_cache_limit       = 1M\nquery_cache_size
+    \       = 0\nquery_cache_type        = 0\n\n\njoin_buffer_size = 16M\ntable_open_cache
+    = 400\n"
diff --git a/yaml/cbio-db/secret.yml b/yaml/cbio-db/secret.yml
new file mode 100644
index 0000000..faf738b
--- /dev/null
+++ b/yaml/cbio-db/secret.yml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mysql-env
+  namespace: cbio-on-demand
+data:
+  .env: TVlTUUxfUk9PVF9QQVNTV09SRD1QQHNzd29yZDEKTVlTUUxfVVNFUj1jYmlvCk1ZU1FMX1BBU1NXT1JEPVBAc3N3b3JkMQpNWVNRTF9EQVRBQkFTRT1jYmlvcG9ydGFsCgo=
+type: Opaque
diff --git a/yaml/cbio-delete/deletecronjob.yml b/yaml/cbio-delete/deletecronjob.yml
new file mode 100644
index 0000000..5fbaab3
--- /dev/null
+++ b/yaml/cbio-delete/deletecronjob.yml
@@ -0,0 +1,34 @@
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  generateName: cbio-delete
+  namespace: cbio-on-demand
+  labels:
+    app: cbio
+    type: ondemand
+    # generated by API by user id from request
+    #user: Luboslav
+    # generated by API unique for user
+    #instance: "1"
+  annotations:
+    maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+  # generated by API
+  #schedule: "*/1 * * * *"
+  startingDeadlineSeconds: 21600
+  jobTemplate:
+    spec:
+      completions: 1
+      template:
+          spec:
+              containers:
+              - name: deletetion
+                image: lpivo/job:tr1
+                env:
+                #  generated by API by usr id from request
+                #- name: USER
+                #  value: string
+                # generated by API unique for user
+                #- name: INSTANCE
+                #  value: codpgfjr
+              restartPolicy: OnFailure
diff --git a/yaml/cbio-on-demand-namespace.yml b/yaml/cbio-on-demand-namespace.yml
new file mode 100644
index 0000000..0741955
--- /dev/null
+++ b/yaml/cbio-on-demand-namespace.yml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cbio-on-demand
diff --git a/yaml/cbio-security/security.yml b/yaml/cbio-security/security.yml
new file mode 100644
index 0000000..361005e
--- /dev/null
+++ b/yaml/cbio-security/security.yml
@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: cbio-on-demand
+  name: cbio-proxy
+  annotations:
+    maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+  selector:
+    matchLabels:
+        app: cbio-proxy
+        type: ondemand
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: cbio-proxy
+        type: ondemand
+    spec:
+      containers:
+      - name: cbio-proxy
+        image: lpivo/k8s-saml:t4
+        ports:
+        - name: http
+          containerPort: 80
+        - name: api
+          containerPort: 5000
+        livenessProbe:
+          httpGet:
+            path: /
+            port: http
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          timeoutSeconds: 1
+          successThreshold: 1
+          failureThreshold: 3
+        readinessProbe:
+          httpGet:
+            path: /
+            port: http
+          initialDelaySeconds: 1
+          periodSeconds: 10
+          timeoutSeconds: 1
+          successThreshold: 1
+          failureThreshold: 2
+        env:
+        - name: SERVERNAME
+          value: cbiood.edirex.ics.muni.cz
+        - name: EMAILADMIN
+          value: 456130@mail.muni.cz
diff --git a/yaml/cbio-security/service-api.yml b/yaml/cbio-security/service-api.yml
new file mode 100644
index 0000000..59643c8
--- /dev/null
+++ b/yaml/cbio-security/service-api.yml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: cbio-proxy-api
+  namespace: cbio-on-demand
+  labels:
+    app: cbio-proxy
+    type: ondemand
+  annotations:
+    maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+  selector:
+    app: cbio-proxy
+    type: ondemand
+  ports:
+  - port: 80
+    targetPort: api
diff --git a/yaml/cbio-security/service-proxy.yml b/yaml/cbio-security/service-proxy.yml
new file mode 100644
index 0000000..b3bbf99
--- /dev/null
+++ b/yaml/cbio-security/service-proxy.yml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: cbio-proxy
+  namespace: cbio-on-demand
+  labels:
+    app: cbio-proxy
+    type: ondemand
+  annotations:
+    maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+  selector:
+    app: cbio-proxy
+    type: ondemand
+  ports:
+  - port: 80
+    targetPort: http
diff --git a/yaml/complete/bind.yml b/yaml/complete/bind.yml
new file mode 100644
index 0000000..5c85d9a
--- /dev/null
+++ b/yaml/complete/bind.yml
@@ -0,0 +1,30 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cbio-api
+subjects:
+- kind: ServiceAccount
+  name: cbio-api
+  namespace: cbio-on-demand
+roleRef:
+  kind: ClusterRole
+  name: cbio-api
+  apiGroup: rbac.authorization.k8s.io
+
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: fabric8-rbac
+subjects:
+  - kind: ServiceAccount
+    # Reference to upper's `metadata.name`
+    name: cbio-api
+    # Reference to upper's `metadata.namespace`
+    namespace: cbio-on-demand
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
diff --git a/yaml/complete/cbio-setup.yml b/yaml/complete/cbio-setup.yml
new file mode 100644
index 0000000..66b42ad
--- /dev/null
+++ b/yaml/complete/cbio-setup.yml
@@ -0,0 +1,233 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cbio-on-demand
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: cbio-on-demand
+  name: cbio-api
+  annotations:
+    maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+  selector:
+    matchLabels:
+      app: cbio-api
+      type: ondemand
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: cbio-api
+        type: ondemand
+    spec:
+      serviceAccountName: cbio-api
+      containers:
+      - name: cbio-api
+        image: lpivo/api:tr3
+        ports:
+        - name: http
+          containerPort: 8080
+        livenessProbe:
+          httpGet:
+            path: /actuator/health
+            port: http
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          timeoutSeconds: 1
+          successThreshold: 1
+          failureThreshold: 2
+        readinessProbe:
+          httpGet:
+            path: /actuator/health
+            port: http
+          initialDelaySeconds: 1
+          periodSeconds: 10
+          timeoutSeconds: 1
+          successThreshold: 1
+          failureThreshold: 2
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: cbio-api
+  namespace: cbio-on-demand
+  labels:
+    app: cbio-api
+    type: ondemand
+  annotations:
+    maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+  selector:
+    app: cbio-api
+    type: ondemand
+  ports:
+  - port: 80
+    targetPort: http
+
+---
+
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: identifiers.example.com
+  annotations:
+    maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+  scope: Namespaced
+  group: example.com
+  version: v1beta1
+  names:
+    kind: identifier
+    singular: identifier
+    plural: identifiers
+
+---
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mysql-cbio-db
+  namespace: cbio-on-demand
+data:
+  mysql.conf: "# Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights
+    reserved.\n#\n# This program is free software; you can redistribute it and/or
+    modify\n# it under the terms of the GNU General Public License as published
+    by\n# the Free Software Foundation; version 2 of the License.\n#\n# This program
+    is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY;
+    without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR
+    PURPOSE.  See the\n# GNU General Public License for more details.\n#\n# You
+    should have received a copy of the GNU General Public License\n# along with
+    this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin
+    St, Fifth Floor, Boston, MA  02110-1301 USA\n\n#\n# The MySQL  Server configuration
+    file.\n#\n# For explanations see\n# http://dev.mysql.com/doc/mysql/en/server-system-variables.html\n\n[mysqld]\npid-file\t=
+    /var/run/mysqld/mysqld.pid\nsocket\t\t= /var/run/mysqld/mysqld.sock\ndatadir\t\t=
+    /var/lib/mysql\n#log-error\t= /var/log/mysql/error.log\n# By default we only
+    accept connections from localhost\n#bind-address\t= 127.0.0.1\n# Disabling symbolic-links
+    is recommended to prevent assorted security risks\nsymbolic-links=0\n\n#\n#
+    * Fine Tuning\n#\n\nkey_buffer_size         = 4G\nmax_heap_table_size     =
+    512M\ntmp_table_size          = 512M\nmax_allowed_packet      = 256M\nthread_stack
+    \           = 256K\nthread_cache_size       = 20\n# This replaces the startup
+    script and checks MyISAM tables if needed\n# the first time they are touched\nmyisam-recover-options
+    \ = BACKUP\nmax_connections        = 214\n#table_cache            = 64\n#thread_concurrency
+    \    = 10\n#\n# * Query Cache Configuration\n#\nquery_cache_limit       = 1M\nquery_cache_size
+    \       = 0\nquery_cache_type        = 0\n\n\njoin_buffer_size = 16M\ntable_open_cache
+    = 400\n"
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: mysql-env
+  namespace: cbio-on-demand
+data:
+  .env: TVlTUUxfUk9PVF9QQVNTV09SRD1QQHNzd29yZDEKTVlTUUxfVVNFUj1jYmlvCk1ZU1FMX1BBU1NXT1JEPVBAc3N3b3JkMQpNWVNRTF9EQVRBQkFTRT1jYmlvcG9ydGFsCgo=
+type: Opaque
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: cbio-on-demand
+  name: cbio-proxy
+  annotations:
+    maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+  selector:
+    matchLabels:
+        app: cbio-proxy
+        type: ondemand
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: cbio-proxy
+        type: ondemand
+    spec:
+      containers:
+      - name: cbio-proxy
+        image: lpivo/k8s-saml:t6
+        ports:
+        - name: http
+          containerPort: 80
+        - name: api
+          containerPort: 5000
+        livenessProbe:
+          httpGet:
+            path: /
+            port: http
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          timeoutSeconds: 1
+          successThreshold: 1
+          failureThreshold: 3
+        readinessProbe:
+          httpGet:
+            path: /
+            port: http
+          initialDelaySeconds: 1
+          periodSeconds: 10
+          timeoutSeconds: 1
+          successThreshold: 1
+          failureThreshold: 2
+        env:
+        - name: SERVERNAME
+          value: cbiood.edirex.ics.muni.cz
+        - name: EMAILADMIN
+          value: 456130@mail.muni.cz
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: cbio-proxy-api
+  namespace: cbio-on-demand
+  labels:
+    app: cbio-proxy
+    type: ondemand
+  annotations:
+    maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+  selector:
+    app: cbio-proxy
+    type: ondemand
+  ports:
+  - port: 80
+    targetPort: api
+
+---
+
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: cbio-proxy
+  namespace: cbio-on-demand
+  labels:
+    app: cbio-proxy
+    type: ondemand
+  annotations:
+    maintainer: Luboslav Pivarc <456130@muni.cz>
+spec:
+  selector:
+    app: cbio-proxy
+    type: ondemand
+  ports:
+  - port: 80
+    targetPort: http
diff --git a/yaml/complete/cbiood.crt b/yaml/complete/cbiood.crt
new file mode 100644
index 0000000..21de259
--- /dev/null
+++ b/yaml/complete/cbiood.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDszCCApugAwIBAgIUJMKNctTo0DplMqRD/9X5y3tbid8wDQYJKoZIhvcNAQEL
+BQAwaTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEiMCAGA1UEAwwZY2Jpb29kLmVkaXJl
+eC5pY3MubXVuaS5jejAeFw0xOTA2MDcxNjQ5NTFaFw0yMDA2MDYxNjQ5NTFaMGkx
+CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
+cm5ldCBXaWRnaXRzIFB0eSBMdGQxIjAgBgNVBAMMGWNiaW9vZC5lZGlyZXguaWNz
+Lm11bmkuY3owggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJfesKYdSq
+kb603X/O2tt1vfzNv2SEJQhJ7423vZQuKVxPD8zjouHuDP1X9qAVFm5kXABu3ysB
+4t/mmDYjD5TtMTO5qIvHc+i4I+vaLgGDN1BmdSrtSHkWP6PWAAES3PrH93TCD48b
+DiIwB8xLVX5xN8s/+gGvCR+a4ZfGiH2x36PI/LqnF2Fp7Za2QtFvnL1ED93FSSxg
+HKyBEyGn3tgZg0zbMPlACfLPPsSSBs23WfsU+pvwCbFJh1soSv7G0eIK3TYf4dzK
+10FCd/DQSRjhwADC39I++IO4WHaHtAXz7KyqYbXwIs1NSZ3IVUZRUq8bc5oHzIdP
+hYn95QPhi6yLAgMBAAGjUzBRMB0GA1UdDgQWBBQVa4WaF2IDcU/6W6n2B4zTz9WG
++jAfBgNVHSMEGDAWgBQVa4WaF2IDcU/6W6n2B4zTz9WG+jAPBgNVHRMBAf8EBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBwdYhTxtf3z6ooF06MWkU2FnN/TphwP4+l
+/MB7aWtP/O05Wz2I/hel5ZimhgLJe0dmk/GFZxDLqMd7YlMuvqOjm2KNqh9sHAd4
+XyEBpie5ibv8prRxvZVukC2skiXwu7GX9HAlcnM/gzQZ3+CVRZtQfbsk+BLjsIb/
+aZHSokWWvEUI5EPixeOWLYyDvSH6Une9XezZzsRaQyiGuGqSXyH/O24uJ+FQVG+X
+yPTlCwuTbdmcEwBPEM8TjNzCTTyodDcTtTt1AKVbZDYid1BQpb0JVvgpVpWfuprA
+glzRYbtQY7Adrx45+UA3eNlEydjWTB2G/qpw7PR65pdwJn91OE9+
+-----END CERTIFICATE-----
diff --git a/yaml/complete/ingress-api.yml b/yaml/complete/ingress-api.yml
new file mode 100644
index 0000000..ae3de6b
--- /dev/null
+++ b/yaml/complete/ingress-api.yml
@@ -0,0 +1,13 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: cbio
+  namespace: cbio-on-demand
+spec:
+  rules:
+  - http:
+      paths:
+      - path: /api
+        backend:
+          serviceName: cbio-api
+          servicePort: 80
diff --git a/yaml/complete/ingress-proxy.yml b/yaml/complete/ingress-proxy.yml
new file mode 100644
index 0000000..29041b0
--- /dev/null
+++ b/yaml/complete/ingress-proxy.yml
@@ -0,0 +1,14 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: cbio-proxy
+  namespace: cbio-on-demand
+spec:
+  rules:
+  - host: cbiood.edirex.ics.muni.cz
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: cbio-proxy
+          servicePort: 80
diff --git a/yaml/complete/role.yml b/yaml/complete/role.yml
new file mode 100644
index 0000000..471b465
--- /dev/null
+++ b/yaml/complete/role.yml
@@ -0,0 +1,8 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: cbio-api
+rules:
+- apiGroups: [""]
+  resources: ["identifiers"]
+  verbs: ["VerbAll"]
diff --git a/yaml/complete/serviceAccount.yml b/yaml/complete/serviceAccount.yml
new file mode 100644
index 0000000..1b7679c
--- /dev/null
+++ b/yaml/complete/serviceAccount.yml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cbio-api
+  namespace: cbio-on-demand
-- 
GitLab