You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+8-12Lines changed: 8 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -124,7 +124,7 @@ Following table lists all the parameters supported by the latest MarkLogic Helm
124
124
|`image.pullPolicy`| Image pull policy for MarkLogic image |`IfNotPresent`|
125
125
|`initContainers.configureGroup.image`| Image for configureGroup InitContainer |`curlimages/curl:8.8.0`|
126
126
|`initContainers.configureGroup.pullPolicy`| Pull policy for configureGroup InitContainer |`IfNotPresent`|
127
-
|`initContainers.utilContainer.image`| Image for copyCerts and volume permission change for root to rootless upgrade InitContainer |`redhat/ubi9:9.3`|
127
+
|`initContainers.utilContainer.image`| Image for copyCerts and volume permission change for root to rootless upgrade InitContainer |`redhat/ubi9:9.4`|
128
128
|`initContainers.utilContainer.pullPolicy`| Pull policy for copyCerts and volume permission change for root to rootless upgrade InitContainer |`IfNotPresent`|
129
129
|`imagePullSecrets`| Registry secret names as an array |`[]`|
130
130
|`hugepages.enabled`| Parameter to enable Hugepage on MarkLogic |`false`|
@@ -170,14 +170,14 @@ Following table lists all the parameters supported by the latest MarkLogic Helm
170
170
|`containerSecurityContext.enabled`| Parameter to enable security context for MarkLogic containers |`true`|
171
171
|`containerSecurityContext.runAsUser`| User ID to run the entrypoint of the container process |`1000`|
172
172
|`containerSecurityContext.runAsNonRoot`| Indicates that the container must run as a non-root user |`true`|
173
-
|`containerSecurityContext.allowPrivilegeEscalation`| Controls whether a process can gain more privileges than its parent process |`true`|
173
+
|`containerSecurityContext.allowPrivilegeEscalation`| Controls whether a process can gain more privileges than its parent process |`false`|
174
174
|`livenessProbe.enabled`| Parameter to enable the liveness probe |`true`|
175
175
|`livenessProbe.initialDelaySeconds`| Initial delay seconds for liveness probe |`300`|
176
176
|`livenessProbe.periodSeconds`| Period seconds for liveness probe |`10`|
177
177
|`livenessProbe.timeoutSeconds`| Timeout seconds for liveness probe |`5`|
178
178
|`livenessProbe.failureThreshold`| Failure threshold for liveness probe |`15`|
179
179
|`livenessProbe.successThreshold`| Success threshold for liveness probe |`1`|
180
-
|`readinessProbe.enabled`| Parameter to enable the readiness probe |`false`|
180
+
|`readinessProbe.enabled`| Parameter to enable the readiness probe |`true`|
181
181
|`readinessProbe.initialDelaySeconds`| Initial delay seconds for readiness probe |`10`|
182
182
|`readinessProbe.periodSeconds`| Period seconds for readiness probe |`10`|
183
183
|`readinessProbe.timeoutSeconds`| Timeout seconds for readiness probe |`5`|
@@ -234,12 +234,8 @@ Following table lists all the parameters supported by the latest MarkLogic Helm
234
234
235
235
## Known Issues and Limitations
236
236
237
-
1. If the hostname is greater than 64 characters there will be issues with certificates. It is highly recommended to use hostname shorter than 64 characters or use SANs for hostnames in the certificates.
238
-
2. The MarkLogic Docker image must be run in privileged mode. At the moment if the image isn't run as privileged many calls that use sudo during the startup script will fail due to lack of required permissions as the image will not be able to create a user with the required permissions.
239
-
3. The latest released version of CentOS 7 has known security vulnerabilities with respect to glib2 CVE-2016-3191, CVE-2015-8385, CVE-2015-8387, CVE-2015-8390, CVE-2015-8394, CVE-2016-3191, glibc CVE-2019-1010022, pcre CVE-2015-8380, CVE-2015-8387, CVE-2015-8390, CVE-2015-8393, CVE-2015-8394, SQLite CVE-2019-5827. These libraries are included in the CentOS base image but, to-date, no fixes have been made available. Even though these libraries may be present in the base image that is used by MarkLogic Server, they are not used by MarkLogic Server itself, hence there is no impact or mitigation required.
240
-
4. The latest released version of fluent/fluent-bit:3.1.1 has known high and critical security vulnerabilities. If you decide to enable the log collection feature, choose and deploy the fluent-bit or an alternate image with no vulnerabilities as per your requirements.
241
-
5. The latest released version of redhat/ubi9:9.3 has known security vulnerabilities with respect to setuptools GHSA-r9hx-vwmv-q579. We wait for a future upgrade of the redhad ubi image to include the fix.
242
-
6. The security context “allowPrivilegeEscalation” is set to TRUE by default in values.yaml file and cannot be changed to run the current MarkLogic container. Work is in progress to run MarkLogic container in "rootless" mode.
243
-
7. Known Issues and Limitations for the MarkLogic Server Docker image can be viewed using the link: https://github.com/marklogic/marklogic-docker?tab=readme-ov-file#Known-Issues-and-Limitations
244
-
8. The Readiness and Startup Probe are not compatible with HA deployment. At the moment these probes may fail in the case of Security database failover. As of the 1.0.2 helm chart release, the startup and readiness probes are disabled by default.
245
-
9. Path based routing and Ingress features are only supported with MarkLogic 11.1 and higher.
237
+
1. If the hostname is greater than 64 characters there will be issues with certificates. It is highly recommended to use hostname shorter than 64 characters or use SANs for hostnames in the certificates. If you still choose to use hostname greater than 64 characters, set "allowLongHostnames" to True.
238
+
2. The latest released version of fluent/fluent-bit:3.1.1 has known high and critical security vulnerabilities. If you decide to enable the log collection feature, choose and deploy the fluent-bit or an alternate image with no vulnerabilities as per your requirements.
239
+
3. The security context “allowPrivilegeEscalation” is set to False by default in values.yaml file and should not be changed to run the MarkLogic container with default rootless image. If you choose to use image with root privileges, set "allowPrivilegeEscalation" to True.
240
+
4. Known Issues and Limitations for the MarkLogic Server Docker image can be viewed using the link: https://github.com/marklogic/marklogic-docker?tab=readme-ov-file#Known-Issues-and-Limitations.
241
+
5. Path based routing and Ingress features are only supported with MarkLogic 11.1 and higher.
0 commit comments