Skip to content

Commit 53bb622

Browse files
author
Peng Zhou
committed
Merge branch 'develop' into release/1.0.2
* develop: Update Docker version to 1.1.0 (#159) K8s will never mark a MarkLogic container as ready when the Security DB is not available (#152)
2 parents e436850 + b18aedd commit 53bb622

File tree

11 files changed

+284
-111
lines changed

11 files changed

+284
-111
lines changed

.golangci.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,4 +31,4 @@ linters-settings:
3131
- name: superfluous-else
3232
- name: unused-parameter
3333
- name: unreachable-code
34-
- name: redefines-builtin-id
34+
- name: redefines-builtin-id

Jenkinsfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -181,9 +181,9 @@ pipeline {
181181
choice(name: 'ML_VERSION', choices: '11.1\n12.0\n10.0\n9.0', description: 'MarkLogic version. used to pick appropriate docker image')
182182
booleanParam(name: 'KUBERNETES_TESTS', defaultValue: true, description: 'Run kubernetes tests')
183183
booleanParam(name: 'HC_TESTS', defaultValue: false, description: 'Run Hub Central E2E UI tests (takes about 3 hours)')
184-
string(name: 'dockerReleaseVer', defaultValue: '1.0.2', description: 'Current Docker version. (e.g. 1.0.1)', trim: true)
184+
string(name: 'dockerReleaseVer', defaultValue: '1.1.0', description: 'Current Docker version. (e.g. 1.0.1)', trim: true)
185185
choice(name: 'PREV_ML_VERSION', choices: '10.0\n9.0', description: 'Previous MarkLogic version for MarkLogic upgrade tests')
186-
string(name: 'prevDockerReleaseVer', defaultValue: '1.0.2', description: 'Previous Docker version for MarkLogic upgrade tests. (e.g. 1.0.1)', trim: true)
186+
string(name: 'prevDockerReleaseVer', defaultValue: '1.1.0', description: 'Previous Docker version for MarkLogic upgrade tests. (e.g. 1.0.1)', trim: true)
187187
choice(name: 'K8_VERSION', choices: 'v1.25.8\nv1.26.3\nv1.24.12\nv1.23.17', description: 'Test Kubernetes version. (e.g. v1.25.8)')
188188
}
189189

README.md

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -154,18 +154,18 @@ Following table lists all the parameters supported by the latest MarkLogic Helm
154154
| `containerSecurityContext.runAsNonRoot` | Indicates that the container must run as a non-root user | `true` |
155155
| `containerSecurityContext.allowPrivilegeEscalation` | Controls whether a process can gain more privileges than its parent process | `true` |
156156
| `livenessProbe.enabled` | Parameter to enable the liveness probe | `true` |
157-
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for liveness probe | `30` |
158-
| `livenessProbe.periodSeconds` | Period seconds for liveness probe | `60` |
157+
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for liveness probe | `300` |
158+
| `livenessProbe.periodSeconds` | Period seconds for liveness probe | `20` |
159159
| `livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | `5` |
160-
| `livenessProbe.failureThreshold` | Failure threshold for liveness probe | `3` |
160+
| `livenessProbe.failureThreshold` | Failure threshold for liveness probe | `15` |
161161
| `livenessProbe.successThreshold` | Success threshold for liveness probe | `1` |
162-
| `readinessProbe.enabled` | Use this parameter to enable the readiness probe | `true` |
162+
| `readinessProbe.enabled` | Use this parameter to enable the readiness probe. See [Known-Issues-and-Limitations](#known-issues-and-limitations) section | `true` |
163163
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readiness probe | `10` |
164164
| `readinessProbe.periodSeconds` | Period seconds for readiness probe | `60` |
165165
| `readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | `5` |
166166
| `readinessProbe.failureThreshold` | Failure threshold for readiness probe | `3` |
167167
| `readinessProbe.successThreshold` | Success threshold for readiness probe | `1` |
168-
| `startupProbe.enabled` | Parameter to enable startup probe | `true` |
168+
| `startupProbe.enabled` | Parameter to enable startup probe. See [Known-Issues-and-Limitations](#known-issues-and-limitations) section | `true` |
169169
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startup probe | `10` |
170170
| `startupProbe.periodSeconds` | Period seconds for startup probe | `20` |
171171
| `startupProbe.timeoutSeconds` | Timeout seconds for startup probe | `1` |
@@ -210,4 +210,5 @@ Following table lists all the parameters supported by the latest MarkLogic Helm
210210
2. The MarkLogic Docker image must be run in privileged mode. At the moment if the image isn't run as privileged many calls that use sudo during the startup script will fail due to lack of required permissions as the image will not be able to create a user with the required permissions.
211211
3. The latest released version of CentOS 7 has known security vulnerabilities with respect to glib2 CVE-2016-3191, CVE-2015-8385, CVE-2015-8387, CVE-2015-8390, CVE-2015-8394, CVE-2016-3191, glibc CVE-2019-1010022, pcre CVE-2015-8380, CVE-2015-8387, CVE-2015-8390, CVE-2015-8393, CVE-2015-8394, SQLite CVE-2019-5827. These libraries are included in the CentOS base image but, to-date, no fixes have been made available. Even though these libraries may be present in the base image that is used by MarkLogic Server, they are not used by MarkLogic Server itself, hence there is no impact or mitigation required.
212212
4. TLS cannot be turned on at the MarkLogic level for the Admin (port 8001) and Manage (port 8002) app servers. TLS can be configured for any/all other ports at the MarkLogic level and if the Admin and Manage ports need to be exposed outside of the Kubernetes network, TLS can be terminated at the load balancer. Alternatively, additional custom app servers can be configured to serve the Admin UI and Management REST API on custom ports with TLS configured.
213-
5. With respect to security context “allowPrivilegeEscalation” is set to TRUE by default in values.yaml file to run MarkLogic container. Work is in progress to run MarkLogic container as rootless user.
213+
5. With respect to security context “allowPrivilegeEscalation” is set to TRUE by default in values.yaml file to run MarkLogic container. Work is in progress to run MarkLogic container as rootless user.
214+
6. The Readiness and Startup Probe are not compatible with HA deployment. At the moment these probes may fail in the case of Security database failover. As of the 1.0.2 helm chart release, the startup and readiness probes are disabled by default.

charts/templates/statefulset.yaml

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -174,6 +174,7 @@ spec:
174174
}
175175
176176
log "Info: [poststart] Poststart Hook Execution"
177+
177178
restart_check () {
178179
local retry_count LAST_START timestamp=$1
179180
LAST_START=$(curl -s --anyauth --user "${MARKLOGIC_ADMIN_USERNAME}":"${MARKLOGIC_ADMIN_PASSWORD}" "http://${MARKLOGIC_BOOTSTRAP_HOST}:8001/admin/v1/timestamp")
@@ -190,17 +191,26 @@ spec:
190191
exit 1
191192
}
192193
194+
193195
if [[ $POD_NAME != *-0 ]]; then
194196
log "Info: [poststart] Skipping group configuration."
195197
else
198+
199+
[ -f /var/opt/MarkLogic/group_cfg ] && current_group_cfg=$(cat /var/opt/MarkLogic/group_cfg)
200+
if [ "${MARKLOGIC_GROUP}:${XDQP_SSL_ENABLED}" = "${current_group_cfg}" ]; then
201+
log "Info: [poststart] Group config has not changed, poststart hook complete"
202+
exit 0
203+
fi
204+
196205
log "Info: [poststart] Begin group configuration."
197206
while [ ! -f /var/opt/MarkLogic/ready ]; do
198207
log "[poststart] waiting for MarkLogic server to be ready"
199208
sleep 5s
200209
done
201210
202211
GROUP_CFG_TEMPLATE='{"group-name":"%s", "xdqp-ssl-enabled":"%s"}'
203-
GROUP_CFG=$(printf "$GROUP_CFG_TEMPLATE" "$MARKLOGIC_GROUP" "$XDQP_SSL_ENABLED")
212+
GROUP_CFG=$(printf "$GROUP_CFG_TEMPLATE" "$MARKLOGIC_GROUP" "$XDQP_SSL_ENABLED")
213+
204214
log "Info: [poststart] Updating group configuration: ${GROUP_CFG}"
205215
GROUP_RESP_CODE=`curl --retry 5 --retry-max-time 60 -o /tmp/restart_payload.xml -w "%{http_code}" --anyauth -m 20 -s -X PUT -H "Content-type: application/json" -d "${GROUP_CFG}" http://${MARKLOGIC_BOOTSTRAP_HOST}:8002/manage/v2/groups/Default/properties --user ${MARKLOGIC_ADMIN_USERNAME}:${MARKLOGIC_ADMIN_PASSWORD}`
206216
@@ -212,6 +222,8 @@ spec:
212222
if [[ -n ${TIMESTAMP} ]]; then
213223
restart_check ${TIMESTAMP}
214224
fi
225+
sudo sh -c 'echo -n '"${MARKLOGIC_GROUP}:${XDQP_SSL_ENABLED}"' > /var/opt/MarkLogic/group_cfg'
226+
log "Info: [poststart] ${GROUP_CFG} saved"
215227
else
216228
log "Error: [poststart] Failed to configure properties for $MARKLOGIC_GROUP group.
217229
log "Error: [poststart] Expected response code 202 or 204, got "${GROUP_RESP_CODE}"

charts/values.yaml

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -241,16 +241,21 @@ containerSecurityContext:
241241
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-liveness-http-request
242242
livenessProbe:
243243
enabled: true
244-
initialDelaySeconds: 30
245-
periodSeconds: 60
244+
initialDelaySeconds: 300
245+
periodSeconds: 20
246246
timeoutSeconds: 5
247-
failureThreshold: 3
247+
failureThreshold: 15
248248
successThreshold: 1
249249

250250
## Configure options for readiness probe
251251
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-readiness-probes
252+
253+
################################################################
254+
## NOTE: See Limitations and known Issues in the README file ##
255+
################################################################
256+
252257
readinessProbe:
253-
enabled: true
258+
enabled: false
254259
initialDelaySeconds: 10
255260
periodSeconds: 60
256261
timeoutSeconds: 5
@@ -259,8 +264,13 @@ readinessProbe:
259264

260265
## Configure options for startup probe
261266
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
267+
268+
################################################################
269+
## NOTE: See Limitations and known Issues in the README file ##
270+
################################################################
271+
262272
startupProbe:
263-
enabled: true
273+
enabled: false
264274
initialDelaySeconds: 10
265275
periodSeconds: 20
266276
timeoutSeconds: 1

go.mod

Lines changed: 49 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,39 @@
11
module github.com/marklogic/marklogic-kubernetes
22

3-
go 1.17
3+
go 1.21.1
44

55
require (
6-
github.com/gruntwork-io/terratest v0.41.15
6+
github.com/gruntwork-io/terratest v0.44.1
77
github.com/stretchr/testify v1.8.1
88
github.com/tidwall/gjson v1.14.3
99
github.com/xinsnake/go-http-digest-auth-client v0.6.0
10-
k8s.io/api v0.23.0
10+
k8s.io/api v0.27.2
11+
)
12+
13+
require (
14+
github.com/andybalholm/brotli v1.0.5 // indirect
15+
github.com/cloudflare/circl v1.3.3 // indirect
16+
github.com/emicklei/go-restful/v3 v3.9.0 // indirect
17+
github.com/gaukas/godicttls v0.0.4 // indirect
18+
github.com/go-openapi/jsonpointer v0.19.6 // indirect
19+
github.com/go-openapi/jsonreference v0.20.1 // indirect
20+
github.com/go-openapi/swag v0.22.3 // indirect
21+
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
22+
github.com/golang/mock v1.6.0 // indirect
23+
github.com/google/gnostic v0.5.7-v3refs // indirect
24+
github.com/google/pprof v0.0.0-20230901174712-0191c66da455 // indirect
25+
github.com/josharian/intern v1.0.0 // indirect
26+
github.com/klauspost/compress v1.16.7 // indirect
27+
github.com/mailru/easyjson v0.7.7 // indirect
28+
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
29+
github.com/onsi/ginkgo/v2 v2.12.0 // indirect
30+
github.com/quic-go/qpack v0.4.0 // indirect
31+
github.com/quic-go/qtls-go1-20 v0.3.3 // indirect
32+
github.com/quic-go/quic-go v0.38.1 // indirect
33+
github.com/refraction-networking/utls v1.5.3 // indirect
34+
golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 // indirect
35+
golang.org/x/mod v0.12.0 // indirect
36+
golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect
1137
)
1238

1339
require (
@@ -20,18 +46,19 @@ require (
2046
github.com/fsnotify/fsnotify v1.5.1 // indirect
2147
github.com/ghodss/yaml v1.0.0 // indirect
2248
github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 // indirect
23-
github.com/go-logr/logr v1.2.0 // indirect
49+
github.com/go-logr/logr v1.2.4 // indirect
2450
github.com/go-sql-driver/mysql v1.4.1 // indirect
2551
github.com/gogo/protobuf v1.3.2 // indirect
26-
github.com/golang/protobuf v1.5.2 // indirect
52+
github.com/golang/protobuf v1.5.3 // indirect
2753
github.com/google/go-cmp v0.5.9 // indirect
2854
github.com/google/gofuzz v1.1.0 // indirect
2955
github.com/google/uuid v1.3.0 // indirect
3056
github.com/googleapis/gnostic v0.5.5 // indirect
3157
github.com/gruntwork-io/go-commons v0.8.0 // indirect
32-
github.com/hashicorp/errwrap v1.0.0 // indirect
33-
github.com/hashicorp/go-multierror v1.1.0 // indirect
58+
github.com/hashicorp/errwrap v1.1.0 // indirect
59+
github.com/hashicorp/go-multierror v1.1.1 // indirect
3460
github.com/imdario/mergo v0.3.12 // indirect
61+
github.com/imroc/req/v3 v3.42.0
3562
github.com/jmespath/go-jmespath v0.4.0 // indirect
3663
github.com/json-iterator/go v1.1.12 // indirect
3764
github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 // indirect
@@ -40,32 +67,32 @@ require (
4067
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
4168
github.com/modern-go/reflect2 v1.0.2 // indirect
4269
github.com/onsi/ginkgo v1.16.5 // indirect
43-
github.com/onsi/gomega v1.17.0 // indirect
70+
github.com/onsi/gomega v1.27.10 // indirect
4471
github.com/pmezard/go-difflib v1.0.0 // indirect
4572
github.com/pquerna/otp v1.2.0 // indirect
4673
github.com/russross/blackfriday/v2 v2.1.0 // indirect
4774
github.com/spf13/pflag v1.0.5 // indirect
4875
github.com/tidwall/match v1.1.1 // indirect
4976
github.com/tidwall/pretty v1.2.0 // indirect
5077
github.com/urfave/cli v1.22.2 // indirect
51-
golang.org/x/crypto v0.1.0 // indirect
52-
golang.org/x/net v0.7.0 // indirect
78+
golang.org/x/crypto v0.12.0 // indirect
79+
golang.org/x/net v0.14.0 // indirect
5380
golang.org/x/oauth2 v0.1.0 // indirect
54-
golang.org/x/sys v0.5.0 // indirect
55-
golang.org/x/term v0.5.0 // indirect
56-
golang.org/x/text v0.7.0 // indirect
57-
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
81+
golang.org/x/sys v0.12.0 // indirect
82+
golang.org/x/term v0.11.0 // indirect
83+
golang.org/x/text v0.13.0 // indirect
84+
golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
5885
google.golang.org/appengine v1.6.7 // indirect
59-
google.golang.org/protobuf v1.28.1 // indirect
86+
google.golang.org/protobuf v1.31.0 // indirect
6087
gopkg.in/inf.v0 v0.9.1 // indirect
6188
gopkg.in/yaml.v2 v2.4.0 // indirect
6289
gopkg.in/yaml.v3 v3.0.1 // indirect
63-
k8s.io/apimachinery v0.23.0 // indirect
64-
k8s.io/client-go v0.23.0 // indirect
65-
k8s.io/klog/v2 v2.30.0 // indirect
66-
k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect
67-
k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b // indirect
68-
sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect
69-
sigs.k8s.io/structured-merge-diff/v4 v4.2.0 // indirect
90+
k8s.io/apimachinery v0.27.2 // indirect
91+
k8s.io/client-go v0.27.2 // indirect
92+
k8s.io/klog/v2 v2.90.1 // indirect
93+
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
94+
k8s.io/utils v0.0.0-20230209194617-a36077c30491 // indirect
95+
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
96+
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
7097
sigs.k8s.io/yaml v1.3.0 // indirect
7198
)

0 commit comments

Comments
 (0)