Merge branch 'develop' into sync-master-develop

Author: pengzhouml

CONTRIBUTING.md

@@ -0,0 +1,41 @@
+# Contributing to MarkLogic-kubernetes
+
+Thank you for your interest in contributing to this project! We welcome contributions from the community to make this project better.
+
+- [Found an Issue](#found-an-issue)
+- [Want a Feature](#want-a-feature)
+- [Getting Started](#getting-started)
+- [PR management](#pr-management)
+
+## Found an Issue?
+
+If you find a bug in the source code or a mistake in the documentation, you can help us by submitting an issue 
+to our [GitHub Issue Tracker][Issue Tracker]. If you'd like to submit a feature enhancement, please first create an 
+issue with your proposed idea so that we can start a discussion about the problem you want to solve and what the best
+solution would be.  
+
+## Want a Feature?
+
+You can request a new feature by submitting an issue to our [GitHub Issue Tracker][Issue Tracker].  If you
+would like to implement a new feature then first create a new issue and discuss it with one of our
+project maintainers.
+
+## Getting Started
+
+To get started with contributing, please follow these steps:
+
+1. Fork the repository and clone it to your local machine.
+2. Install the necessary dependencies.
+3. Create a new branch for your changes.
+4. Make your desired changes to the codebase.
+5. Test your changes thoroughly.
+6. Tests can be done using the test framework. See [test folder](./test/) and [Makefile](makefile)
+
+## PR management
+
+Created PR will not be merge as is.
+The MarkLogic kubernetes team will use the PRs for "inspiration" but not merge the changes in directly. They may rewrite the code as they like, incorporating the submitted changes into their own code.
+
+**Important:** Please open an issue in the [Issue Tracker][] and get your proposed changes pre-approved by at least one of the project maintainers before you start coding. Nothing is more frustrating than seeing your hard work go to waste because your vision does not align with that of the project maintainers.
+
+[Issue Tracker]: https://github.com/marklogic/marklogic-kubernetes/issues

Jenkinsfile

@@ -104,9 +104,9 @@ void resultNotification(message) {
     } else {
         emailList = params.emailList
     }
-    jira_link = "https://project.marklogic.com/jira/browse/${JIRA_ID}"
-    email_body = "<b>Jenkins pipeline for</b> ${env.JOB_NAME} <br><b>Build Number: </b>${env.BUILD_NUMBER} <br><br><b>Lint Output: </b><br><pre><code>${LINT_OUTPUT}</code></pre><br><br><b>Scan Output: </b><br><pre><code>${SCAN_OUTPUT}</code></pre><br><br><b>Build URL: </b><br>${env.BUILD_URL}"
-    jira_email_body = "${email_body} <br><br><b>Jira URL: </b><br>${jira_link}"
+    jira_link = "https://progresssoftware.atlassian.net/browse/${JIRA_ID}"
+    email_body = "<b>Jenkins pipeline for</b> ${env.JOB_NAME} <br><b>Build Number: </b>${env.BUILD_NUMBER} <br><br><b>Lint Output: </b><br><pre><code>${LINT_OUTPUT}</code></pre><br><br><b>Scan Output: </b><br><pre><code>${SCAN_OUTPUT}</code></pre><br><br><b>Build URL: </b><br><a href='${env.BUILD_URL}'>${env.BUILD_URL}</a>"
+    jira_email_body = "${email_body} <br><br><b>Jira URL: </b><br><a href='${jira_link}'>${jira_link}</a>"
 
     if (JIRA_ID) {
         def comment = [ body: "Jenkins pipeline build result: ${message}" ]
@@ -146,17 +146,6 @@ void publishTestResults() {
     archiveArtifacts artifacts: '**/test/test_results/*.xml', allowEmptyArchive: true
 }
 
-String getVersionDiv(mlVersion) {
-    switch (mlVersion) {
-        case '10.0':
-            return '-'
-        case '9.0':
-            return '-'
-        default:
-            return '.'
-    }
-}
-
 pipeline {
     agent {
         label {
@@ -169,29 +158,22 @@ pipeline {
         skipStagesAfterUnstable()
     }
     triggers {
-        parameterizedCron( env.BRANCH_NAME == 'develop' ? '''00 04 * * * % IMAGE_SCAN=true''' : '')
+        parameterizedCron( env.BRANCH_NAME == 'develop' ? '''00 04 * * * % IMAGE_SCAN=true;HC_TESTS=true''' : '')
     }
     environment {
-        //timeStamp = sh(returnStdout: true, script: "date +%Y%m%d -d '-5 hours'").trim()
-        timeStamp = 'nightly'
         dockerRegistry = 'ml-docker-db-dev-tierpoint.bed-artifactory.bedford.progress.com'
-        dockerRepository = "${dockerRegistry}/marklogic/marklogic-server-centos"
-        dockerVerDivider = getVersionDiv(params.ML_VERSION)
-        prevDockerVerDivider = getVersionDiv(params.PREV_ML_VERSION)
-        dockerVersion = "${ML_VERSION}${dockerVerDivider}${timeStamp}-centos-${dockerReleaseVer}"
-        prevDockerVersion = "${PREV_ML_VERSION}${prevDockerVerDivider}${timeStamp}-centos-${prevDockerReleaseVer}"
+        dockerRepository = "${dockerRegistry}/marklogic/marklogic-server-${params.dockerImageType}"
     }
 
     parameters {
-        string(name: 'emailList', defaultValue: emailList, description: 'List of email for build notification', trim: true)
-        choice(name: 'ML_VERSION', choices: '11.2\n12.0\n10.0', description: 'MarkLogic version. used to pick appropriate docker image')
+        choice(name: 'dockerImageType', choices: 'ubi-rootless\nubi\ncentos', description: 'Platform type for Docker image')
+        string(name: 'dockerVersion', defaultValue: 'latest-11', description: 'Docker tag to use for tests. (e.g. 11.2.nightly-ubi-rootless-1.1.2) Has to correspond with dockerImageType.', trim: true)
+        string(name: 'prevDockerVersion', defaultValue: 'latest-10', description: 'Previous Docker version for MarkLogic upgrade tests. (e.g. 10.0-10.2-centos-1.1.2) Has to correspond with dockerImageType.', trim: true)
+        choice(name: 'K8_VERSION', choices: 'v1.29\nv1.30\nv1.28\nv1.27\nv1.26\nv1.25\nv1.24', description: 'Test Kubernetes version.')
         booleanParam(name: 'KUBERNETES_TESTS', defaultValue: true, description: 'Run kubernetes tests')
         booleanParam(name: 'HC_TESTS', defaultValue: false, description: 'Run Hub Central E2E UI tests (takes about 3 hours)')
         booleanParam(name: 'IMAGE_SCAN', defaultValue: false, description: 'Find and scan dependent Docker images for security vulnerabilities')
-        string(name: 'dockerReleaseVer', defaultValue: '1.1.2', description: 'Current Docker version. (e.g. 1.0.1)', trim: true)
-        choice(name: 'PREV_ML_VERSION', choices: '10.0\n9.0\n11.2', description: 'Previous MarkLogic version for MarkLogic upgrade tests')
-        string(name: 'prevDockerReleaseVer', defaultValue: '1.1.2', description: 'Previous Docker version for MarkLogic upgrade tests. (e.g. 1.0.1)', trim: true)
-        choice(name: 'K8_VERSION', choices: 'v1.25.8\nv1.26.3\nv1.24.12\nv1.23.17', description: 'Test Kubernetes version. (e.g. v1.25.8)')
+        string(name: 'emailList', defaultValue: emailList, description: 'List of email for build notification', trim: true)
     }
 
     stages {

README.md

@@ -198,7 +198,14 @@ Following table lists all the parameters supported by the latest MarkLogic Helm
 | `haproxy.stats.auth.username`                       | Username for stats page                                                                                                                                                                | `""`                       |
 | `haproxy.stats.auth.password`                       | Password for stats page                                                                                                                                                                | `""`                       |
 | `haproxy.service.type`                              | The service type of the HAproxy                                                                                                                                                        | `ClusterIP`                |
-| `haproxy.ports`                                     | Ports and load balancing type configuration for HAproxy                                                                                                                                | `[]`                       |
+| `haproxy.pathbased.enabled`                         | Parameter to enable path based routing on the HAProxy Load Balancer for MarkLogic       | `false`                    |
+| `haproxy.frontendPort`                              | Listening port in the Front-End section of the HAProxy when using Path based routing | `443`                  |
+| `haproxy.defaultAppServers.appservices.path`        | Path used to expose MarkLogic App-Services App-Server                           | `""`                     |
+| `haproxy.defaultAppServers.admin.path`              | Path used to expose MarkLogic Admin App-Server                                  | `""`                     |
+| `haproxy.defaultAppServers.manage.path`             | Path used to expose the MarkLogic Manage App-Server                             | `""`                     |
+| `haproxy.additionalAppServers`                      | List of additional HTTP Ports configuration for HAproxy                         | `[]`                     |
+| `haproxy.tcpports.enabled`                          | Parameter to enable TCP port routing on HAProxy                              | `false`                  |
+| `haproxy.tcpports`                                  | TCP Ports and load balancing type configuration for HAproxy                  | `[]`                     |
 | `haproxy.tls.enabled`                               | Parameter to enable TLS for HAProxy                                                                                                                                                    | `false`                    |
 | `haproxy.tls.secretName`                            | Name of the secret that stores the certificate                                                                                                                                         | `""`                       |
 | `haproxy.tls.certFileName`                          | The name of the certificate file in the secret                                                                                                                                         | `""`                       |
@@ -208,6 +215,12 @@ Following table lists all the parameters supported by the latest MarkLogic Helm
 | `haproxy.resources.requests.memory`                 | The requested memory resource for the HAProxy container                                                                                                                                | `128Mi`                    |
 | `haproxy.resources.limits.cpu`                      | The cpu resource limit for the HAProxy container                                                                                                                                       | `250m`                     |
 | `haproxy.resources.limits.memory`                   | The memory resource limit for the HAProxy container                                                                                                                                    | `128Mi`                    |
+| `ingress.enabled`                                   | Enable an ingress resource for the MarkLogic cluster                                   | `false`| 
+| `ingress.className`                                 | Defines which ingress controller will implement the resource                          | `""` |
+| `ingress.labels`                                    | Additional ingress labels                                                             | `{}` |
+| `ingress.annotations`                               | Additional ingress annotations                                                       | `{}` |
+| `ingress.hosts`                                     | List of ingress hosts                                                                 | `[]` |
+| `ingress.additionalHost`                            | List of ingress additional hosts                                                      | `[]` |
 
 ## Known Issues and Limitations
 
@@ -218,3 +231,5 @@ Following table lists all the parameters supported by the latest MarkLogic Helm
 5. The latest released version of redhat/ubi9:9.3 has known security vulnerabilities with respect to setuptools GHSA-r9hx-vwmv-q579. We wait for a future upgrade of the redhad ubi image to include the fix.
 6. The security context “allowPrivilegeEscalation” is set to TRUE by default in values.yaml file and cannot be changed to run the current MarkLogic container. Work is in progress to run MarkLogic container in "rootless" mode.
 7. Known Issues and Limitations for the MarkLogic Server Docker image can be viewed using the link: https://github.com/marklogic/marklogic-docker?tab=readme-ov-file#Known-Issues-and-Limitations
+8. The Readiness and Startup Probe are not compatible with HA deployment. At the moment these probes may fail in the case of Security database failover. As of the 1.0.2 helm chart release, the startup and readiness probes are disabled by default.
+9. Path based routing and Ingress features are only supported with MarkLogic 11.1 and higher.

charts/charts/haproxy/templates/service.yaml

@@ -50,13 +50,41 @@ spec:
   {{- toYaml . | nindent 2 }}
   {{- end }}
   ports:
+    - name: qconsole
+      protocol: TCP
+      port: {{ .Values.defaultAppServers.appservices.port }}
+      targetPort: {{ .Values.defaultAppServers.appservices.port }}
+    - name: admin
+      protocol: TCP
+      port: {{ .Values.defaultAppServers.admin.port }}
+      targetPort: {{ .Values.defaultAppServers.admin.port }}
+    - name: manage
+      protocol: TCP
+      port: {{ .Values.defaultAppServers.manage.port }}
+      targetPort: {{ .Values.defaultAppServers.manage.port }}
+  {{- if .Values.pathbased.enabled }}
+    - name: frontendport
+      protocol: TCP
+      port: {{ .Values.frontendPort }}
+      targetPort: {{ .Values.frontendPort }}
+  {{- end }}
   {{- if .Values.stats.enabled }}
     - name: stats
       protocol: TCP
       port: {{ .Values.stats.port }}
       targetPort: {{ .Values.stats.port }}
   {{- end }}
-  {{- with .Values.ports }}
+  {{- if .Values.tcpports.enabled }}
+  {{- range .Values.tcpports.ports }}
+    - name: {{ .name }}
+      protocol: TCP
+      port: {{ .port }}
+      {{- if .targetPort }}
+      targetPort: {{ .targetPort }}
+      {{- end }}
+  {{- end }}
+  {{- end }}
+  {{- with .Values.additionalAppServers }}
   {{- range $_, $v := . }}
     - name: {{ $v.name }}
       protocol: TCP

charts/charts/haproxy/values.yaml

@@ -49,8 +49,60 @@ stats:
     username: ''
     password: ''
 
-## open the port for LB and service
-ports: []
+# Used if MarkLogic Default APP-Servers are meant to be exposed under subpath different from /
+
+#######################################################################
+#  IMPORTANT NOTE:                                                    #
+#  This feature is only available starting MarkLogic 11.1 and higher. #
+#######################################################################
+
+pathbased: 
+  enabled: false
+
+frontendPort: 443
+
+# Path and port used on HAProxy 
+# The same path will be used on Ingress for Default AppServers 
+
+defaultAppServers:
+  appservices:
+    # path: /console
+    port: 8000
+  admin:
+    # path: /adminUI
+    port: 8001
+  manage:
+    # path: /manage
+    port: 8002
+
+## HTTP Ports, load balancing type and path configuration for HAproxy
+## HTTP: HTTP(Layer 7) proxy mode. This works for most of the App Servers handling HTTP connections. 
+## path : define the path to be used to expose the APP-Server on HAProxy and Ingress
+
+## To add new ports to be exposed using HTTP just uncoment the following lines and adapt the configuration
+
+# additionalAppServers:    
+#   - name: dhf-jobs
+#     type: HTTP
+#     port: 8010
+#     targetPort: 8010
+#     path: /DHF-jobs
+#   - name: dhf-final
+#     type: HTTP
+#     port: 8011
+#     targetPort: 8011
+#     path: /DHF-final
+
+## TCP Ports, load balancing configuration for HAproxy
+## TCP: TCP(Layer 4) proxy mode. This works for the MarkLogic App Servers handling TCP connections like ODBC.   
+
+tcpports:
+# TCP port has to be explicitely enabled
+  enabled: false
+  # ports:
+  #   - name: odbc
+  #     type: TCP
+  #     port: 5432
 
 ## Automatically Roll Deployments
 # ref: https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments

charts/templates/NOTES.txt

@@ -1,7 +1,10 @@
 Thank you for installing {{ .Chart.Name }}.
 
+NOTE: Marklogic cluster make take several minutes to be fully initialised. Please standby while containers are started and the MarkLogic cluster is configured.
+
 Your release is named {{ .Release.Name }}.
 
+
 {{- if eq (include "marklogic.imageType" .) "rootless" }}
 {{- if .Values.containerSecurityContext.allowPrivilegeEscalation }}
 WARNING
@@ -13,6 +16,23 @@ WARNING
 {{- end }}
 {{- end }}
 
+{{- if .Values.haproxy.pathbased.enabled }}
+{{- if not .Values.tls.enableOnDefaultAppServers }}
+WARNING
+   ***********************************************************************************************************
+   Setting "pathbased.enabled" to true requires HTTP basic authentication but "tls.enableOnDefaultAppServers"
+   is set to false so passwords will be sent in plain text.
+   This is not recommended and is not a secure configuration so it should only be used be used with caution 
+   in non-production environments. 
+
+   For production environments please enable TLS as recommended.
+ 
+   Set "tls.enableOnDefaultAppServers" to true or use a service mesh with TLS enabled for 
+   end-to-end encryption.
+   ***********************************************************************************************************
+{{- end }}
+{{- end }}
+
 FQDN is {{ include "marklogic.fqdn" . }}
 {{- if gt (len (include "marklogic.fqdn" .)) 64 }}
 WARNING:    The hostname is greater than 64 characters

charts/templates/_helpers.tpl

@@ -207,3 +207,16 @@ Name to distinguish marklogic image whether root or rootless
 {{- end }}
 {{- end }}
 
+{{/*
+Create the name of the Ingress to use.
+*/}}
+{{- define "marklogic.ingress" -}}
+{{- printf "%s-ingress" (include "marklogic.fullname" .) }}
+{{- end }}
+
+{{/*
+Name of the HAProxy Service name to use in Ingress.
+*/}}
+{{- define "marklogic.haproxy.servicename" -}}
+{{- printf "%s-haproxy" .Release.Name }}
+{{- end }}