marklogic
diff --git a/‎Jenkinsfile
Lines changed: 8 additions & 2 deletions b/‎Jenkinsfile
Lines changed: 8 additions & 2 deletions
diff --git a/‎README.md
Lines changed: 30 additions & 7 deletions b/‎README.md
Lines changed: 30 additions & 7 deletions
diff --git a/‎charts/templates/configmap.yaml
Lines changed: 5 additions & 5 deletions b/‎charts/templates/configmap.yaml
Lines changed: 5 additions & 5 deletions
diff --git a/‎charts/templates/secret.yaml
Lines changed: 1 addition & 0 deletions b/‎charts/templates/secret.yaml
Lines changed: 1 addition & 0 deletions
diff --git a/‎charts/templates/service-headless.yaml
Lines changed: 21 additions & 12 deletions b/‎charts/templates/service-headless.yaml
Lines changed: 21 additions & 12 deletions
diff --git a/‎charts/templates/service.yaml
Lines changed: 29 additions & 1 deletion b/‎charts/templates/service.yaml
Lines changed: 29 additions & 1 deletion
diff --git a/‎charts/templates/statefulset.yaml
Lines changed: 43 additions & 21 deletions b/‎charts/templates/statefulset.yaml
Lines changed: 43 additions & 21 deletions
@@ -135,6 +135,8 @@ void pullImage() {
         sh """
             echo "\$docker_password" | docker login --username \$docker_user --password-stdin ${dockerRegistry}
             docker pull ${dockerRepository}:${dockerVersion}
+            docker pull ${dockerRepository}:${dockerVersion}
+            docker pull ${dockerRepository}:${prevDockerVersion}
         """
     }
 }
@@ -169,14 +171,18 @@ pipeline {
         dockerRegistry = 'ml-docker-dev.marklogic.com'
         dockerRepository = "${dockerRegistry}/marklogic/marklogic-server-centos"
         dockerVerDivider = getVersionDiv(params.ML_VERSION)
+        prevDockerVerDivider = getVersionDiv(params.PREV_ML_VERSION)
         dockerVersion = "${ML_VERSION}${dockerVerDivider}${timeStamp}-centos-${dockerReleaseVer}"
+        prevDockerVersion = "${PREV_ML_VERSION}${prevDockerVerDivider}${timeStamp}-centos-${prevDockerReleaseVer}"
     }
 
     parameters {
         string(name: 'emailList', defaultValue: emailList, description: 'List of email for build notification', trim: true)
         choice(name: 'ML_VERSION', choices: '11.0\n12.0\n10.0\n9.0', description: 'MarkLogic version. used to pick appropriate docker image')
         booleanParam(name: 'KUBERNETES_TESTS', defaultValue: true, description: 'Run kubernetes tests')
-        string(name: 'dockerReleaseVer', defaultValue: '1.0.1', description: 'Current Docker version. (e.g. 1.0.1)', trim: true)
+        string(name: 'dockerReleaseVer', defaultValue: '1.0.2', description: 'Current Docker version. (e.g. 1.0.1)', trim: true)
+        choice(name: 'PREV_ML_VERSION', choices: '10.0\n9.0', description: 'Previous MarkLogic version for MarkLogic upgrade tests')
+        string(name: 'prevDockerReleaseVer', defaultValue: '1.0.2', description: 'Previous Docker version for MarkLogic upgrade tests. (e.g. 1.0.1)', trim: true)
     }
 
     stages {
@@ -205,7 +211,7 @@ pipeline {
             steps {
                 sh """
                     export MINIKUBE_HOME=/space;
-                    make test dockerImage=${dockerRepository}:${dockerVersion} saveOutput=true
+                    make test dockerImage=${dockerRepository}:${dockerVersion} prevDockerImage=${dockerRepository}:${prevDockerVersion} saveOutput=true
                 """
             }
         }
 
@@ -29,13 +29,17 @@
   - [Service](#service)
     - [Get the ClusterIP Service Name](#get-the-clusterip-service-name)
     - [Using the Service DNS Record to Access MarkLogic](#using-the-service-dns-record-to-access-marklogic)
+    - [Additional Ports](#additional-ports)
   - [Port Forward](#port-forward)
     - [Forward to Pod](#forward-to-pod)
     - [Forward to Service](#forward-to-service)
+  - [Security Context](#security-context)
+  - [Network Policy](#network-policy)
+  - [Pod Priorty](#pod-priorty)
   - [Notice](#notice)
 - [Uninstalling the Chart](#uninstalling-thechart)
 - [Parameters](#parameters)
-- [Known Issues and Limitations](#Known-Issues-and-Limitations)
+- [Known Issues and Limitations](#known-issues-and-limitations)
 
 
 # Introduction
@@ -355,6 +359,24 @@ For each Kubernetes service, a DNS with the following format is created:
 
 For example, if the service-name is "marklogic" and namespace-name is "default", the DNS URL to access the MarkLogic cluster is "marklogic.default.svc.cluster.local".
 
+### Additional Ports
+
+When creating a new app server on Marklogic, the new app server port must also be added to the additionalPorts in the service configuration:
+
+```yaml
+  ## @param service.additionalPorts. Additional ports exposed at the service level.
+  ## Example:
+  ## - name: app1
+  ##   port: 8010 
+  ##   targetPort: 8010
+  ##   protocol: TCP
+  additionalPorts:
+    - name: app-server1
+      port: 8010
+      targetPort: 8010
+      protocol: TCP
+```
+
 ## Port Forward
 
 The `kubectl port-forward` command can help you access MarkLogic outside of the Kubernetes cluster. Use the service to access a specific pod, or the whole cluster.
@@ -464,7 +486,8 @@ This table describes the list of available parameters for Helm Chart.
 | `nameOverride`                       | String to override the app name                                                                                | `""`                                 |
 | `fullnameOverride`                   | String to completely replace the generated name                                                                | `""`                                 |
 | `auth.adminUsername`                 | Username for default MarkLogic Administrator                                                                   | `admin`                              |
-| `auth.adminPassword`                 | Password for default MarkLogic Administrator                                                                   | `admin`     
+| `auth.adminPassword`                 | Password for default MarkLogic Administrator                                                                   | ``    
+| `auth.walletPassword`                 | Password for wallet                                                                    | `` 
 | `bootstrapHostName`                 | Host name of MarkLogic bootstrap host                                                                | `""`   
 | `group.name`               | group name for joining MarkLogic cluster                                                                    | `Default`                              |
 | `group.enableXdqpSsl`                 | SSL encryption for XDQP                                                                   | `true`                         |
@@ -475,12 +498,11 @@ This table describes the list of available parameters for Helm Chart.
 | `persistence.size`                   | Size of storage request for MarkLogic data volume                                                              | `10Gi`                               |
 | `persistence.annotations`            | Annotations for Persistence Volume Claim (PVC)                                                                 | `{}`                                 |
 | `persistence.accessModes`            | Access mode for persistence volume                                                                             | `["ReadWriteOnce"]`                  |
-| `persistence.mountPath`              | The path for the mounted persistence data volume                                                               | `/var/opt/MarkLogic`                 |
-| `extraVolumes`                       | Extra list of additional volumes for MarkLogic statefulset                                                     | `[]`                                 |
-| `extraVolumeMounts`                  | Extra list of additional volumeMounts for MarkLogic container                                                  | `[]`                                 |
-| `extraContainerPorts`                | Extra list of additional containerPorts for MarkLogic container                                                | `[]`                                 |
+| `additionalContainerPorts`                | List of ports in addition to the defaults exposed at the container level (Note: This does not typically need to be updated. Use `service.additionalPorts` to expose app server ports.)                                                | `[]`                                 |
+| `additionalVolumes`                  | List of additional volumes to add to the MarkLogic containers                                                  | `[]`                                 |
+| `additionalVolumeMounts`             | List of mount points for the additional volumes to add to the MarkLogic containers                             | `[]`                                 |
 | `service.type`                       | type of the default service                                                                                    | `ClusterIP`                          |
-| `service.ports`                      | ports of the default service                                                                                   | `[8000, 8002]`                       |
+| `service.additionalPorts`                      | List of ports in addition to the defaults exposed at the service level.                                                                                    | `[]`                       |
 | `serviceAccount.create`              | Enable this parameter to create a service account for a MarkLogic Pod                                          | `true`                               |
 | `serviceAccount.annotations`         | Annotations for MarkLogic service account                                                                      | `{}`                                 |
 | `serviceAccount.name`                | Name of the serviceAccount                                                                                     | `""`                                 |
@@ -516,6 +538,7 @@ This table describes the list of available parameters for Helm Chart.
 | `networkPolicy.customRules`      | Placeholder to specify selectors              | `{}`                               |
 | `networkPolicy.ports`      | Ports to which traffic is allowed              | `[8000, 8001, 8002]`                               |
 | `priorityClassName`      | Name of a PriortyClass defined to set pod priority        | `""`                               |
+| `updateStrategy`      | Update strategy for helm chart and app version updates        | `OnDelete`                               |
 
 # Known Issues and Limitations
 
 
@@ -39,7 +39,7 @@ data:
       {{- if .Values.logCollection.files.errorLogs }}
       [INPUT]
         Name tail
-        Path {{ .Values.persistence.mountPath }}/Logs/*ErrorLog.txt
+        Path /var/opt/MarkLogic/Logs/*ErrorLog.txt
         Read_from_head true
         Tag kube.marklogic.logs.error
         Path_Key path
@@ -50,7 +50,7 @@ data:
       {{- if .Values.logCollection.files.accessLogs }}
       [INPUT]
         Name tail
-        Path {{ .Values.persistence.mountPath }}/Logs/*AccessLog.txt
+        Path /var/opt/MarkLogic/Logs/*AccessLog.txt
         Read_from_head true
         tag kube.marklogic.logs.access
         Path_Key path
@@ -61,7 +61,7 @@ data:
       {{- if .Values.logCollection.files.requestLogs }}
       [INPUT]
         Name tail
-        Path {{ .Values.persistence.mountPath }}/Logs/*RequestLog.txt
+        Path /var/opt/MarkLogic/Logs/*RequestLog.txt
         Read_from_head true
         tag kube.marklogic.logs.request
         Path_Key path
@@ -72,7 +72,7 @@ data:
       {{- if .Values.logCollection.files.crashLogs }}
       [INPUT]
         Name tail
-        Path {{ .Values.persistence.mountPath }}/Logs/CrashLog.txt
+        Path /var/opt/MarkLogic/Logs/CrashLog.txt
         Read_from_head true
         tag kube.marklogic.logs.crash
         Path_Key path
@@ -82,7 +82,7 @@ data:
       {{- if .Values.logCollection.files.auditLogs }}
       [INPUT]
         Name tail
-        Path {{ .Values.persistence.mountPath }}/Logs/AuditLog.txt
+        Path /var/opt/MarkLogic/Logs/AuditLog.txt
         Read_from_head true
         tag kube.marklogic.logs.audit
         Path_Key path
 
@@ -15,4 +15,5 @@ type: kubernetes.io/basic-auth
 data:
     password: {{ $adminPassword }}
     username: {{ .Values.auth.adminUsername | b64enc | quote }}
+    wallet-password: {{ .Values.auth.walletPassword | b64enc | quote }}
 
@@ -11,21 +11,30 @@ spec:
   selector:
     {{- include "marklogic.selectorLabels" . | nindent 4 }}
   ports:
-    - protocol: TCP
-      name: health-check
+    - name: health-check
       port: 7997
-    - protocol: TCP
-      name: foreign-bind
+      targetPort: 7997
+      protocol: TCP
+    - name: xdqp-port1
       port: 7998
-    - protocol: TCP
-      name: bind
+      targetPort: 7998
+      protocol: TCP
+    - name: xdqp-port2
       port: 7999
-    - protocol: TCP
-      name: query-console
+      targetPort: 7999              
+      protocol: TCP
+    - name: app-services
       port: 8000
-    - protocol: TCP
-      name: admin
+      targetPort: 8000
+      protocol: TCP
+    - name: admin
       port: 8001
-    - protocol: TCP
-      name: manage
+      targetPort: 8001
+      protocol: TCP
+    - name: manage
       port: 8002
+      targetPort: 8002
+      protocol: TCP
+    {{- if .Values.service.additionalPorts }}
+      {{- toYaml .Values.service.additionalPorts | nindent 4 }}
+    {{- end }}
@@ -5,8 +5,36 @@ metadata:
   namespace: {{ .Values.namespace}}
   labels:
     {{- include "marklogic.labels" . | nindent 4 }}
+  annotations: {{- toYaml .Values.service.annotations | nindent 4 }}
 spec:
   selector:
     {{- include "marklogic.selectorLabels" . | nindent 4 }}
   type: {{ .Values.service.type }}
-  ports: {{- toYaml .Values.service.ports | nindent 4 }}
+  ports:
+    - name: health-check
+      port: 7997
+      targetPort: 7997
+      protocol: TCP
+    - name: xdqp-port1
+      port: 7998
+      targetPort: 7998
+      protocol: TCP
+    - name: xdqp-port2
+      port: 7999
+      targetPort: 7999              
+      protocol: TCP
+    - name: app-services
+      port: 8000
+      targetPort: 8000
+      protocol: TCP
+    - name: admin
+      port: 8001
+      targetPort: 8001
+      protocol: TCP
+    - name: manage
+      port: 8002
+      targetPort: 8002
+      protocol: TCP
+    {{- if .Values.service.additionalPorts }}
+      {{- toYaml .Values.service.additionalPorts | nindent 4 }}
+    {{- end }}
@@ -96,15 +96,22 @@ spec:
               mountPath: "/run/secrets/ml-secrets"
               readOnly: false
             - name: datadir
-              mountPath: {{ .Values.persistence.mountPath }}
+              mountPath: /var/opt/MarkLogic
             {{- if .Values.extraVolumeMounts }}
               {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
             {{- end }}
+            - name: mladmin-secrets
+              mountPath: /run/secrets/ml-secrets
+              readOnly: true
           env:
             - name: MARKLOGIC_ADMIN_USERNAME_FILE
               value: "ml-secrets/username"
             - name: MARKLOGIC_ADMIN_PASSWORD_FILE
               value: "ml-secrets/password"
+            {{- if .Values.auth.walletPassword }}
+            - name: MARKLOGIC_WALLET_PASSWORD_FILE
+              value: ml-secrets/wallet-password
+            {{- end }}
             - name: POD_NAME
               valueFrom:
                 fieldRef:
@@ -113,20 +120,26 @@ spec:
             - configMapRef:
                 name: {{ include "marklogic.fullname" . }}
           ports:
-            - containerPort: 7997
-              name: health-check
-            - containerPort: 7998
-              name: cluster-port
-            - containerPort: 7999
-              name: cluster-port2
-            - containerPort: 8000
-              name: app-services
-            - containerPort: 8001
-              name: admin
-            - containerPort: 8002
-              name: manage
-            {{- if .Values.extraContainerPorts }}
-              {{- toYaml .Values.extraContainerPorts | nindent 12 }}
+            - name: health-check
+              containerPort: 7997
+              protocol: TCP
+            - name: xdqp-port1
+              containerPort: 7998
+              protocol: TCP
+            - name: xdqp-port2
+              containerPort: 7999              
+              protocol: TCP
+            - name: app-services
+              containerPort: 8000
+              protocol: TCP
+            - name: admin
+              containerPort: 8001
+              protocol: TCP
+            - name: manage
+              containerPort: 8002
+              protocol: TCP
+            {{- if .Values.additionalContainerPorts }}
+              {{- toYaml .Values.additionalContainerPorts | nindent 12 }}
             {{- end }}
           lifecycle:
             {{- if eq .Values.bootstrapHostName "" }}
@@ -138,7 +151,7 @@ spec:
                   - |
                     MARKLOGIC_ADMIN_USERNAME="$(< /run/secrets/ml-secrets/username)"
                     MARKLOGIC_ADMIN_PASSWORD="$(< /run/secrets/ml-secrets/password)"
-
+                    
                     pid=$(pgrep start.marklogic)
 
                     log () {
@@ -264,7 +277,7 @@ spec:
           imagePullPolicy: IfNotPresent
           volumeMounts:
             - name: datadir
-              mountPath: {{ .Values.persistence.mountPath }}
+              mountPath: /var/opt/MarkLogic
             {{- if .Values.extraVolumeMounts }}
               {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
             {{- end }}
@@ -294,6 +307,11 @@ spec:
         - name: mladmin-secrets
           secret:
             secretName: {{ include "marklogic.fullname" . }}-admin
+            items:
+              {{- if .Values.auth.walletPassword }}
+              - key: wallet-password
+                path: wallet-password
+              {{- end }}
         {{- if .Values.logCollection.enabled }}
         - name: {{ include "marklogic.fullname" . }}-fb-config-map
           configMap:
@@ -304,11 +322,11 @@ spec:
         - name: datadir
           emptyDir: {}
         {{- end }}
-        {{- if .Values.extraVolumes }}
-        {{- toYaml .Values.extraVolumes | nindent 8 }}
+        {{- if .Values.additionalVolumes }}
+        {{- toYaml .Values.additionalVolumes | nindent 8 }}
         {{- end }}
       {{- end }}
-  {{- if .Values.persistence.enabled }}
+  {{- if or .Values.persistence.enabled .Values.additionalVolumeClaimTemplates }}
   volumeClaimTemplates:
     - metadata:
         name: datadir
@@ -329,4 +347,8 @@ spec:
         resources:
           requests:
             storage: {{ .Values.persistence.size }}
-  {{- end }}
+  {{- end }}
+    {{- if .Values.additionalVolumeClaimTemplates }}
+    {{- toYaml .Values.additionalVolumeClaimTemplates | nindent 4 }}
+    {{- end }}
+  {{- end }}
Original file line number	Diff line number	Diff line change
`@@ -135,6 +135,8 @@ void pullImage() {`
`135`	`135`	`sh """`
`136`	`136`	`echo "\$docker_password" \| docker login --username \$docker_user --password-stdin ${dockerRegistry}`
`137`	`137`	`docker pull ${dockerRepository}:${dockerVersion}`
	`138`	`+ docker pull ${dockerRepository}:${dockerVersion}`
	`139`	`+ docker pull ${dockerRepository}:${prevDockerVersion}`
`138`	`140`	`"""`
`139`	`141`	`}`
`140`	`142`	`}`
`@@ -169,14 +171,18 @@ pipeline {`
`169`	`171`	`dockerRegistry = 'ml-docker-dev.marklogic.com'`
`170`	`172`	`dockerRepository = "${dockerRegistry}/marklogic/marklogic-server-centos"`
`171`	`173`	`dockerVerDivider = getVersionDiv(params.ML_VERSION)`
	`174`	`+ prevDockerVerDivider = getVersionDiv(params.PREV_ML_VERSION)`
`172`	`175`	`dockerVersion = "${ML_VERSION}${dockerVerDivider}${timeStamp}-centos-${dockerReleaseVer}"`
	`176`	`+ prevDockerVersion = "${PREV_ML_VERSION}${prevDockerVerDivider}${timeStamp}-centos-${prevDockerReleaseVer}"`
`173`	`177`	`}`
`174`	`178`
`175`	`179`	`parameters {`
`176`	`180`	`string(name: 'emailList', defaultValue: emailList, description: 'List of email for build notification', trim: true)`
`177`	`181`	`choice(name: 'ML_VERSION', choices: '11.0\n12.0\n10.0\n9.0', description: 'MarkLogic version. used to pick appropriate docker image')`
`178`	`182`	`booleanParam(name: 'KUBERNETES_TESTS', defaultValue: true, description: 'Run kubernetes tests')`
`179`		`- string(name: 'dockerReleaseVer', defaultValue: '1.0.1', description: 'Current Docker version. (e.g. 1.0.1)', trim: true)`
	`183`	`+ string(name: 'dockerReleaseVer', defaultValue: '1.0.2', description: 'Current Docker version. (e.g. 1.0.1)', trim: true)`
	`184`	`+ choice(name: 'PREV_ML_VERSION', choices: '10.0\n9.0', description: 'Previous MarkLogic version for MarkLogic upgrade tests')`
	`185`	`+ string(name: 'prevDockerReleaseVer', defaultValue: '1.0.2', description: 'Previous Docker version for MarkLogic upgrade tests. (e.g. 1.0.1)', trim: true)`
`180`	`186`	`}`
`181`	`187`
`182`	`188`	`stages {`
`@@ -205,7 +211,7 @@ pipeline {`
`205`	`211`	`steps {`
`206`	`212`	`sh """`
`207`	`213`	`export MINIKUBE_HOME=/space;`
`208`		`- make test dockerImage=${dockerRepository}:${dockerVersion} saveOutput=true`
	`214`	`+ make test dockerImage=${dockerRepository}:${dockerVersion} prevDockerImage=${dockerRepository}:${prevDockerVersion} saveOutput=true`
`209`	`215`	`"""`
`210`	`216`	`}`
`211`	`217`	`}`