Skip to content

Commit af3b7e0

Browse files
pengzhoumlpengzhouml
authored
Merge branch 'release/2.0.0' into develop
2 parents 4b0abc8 + c8c4280 commit af3b7e0

File tree

11 files changed

+817
-37
lines changed

11 files changed

+817
-37
lines changed

README.md

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -196,7 +196,14 @@ Following table lists all the parameters supported by the latest MarkLogic Helm
196196
| `haproxy.stats.auth.username` | Username for stats page | `""` |
197197
| `haproxy.stats.auth.password` | Password for stats page | `""` |
198198
| `haproxy.service.type` | The service type of the HAproxy | `ClusterIP` |
199-
| `haproxy.ports` | Ports and load balancing type configuration for HAproxy | `[]` |
199+
| `haproxy.pathbased.enabled` | Parameter to enable path based routing on the HAProxy Load Balancer for MarkLogic | `false` |
200+
| `haproxy.frontendPort` | Listening port in the Front-End section of the HAProxy when using Path based routing | `443` |
201+
| `haproxy.defaultAppServers.appservices.path` | Path used to expose MarkLogic App-Services App-Server | `""` |
202+
| `haproxy.defaultAppServers.admin.path` | Path used to expose MarkLogic Admin App-Server | `""` |
203+
| `haproxy.defaultAppServers.manage.path` | Path used to expose the MarkLogic Manage App-Server | `""` |
204+
| `haproxy.additionalAppServers` | List of additional HTTP Ports configuration for HAproxy | `[]` |
205+
| `haproxy.tcpports.enabled` | Parameter to enable TCP port routing on HAProxy | `false` |
206+
| `haproxy.tcpports` | TCP Ports and load balancing type configuration for HAproxy | `[]` |
200207
| `haproxy.tls.enabled` | Parameter to enable TLS for HAProxy | `false` |
201208
| `haproxy.tls.secretName` | Name of the secret that stores the certificate | `""` |
202209
| `haproxy.tls.certFileName` | The name of the certificate file in the secret | `""` |
@@ -206,6 +213,12 @@ Following table lists all the parameters supported by the latest MarkLogic Helm
206213
| `haproxy.resources.requests.memory` | The requested memory resource for the HAProxy container | `128Mi` |
207214
| `haproxy.resources.limits.cpu` | The cpu resource limit for the HAProxy container | `250m` |
208215
| `haproxy.resources.limits.memory` | The memory resource limit for the HAProxy container | `128Mi` |
216+
| `ingress.enabled` | Enable an ingress resource for the MarkLogic cluster | `false`|
217+
| `ingress.className` | Defines which ingress controller will implement the resource | `""` |
218+
| `ingress.labels` | Additional ingress labels | `{}` |
219+
| `ingress.annotations` | Additional ingress annotations | `{}` |
220+
| `ingress.hosts` | List of ingress hosts | `[]` |
221+
| `ingress.additionalHost` | List of ingress additional hosts | `[]` |
209222

210223
## Known Issues and Limitations
211224

@@ -215,3 +228,5 @@ Following table lists all the parameters supported by the latest MarkLogic Helm
215228
4. The latest released version of fluent/fluent-bit:2.2.2 has known security vulnerabilities with respect to libcom-err2 CVE-2022-1304, libgcrypt20 CVE-2021-33560, libgnutls30 CVE-2024-0567, libldap-2.4-2 CVE-2023-2953, libzstd1 CVE-2022-4899, zlib1g CVE-2023-45853. These libraries are included in the Debian base image but, to-date, no fixes have been made available. For libpq5 CVE-2024-0985, we wait for a future upgrade of the fluent-bit image to include the fix. We will provide updates and mitigation strategies as soon as more information becomes available.
216229
5. The latest released version of redhat/ubi9:9.3 has known security vulnerabilities with respect to setuptools GHSA-r9hx-vwmv-q579, we wait for a future upgrade of the redhad ubi image to include the fix.
217230
6. The security context “allowPrivilegeEscalation” is set to TRUE by default in values.yaml file and cannot be changed to run the current MarkLogic container. Work is in progress to run MarkLogic container in "rootless" mode.
231+
7. The Readiness and Startup Probe are not compatible with HA deployment. At the moment these probes may fail in the case of Security database failover. As of the 1.0.2 helm chart release, the startup and readiness probes are disabled by default.
232+
8. Path based routing and Ingress features are only supported with MarkLogic 11.1 and higher.

charts/charts/haproxy/templates/service.yaml

Lines changed: 29 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,13 +50,41 @@ spec:
5050
{{- toYaml . | nindent 2 }}
5151
{{- end }}
5252
ports:
53+
- name: qconsole
54+
protocol: TCP
55+
port: {{ .Values.defaultAppServers.appservices.port }}
56+
targetPort: {{ .Values.defaultAppServers.appservices.port }}
57+
- name: admin
58+
protocol: TCP
59+
port: {{ .Values.defaultAppServers.admin.port }}
60+
targetPort: {{ .Values.defaultAppServers.admin.port }}
61+
- name: manage
62+
protocol: TCP
63+
port: {{ .Values.defaultAppServers.manage.port }}
64+
targetPort: {{ .Values.defaultAppServers.manage.port }}
65+
{{- if .Values.pathbased.enabled }}
66+
- name: frontendport
67+
protocol: TCP
68+
port: {{ .Values.frontendPort }}
69+
targetPort: {{ .Values.frontendPort }}
70+
{{- end }}
5371
{{- if .Values.stats.enabled }}
5472
- name: stats
5573
protocol: TCP
5674
port: {{ .Values.stats.port }}
5775
targetPort: {{ .Values.stats.port }}
5876
{{- end }}
59-
{{- with .Values.ports }}
77+
{{- if .Values.tcpports.enabled }}
78+
{{- range .Values.tcpports.ports }}
79+
- name: {{ .name }}
80+
protocol: TCP
81+
port: {{ .port }}
82+
{{- if .targetPort }}
83+
targetPort: {{ .targetPort }}
84+
{{- end }}
85+
{{- end }}
86+
{{- end }}
87+
{{- with .Values.additionalAppServers }}
6088
{{- range $_, $v := . }}
6189
- name: {{ $v.name }}
6290
protocol: TCP

charts/charts/haproxy/values.yaml

Lines changed: 54 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -49,8 +49,60 @@ stats:
4949
username: ''
5050
password: ''
5151

52-
## open the port for LB and service
53-
ports: []
52+
# Used if MarkLogic Default APP-Servers are meant to be exposed under subpath different from /
53+
54+
#######################################################################
55+
# IMPORTANT NOTE: #
56+
# This feature is only available starting MarkLogic 11.1 and higher. #
57+
#######################################################################
58+
59+
pathbased:
60+
enabled: false
61+
62+
frontendPort: 443
63+
64+
# Path and port used on HAProxy
65+
# The same path will be used on Ingress for Default AppServers
66+
67+
defaultAppServers:
68+
appservices:
69+
# path: /console
70+
port: 8000
71+
admin:
72+
# path: /adminUI
73+
port: 8001
74+
manage:
75+
# path: /manage
76+
port: 8002
77+
78+
## HTTP Ports, load balancing type and path configuration for HAproxy
79+
## HTTP: HTTP(Layer 7) proxy mode. This works for most of the App Servers handling HTTP connections.
80+
## path : define the path to be used to expose the APP-Server on HAProxy and Ingress
81+
82+
## To add new ports to be exposed using HTTP just uncoment the following lines and adapt the configuration
83+
84+
# additionalAppServers:
85+
# - name: dhf-jobs
86+
# type: HTTP
87+
# port: 8010
88+
# targetPort: 8010
89+
# path: /DHF-jobs
90+
# - name: dhf-final
91+
# type: HTTP
92+
# port: 8011
93+
# targetPort: 8011
94+
# path: /DHF-final
95+
96+
## TCP Ports, load balancing configuration for HAproxy
97+
## TCP: TCP(Layer 4) proxy mode. This works for the MarkLogic App Servers handling TCP connections like ODBC.
98+
99+
tcpports:
100+
# TCP port has to be explicitely enabled
101+
enabled: false
102+
# ports:
103+
# - name: odbc
104+
# type: TCP
105+
# port: 5432
54106

55107
## Automatically Roll Deployments
56108
# ref: https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments

charts/templates/NOTES.txt

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,10 @@
11
Thank you for installing {{ .Chart.Name }}.
22

3+
NOTE: Marklogic cluster make take several minutes to be fully initialised. Please standby while containers are started and the MarkLogic cluster is configured.
4+
35
Your release is named {{ .Release.Name }}.
46

7+
58
{{- if eq (include "marklogic.imageType" .) "rootless" }}
69
{{- if .Values.containerSecurityContext.allowPrivilegeEscalation }}
710
WARNING
@@ -13,6 +16,23 @@ WARNING
1316
{{- end }}
1417
{{- end }}
1518

19+
{{- if .Values.haproxy.pathbased.enabled }}
20+
{{- if not .Values.tls.enableOnDefaultAppServers }}
21+
WARNING
22+
***********************************************************************************************************
23+
Setting "pathbased.enabled" to true requires HTTP basic authentication but "tls.enableOnDefaultAppServers"
24+
is set to false so passwords will be sent in plain text.
25+
This is not recommended and is not a secure configuration so it should only be used be used with caution
26+
in non-production environments.
27+
28+
For production environments please enable TLS as recommended.
29+
30+
Set "tls.enableOnDefaultAppServers" to true or use a service mesh with TLS enabled for
31+
end-to-end encryption.
32+
***********************************************************************************************************
33+
{{- end }}
34+
{{- end }}
35+
1636
FQDN is {{ include "marklogic.fqdn" . }}
1737
{{- if gt (len (include "marklogic.fqdn" .)) 64 }}
1838
WARNING: The hostname is greater than 64 characters

charts/templates/_helpers.tpl

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -119,3 +119,16 @@ Name to distinguish marklogic image whether root or rootless
119119
{{- end }}
120120
{{- end }}
121121

122+
{{/*
123+
Create the name of the Ingress to use.
124+
*/}}
125+
{{- define "marklogic.ingress" -}}
126+
{{- printf "%s-ingress" (include "marklogic.fullname" .) }}
127+
{{- end }}
128+
129+
{{/*
130+
Name of the HAProxy Service name to use in Ingress.
131+
*/}}
132+
{{- define "marklogic.haproxy.servicename" -}}
133+
{{- printf "%s-haproxy" .Release.Name }}
134+
{{- end }}

0 commit comments

Comments
 (0)