Skip to content

Commit e4e7eb9

Browse files
rwinieskirwinieski
committed
First commit
1 parent 67a15d7 commit e4e7eb9

File tree

11 files changed

+636
-43
lines changed

11 files changed

+636
-43
lines changed

README.md

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -193,7 +193,14 @@ Following table lists all the parameters supported by the latest MarkLogic Helm
193193
| `haproxy.stats.auth.username` | Username for stats page | `""` |
194194
| `haproxy.stats.auth.password` | Password for stats page | `""` |
195195
| `haproxy.service.type` | The service type of the HAproxy | `ClusterIP` |
196-
| `haproxy.ports` | Ports and load balancing type configuration for HAproxy | `[]` |
196+
| `haproxy.pathbased.enabled` | Parameter to enable path based routing on the HAProxy Load Balancer for MarkLogic | `false` |
197+
| `haproxy.frontendPort` | Listening port in the Front-End section of the HAProxy when using Path based routing | `443` |
198+
| `haproxy.DefaultAppappservices.path` | Path used to expose MarkLogic App-Services App-Server | `""` |
199+
| `haproxy.DefaultAppadmin.path` | Path used to expose MarkLogic Admin App-Server | `""` |
200+
| `haproxy.DefaultAppmanage.path` | Path used to expose the MarkLogic Manage App-Server | `""` |
201+
| `haproxy.additionalAppServers` | List of additional HTTP Ports configuration for HAproxy | `[]` |
202+
| `haproxy.tcpports.enabled` | Parameter to enable TCP port routing on HAProxy | `false` |
203+
| `haproxy.tcpports` | TCP Ports and load balancing type configuration for HAproxy | `[]` |
197204
| `haproxy.tls.enabled` | Parameter to enable TLS for HAProxy | `false` |
198205
| `haproxy.tls.secretName` | Name of the secret that stores the certificate | `""` |
199206
| `haproxy.tls.certFileName` | The name of the certificate file in the secret | `""` |
@@ -203,6 +210,12 @@ Following table lists all the parameters supported by the latest MarkLogic Helm
203210
| `haproxy.resources.requests.memory` | The requested memory resource for the HAProxy container | `128Mi` |
204211
| `haproxy.resources.limits.cpu` | The cpu resource limit for the HAProxy container | `250m` |
205212
| `haproxy.resources.limits.memory` | The memory resource limit for the HAProxy container | `128Mi` |
213+
| `ingress.enabled` | Enable an ingress resource for the Argo CD server | `false`|
214+
| `ingress.className` | Defines which ingress controller will implement the resource | `""` |
215+
| `ingress.labels` | Additional ingress labels | `{}` |
216+
| `ingress.annotations` | Additional ingress annotations | `{}` |
217+
| `ingress.hosts` | List of ingress hosts | `[]` |
218+
| `ingress.additionalHost` | List of ingress additional hosts | `[]` |
206219

207220
## Known Issues and Limitations
208221

charts/charts/haproxy/templates/service.yaml

Lines changed: 29 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,13 +50,41 @@ spec:
5050
{{- toYaml . | nindent 2 }}
5151
{{- end }}
5252
ports:
53+
- name: qconsole
54+
protocol: TCP
55+
port: {{ .Values.defaultAppServers.appservices.port }}
56+
targetPort: {{ .Values.defaultAppServers.appservices.port }}
57+
- name: admin
58+
protocol: TCP
59+
port: {{ .Values.defaultAppServers.admin.port }}
60+
targetPort: {{ .Values.defaultAppServers.admin.port }}
61+
- name: manage
62+
protocol: TCP
63+
port: {{ .Values.defaultAppServers.manage.port }}
64+
targetPort: {{ .Values.defaultAppServers.manage.port }}
65+
{{- if .Values.pathbased.enabled }}
66+
- name: frontendport
67+
protocol: TCP
68+
port: {{ .Values.frontendPort }}
69+
targetPort: {{ .Values.frontendPort }}
70+
{{- end }}
5371
{{- if .Values.stats.enabled }}
5472
- name: stats
5573
protocol: TCP
5674
port: {{ .Values.stats.port }}
5775
targetPort: {{ .Values.stats.port }}
5876
{{- end }}
59-
{{- with .Values.ports }}
77+
{{- if .Values.tcpports.enabled }}
78+
{{- range .Values.tcpports.ports }}
79+
- name: {{ .name }}
80+
protocol: TCP
81+
port: {{ .port }}
82+
{{- if .targetPort }}
83+
targetPort: {{ .targetPort }}
84+
{{- end }}
85+
{{- end }}
86+
{{- end }}
87+
{{- with .Values.additionalAppServers }}
6088
{{- range $_, $v := . }}
6189
- name: {{ $v.name }}
6290
protocol: TCP

charts/charts/haproxy/values.yaml

Lines changed: 54 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -49,8 +49,60 @@ stats:
4949
username: ''
5050
password: ''
5151

52-
## open the port for LB and service
53-
ports: []
52+
# Used if MarkLogic Default APP-Servers are meant to be exposed under subpath different from /
53+
54+
#######################################################################
55+
# IMPORTANT NOTE: #
56+
# This feature is only available starting MarkLogic 11.1 and higher. #
57+
#######################################################################
58+
59+
pathbased:
60+
enabled: false
61+
62+
frontendPort: 443
63+
64+
# Path and port used on HAProxy
65+
# The same path will be used on Ingress for Default AppServers
66+
67+
defaultAppServers:
68+
appservices:
69+
# path: /console
70+
port: 8000
71+
admin:
72+
# path: /adminUI
73+
port: 8001
74+
manage:
75+
# path: /manage
76+
port: 8002
77+
78+
## HTTP Ports, load balancing type and path configuration for HAproxy
79+
## HTTP: HTTP(Layer 7) proxy mode. This works for most of the App Servers handling HTTP connections.
80+
## path : define the path to be used to expose the APP-Server on HAProxy and Ingress
81+
82+
## To add new ports to be exposed using HTTP just uncoment the following lines and adapt the configuration
83+
84+
# additionalAppServers:
85+
# - name: dhf-jobs
86+
# type: HTTP
87+
# port: 8010
88+
# targetPort: 8010
89+
# path: /DHF-jobs
90+
# - name: dhf-final
91+
# type: HTTP
92+
# port: 8011
93+
# targetPort: 8011
94+
# path: /DHF-final
95+
96+
## TCP Ports, load balancing configuration for HAproxy
97+
## TCP: TCP(Layer 4) proxy mode. This works for the MarkLogic App Servers handling TCP connections like ODBC.
98+
99+
tcpports:
100+
# TCP port has to be explicitely enabled
101+
enabled: false
102+
# ports:
103+
# - name: odbc
104+
# type: TCP
105+
# port: 5432
54106

55107
## Automatically Roll Deployments
56108
# ref: https://helm.sh/docs/howto/charts_tips_and_tricks/#automatically-roll-deployments

charts/templates/NOTES.txt

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,26 @@
11
Thank you for installing {{ .Chart.Name }}.
22

3+
NOTE: Marklogic cluster make take several minutes to be fully initialised. Please standby while containers are started and the MarkLogic cluster is configured.
4+
35
Your release is named {{ .Release.Name }}.
46

7+
{{- if .Values.haproxy.pathbased.enabled }}
8+
{{- if not .Values.tls.enableOnDefaultAppServers }}
9+
WARNING
10+
***********************************************************************************************************
11+
Setting "pathbased.enabled" to true requires HTTP basic authentication but "tls.enableOnDefaultAppServers"
12+
is set to false so passwords will be sent in plain text.
13+
This is not recommended and is not a secure configuration so it should only be used be used with caution
14+
in non-production environments.
15+
16+
For production environments please enable TLS as recommended.
17+
18+
Set "tls.enableOnDefaultAppServers" to true or use a service mesh with TLS enabled for
19+
end-to-end encryption.
20+
***********************************************************************************************************
21+
{{- end }}
22+
{{- end }}
23+
524
FQDN is {{ include "marklogic.fqdn" . }}
625
{{- if gt (len (include "marklogic.fqdn" .)) 64 }}
726
WARNING: The hostname is greater than 64 characters

charts/templates/_helpers.tpl

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -108,3 +108,18 @@ Validate values file
108108
{{- end }}
109109
{{- end }}
110110

111+
{{/*
112+
Create the name of the Ingress to use.
113+
*/}}
114+
{{- define "marklogic.ingress" -}}
115+
{{- printf "%s-ingress" (include "marklogic.fullname" .) }}
116+
{{- end }}
117+
118+
{{/*
119+
Name of the HAProxy Service name to use in Ingress.
120+
*/}}
121+
{{- define "marklogic.haproxy.servicename" -}}
122+
{{- printf "%s-haproxy" .Release.Name }}
123+
{{- end }}
124+
125+

charts/templates/configmap-haproxy-pathbased.yaml

Lines changed: 196 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,196 @@
1+
{{- if .Values.haproxy.enabled }}
2+
{{- if .Values.haproxy.pathbased.enabled }}
3+
{{- $replicas := int .Values.replicaCount }}
4+
{{- $releaseName := include "marklogic.fullname" . }}
5+
{{- $namespace := .Release.Namespace }}
6+
{{- $clusterDomain := .Values.clusterDomain }}
7+
{{- $haproxyTlsEnabled := .Values.haproxy.tls.enabled }}
8+
{{- $appServerTlsEnabled := .Values.tls.enableOnDefaultAppServers -}}
9+
{{- $certFileName := .Values.haproxy.tls.certFileName }}
10+
{{- $appservicespath := .Values.haproxy.defaultAppServers.appservices.path }}
11+
{{- $adminpath := .Values.haproxy.defaultAppServers.admin.path }}
12+
{{- $managepath := .Values.haproxy.defaultAppServers.manage.path }}
13+
apiVersion: v1
14+
kind: ConfigMap
15+
metadata:
16+
name: marklogic-haproxy
17+
namespace: {{ .Release.Namespace }}
18+
labels:
19+
app.kubernetes.io/component: haproxy
20+
data:
21+
haproxy.cfg: |
22+
global
23+
log stdout format raw local0
24+
maxconn 1024
25+
26+
defaults
27+
log global
28+
option forwardfor
29+
timeout client 600s
30+
timeout connect 600s
31+
timeout server 600s
32+
33+
resolvers dns
34+
# add nameserver from /etc/resolv.conf
35+
parse-resolv-conf
36+
37+
hold valid 10s
38+
39+
# Maximum size of a DNS answer allowed, in bytes
40+
accepted_payload_size 8192
41+
42+
43+
# How long to "hold" a backend server's up/down status depending on the name resolution status.
44+
# For example, if an NXDOMAIN response is returned, keep the backend server in its current state (up) for
45+
# at least another 30 seconds before marking it as down due to DNS not having a record for it.
46+
hold valid 10s
47+
hold other 30s
48+
hold refused 30s
49+
hold nx 30s
50+
hold timeout 30s
51+
hold obsolete 30s
52+
53+
# How many times to retry a query
54+
resolve_retries 3
55+
56+
# How long to wait between retries when no valid response has been received
57+
timeout retry 5s
58+
59+
# How long to wait for a successful resolution
60+
timeout resolve 5s
61+
62+
63+
{{- if .Values.haproxy.stats.enabled }}
64+
frontend stats
65+
mode http
66+
bind *:{{ .Values.haproxy.stats.port }}
67+
stats enable
68+
http-request use-service prometheus-exporter if { path /metrics }
69+
stats uri /
70+
{{- if .Values.haproxy.stats.auth.enabled }}
71+
stats auth {{ .Values.haproxy.stats.auth.username }}:{{ .Values.haproxy.stats.auth.password }}
72+
{{- end }}
73+
stats refresh 10s
74+
stats admin if LOCALHOST
75+
{{- end }}
76+
77+
{{- if .Values.haproxy.tcpports.enabled }}
78+
{{- range $_, $v := .Values.haproxy.tcpports.ports }}
79+
{{ $portNumber := printf "%v" (default $v.port $v.targetPort) }}
80+
listen odbc
81+
bind :{{ $portNumber }}
82+
mode tcp
83+
balance leastconn
84+
{{- range $i := until $replicas }}
85+
server {{ printf "ml-%s-%s-%v" $releaseName $portNumber $i }} {{ $releaseName }}-{{ $i }}.{{ $releaseName }}.{{ $namespace }}.svc.{{ $clusterDomain }}:{{ $portNumber }} check resolvers dns init-addr none
86+
{{- end }}
87+
{{- end }}
88+
{{- end }}
89+
90+
frontend marklogic
91+
mode http
92+
option httplog
93+
bind :{{ .Values.haproxy.frontendPort }}
94+
http-request set-header Host {{ $releaseName }}:80
95+
http-request set-header REFERER http://{{ $releaseName }}:80
96+
http-request set-header X-ML-QC-Path "{{ $appservicespath }}"
97+
http-request set-header X-ML-ADM-Path "{{ $adminpath }}"
98+
http-request set-header X-ML-MNG-Path "{{ $managepath }}"
99+
use_backend marklogic-app-services if { path {{ $appservicespath }} } || { path_beg {{ $appservicespath }}/ }
100+
use_backend marklogic-admin if { path {{ $adminpath }} } || { path_beg {{ $adminpath }}/ }
101+
use_backend marklogic-manage if { path {{ $managepath }} } || { path_beg {{ $managepath }}/ }
102+
{{- range $_, $v := .Values.haproxy.additionalAppServers }}
103+
{{ $portNumber := printf "%v" (default $v.port $v.targetPort) }}
104+
{{ $path := printf "%v" (default $v.path)}}
105+
use_backend marklogic-{{$portNumber}} if { path {{ $path }} } || { path_beg {{ $path }}/ }
106+
{{- end }}
107+
108+
backend marklogic-app-services
109+
mode http
110+
balance leastconn
111+
option forwardfor
112+
http-request replace-path {{ $appservicespath }}(/)?(.*) /\2
113+
cookie haproxy insert indirect nocache maxidle 30m maxlife 4h
114+
stick-table type string len 32 size 10k expire 4h
115+
stick store-response res.cook(HostId)
116+
stick store-response res.cook(SessionId)
117+
stick match req.cook(HostId)
118+
stick match req.cook(SessionId)
119+
default-server check
120+
{{- range $i := until $replicas }}
121+
{{- if $appServerTlsEnabled }}
122+
server {{ $releaseName }}-appservices-{{ $i }} {{ $releaseName }}-{{ $i }}.{{ $releaseName }}.{{ $namespace }}.svc.{{ $clusterDomain }}:8000 resolvers dns init-addr none cookie {{ $releaseName }}-appservices-{{ $i }} ssl verify none
123+
{{- else }}
124+
server {{ $releaseName }}-appservices-{{ $i }} {{ $releaseName }}-{{ $i }}.{{ $releaseName }}.{{ $namespace }}.svc.{{ $clusterDomain }}:8000 resolvers dns init-addr none cookie {{ $releaseName }}-appservices-{{ $i }}
125+
{{- end }}
126+
{{- end }}
127+
128+
backend marklogic-admin
129+
mode http
130+
balance leastconn
131+
option forwardfor
132+
http-request replace-path {{ $adminpath }}(/)?(.*) /\2
133+
cookie haproxy insert indirect nocache maxidle 30m maxlife 4h
134+
stick-table type string len 32 size 10k expire 4h
135+
stick store-response res.cook(HostId)
136+
stick store-response res.cook(SessionId)
137+
stick match req.cook(HostId)
138+
stick match req.cook(SessionId)
139+
default-server check
140+
{{- range $i := until $replicas }}
141+
{{- if $appServerTlsEnabled }}
142+
server {{ $releaseName }}-admin-{{ $i }} {{ $releaseName }}-{{ $i }}.{{ $releaseName }}.{{ $namespace }}.svc.{{ $clusterDomain }}:8001 resolvers dns init-addr none cookie {{ $releaseName }}-admin-{{ $i }} ssl verify none
143+
{{- else }}
144+
server {{ $releaseName }}-admin-{{ $i }} {{ $releaseName }}-{{ $i }}.{{ $releaseName }}.{{ $namespace }}.svc.{{ $clusterDomain }}:8001 resolvers dns init-addr none cookie {{ $releaseName }}-admin-{{ $i }}
145+
{{- end }}
146+
{{- end }}
147+
148+
backend marklogic-manage
149+
mode http
150+
balance leastconn
151+
option forwardfor
152+
http-request replace-path {{ $managepath }}(/)?(.*) /\2
153+
cookie haproxy insert indirect nocache maxidle 30m maxlife 4h
154+
stick-table type string len 32 size 10k expire 4h
155+
stick store-response res.cook(HostId)
156+
stick store-response res.cook(SessionId)
157+
stick match req.cook(HostId)
158+
stick match req.cook(SessionId)
159+
default-server check
160+
{{- range $i := until $replicas }}
161+
{{- if $appServerTlsEnabled }}
162+
server {{ $releaseName }}-manage-{{ $i }} {{ $releaseName }}-{{ $i }}.{{ $releaseName }}.{{ $namespace }}.svc.{{ $clusterDomain }}:8002 resolvers dns init-addr none cookie {{ $releaseName }}-manage-{{ $i }} ssl verify none
163+
{{- else }}
164+
server {{ $releaseName }}-manage-{{ $i }} {{ $releaseName }}-{{ $i }}.{{ $releaseName }}.{{ $namespace }}.svc.{{ $clusterDomain }}:8002 resolvers dns init-addr none cookie {{ $releaseName }}-manage-{{ $i }}
165+
{{- end }}
166+
{{- end }}
167+
168+
{{- range $_, $v := .Values.haproxy.additionalAppServers }}
169+
{{ $portNumber := printf "%v" (default $v.port $v.targetPort) }}
170+
{{ $portType := upper (printf "%s" $v.type) }}
171+
{{ $path := printf "%v" (default $v.path)}}
172+
173+
backend marklogic-{{$portNumber}}
174+
mode http
175+
balance leastconn
176+
option forwardfor
177+
http-request replace-path {{$path}}(/)?(.*) /\2
178+
cookie haproxy insert indirect nocache maxidle 30m maxlife 4h
179+
stick-table type string len 32 size 10k expire 4h
180+
stick store-response res.cook(HostId)
181+
stick store-response res.cook(SessionId)
182+
stick match req.cook(HostId)
183+
stick match req.cook(SessionId)
184+
default-server check
185+
{{- range $i := until $replicas }}
186+
{{- if $appServerTlsEnabled }}
187+
server {{ printf "ml-%s-%s-%v" $releaseName $portNumber $i }} {{ $releaseName }}-{{ $i }}.{{ $releaseName }}.{{ $namespace }}.svc.{{ $clusterDomain }}:{{ $portNumber }} resolvers dns init-addr none cookie {{ $releaseName }}-{{ $portNumber }}-{{ $i }} ssl verify none
188+
{{- else }}
189+
server {{ printf "ml-%s-%s-%v" $releaseName $portNumber $i }} {{ $releaseName }}-{{ $i }}.{{ $releaseName }}.{{ $namespace }}.svc.{{ $clusterDomain }}:{{ $portNumber }} resolvers dns init-addr none cookie {{ $releaseName }}-{{ $portNumber }}-{{ $i }}
190+
{{- end }}
191+
{{- end }}
192+
{{- end }}
193+
194+
195+
{{- end }}
196+
{{- end }}

0 commit comments

Comments
 (0)