CLD-575: Open a range of ports for MarkLogic pods and service by default

Romain Winieski · web-flow · commit e54559ea9271 · 2023-03-15T14:25:17.000-07:00
* add defaultPort and change additional ports conf

* fix networkpolicy additional port

* add adminUsername by default

* Put Network policies as false

* Adapt README and comment into values file
diff --git a/README.md b/README.md
@@ -358,6 +358,24 @@ For each Kubernetes service, a DNS with the following format is created:
 
 For example, if the service-name is "marklogic" and namespace-name is "default", the DNS URL to access the MarkLogic cluster is "marklogic.default.svc.cluster.local".
 
+### Additional Ports
+
+When creating a new app server on Marklogic, the new app server port must also be added to the additionalPorts in the service configuration:
+
+```yaml
+  ## @param service.additionalPorts. Additional ports exposed at the service level.
+  ## Example:
+  ## - name: app1
+  ##   port: 8010 
+  ##   targetPort: 8010
+  ##   protocol: TCP
+  additionalPorts:
+    - name: app-server1
+      port: 8010
+      targetPort: 8010
+      protocol: TCP
+```
+
 ## Port Forward
 
 The `kubectl port-forward` command can help you access MarkLogic outside of the Kubernetes cluster. Use the service to access a specific pod, or the whole cluster.
@@ -481,9 +499,9 @@ This table describes the list of available parameters for Helm Chart.
 | `persistence.accessModes`            | Access mode for persistence volume                                                                             | `["ReadWriteOnce"]`                  |
 | `extraVolumes`                       | Extra list of additional volumes for MarkLogic statefulset                                                     | `[]`                                 |
 | `extraVolumeMounts`                  | Extra list of additional volumeMounts for MarkLogic container                                                  | `[]`                                 |
-| `extraContainerPorts`                | Extra list of additional containerPorts for MarkLogic container                                                | `[]`                                 |
+| `additionalContainerPorts`                | List of ports in addition to the defaults exposed at the container level (Note: This does not typically need to be updated. Use `service.additionalPorts` to expose app server ports.)                                                | `[]`                                 |
 | `service.type`                       | type of the default service                                                                                    | `ClusterIP`                          |
-| `service.ports`                      | ports of the default service                                                                                   | `[8000, 8002]`                       |
+| `service.additionalPorts`                      | List of ports in addition to the defaults exposed at the service level.                                                                                    | `[]`                       |
 | `serviceAccount.create`              | Enable this parameter to create a service account for a MarkLogic Pod                                          | `true`                               |
 | `serviceAccount.annotations`         | Annotations for MarkLogic service account                                                                      | `{}`                                 |
 | `serviceAccount.name`                | Name of the serviceAccount                                                                                     | `""`                                 |
diff --git a/charts/templates/service-headless.yaml b/charts/templates/service-headless.yaml
@@ -11,21 +11,30 @@ spec:
   selector:
     {{- include "marklogic.selectorLabels" . | nindent 4 }}
   ports:
-    - protocol: TCP
-      name: health-check
+    - name: health-check
       port: 7997
-    - protocol: TCP
-      name: foreign-bind
+      targetPort: 7997
+      protocol: TCP
+    - name: xdqp-port1
       port: 7998
-    - protocol: TCP
-      name: bind
+      targetPort: 7998
+      protocol: TCP
+    - name: xdqp-port2
       port: 7999
-    - protocol: TCP
-      name: query-console
+      targetPort: 7999              
+      protocol: TCP
+    - name: app-services
       port: 8000
-    - protocol: TCP
-      name: admin
+      targetPort: 8000
+      protocol: TCP
+    - name: admin
       port: 8001
-    - protocol: TCP
-      name: manage
+      targetPort: 8001
+      protocol: TCP
+    - name: manage
       port: 8002
+      targetPort: 8002
+      protocol: TCP
+    {{- if .Values.service.additionalPorts }}
+      {{- toYaml .Values.service.additionalPorts | nindent 4 }}
+    {{- end }}
diff --git a/charts/templates/service.yaml b/charts/templates/service.yaml
@@ -10,4 +10,31 @@ spec:
   selector:
     {{- include "marklogic.selectorLabels" . | nindent 4 }}
   type: {{ .Values.service.type }}
-  ports: {{- toYaml .Values.service.ports | nindent 4 }}
+  ports:
+    - name: health-check
+      port: 7997
+      targetPort: 7997
+      protocol: TCP
+    - name: xdqp-port1
+      port: 7998
+      targetPort: 7998
+      protocol: TCP
+    - name: xdqp-port2
+      port: 7999
+      targetPort: 7999              
+      protocol: TCP
+    - name: app-services
+      port: 8000
+      targetPort: 8000
+      protocol: TCP
+    - name: admin
+      port: 8001
+      targetPort: 8001
+      protocol: TCP
+    - name: manage
+      port: 8002
+      targetPort: 8002
+      protocol: TCP
+    {{- if .Values.service.additionalPorts }}
+      {{- toYaml .Values.service.additionalPorts | nindent 4 }}
+    {{- end }}
diff --git a/charts/templates/statefulset.yaml b/charts/templates/statefulset.yaml
@@ -123,20 +123,26 @@ spec:
             - configMapRef:
                 name: {{ include "marklogic.fullname" . }}
           ports:
-            - containerPort: 7997
-              name: health-check
-            - containerPort: 7998
-              name: cluster-port
-            - containerPort: 7999
-              name: cluster-port2
-            - containerPort: 8000
-              name: app-services
-            - containerPort: 8001
-              name: admin
-            - containerPort: 8002
-              name: manage
-            {{- if .Values.extraContainerPorts }}
-              {{- toYaml .Values.extraContainerPorts | nindent 12 }}
+            - name: health-check
+              containerPort: 7997
+              protocol: TCP
+            - name: xdqp-port1
+              containerPort: 7998
+              protocol: TCP
+            - name: xdqp-port2
+              containerPort: 7999              
+              protocol: TCP
+            - name: app-services
+              containerPort: 8000
+              protocol: TCP
+            - name: admin
+              containerPort: 8001
+              protocol: TCP
+            - name: manage
+              containerPort: 8002
+              protocol: TCP
+            {{- if .Values.additionalContainerPorts }}
+              {{- toYaml .Values.additionalContainerPorts | nindent 12 }}
             {{- end }}
           lifecycle:
             {{- if eq .Values.bootstrapHostName "" }}
diff --git a/charts/values.yaml b/charts/values.yaml
@@ -56,7 +56,7 @@ fullnameOverride: ""
 
 # Configure Marklogic Admin Username and Password
 auth:
-  adminUsername: admin
+  adminUsername: "admin"
   adminPassword: ""
   walletPassword: ""
 
@@ -96,8 +96,27 @@ persistence:
 extraVolumes: []
 # specify extra list of volumeMounts
 extraVolumeMounts: []
-# specify extra list of containerPorts
-extraContainerPorts: []
+
+## Container listener port configuration
+## ref: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/
+
+#########################################################################################
+## WARNING: Changing additionalContainerPorts on an existing cluster requires a pod    ##
+## restart to take effect. This setting does not need to be changed under normal       ##
+## circumsatances though. To expose new ports for MarkLogic app servers, use           ##
+## service.additionalPorts. When the updateStrategy is set to OnDelete (the default),  ##
+## this must be done manually. If the updateStrategy is changed to RollingUpdate (not  ##
+## recommented), changing the additionalContainerPorts will trigger a rolling update   ##
+## of the StatefulSet.                                                                 ##
+#########################################################################################
+
+## @param additionalContainerPorts. Additional container ports 
+## Example:
+## - name: app1
+##   containerPorts: 8010
+##   protocol: TCP
+additionalContainerPorts: []
+
 
 # Configure the Service to access Marklogic Clusters
 service:
@@ -107,13 +126,25 @@ service:
   annotations: {}
 
   type: ClusterIP
-  ports:
-    - protocol: TCP
-      name: query-console
-      port: 8000
-    - protocol: TCP
-      name: manage
-      port: 8002
+  ## Service listener port configuration
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/
+
+  #######################################################################################
+  ## NOTE : When adding new app servers to MarkLogic, the new app server ports must    ##
+  ## also be added to the additionalPorts parameter to expose the ports via the        ##
+  ## kubernetes service.                                                               ##
+  #######################################################################################
+
+  ## @param service.additionalPorts. Additional service ports 
+  ## Example:
+  ## - name: app1
+  ##   port: 8010 
+  ##   targetPort: 8010
+  ##   protocol: TCP
+  additionalPorts: []
+  # Annotations to add to the service
+  annotations: {}
+
 serviceAccount:
   # Specifies whether a service account should be created
   create: true
@@ -131,13 +162,23 @@ priorityClassName:  ""
 # ref: https://kubernetes.io/docs/concepts/services-networking/network-policies
 networkPolicy:
   enabled: false
+  ## @param networkPolicy.customRules. Additional NetworkPolicy rules
+  ## Note that all rules are OR-ed.
+  ## Example:
+  ## customRules:
+  ##   - matchLabels:
+  ##       - role: frontend
+  ##   - matchExpressions:
+  ##       - key: role
+  ##         operator: In
+  ##         values:
+  ##           - frontend
+  ##
   customRules: {}
+  ## The endPort should be the last port exposed by an App Server
   ports:
     - port: 8000
-      protocol: TCP
-    - port: 8001
-      protocol: TCP
-    - port: 8002
+      endPort: 8020
       protocol: TCP
     
 # Below are the security configurations for container, by default security will be enabled
@@ -208,4 +249,4 @@ logCollection:
       #   HTTP_User admin
       #   HTTP_Passwd admin
       # Documentation on how to set up output can be found here: https://docs.fluentbit.io/manual/pipeline/outputs
-      # Configure desired output below
+      # Configure desired output below
