mle-19593 upgrade image version for few security vulnerabilities (#56)

* MLE-19593 update fluentbit version to 3.2.5 for fewer security vulnerabilities

* remove annotation

---------

Co-authored-by: Peng Zhou <[email protected]>

Author: pengzhouml

README.md

@@ -178,5 +178,5 @@ tls:
 
 ## Known Issues and Limitations
 
-1. The latest released version of fluent/fluent-bit:3.1.1 has known high and critical security vulnerabilities. If you decide to enable the log collection feature, choose and deploy the fluent-bit or an alternate image with no vulnerabilities as per your requirements. 
+1. The latest released version of fluent/fluent-bit:3.2.5 has known high and critical security vulnerabilities. If you decide to enable the log collection feature, choose and deploy the fluent-bit or an alternate image with no vulnerabilities as per your requirements. 
 2. Known Issues and Limitations for the MarkLogic Server Docker image can be viewed using the link: https://github.com/marklogic/marklogic-docker?tab=readme-ov-file#Known-Issues-and-Limitations.

api/v1alpha1/marklogiccluster_types.go

@@ -59,7 +59,7 @@ type MarklogicClusterSpec struct {
 	EnableConverters          bool                                 `json:"enableConverters,omitempty"`
 	// +kubebuilder:default:={enabled: false, mountPath: "/dev/hugepages"}
 	HugePages *HugePages `json:"hugePages,omitempty"`
-	// +kubebuilder:default:={enabled: false, image: "fluent/fluent-bit:3.1.1", resources: {requests: {cpu: "100m", memory: "200Mi"}, limits: {cpu: "200m", memory: "500Mi"}}, files: {errorLogs: true, accessLogs: true, requestLogs: true}, outputs: "stdout"}
+	// +kubebuilder:default:={enabled: false, image: "fluent/fluent-bit:3.2.5", resources: {requests: {cpu: "100m", memory: "200Mi"}, limits: {cpu: "200m", memory: "500Mi"}}, files: {errorLogs: true, accessLogs: true, requestLogs: true}, outputs: "stdout"}
 	LogCollection          *LogCollection        `json:"logCollection,omitempty"`
 	HAProxy                *HAProxy              `json:"haproxy,omitempty"`
 	Tls                    *Tls                  `json:"tls,omitempty"`

api/v1alpha1/marklogicgroup_types.go

@@ -66,7 +66,7 @@ type MarklogicGroupSpec struct {
 	// +kubebuilder:default:={enabled: false, initialDelaySeconds: 10, timeoutSeconds: 5, periodSeconds: 30, successThreshold: 1, failureThreshold: 3}
 	ReadinessProbe ContainerProbe `json:"readinessProbe,omitempty"`
 
-	// +kubebuilder:default:={enabled: false, image: "fluent/fluent-bit:3.1.1", resources: {requests: {cpu: "100m", memory: "200Mi"}, limits: {cpu: "200m", memory: "500Mi"}}, files: {errorLogs: true, accessLogs: true, requestLogs: true}, outputs: "stdout"}
+	// +kubebuilder:default:={enabled: false, image: "fluent/fluent-bit:3.2.5", resources: {requests: {cpu: "100m", memory: "200Mi"}, limits: {cpu: "200m", memory: "500Mi"}}, files: {errorLogs: true, accessLogs: true, requestLogs: true}, outputs: "stdout"}
 	LogCollection *LogCollection `json:"logCollection,omitempty"`
 
 	// +kubebuilder:default:={name: "Default", enableXdqpSsl: true}

charts/marklogic-operator/templates/marklogiccluster-crd.yaml

@@ -2356,7 +2356,7 @@ spec:
                     accessLogs: true
                     errorLogs: true
                     requestLogs: true
-                  image: fluent/fluent-bit:3.1.1
+                  image: fluent/fluent-bit:3.2.5
                   outputs: stdout
                   resources:
                     limits:

charts/marklogic-operator/templates/marklogicgroup-crd.yaml

@@ -1068,7 +1068,7 @@ spec:
                     accessLogs: true
                     errorLogs: true
                     requestLogs: true
-                  image: fluent/fluent-bit:3.1.1
+                  image: fluent/fluent-bit:3.2.5
                   outputs: stdout
                   resources:
                     limits:

config/crd/bases/database.marklogic.com_marklogicclusters.yaml

@@ -4183,7 +4183,7 @@ spec:
                     accessLogs: true
                     errorLogs: true
                     requestLogs: true
-                  image: fluent/fluent-bit:3.1.1
+                  image: fluent/fluent-bit:3.2.5
                   outputs: stdout
                   resources:
                     limits:

config/crd/bases/database.marklogic.com_marklogicgroups.yaml

@@ -2915,7 +2915,7 @@ spec:
                     accessLogs: true
                     errorLogs: true
                     requestLogs: true
-                  image: fluent/fluent-bit:3.1.1
+                  image: fluent/fluent-bit:3.2.5
                   outputs: stdout
                   resources:
                     limits:

config/samples/marklogiccluster.yaml

@@ -21,9 +21,9 @@ spec:
   ## An out of box load balancer with configured to handle cookie based session affinity that required by most MarkLogic applications.
   ## It also support multi-statement transaction and ODBC connections.  
   ## Uncomment the following lines to enable HAProxy configuration
-  # haproxy:
-  #   enabled: true
-  #   pathBasedRouting: true
+  haproxy:
+    enabled: true
+    pathBasedRouting: false
   #   frontendPort: 8080
   #   tcpPorts:
   #     enabled: true
@@ -93,7 +93,7 @@ spec:
 
   # logCollection:
   #   enabled: true
-  #   image: fluent/fluent-bit:3.1.1
+  #   image: fluent/fluent-bit:3.2.5
   #   files:
   #     errorLogs: true
   #     accessLogs: true

config/samples/marklogicgroup.yaml

@@ -49,7 +49,7 @@ spec:
     enabled: true
     ## Configure the imagePullSecrets to pull the image from private repository that requires credential
     # imagePullSecrets: []
-    image: fluent/fluent-bit:3.1.1
+    image: fluent/fluent-bit:3.2.5
     files:
       errorLogs: true
       accessLogs: true

internal/controller/marklogiccluster_controller_test.go

@@ -86,7 +86,7 @@ var _ = Describe("MarklogicCluster Controller", func() {
 					HugePages:        clusterHugePages,
 					EnableConverters: true,
 					MarkLogicGroups:  marklogicGroups,
-					LogCollection:    &databasev1alpha1.LogCollection{Enabled: true, Image: "fluent/fluent-bit:3.1.1", Files: databasev1alpha1.LogFilesConfig{ErrorLogs: true, AccessLogs: true, RequestLogs: true, CrashLogs: true, AuditLogs: true}, Outputs: "stdout"},
+					LogCollection:    &databasev1alpha1.LogCollection{Enabled: true, Image: "fluent/fluent-bit:3.2.5", Files: databasev1alpha1.LogFilesConfig{ErrorLogs: true, AccessLogs: true, RequestLogs: true, CrashLogs: true, AuditLogs: true}, Outputs: "stdout"},
 					HAProxy: &databasev1alpha1.HAProxy{
 						Enabled:          true,
 						ReplicaCount:     1,