Merge pull request #191 from marklogic/release/1.1.0

Release Kubernetes Helm Chart 1.1.0

Author: pengzhouml

Jenkinsfile

@@ -8,7 +8,7 @@ import groovy.json.JsonSlurperClassic
 emailList = '[email protected], [email protected], [email protected], [email protected], [email protected], [email protected]'
 gitCredID = 'marklogic-builder-github'
 JIRA_ID = ''
-JIRA_ID_PATTERN = /(?i)(CLD|DEVO|QAINF|BUG|DBI)-\d{3,4}/
+JIRA_ID_PATTERN = /(?i)(MLE)-\d{3,6}/
 LINT_OUTPUT = ''
 SCAN_OUTPUT = ''
 IMAGE_INFO = 0
@@ -35,6 +35,9 @@ void preBuildCheck() {
             sh 'exit 1'
         }
     }
+
+    // our VMs sometime disable bridge traffic. this should help to restore it.
+    sh 'sudo sh -c "echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables"'
 }
 
 @NonCPS
@@ -130,17 +133,6 @@ void publishTestResults() {
     archiveArtifacts artifacts: '**/test/test_results/*.xml', allowEmptyArchive: true
 }
 
-void pullImage() {
-    withCredentials([usernamePassword(credentialsId: 'builder-credentials-artifactory', passwordVariable: 'docker_password', usernameVariable: 'docker_user')]) {
-        sh """
-            echo "\$docker_password" | docker login --username \$docker_user --password-stdin ${dockerRegistry}
-            docker pull ${dockerRepository}:${dockerVersion}
-            docker pull ${dockerRepository}:${dockerVersion}
-            docker pull ${dockerRepository}:${prevDockerVersion}
-        """
-    }
-}
-
 String getVersionDiv(mlVersion) {
     switch (mlVersion) {
         case '10.0':
@@ -195,12 +187,6 @@ pipeline {
             }
         }
 
-        stage('Pull-Image') {
-            steps {
-                pullImage()
-            }
-        }
-
         stage('Lint') {
             steps {
                 lint()
@@ -213,7 +199,7 @@ pipeline {
             }
             steps {
                 sh """
-                    export MINIKUBE_HOME=/space; export KUBECONFIG=/space/.kube-config; make test dockerImage=${dockerRepository}:${dockerVersion} prevDockerImage=${dockerRepository}:${prevDockerVersion} kubernetesVersion=${params.K8_VERSION} saveOutput=true minikubeMemory=20gb
+                    export MINIKUBE_HOME=/space; export KUBECONFIG=/space/.kube-config; export GOPATH=/space/go; make test dockerImage=${dockerRepository}:${dockerVersion} prevDockerImage=${dockerRepository}:${prevDockerVersion} kubernetesVersion=${params.K8_VERSION} saveOutput=true minikubeMemory=20gb
                 """
             }
         }
@@ -223,7 +209,7 @@ pipeline {
             }
             steps {
                 sh """
-                    export MINIKUBE_HOME=/space; export KUBECONFIG=/space/.kube-config; make hc-test dockerImage=${dockerRepository}:${dockerVersion} kubernetesVersion=${params.K8_VERSION} minikubeMemory=20gb
+                    export MINIKUBE_HOME=/space; export KUBECONFIG=/space/.kube-config; export GOPATH=/space/go; make hc-test dockerImage=${dockerRepository}:${dockerVersion} kubernetesVersion=${params.K8_VERSION} minikubeMemory=20gb
                 """
             }
         }
@@ -233,10 +219,12 @@ pipeline {
         always {
             publishTestResults()
             sh '''
+	            sudo sysctl -w vm.nr_hugepages=0
+                export MINIKUBE_HOME=/space; export KUBECONFIG=/space/.kube-config; export GOPATH=/space/go; minikube delete --all --purge
                 docker system prune --force --filter "until=720h"
                 docker volume prune --force
                 docker image prune --force --all
-                export MINIKUBE_HOME=/space; export KUBECONFIG=/space/.kube-config; minikube delete --all --purge
+                sudo rm -rf /space/.minikube /space/go /space/.kube-config
             '''
             sh "rm -rf $WORKSPACE/test/test_results/"
         }

NOTICE.txt

@@ -8,7 +8,7 @@ dependencies:
     version: "1.18.0"
 name: marklogic
 description: MarkLogic Server is a multi-model database that has both NoSQL and trusted enterprise data management capabilities.
-appVersion: "11.0.2"
+appVersion: "11.1.0"
 type: application
 keywords:
   - marklogic
@@ -17,4 +17,4 @@ keywords:
 sources:
   - https://github.com/marklogic/marklogic-kubernetes
   - https://www.marklogic.com/
-version: 1.0.2
+version: 1.1.0

README.md

@@ -17,7 +17,7 @@ name: haproxy
 description: A Helm chart for HAProxy on Kubernetes
 type: application
 version: 1.18.0
-appVersion: 2.6.9
+appVersion: 2.9.4
 kubeVersion: ">=1.17.0-0"
 keywords:
   - haproxy
@@ -31,7 +31,7 @@ maintainers:
 engine: gotpl
 annotations:
   artifacthub.io/changes: |
-    - Update base image to HAProxy 2.6.9
+    - Update base image to HAProxy 2.9.4
     - Update HPA API version (#172)
     - Fix HPA spec (#173)
     - Ensure api version capabilities of PodDisruptionBudget (#175)

charts/Chart.yaml

@@ -2,6 +2,16 @@ Thank you for installing {{ .Chart.Name }}.
 
 Your release is named {{ .Release.Name }}.
 
+{{- if eq (include "marklogic.imageType" .) "rootless" }}
+{{- if .Values.containerSecurityContext.allowPrivilegeEscalation }}
+WARNING
+   ***********************************************************************************************************
+   Setting "containerSecurityContext.allowPrivilegeEscalation" is set to true.
+   This is not recommended and is not a secure configuration while using rootless MarkLogic images.
+   ***********************************************************************************************************
+{{- end }}
+{{- end }}
+
 FQDN is {{ include "marklogic.fqdn" . }}
 {{- if gt (len (include "marklogic.fqdn" .)) 64 }}
 WARNING:    The hostname is greater than 64 characters

charts/charts/haproxy/Chart.yaml

@@ -8,18 +8,13 @@ Expand the name of the chart.
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
+The release name will be used as full name
 */}}
 {{- define "marklogic.fullname" -}}
 {{- if .Values.fullnameOverride }}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
 {{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
 {{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
 {{- end }}
 {{- end }}
 
@@ -34,7 +29,7 @@ Create chart name and version as used by the chart label.
 Create headless service name for statefulset
 */}}
 {{- define "marklogic.headlessServiceName" -}}
-{{- printf "%s-headless" (include "marklogic.fullname" .) }}
+{{- include "marklogic.fullname" . }}
 {{- end}}
 
 
@@ -101,3 +96,26 @@ Fully qualified domain name
 {{- define "marklogic.fqdn" -}}
 {{- printf "%s-0.%s.%s.svc.%s" (include "marklogic.fullname" .) (include "marklogic.headlessServiceName" .) .Release.Namespace .Values.clusterDomain }}
 {{- end}}
+
+{{/*
+Validate values file
+*/}}
+{{- define "marklogic.checkInputError" -}}
+{{- $fqdn := include "marklogic.fqdn" . }}
+{{- if gt (len $fqdn) 64}}
+{{- $errorMessage := printf "%s%s%s" "The FQDN: " $fqdn " is longer than 64. Please use a shorter release name and try again."  }}
+{{- fail $errorMessage }}
+{{- end }}
+{{- end }}
+
+{{/*
+Name to distinguish marklogic image whether root or rootless
+*/}}
+{{- define "marklogic.imageType" -}}
+{{- if .Values.image.tag | contains "rootless" }}
+{{- printf "rootless" }}
+{{- else }}
+{{- printf "root" }}
+{{- end }}
+{{- end }}
+

charts/templates/NOTES.txt

@@ -3,7 +3,8 @@
 {{- $releaseName := include "marklogic.fullname" . }}
 {{- $namespace := .Release.Namespace }}
 {{- $clusterDomain := .Values.clusterDomain }}
-{{- $tlsEnabled := .Values.haproxy.tls.enabled }}
+{{- $haproxyTlsEnabled := .Values.haproxy.tls.enabled }}
+{{- $appServerTlsEnabled := .Values.tls.enableOnDefaultAppServers -}}
 {{- $certFileName := .Values.haproxy.tls.certFileName }}
 
 apiVersion: v1
@@ -79,13 +80,13 @@ data:
         mode tcp
         balance leastconn
         {{- range $i := until $replicas }}
-        server {{ printf "ml-%s-%s-%v" $releaseName $portNumber $i }} {{ $releaseName }}-{{ $i }}.{{ $releaseName }}-headless.{{ $namespace }}.svc.{{ $clusterDomain }}:{{ $portNumber }} check resolvers dns init-addr none
+        server {{ printf "ml-%s-%s-%v" $releaseName $portNumber $i }} {{ $releaseName }}-{{ $i }}.{{ $releaseName }}.{{ $namespace }}.svc.{{ $clusterDomain }}:{{ $portNumber }} check resolvers dns init-addr none
         {{- end }}
     {{- else if eq $portType "HTTP" }}
 
     frontend marklogic-{{$portNumber}}
       mode http
-      {{- if $tlsEnabled }}
+      {{- if $haproxyTlsEnabled }}
       bind :{{ $portNumber }} ssl crt /usr/local/etc/ssl/{{ $certFileName }}
       {{- else }}
       bind :{{ $portNumber }}
@@ -105,7 +106,11 @@ data:
       stick match req.cook(SessionId)
       default-server check
       {{- range $i := until $replicas }}
-      server {{ printf "ml-%s-%s-%v" $releaseName $portNumber $i }} {{ $releaseName }}-{{ $i }}.{{ $releaseName }}-headless.{{ $namespace }}.svc.{{ $clusterDomain }}:{{ $portNumber }} resolvers dns init-addr none cookie {{ $releaseName }}-{{ $portNumber }}-{{ $i }}
+      {{- if $appServerTlsEnabled }}
+      server {{ printf "ml-%s-%s-%v" $releaseName $portNumber $i }} {{ $releaseName }}-{{ $i }}.{{ $releaseName }}.{{ $namespace }}.svc.{{ $clusterDomain }}:{{ $portNumber }} resolvers dns init-addr none cookie {{ $releaseName }}-{{ $portNumber }}-{{ $i }} ssl verify none
+      {{- else }}
+      server {{ printf "ml-%s-%s-%v" $releaseName $portNumber $i }} {{ $releaseName }}-{{ $i }}.{{ $releaseName }}.{{ $namespace }}.svc.{{ $clusterDomain }}:{{ $portNumber }} resolvers dns init-addr none cookie {{ $releaseName }}-{{ $portNumber }}-{{ $i }}
+      {{- end }}
       {{- end }}
     {{- end }}
     {{- end }}

charts/templates/_helpers.tpl

@@ -7,15 +7,24 @@ metadata:
     {{- include "marklogic.labels" . | nindent 4 }}
 data:
 {{- if ne .Values.bootstrapHostName "" }}
+  MARKLOGIC_CLUSTER_TYPE: "non-bootstrap"
   MARKLOGIC_BOOTSTRAP_HOST: {{ .Values.bootstrapHostName }}
 {{- else }}
+  MARKLOGIC_CLUSTER_TYPE: "bootstrap"
   MARKLOGIC_BOOTSTRAP_HOST: {{ include "marklogic.fqdn" . }}
+{{- end }}
+{{- if .Values.tls.enableOnDefaultAppServers }}
+  MARKLOGIC_JOIN_TLS_ENABLED: "true"
+  MARKLOGIC_JOIN_CACERT_FILE: "marklogic-certs/cacert.pem"
+{{- else }}
+  MARKLOGIC_JOIN_TLS_ENABLED: "false"
 {{- end }}
   MARKLOGIC_FQDN_SUFFIX: {{ include "marklogic.headlessURL" . }}
   MARKLOGIC_INIT: "true"
   MARKLOGIC_JOIN_CLUSTER: "true"
   MARKLOGIC_GROUP: {{ .Values.group.name }}
   XDQP_SSL_ENABLED: {{ quote .Values.group.enableXdqpSsl }}
+  MARKLOGIC_IMAGE_TYPE: {{ include "marklogic.imageType" . }}
 ---
 {{- if .Values.logCollection.enabled }}
 apiVersion: v1

charts/templates/configmap-haproxy.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "marklogic.fullname" . }}
+  name: {{ include "marklogic.fullname" . }}-cluster
   namespace: {{ .Values.namespace}}
   labels:
     {{- include "marklogic.labels" . | nindent 4 }}