marklogic
diff --git a/‎Makefile
Lines changed: 4 additions & 4 deletions b/‎Makefile
Lines changed: 4 additions & 4 deletions
diff --git a/‎README.md
Lines changed: 50 additions & 2 deletions b/‎README.md
Lines changed: 50 additions & 2 deletions
diff --git a/‎api/v1alpha1/common_types.go
Lines changed: 110 additions & 2 deletions b/‎api/v1alpha1/common_types.go
Lines changed: 110 additions & 2 deletions
diff --git a/‎api/v1alpha1/marklogiccluster_types.go
Lines changed: 50 additions & 3 deletions b/‎api/v1alpha1/marklogiccluster_types.go
Lines changed: 50 additions & 3 deletions
diff --git a/‎api/v1alpha1/marklogicgroup_types.go
Lines changed: 15 additions & 8 deletions b/‎api/v1alpha1/marklogicgroup_types.go
Lines changed: 15 additions & 8 deletions
@@ -51,7 +51,7 @@ endif
 OPERATOR_SDK_VERSION ?= v1.34.2
 
 # Image URL to use all building/pushing image targets
-IMG ?= ml-marklogic-operator-dev.bed-artifactory.bedford.progress.com/marklogic-kubernetes-operator:0.0.1
+IMG ?= ml-marklogic-operator-dev.bed-artifactory.bedford.progress.com/marklogic-kubernetes-operator:1.0.0-ea2
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.28.3
 
@@ -152,7 +152,7 @@ run: manifests generate fmt vet ## Run a controller from your host.
 # More info: https://docs.docker.com/develop/develop-images/build_enhancements/
 .PHONY: docker-build
 docker-build: ## Build docker image with the manager.
-	$(CONTAINER_TOOL) build -t ${IMG} .
+	$(CONTAINER_TOOL) build --platform="linux/amd64" -t ${IMG} .
 
 .PHONY: docker-push
 docker-push: ## Push docker image with the manager.
@@ -183,7 +183,7 @@ endif
 
 .PHONY: install
 install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
-	$(KUSTOMIZE) build config/crd | $(KUBECTL) apply -f -
+	$(KUSTOMIZE) build config/crd | $(KUBECTL) apply --server-side -f -
 
 .PHONY: uninstall
 uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
@@ -192,7 +192,7 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified
 .PHONY: deploy
 deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
-	$(KUSTOMIZE) build config/default | $(KUBECTL) apply -f -
+	$(KUSTOMIZE) build config/default | $(KUBECTL) apply --server-side -f -
 
 .PHONY: undeploy
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
 
@@ -28,7 +28,7 @@ helm repo update
 ```
 3. Install the Helm Chart for MarkLogic Operator: 
 ```sh
-helm upgrade marklogic-operator marklogic-private/marklogic-operator --version=1.0.0-ea1 --install --namespace marklogic-operator-system --create-namespace
+helm upgrade marklogic-operator marklogic-private/marklogic-operator --version=1.0.0-ea2 --install --namespace marklogic-operator-system --create-namespace
 ```
 4. Check the Operator Pod and make sure it is in Running state:
 ```sh
@@ -69,4 +69,52 @@ helm upgrade marklogic-operator ./charts/marklogic-operator --install --namespac
 Once MarkLogic Operator is installed, go to config/samples folder and pick one sample file to deploy. For example, to deploy marklogic single group, use the following script: 
 ```sh
 kubectl apply -f marklogicgroup.yaml
-```
+```
+
+### Configure HAProxy Load Balancer
+HAProxy is provided as a load balancer configured to support cookie-based session affinity and multi-statement transactions. These configurations are needed by some MarkLogic client applications, like mlcp. HAProxy is recommended for production workloads. 
+
+#### Enable the HAProxy Load Balancer
+The HAProxy Load Balancer is disabled by default. To enable it, provide the following configuration in the crd yaml file to be used for cluster creation:
+```
+haproxy:
+    enabled: true
+```
+#### Configuration
+HAProxy can be configured for cluster. To setup the access for default App Servers for 8000, 8001 and 8002, uncomment the appServer seciton in marklogicgroup.yaml.
+```
+    appServers:
+      - name: "app-service"
+        port: 8000
+        path: "/console"
+      - name: "admin"
+        port: 8001
+        path: "/adminUI"
+      - name: "manage"
+        port: 8002
+        path: "/manage"
+```
+Ports can be configured for additional app servers. For example, to add port 8010 for HTTP load balancing, add this configuration to the marklogicgroup.yaml file appServer section:
+```
+- name: my-app-1     
+      port: 8010
+      targetPort: 8010
+```
+#### Access HA Proxy
+The HAProxy can be accessed from a service with the name of marklogic-haproxy. 
+
+#### External access
+By default, HAProxy is configured to provide access within the Kubernetes cluster. However, HAProxy can provide external access by setting the service type in the marklogicgroup.yaml file:
+```
+haproxy:  
+  service:    
+    type: LoadBalancer
+```
+
+> [!WARNING]
+> Please note, by setting the haproxy service type to LoadBalancer, the MarkLogic endpoint is exposed to the public internet. Because of this, networkPolicy should be set to limit the sources that can visit MarkLogic.
+
+## Known Issues and Limitations
+
+1. The latest released version of fluent/fluent-bit:3.1.1 has known high and critical security vulnerabilities. If you decide to enable the log collection feature, choose and deploy the fluent-bit or an alternate image with no vulnerabilities as per your requirements. 
+2. Known Issues and Limitations for the MarkLogic Server Docker image can be viewed using the link: https://github.com/marklogic/marklogic-docker?tab=readme-ov-file#Known-Issues-and-Limitations.
@@ -2,6 +2,8 @@ package v1alpha1
 
 import (
 	corev1 "k8s.io/api/core/v1"
+	networkingv1 "k8s.io/api/networking/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 type ContainerProbe struct {
@@ -20,8 +22,9 @@ type ContainerProbe struct {
 
 // Storage is the inteface to add pvc and pv support in marklogic
 type Storage struct {
-	Size        string             `json:"size,omitempty"`
-	VolumeMount VolumeMountWrapper `json:"volumeMount,omitempty"`
+	Size         string             `json:"size,omitempty"`
+	VolumeMount  VolumeMountWrapper `json:"volumeMount,omitempty"`
+	StorageClass string             `json:"storageClass,omitempty"`
 }
 
 type HugePages struct {
@@ -30,6 +33,13 @@ type HugePages struct {
 	MountPath string `json:"mountPath,omitempty"`
 }
 
+type Service struct {
+	// +kubebuilder:default:= ClusterIP
+	Type            corev1.ServiceType   `json:"type,omitempty"`
+	AdditionalPorts []corev1.ServicePort `json:"additionalPorts,omitempty"`
+	Annotations     map[string]string    `json:"annotations,omitempty"`
+}
+
 type VolumeMountWrapper struct {
 	Volume    []corev1.Volume      `json:"volume,omitempty"`
 	MountPath []corev1.VolumeMount `json:"mountPath,omitempty"`
@@ -40,3 +50,101 @@ type AdminAuth struct {
 	AdminPassword  *string `json:"adminPassword,omitempty"`
 	WalletPassword *string `json:"walletPassword,omitempty"`
 }
+
+type LogCollection struct {
+	Enabled   bool                         `json:"enabled,omitempty"`
+	Image     string                       `json:"image,omitempty"`
+	Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
+	Files     LogFilesConfig               `json:"files,omitempty"`
+	Outputs   string                       `json:"outputs,omitempty"`
+}
+
+type LogFilesConfig struct {
+	ErrorLogs   bool `json:"errorLogs,omitempty"`
+	AccessLogs  bool `json:"accessLogs,omitempty"`
+	RequestLogs bool `json:"requestLogs,omitempty"`
+	CrashLogs   bool `json:"crashLogs,omitempty"`
+	AuditLogs   bool `json:"auditLogs,omitempty"`
+}
+
+type NetworkPolicy struct {
+	Enabled     bool                                    `json:"enabled,omitempty"`
+	PolicyTypes []networkingv1.PolicyType               `json:"policyTypes,omitempty"`
+	PodSelector metav1.LabelSelector                    `json:"podSelector,omitempty"`
+	Ingress     []networkingv1.NetworkPolicyIngressRule `json:"ingress,omitempty"`
+	Egress      []networkingv1.NetworkPolicyEgressRule  `json:"egress,omitempty"`
+}
+type HAProxy struct {
+	Enabled bool `json:"enabled,omitempty"`
+	// +kubebuilder:default:="haproxytech/haproxy-alpine:3.1"
+	Image string `json:"image"`
+	// +kubebuilder:default:=1
+	ReplicaCount int32 `json:"replicas,omitempty"`
+	// +kubebuilder:default:=80
+	FrontendPort int32 `json:"frontendPort,omitempty"`
+	// +kubebuilder:default:={{name: "AppServices", type: "http", port: 8000, targetPort: 8000, path: "/console"}, {name: "Admin", type: "http", port: 8001, targetPort: 8001, path: "/adminUI"}, {name: "Manage", type: "http", port: 8002, targetPort: 8002, path: "/manage"}}
+	AppServers []AppServers `json:"appServers,omitempty"`
+	// +kubebuilder:default:=true
+	PathBasedRouting   bool `json:"pathBasedRouting,omitempty"`
+	RestartWhenUpgrade bool `json:"restartWhenUpgrade,omitempty"`
+	// +kubebuilder:default:={type: ClusterIP}
+	Service ServiceForHAProxy `json:"service,omitempty"`
+	// +kubebuilder:default:={enabled: false}
+	TcpPorts Tcpports `json:"tcpPorts,omitempty"`
+	// +kubebuilder:default:={client: 600, connect: 600, server: 600}
+	Timeout Timeout `json:"timeout,omitempty"`
+	// +kubebuilder:default:={enabled: false, secretName: "", certFileName: ""}
+	Tls *TlsForHAProxy `json:"tls,omitempty"`
+	// +kubebuilder:default:={enabled: false, port: 1024, auth: {enabled: false, username: "", password: ""}}
+	Stats        Stats               `json:"stats,omitempty"`
+	Resources    corev1.ResourceList `json:"resources,omitempty"`
+	Affinity     *corev1.Affinity    `json:"affinity,omitempty"`
+	NodeSelector map[string]string   `json:"nodeSelector,omitempty"`
+}
+
+type AppServers struct {
+	Name       string `json:"name,omitempty"`
+	Type       string `json:"type,omitempty"`
+	Port       int32  `json:"port,omitempty"`
+	TargetPort int32  `json:"targetPort,omitempty"`
+	Path       string `json:"path,omitempty"`
+}
+
+type Stats struct {
+	Enabled bool      `json:"enabled,omitempty"`
+	Port    int32     `json:"port,omitempty"`
+	Auth    StatsAuth `json:"auth,omitempty"`
+}
+
+type StatsAuth struct {
+	Enabled  bool   `json:"enabled,omitempty"`
+	Username string `json:"username,omitempty"`
+	Password string `json:"password,omitempty"`
+}
+
+type ServiceForHAProxy struct {
+	Type corev1.ServiceType `json:"type,omitempty"`
+}
+
+type Tcpports struct {
+	Enabled bool      `json:"enabled,omitempty"`
+	Ports   []TcpPort `json:"ports,omitempty"`
+}
+
+type TcpPort struct {
+	Port int32  `json:"port,omitempty"`
+	Name string `json:"name,omitempty"`
+	Type string `json:"type,omitempty"`
+}
+
+type Timeout struct {
+	Client  int32 `json:"client,omitempty"`
+	Connect int32 `json:"connect,omitempty"`
+	Server  int32 `json:"server,omitempty"`
+}
+
+type TlsForHAProxy struct {
+	Enabled      bool   `json:"enabled,omitempty"`
+	SecretName   string `json:"secretName,omitempty"`
+	CertFileName string `json:"certFileName,omitempty"`
+}
@@ -17,6 +17,8 @@ limitations under the License.
 package v1alpha1
 
 import (
+	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -28,13 +30,58 @@ type MarklogicClusterSpec struct {
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
 
-	// Foo is an example field of MarklogicCluster. Edit marklogiccluster_types.go to remove/update
+	// +kubebuilder:default:="cluster.local"
+	ClusterDomain string `json:"clusterDomain,omitempty"`
+
+	// +kubebuilder:default:="progressofficial/marklogic-db:11.3.0-ubi-rootless"
+	Image string `json:"image"`
+	// +kubebuilder:default:="IfNotPresent"
+	ImagePullPolicy  string                        `json:"imagePullPolicy,omitempty"`
+	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
+
+	Auth                          *AdminAuth                   `json:"auth,omitempty"`
+	Storage                       *Storage                     `json:"storage,omitempty"`
+	Resources                     *corev1.ResourceRequirements `json:"resources,omitempty"`
+	TerminationGracePeriodSeconds *int64                       `json:"terminationGracePeriodSeconds,omitempty"`
+	// +kubebuilder:validation:Enum=OnDelete;RollingUpdate
+	// +kubebuilder:default:="OnDelete"
+	UpdateStrategy           appsv1.StatefulSetUpdateStrategyType `json:"updateStrategy,omitempty"`
+	NetworkPolicy            NetworkPolicy                        `json:"networkPolicy,omitempty"`
+	PodSecurityContext       *corev1.PodSecurityContext           `json:"podSecurityContext,omitempty"`
+	ContainerSecurityContext *corev1.SecurityContext              `json:"securityContext,omitempty"`
+
+	Affinity                  *corev1.Affinity                  `json:"affinity,omitempty"`
+	NodeSelector              map[string]string                 `json:"nodeSelector,omitempty"`
+	TopologySpreadConstraints []corev1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"`
+	PriorityClassName         string                            `json:"priorityClassName,omitempty"`
+	License                   *License                          `json:"license,omitempty"`
+	EnableConverters          bool                              `json:"enableConverters,omitempty"`
+	// +kubebuilder:default:={enabled: false, mountPath: "/dev/hugepages"}
+	HugePages *HugePages `json:"hugePages,omitempty"`
+	// +kubebuilder:default:={enabled: false, image: "fluent/fluent-bit:3.1.1", resources: {requests: {cpu: "100m", memory: "200Mi"}, limits: {cpu: "200m", memory: "500Mi"}}, files: {errorLogs: true, accessLogs: true, requestLogs: true}, outputs: "stdout"}
+	LogCollection *LogCollection `json:"logCollection,omitempty"`
+
+	HAProxy HAProxy `json:"haproxy,omitempty"`
+
 	MarkLogicGroups []*MarklogicGroups `json:"markLogicGroups,omitempty"`
 }
 
 type MarklogicGroups struct {
-	*MarklogicGroupSpec `json:"spec,omitempty"`
-	IsBootstrap         bool `json:"isBootstrap,omitempty"`
+	Replicas                  *int32                            `json:"replicas,omitempty"`
+	Name                      string                            `json:"name,omitempty"`
+	Image                     string                            `json:"image,omitempty"`
+	ImagePullPolicy           string                            `json:"imagePullPolicy,omitempty"`
+	ImagePullSecrets          []corev1.LocalObjectReference     `json:"imagePullSecrets,omitempty"`
+	Storage                   *Storage                          `json:"storage,omitempty"`
+	Resources                 *corev1.ResourceRequirements      `json:"resources,omitempty"`
+	Affinity                  *corev1.Affinity                  `json:"affinity,omitempty"`
+	TopologySpreadConstraints []corev1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"`
+	NodeSelector              map[string]string                 `json:"nodeSelector,omitempty"`
+	PriorityClassName         string                            `json:"priorityClassName,omitempty"`
+	HugePages                 *HugePages                        `json:"hugePages,omitempty"`
+	LogCollection             *LogCollection                    `json:"logCollection,omitempty"`
+	HAProxy                   *HAProxy                          `json:"haproxy,omitempty"`
+	IsBootstrap               bool                              `json:"isBootstrap,omitempty"`
 }
 
 // MarklogicClusterStatus defines the observed state of MarklogicCluster
 
@@ -19,7 +19,6 @@ package v1alpha1
 import (
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
-	networkingv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -47,10 +46,12 @@ type MarklogicGroupSpec struct {
 	TerminationGracePeriodSeconds *int64                       `json:"terminationGracePeriodSeconds,omitempty"`
 	// +kubebuilder:validation:Enum=OnDelete;RollingUpdate
 	// +kubebuilder:default:="OnDelete"
-	UpdateStrategy           appsv1.StatefulSetUpdateStrategyType `json:"updateStrategy,omitempty"`
-	NetworkPolicy            *networkingv1.NetworkPolicy          `json:"networkPolicy,omitempty"`
-	PodSecurityContext       *corev1.PodSecurityContext           `json:"securityContext,omitempty"`
-	ContainerSecurityContext *corev1.SecurityContext              `json:"containerSecurityContext,omitempty"`
+	UpdateStrategy appsv1.StatefulSetUpdateStrategyType `json:"updateStrategy,omitempty"`
+	NetworkPolicy  NetworkPolicy                        `json:"networkPolicy,omitempty"`
+	// +kubebuilder:default:={fsGroup: 2, fsGroupChangePolicy: "OnRootMismatch"}
+	PodSecurityContext *corev1.PodSecurityContext `json:"podSecurityContext,omitempty"`
+	// +kubebuilder:default:={runAsUser: 1000, runAsNonRoot: true, allowPrivilegeEscalation: false}
+	ContainerSecurityContext *corev1.SecurityContext `json:"securityContext,omitempty"`
 
 	Affinity                  *corev1.Affinity                  `json:"affinity,omitempty"`
 	NodeSelector              map[string]string                 `json:"nodeSelector,omitempty"`
@@ -65,14 +66,20 @@ type MarklogicGroupSpec struct {
 	// +kubebuilder:default:={enabled: false, initialDelaySeconds: 10, timeoutSeconds: 5, periodSeconds: 30, successThreshold: 1, failureThreshold: 3}
 	ReadinessProbe ContainerProbe `json:"readinessProbe,omitempty"`
 
+	// +kubebuilder:default:={enabled: false, image: "fluent/fluent-bit:3.1.1", resources: {requests: {cpu: "100m", memory: "200Mi"}, limits: {cpu: "200m", memory: "500Mi"}}, files: {errorLogs: true, accessLogs: true, requestLogs: true}, outputs: "stdout"}
+	LogCollection *LogCollection `json:"logCollection,omitempty"`
+
 	// +kubebuilder:default:={name: "Default", enableXdqpSsl: true}
-	GroupConfig      GroupConfig `json:"groupConfig,omitempty"`
-	License          *License    `json:"license,omitempty"`
-	EnableConverters bool        `json:"enableConverters,omitempty"`
+	GroupConfig      *GroupConfig `json:"groupConfig,omitempty"`
+	License          *License     `json:"license,omitempty"`
+	EnableConverters bool         `json:"enableConverters,omitempty"`
 
 	BootstrapHost string `json:"bootstrapHost,omitempty"`
 
 	DoNotDelete *bool `json:"doNotDelete,omitempty"`
+
+	Service          Service `json:"service,omitempty"`
+	PathBasedRouting bool    `json:"pathBasedRouting,omitempty"`
 }
 
 // InternalState defines the observed state of MarklogicGroup