marklogic · pengzhouml · Jul 8, 2025 · Nov 25, 2024 · Nov 27, 2024 · Apr 4, 2025
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -149,8 +149,7 @@ void imageScan() {
     sh '''rm -f dep-image-scan.txt'''
 
     // trigger BlackDuck scan
-    def rawImageList = readFile(file: 'helm_image.list').trim()
-    def imageList = rawImageList.endsWith(',') ? rawImageList[0..-2] : rawImageList
+    def imageList = readFile(file: 'helm_image.list').trim()
     build job: 'securityscans/Blackduck/KubeNinjas/kubernetes-helm', wait: false, parameters: [ string(name: 'branch', value: "${env.BRANCH_NAME}"), string(name: 'CONTAINER_IMAGES', value: "${imageList}") ]
 }
 

diff --git a/LICENSE.txt b/LICENSE.txt
@@ -1,4 +1,4 @@
-Copyright © 2022-2025 MarkLogic Corporation.
+Copyright © 2022-2025 Progress Software Corporation and/or its subsidiaries or affiliates.  All rights reserved.
 
 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
 

diff --git a/NOTICE.txt b/NOTICE.txt
diff --git a/README.md b/README.md
@@ -137,7 +137,7 @@ Following table lists all the parameters supported by the latest MarkLogic Helm
 | `image.repository`                                  | Repository for MarkLogic image                                                                                                                                                         | `progressofficial/marklogic-db` |
 | `image.tag`                                         | Image tag for MarkLogic image                                                                                                                                                          | `11.3.1-ubi-rootless-2.1.2`      |
 | `image.pullPolicy`                                  | Image pull policy for MarkLogic image                                                                                                                                                  | `IfNotPresent`             |
-| `initContainers.utilContainer.image`                | Image for copyCerts and volume permission change for root to rootless upgrade InitContainer                                                                                                                                                      | `redhat/ubi9:9.5`          |
+| `initContainers.utilContainer.image`                | Image for copyCerts and volume permission change for root to rootless upgrade InitContainer                                                                                                                                                      | `redhat/ubi9:9.6`          |
 | `initContainers.utilContainer.pullPolicy`           | Pull policy for copyCerts and volume permission change for root to rootless upgrade InitContainer                                                                                                                                                | `IfNotPresent`             |
 | `imagePullSecrets`                                  | Registry secret names as an array                                                                                                                                                      | `[]`                       |
 | `hugepages.enabled`                                 | Parameter to enable Hugepage on MarkLogic                                                                                                                                              | `false`                    |
@@ -211,6 +211,9 @@ Following table lists all the parameters supported by the latest MarkLogic Helm
 | `logCollection.files.auditLogs`                     | Parameter to enable collection of MarkLogics audit logs when log collection is enabled                                                                                                 | `true`                     |
 | `logCollection.outputs`                             | Configure desired output for fluent-bit                                                                                                                                                | `""`                       |
 | `haproxy.enabled`                                   | Parameter to enable the HAProxy Load Balancer for MarkLogic Server                                                                                                                     | `false`                    |
+| `haproxy.image.repository`                          | Repository for HAProxy image                                       | `haproxytech/haproxy-alpine`                    |
+| `haproxy.image.tag`                                 | Tag for HAProxy image                                       | `3.2.1`                    |
+| `haproxy.image.pullPolicy`                          | Haproxy iamge Pull Policy                                        | `IfNotPresent`                    |
-| `haproxy.image.pullPolicy`                          | Haproxy iamge Pull Policy                                        | `IfNotPresent`                    |
+| `haproxy.image.pullPolicy`                          | Haproxy image Pull Policy                                        | `IfNotPresent`                    |
-| `haproxy.image.pullPolicy`                          | Haproxy iamge Pull Policy                                        | `IfNotPresent`                    |
+| `haproxy.image.pullPolicy`                          | Haproxy image Pull Policy                                        | `IfNotPresent`                    |
 | `haproxy.existingConfigmap`                         | Name of an existing configmap with configuration for HAProxy                                                                                                                           | `marklogic-haproxy`        |
 | `haproxy.replicaCount`                              | Number of HAProxy Deployment                                                                                                                                                           | `2`                        |
 | `haproxy.restartWhenUpgrade.enabled`                | Automatically roll Deployments for every helm upgrade                                                                                                                                  | `true`                     |

diff --git a/charts/Chart.yaml b/charts/Chart.yaml
@@ -17,4 +17,4 @@ keywords:
 sources:
   - https://github.com/marklogic/marklogic-kubernetes
   - https://www.marklogic.com/
-version: 2.0.1
+version: 2.1.0
diff --git a/charts/charts/haproxy/templates/configmap.yaml b/charts/charts/haproxy/templates/configmap.yaml
@@ -13,7 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 
-Modifications copyright © 2022-2025 MarkLogic Corporation.
+Modifications copyright © 2022-2025 Progress Software Corporation and/or its subsidiaries or affiliates.
 This file is modified from the original file to support the MarkLogic Kubernetes Helm Chart.
 */}}
 

diff --git a/charts/charts/haproxy/templates/deployment.yaml b/charts/charts/haproxy/templates/deployment.yaml
@@ -13,7 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 
-Modifications copyright © 2022-2025 MarkLogic Corporation.
+Modifications copyright © 2022-2025 Progress Software Corporation and/or its subsidiaries or affiliates.
 This file is modified from the original file to support the MarkLogic Kubernetes Helm Chart.
 */}}
 

diff --git a/charts/charts/haproxy/templates/service.yaml b/charts/charts/haproxy/templates/service.yaml
@@ -13,7 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 
-Modifications copyright © 2022-2025 MarkLogic Corporation.
+Modifications copyright © 2022-2025 Progress Software Corporation and/or its subsidiaries or affiliates.
 This file is modified from the original file to support the MarkLogic Kubernetes Helm Chart.
 */}}
 

diff --git a/charts/charts/haproxy/values.yaml b/charts/charts/haproxy/values.yaml
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-# Modifications copyright © 2022-2025 MarkLogic Corporation.
+# Modifications copyright © 2022-2025 Progress Software Corporation and/or its subsidiaries or affiliates.
 # This file is modified from the original file to support the MarkLogic Kubernetes Helm Chart.
 
 ## Default values for HAProxy

diff --git a/charts/templates/configmap-haproxy.yaml b/charts/templates/configmap-haproxy.yaml
@@ -112,7 +112,7 @@ data:
       balance leastconn
       option forwardfor
       http-request replace-path {{ $appservicespath }}(/)?(.*) /\2
-      cookie haproxy insert indirect httponly secure nocache maxidle 30m maxlife 4h
+      cookie haproxy insert indirect httponly nocache maxidle 30m maxlife 4h
       stick-table type string len 32 size 10k expire 4h
       stick store-response res.cook(HostId)
       stick store-response res.cook(SessionId)
@@ -132,7 +132,7 @@ data:
       balance leastconn
       option forwardfor
       http-request replace-path {{ $adminpath }}(/)?(.*) /\2
-      cookie haproxy insert indirect httponly secure nocache maxidle 30m maxlife 4h 
+      cookie haproxy insert indirect httponly nocache maxidle 30m maxlife 4h 
       stick-table type string len 32 size 10k expire 4h
       stick store-response res.cook(HostId)
       stick store-response res.cook(SessionId)
@@ -152,7 +152,7 @@ data:
       balance leastconn
       option forwardfor
       http-request replace-path {{ $managepath }}(/)?(.*) /\2
-      cookie haproxy insert indirect httponly secure nocache maxidle 30m maxlife 4h 
+      cookie haproxy insert indirect httponly nocache maxidle 30m maxlife 4h 
       stick-table type string len 32 size 10k expire 4h
       stick store-response res.cook(HostId)
       stick store-response res.cook(SessionId)
@@ -177,7 +177,7 @@ data:
       balance leastconn
       option forwardfor
       http-request replace-path {{$path}}(/)?(.*) /\2
-      cookie haproxy insert indirect httponly secure nocache maxidle 30m maxlife 4h 
+      cookie haproxy insert indirect httponly nocache maxidle 30m maxlife 4h 
       stick-table type string len 32 size 10k expire 4h
       stick store-response res.cook(HostId)
       stick store-response res.cook(SessionId)
@@ -209,7 +209,7 @@ data:
       mode http
       balance leastconn
       option forwardfor
-      cookie haproxy insert indirect httponly secure nocache maxidle 30m maxlife 4h 
+      cookie haproxy insert indirect httponly nocache maxidle 30m maxlife 4h 
       stick-table type string len 32 size 10k expire 4h
       stick store-response res.cook(HostId)
       stick store-response res.cook(SessionId)
@@ -238,7 +238,7 @@ data:
       mode http
       balance leastconn
       option forwardfor
-      cookie haproxy insert indirect httponly secure nocache maxidle 30m maxlife 4h 
+      cookie haproxy insert indirect httponly nocache maxidle 30m maxlife 4h 
       stick-table type string len 32 size 10k expire 4h
       stick store-response res.cook(HostId)
       stick store-response res.cook(SessionId)
@@ -267,7 +267,7 @@ data:
       mode http
       balance leastconn
       option forwardfor
-      cookie haproxy insert indirect httponly secure nocache maxidle 30m maxlife 4h 
+      cookie haproxy insert indirect httponly nocache maxidle 30m maxlife 4h 
       stick-table type string len 32 size 10k expire 4h
       stick store-response res.cook(HostId)
       stick store-response res.cook(SessionId)
@@ -300,7 +300,7 @@ data:
       mode http
       balance leastconn
       option forwardfor
-      cookie haproxy insert indirect httponly secure nocache maxidle 30m maxlife 4h 
+      cookie haproxy insert indirect httponly nocache maxidle 30m maxlife 4h 
       stick-table type string len 32 size 10k expire 4h
       stick store-response res.cook(HostId)
       stick store-response res.cook(SessionId)

diff --git a/charts/templates/configmap-scripts.yaml b/charts/templates/configmap-scripts.yaml
@@ -1,52 +1,15 @@
 # This configMap contains scirpts for MarkLogic Helm Chart:
-# liveness-probe.sh
 # copy-certs.sh
 # prestop-hook.sh
 # poststart-hook.sh
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: {{ include "marklogic.fullname" . }}-scripts
+  namespace: {{ .Release.Namespace }}
 data:
-  liveness-probe.sh: |
-    #!/bin/bash
-    pid=$(ps aux | grep "/bin/bash /usr/local/bin/start-marklogic.sh" | grep -v grep | awk '{print $2}')
-    log () {
-      local TIMESTAMP=$(date +"%Y-%m-%d %T.%3N")
-      # Check to make sure pod doesn't terminate if PID value is empty for any reason
-      if [ -n "$pid" ]; then
-          echo "${TIMESTAMP} $@" > /proc/$pid/fd/1
-      fi
-    }
-
-    # Check if ML service is running. Exit with 1 if it is other than running
-    if [ -e /etc/init.d/MarkLogic ]; then
-        ml_status=$(/etc/init.d/MarkLogic status)
-    else
-        ml_status=$(/etc/MarkLogic/MarkLogic-service.sh status)
-    fi
-    
-    if [[ "$ml_status" =~ "running" ]]; then
-        http_code=$(curl -o /tmp/probe_response.txt -s -w "%{http_code}" "http://${HOSTNAME}:8001/admin/v1/timestamp")
-        curl_code=$?
-        http_resp=$(cat /tmp/probe_response.txt)
-
-        if [[ $curl_code -ne 0 && $http_code -ne 401 ]]; then
-            log "Info: [Liveness Probe] Error with MarkLogic"
-            log "Info: [Liveness Probe] Curl response code: "$curl_code
-            log "Info: [Liveness Probe] Http response code: "$http_code
-            log "Info: [Liveness Probe] Http response message: "$http_resp 
-        fi
-        rm -f /tmp/probe_response.txt
-        exit 0
-    else
-        exit 1
-    fi
-
   copy-certs.sh: |
     #!/bin/bash
-    MARKLOGIC_ADMIN_USERNAME="$(< /run/secrets/ml-secrets/username)"            
-    MARKLOGIC_ADMIN_PASSWORD="$(< /run/secrets/ml-secrets/username)"
     log () {
         local TIMESTAMP=$(date +"%Y-%m-%d %T.%3N")
         echo "${TIMESTAMP}  $@"
@@ -118,15 +81,9 @@ data:
     MARKLOGIC_ADMIN_USERNAME="$(< /run/secrets/ml-secrets/username)"
     MARKLOGIC_ADMIN_PASSWORD="$(< /run/secrets/ml-secrets/password)"
 
-    pid=$(ps aux | grep "/bin/bash /usr/local/bin/start-marklogic.sh" | grep -v grep | awk '{print $2}')
-
     log () {
         local TIMESTAMP=$(date +"%Y-%m-%d %T.%3N")
-        # Check to make sure pod doesn't terminate if PID value is empty for any reason
-        # If PID value is empty preStart hook logs are not recorded
-        if [ -n "$pid" ]; then
-            echo "${TIMESTAMP} $@" > /proc/$pid/fd/1
-        fi
+        echo "${TIMESTAMP} $@" > /proc/1/fd/1
     }
 
     log "Info: [prestop] Prestop Hook Execution"
@@ -195,8 +152,6 @@ data:
         echo "IS_BOOTSTRAP_HOST false"
     fi
 
-    pid=$(ps aux | grep "/bin/bash /usr/local/bin/start-marklogic.sh" | grep -v grep | awk '{print $2}')
-
     ###############################################################
     # Logging utility
     ###############################################################
@@ -215,16 +170,30 @@ data:
 
     log () {
         local TIMESTAMP=$(date +"%Y-%m-%d %T.%3N")
-        # Check to make sure pod doesn't terminate if PID value is empty for any reason
-        # If PID value is empty postStart hook logs are not recorded
         message="${TIMESTAMP} [postStart] $@"
-        if [ -n "$pid" ]; then
-            echo $message  > /proc/$pid/fd/1
-        fi
-        
+        echo $message  > /proc/1/fd/1
         echo $message >> /tmp/script.log
     }
 
+    # Function to retry a command based on the return code
+    # $1: The number of retries
+    # $2: The command to run
+    retry() {
+        local retries=$1
+        shift
+        local count=0
+        until "$@"; do
+            exit_code=$?
+            count=$((count + 1))
+            if [ $count -ge $retries ]; then
+            echo "Command failed after $retries attempts."
+            return $exit_code
+            fi
+            echo "Attempt $count failed. Retrying..."
+            sleep 5
+        done
+    }
+
     ###############################################################
     # Function to get the current host protocol
     # $1: The host name
@@ -608,6 +577,7 @@ data:
                     info "group \"${current_group}\" updated and a restart of all hosts in the group was triggered"
                 else
                     info "unexpected response when updating group \"${current_group}\": ${response_code}"
+                    return 1
                 fi
             else
                 info "failed to get current group, response code: ${response_code}"
@@ -633,7 +603,7 @@ data:
         else
             info "not bootstrap host. Skip group configuration"
         fi
-
+        return 0
     }
 
     function configure_tls {
@@ -862,10 +832,10 @@ data:
        if [[ "${MARKLOGIC_CLUSTER_TYPE}" == "bootstrap" ]]; then
             log "Info:  bootstrap host is ready"
             init_security_db
-            configure_group
+            retry 5 configure_group
         else 
             log "Info:  bootstrap host is ready"
-            configure_group
+            retry 5 configure_group
             join_cluster $HOST_FQDN
         fi
         configure_path_based_routing
@@ -889,13 +859,8 @@ data:
     #!/bin/bash
     log () {
       local TIMESTAMP=$(date +"%Y-%m-%d %T.%3N")
-      # Check to make sure pod doesn't terminate if PID value is empty for any reason
-      if [ -n "$pid" ]; then
-          echo "${TIMESTAMP} $@" > /proc/$pid/fd/1
-      fi
+      echo "${TIMESTAMP} $@" > /proc/1/fd/1
     }
-    
-    pid=$(ps aux | grep "/bin/bash /usr/local/bin/start-marklogic.sh" | grep -v grep | awk '{print $2}')
 
     log "Info: [root-rootless-upgrade] Execution Start"
 

diff --git a/charts/templates/serviceaccount.yaml b/charts/templates/serviceaccount.yaml
@@ -3,6 +3,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: {{ include "marklogic.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
     {{- include "marklogic.labels" . | nindent 4 }}
 imagePullSecrets:

diff --git a/charts/templates/statefulset.yaml b/charts/templates/statefulset.yaml
@@ -200,10 +200,8 @@ spec:
           {{- end }}
           {{- if .Values.livenessProbe.enabled }}
           livenessProbe:
-            exec:
-              command:
-                - /bin/bash
-                - /tmp/helm-scripts/liveness-probe.sh
+            tcpSocket:
+              port: 8001
             initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
             periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
             timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}

diff --git a/charts/values.yaml b/charts/values.yaml
@@ -45,13 +45,13 @@ rootToRootlessUpgrade: false
 ## Marklogic image parameters
 image:
   repository: progressofficial/marklogic-db
-  tag: 11.3.1-ubi-rootless-2.1.2
+  tag: 11.3.1-ubi-rootless-2.1.3
   pullPolicy: IfNotPresent
 
 ## Init container image parameters
 initContainers:
   utilContainer:
-    image: "redhat/ubi9:9.5"
+    image: "redhat/ubi9:9.6"
     pullPolicy: IfNotPresent
 
 ## Configure the imagePullSecrets to pull the image from private repository that requires credential
@@ -348,6 +348,10 @@ logCollection:
 ## It also support multi-statement transaction and ODBC connections.  
 haproxy:
   enabled: false
+  image:
+    repository: haproxytech/haproxy-alpine
+    tag: "3.2.1"
+    pullPolicy: IfNotPresent
 
   ## Name of an existing configmap with configuration for HAProxy
   existingConfigmap: marklogic-haproxy