marklogic · barkhachoithani · Oct 31, 2024 · Oct 7, 2024 · Oct 10, 2024 · Oct 30, 2024
diff --git a/api/v1alpha1/common_types.go b/api/v1alpha1/common_types.go
@@ -100,6 +100,7 @@ type HAProxy struct {
 	Resources    corev1.ResourceList `json:"resources,omitempty"`
 	Affinity     *corev1.Affinity    `json:"affinity,omitempty"`
 	NodeSelector map[string]string   `json:"nodeSelector,omitempty"`
+	Ingress      Ingress             `json:"ingress,omitempty"`
 }
 
 type AppServers struct {
@@ -148,3 +149,14 @@ type TlsForHAProxy struct {
 	SecretName   string `json:"secretName,omitempty"`
 	CertFileName string `json:"certFileName,omitempty"`
 }
+
+type Ingress struct {
+	// +kubebuilder:default:=false
+	Enabled          bool                       `json:"enabled,omitempty"`
+	IngressClassName string                     `json:"ingressClassName,omitempty"`
+	Labels           map[string]string          `json:"labels,omitempty"`
+	Annotations      map[string]string          `json:"annotations,omitempty"`
+	Host             string                     `json:"host,omitempty"`
+	TLS              *networkingv1.IngressTLS   `json:"tls,omitempty"`
+	AdditionalHosts  []networkingv1.IngressRule `json:"additionalHosts,omitempty"`
+}
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/charts/marklogic-operator/templates/deployment.yaml b/charts/marklogic-operator/templates/deployment.yaml
@@ -63,7 +63,7 @@ spec:
           }}
         securityContext: {{- toYaml .Values.controllerManager.manager.containerSecurityContext
           | nindent 10 }}
-      securityContext:
-        runAsNonRoot: true
+      securityContext: {{- toYaml .Values.controllerManager.podSecurityContext | nindent
+        8 }}
       serviceAccountName: {{ include "marklogic-operator.fullname" . }}-controller-manager
       terminationGracePeriodSeconds: 10
diff --git a/charts/marklogic-operator/templates/manager-rbac.yaml b/charts/marklogic-operator/templates/manager-rbac.yaml
@@ -87,6 +87,18 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

diff --git a/charts/marklogic-operator/templates/marklogiccluster-crd.yaml b/charts/marklogic-operator/templates/marklogiccluster-crd.yaml
diff --git a/charts/marklogic-operator/values.yaml b/charts/marklogic-operator/values.yaml
@@ -40,6 +40,8 @@ controllerManager:
       requests:
         cpu: 10m
         memory: 64Mi
+  podSecurityContext:
+    runAsNonRoot: true
   replicas: 1
   serviceAccount:
     annotations: {}

diff --git a/config/crd/bases/database.marklogic.com_marklogicclusters.yaml b/config/crd/bases/database.marklogic.com_marklogicclusters.yaml
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -86,3 +86,15 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
diff --git a/config/samples/marklogiccluster.yaml b/config/samples/marklogiccluster.yaml
@@ -23,14 +23,14 @@ spec:
   ## Uncomment the following lines to enable HAProxy configuration
   haproxy: 
     enabled: false
-  #   pathBasedRouting: true
-  #   frontendPort: 8080
-  #   tcpPorts:
-  #     enabled: true
-  #     ports:
-  #       - name: odbc
-  #         type: TCP
-  #         port: 5432
+    # pathBasedRouting: true
+    # frontendPort: 8080
+    # tcpPorts:
+    #   enabled: true
+    #   ports:
+    #     - name: odbc
+    #       type: TCP
+    #       port: 5432
     # appServers:
     #   - name: "app-service"
     #     port: 8000
@@ -41,16 +41,55 @@ spec:
     #   - name: "manage"
     #     port: 8002
     #     path: "/manage"
-  #   stats:
-  #     enabled: true
-  #     port: 1024
+    # stats:
+    #   enabled: true
+    #   port: 1024
   # resources:
   #   requests:
   #     memory: "4Gi"
   #     cpu: "1"
   #   limits:
   #     memory: "4Gi"
   #     cpu: "1"
+    ## Configure Ingress
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
+    # ingress: 
+    #   enabled: true
+    #   ingressClassName: "alb"
+
+    #   ## Ingress labels
+    #   ## ref: https://kubernetes.io/docs/concepts/overvsiew/working-with-objects/labels/
+    #   labels:
+    #     app.kubernetes.io/name: marklogiccluster
+    #     app.kubernetes.io/instance: marklogiccluster-sample
+
+    #   ## Ingress annotations
+    #   ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+    #   annotations: 
+    #     alb.ingress.kubernetes.io/healthcheck-port: '80'
+    #     alb.ingress.kubernetes.io/healthcheck-path: /adminUI
+    #     alb.ingress.kubernetes.io/success-codes: '200-401'
+    #     alb.ingress.kubernetes.io/load-balancer-name: mlingress
+    #     alb.ingress.kubernetes.io/scheme: internet-facing
+    #     alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}]'
+    #     alb.ingress.kubernetes.io/target-group-attributes: load_balancing.algorithm.type=least_outstanding_requests
+    #     # alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:XXXXXXXXXXX:certificate/XxXXXXXX-xxxx-XXXX-XXXX-XXXXXXXxxxxXXX
+    #     alb.ingress.kubernetes.io/target-type: ip
+    #     alb.ingress.kubernetes.io/group.name: mlingress-group
+    #     alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=600,routing.http.xff_header_processing.mode=append
+
+      ## Ingress hosts
+      ## add default hosts and additional hosts
+      ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
+      # host: ""
+      # additionalHosts: []
+
+      ## Ingress TLS
+      ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+      # tls: {}
+          # - secretName: your-certificate-name
+          #   hosts:
+          #     - marklogic.example.com
 
   # logCollection:
   #   enabled: true
@@ -115,4 +154,4 @@ spec:
     isBootstrap: true
   # - replicas: 1
   #   name: enode
-  #   isBootstrap: false
+  #   isBootstrap: false
diff --git a/internal/controller/marklogiccluster_controller_test.go b/internal/controller/marklogiccluster_controller_test.go
@@ -87,6 +87,11 @@ var _ = Describe("MarklogicCluster Controller", func() {
 							{Name: "AppServices", Type: "http", Port: 8000, TargetPort: 8000, Path: "/console"},
 							{Name: "Admin", Type: "http", Port: 8001, TargetPort: 8001, Path: "/adminUI"},
 							{Name: "Manage", Type: "http", Port: 8002, TargetPort: 8002, Path: "/manage"},
+						},
+						Ingress: databasev1alpha1.Ingress{
+							Enabled:          true,
+							IngressClassName: "alb",
+							Host:             "marklogic-cluster-test.cluster.local",
 						}},
 					NetworkPolicy: databasev1alpha1.NetworkPolicy{
 						Enabled:     true,
@@ -143,6 +148,10 @@ var _ = Describe("MarklogicCluster Controller", func() {
 			Expect(clusterCR.Spec.HAProxy.AppServers[0].Name).Should(Equal("AppServices"))
 			Expect(clusterCR.Spec.HAProxy.AppServers[0].Type).Should(Equal("http"))
 			Expect(clusterCR.Spec.HAProxy.AppServers[0].Port).Should(Equal(int32(8000)))
+			// Validating if Ingress is created successfully
+			Expect(clusterCR.Spec.HAProxy.Ingress.Enabled).Should(Equal(true))
+			Expect(clusterCR.Spec.HAProxy.Ingress.IngressClassName).Should(Equal("alb"))
+			Expect(clusterCR.Spec.HAProxy.Ingress.Host).Should(Equal("marklogic-cluster-test.cluster.local"))
 			// Validating if NetworkPolicy is created successfully
 			Expect(clusterCR.Spec.NetworkPolicy.PolicyTypes).Should(Equal(policy))
 			Expect(clusterCR.Spec.NetworkPolicy.PodSelector).Should(Equal(metav1.LabelSelector{MatchLabels: map[string]string{"app.kubernetes.io/name": "marklogic", "app.kubernetes.io/instance": "dnode"}}))

diff --git a/internal/controller/marklogicgroup_controller.go b/internal/controller/marklogicgroup_controller.go
@@ -52,6 +52,7 @@ const (
 //+kubebuilder:rbac:groups=database.marklogic.com,resources=marklogicgroups/finalizers,verbs=update
 //+kubebuilder:rbac:groups=apps,resources=statefulsets;replicasets;deployments;daemonsets,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=core,resources=pods;services;secrets;configmaps,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update;patch;delete
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.

diff --git a/pkg/k8sutil/haProxy.go b/pkg/k8sutil/haProxy.go
@@ -3,6 +3,8 @@ package k8sutil
 import (
 	"crypto/sha256"
 	"encoding/hex"
+	"sort"
+
 	"github.com/cisco-open/k8s-objectmatcher/patch"
 	databasev1alpha1 "github.com/marklogic/marklogic-kubernetes-operator/api/v1alpha1"
 	"github.com/marklogic/marklogic-kubernetes-operator/pkg/result"
@@ -13,7 +15,6 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/intstr"
-	"sort"
 )
 
 func (cc *ClusterContext) ReconcileHAProxy() result.ReconcileResult {

diff --git a/pkg/k8sutil/haProxyHelper.go b/pkg/k8sutil/haProxyHelper.go
@@ -126,7 +126,6 @@ backend marklogic-{{ .PortNumber}}-backend
 				}
 				result += getBackendServerConfigs(data)
 			}
-			result += "/n"
 		}
 	}
 

diff --git a/pkg/k8sutil/handler.go b/pkg/k8sutil/handler.go
@@ -42,6 +42,11 @@ func (cc *ClusterContext) ReconsileMarklogicClusterHandler() (reconcile.Result,
 		if result := cc.ReconcileHAProxy(); result.Completed() {
 			return result.Output()
 		}
+		if cc.MarklogicCluster.Spec.HAProxy.Ingress.Enabled {
+			if result := cc.ReconcileIngress(); result.Completed() {
+				return result.Output()
+			}
+		}
 	}
 	return result, err
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -126,7 +126,6 @@ backend marklogic-{{ .PortNumber}}-backend @@
     				}
     				result += getBackendServerConfigs(data)
     			}
-    			result += "/n"
     		}
     	}
@@ Expand Down @@