MLE-26747: Operator 1.2.0 Release Changes Commit

MLE-26747: Operator 1.2.0 Release Changes Commit

Author: sumanthravipati

Dockerfile

@@ -1,7 +1,7 @@
 # Copyright (c) 2024-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
 
 # Build the manager binary
-FROM golang:1.24.9 AS builder
+FROM golang:1.25.7 AS builder
 ARG TARGETOS
 ARG TARGETARCH
 

Jenkinsfile

@@ -1,4 +1,4 @@
-// Copyright (c) 2024-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+// Copyright (c) 2024-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
 
 /* groovylint-disable CompileStatic, LineLength, VariableTypeRequired */
 // This Jenkinsfile defines internal MarkLogic build pipeline.
@@ -149,6 +149,18 @@ void runMinikubeCleanup() {
     '''
 }
 
+void runIstioMinikubeSetup() {
+    sh """
+        make e2e-setup-minikube-istio IMG=${operatorRepo}:${VERSION}
+    """
+}
+
+void runIstioE2eTests() {
+    sh """
+        make e2e-test-istio IMG=${operatorRepo}:${VERSION} E2E_ISTIO_AMBIENT=true
+    """
+}
+
 void runBlackDuckScan() {
     // Trigger BlackDuck scan job with CONTAINER_IMAGES parameter when params.PUBLISH_IMAGE is true
     if (params.PUBLISH_IMAGE) {
@@ -201,7 +213,8 @@ pipeline {
     triggers {
         // Trigger nightly builds on the develop branch
         parameterizedCron( env.BRANCH_NAME == 'develop' ? '''00 05 * * * % E2E_MARKLOGIC_IMAGE_VERSION=ml-docker-db-dev-tierpoint.bed-artifactory.bedford.progress.com/marklogic/marklogic-server-ubi-rootless:latest-12
-                                                             00 05 * * * % E2E_MARKLOGIC_IMAGE_VERSION=ml-docker-db-dev-tierpoint.bed-artifactory.bedford.progress.com/marklogic/marklogic-server-ubi-rootless:latest-11; PUBLISH_IMAGE=false''' : '')
+                                                             00 05 * * * % E2E_MARKLOGIC_IMAGE_VERSION=ml-docker-db-dev-tierpoint.bed-artifactory.bedford.progress.com/marklogic/marklogic-server-ubi-rootless:latest-11; PUBLISH_IMAGE=false
+                                                             00 07 * * * % E2E_MARKLOGIC_IMAGE_VERSION=ml-docker-db-dev-tierpoint.bed-artifactory.bedford.progress.com/marklogic/marklogic-server-ubi-rootless:latest-12; VERIFY_ISTIO_AMBIENT=true''' : '')
     }
 
     environment {
@@ -214,9 +227,10 @@ pipeline {
 
     parameters {
         string(name: 'E2E_MARKLOGIC_IMAGE_VERSION', defaultValue: 'ml-docker-db-dev-tierpoint.bed-artifactory.bedford.progress.com/marklogic/marklogic-server-ubi-rootless:latest-12', description: 'Docker image to use for tests.', trim: true)
-        string(name: 'VERSION', defaultValue: '1.1.0', description: 'Version to tag the image with.', trim: true)
+        string(name: 'VERSION', defaultValue: '1.2.0', description: 'Version to tag the image with.', trim: true)
         booleanParam(name: 'PUBLISH_IMAGE', defaultValue: false, description: 'Publish image to internal registry')
         string(name: 'emailList', defaultValue: emailList, description: 'List of email for build notification', trim: true)
+        booleanParam(name: 'VERIFY_ISTIO_AMBIENT', defaultValue: true, description: 'Run Istio ambient mode e2e tests (requires fresh minikube cluster with Istio)')
     }
 
     stages {
@@ -245,6 +259,35 @@ pipeline {
         }
 
         stage('Cleanup Environment') {
+            steps {
+                catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') {
+                    runMinikubeCleanup()
+                }
+            }
+        }
+
+        stage('Istio-Minikube-Setup') {
+            when {
+                expression { return params.VERIFY_ISTIO_AMBIENT }
+            }
+            steps {
+                runIstioMinikubeSetup()
+            }
+        }
+
+        stage('Run-Istio-e2e-Tests') {
+            when {
+                expression { return params.VERIFY_ISTIO_AMBIENT }
+            }
+            steps {
+                runIstioE2eTests()
+            }
+        }
+
+        stage('Istio-Cleanup') {
+            when {
+                expression { return params.VERIFY_ISTIO_AMBIENT }
+            }
             steps {
                 runMinikubeCleanup()
             }

Makefile

@@ -1,11 +1,21 @@
-# Copyright (c) 2024-2025 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+# Copyright (c) 2024-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
 
 # VERSION defines the project version for the bundle.
 # Update this value when you upgrade the version of your project.
 # To re-generate a bundle for another specific version without changing the standard setup, you can:
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
-VERSION ?= 1.1.1
+VERSION ?= 1.2.0
+
+# Tool Versions
+KUSTOMIZE_VERSION ?= v5.5.0
+CONTROLLER_TOOLS_VERSION ?= v0.19.0
+ISTIO_VERSION ?= 1.28.3
+OPERATOR_SDK_VERSION ?= v1.34.2
+GOLANGCI_LINT_VERSION ?= v1.62.2
+
+# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
+ENVTEST_K8S_VERSION = 1.31.0
 
 # VERIFY_HUGE_PAGES defines if hugepages test is enabled or not for e2e test
 VERIFY_HUGE_PAGES ?= false
@@ -14,10 +24,9 @@ export E2E_DOCKER_IMAGE ?= $(IMG)
 export E2E_KUSTOMIZE_VERSION ?= $(KUSTOMIZE_VERSION)
 export E2E_CONTROLLER_TOOLS_VERSION ?= $(CONTROLLER_TOOLS_VERSION)
 export E2E_MARKLOGIC_IMAGE_VERSION ?= progressofficial/marklogic-db:12.0.0-ubi9-rootless-2.2.2
+export FLUENT_BIT_IMAGE ?= fluent/fluent-bit:4.1.1
 export E2E_KUBERNETES_VERSION ?= v1.31.13
-
-# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.31.0
+export E2E_ISTIO_AMBIENT ?= false
 
 
 # CHANNELS define the bundle channels used in the bundle.
@@ -61,10 +70,6 @@ ifeq ($(USE_IMAGE_DIGESTS), true)
 	BUNDLE_GEN_FLAGS += --use-image-digests
 endif
 
-# Set the Operator SDK version to use. By default, what is installed on the system is used.
-# This is useful for CI or a project to utilize a specific version of the operator-sdk toolkit.
-OPERATOR_SDK_VERSION ?= v1.34.2
-
 # Image URL to use all building/pushing image targets
 # Image for dev: ml-marklogic-operator-dev.bed-artifactory.bedford.progress.com/marklogic-operator-kubernetes
 IMG ?= progressofficial/marklogic-operator-kubernetes:$(VERSION)
@@ -157,15 +162,43 @@ else
 	go test -v -count=1 -timeout 30m ./test/e2e
 endif
 
+.PHONY: e2e-test-istio  # Run Istio ambient mode e2e tests
+e2e-test-istio:
+	@echo "=====Running Istio ambient mode e2e tests"
+	E2E_ISTIO_AMBIENT=true go test -v -count=1 -timeout 30m ./test/e2e -run "Test(Istio|NonIstio)"
+
 .PHONY: e2e-setup-minikube
 e2e-setup-minikube: kustomize controller-gen build docker-build
 	minikube version
 	minikube delete || true
 	minikube start --driver=docker --kubernetes-version=$(E2E_KUBERNETES_VERSION) --memory=8192 --cpus=2
 	minikube addons enable ingress
+	minikube addons enable storage-provisioner
+	minikube addons enable default-storageclass
+	minikube image load $(IMG)
+	minikube image load $(E2E_MARKLOGIC_IMAGE_VERSION)
+	minikube image load "docker.io/haproxytech/haproxy-alpine:3.2"
+	minikube image load $(FLUENT_BIT_IMAGE)
+	minikube image ls
+
+.PHONY: e2e-setup-minikube-istio
+e2e-setup-minikube-istio: kustomize controller-gen build docker-build istioctl ## Setup minikube with Istio ambient mode for e2e tests.
+	minikube version
+	minikube delete || true
+	minikube start --driver=docker --kubernetes-version=$(E2E_KUBERNETES_VERSION) --memory=8192 --cpus=2
+	minikube addons enable ingress
+	minikube addons enable storage-provisioner
+	minikube addons enable default-storageclass
+	@echo "=====Installing Istio with ambient profile====="
+	$(ISTIOCTL) install --set profile=ambient -y
+	@echo "=====Waiting for Istio components to be ready====="
+	kubectl wait --for=condition=Ready pods --all -n istio-system --timeout=120s
+	@echo "=====Istio ambient mode installed successfully====="
+	kubectl get pods -n istio-system
 	minikube image load $(IMG)
 	minikube image load $(E2E_MARKLOGIC_IMAGE_VERSION)
 	minikube image load "docker.io/haproxytech/haproxy-alpine:3.2"
+	minikube image load $(FLUENT_BIT_IMAGE)
 	minikube image ls
 
 .PHONY: e2e-cleanup-minikube
@@ -174,7 +207,6 @@ e2e-cleanup-minikube:
 	minikube delete
 
 GOLANGCI_LINT = $(shell pwd)/bin/golangci-lint
-GOLANGCI_LINT_VERSION ?= v1.62.2
 golangci-lint:
 	@[ -f $(GOLANGCI_LINT) ] || { \
 	set -e ;\
@@ -263,10 +295,7 @@ KUBECTL ?= kubectl
 KUSTOMIZE ?= $(LOCALBIN)/kustomize
 CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
 ENVTEST ?= $(LOCALBIN)/setup-envtest
-
-## Tool Versions
-KUSTOMIZE_VERSION ?= v5.5.0
-CONTROLLER_TOOLS_VERSION ?= v0.19.0
+ISTIOCTL ?= $(LOCALBIN)/istioctl
 
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. If wrong version is installed, it will be removed before downloading.
@@ -288,6 +317,41 @@ envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
 $(ENVTEST): $(LOCALBIN)
 	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
 
+.PHONY: istioctl
+istioctl: $(ISTIOCTL) ## Download istioctl locally if necessary.
+$(ISTIOCTL): $(LOCALBIN)
+ifeq (,$(wildcard $(ISTIOCTL)))
+ifeq (, $(shell which istioctl 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(ISTIOCTL)) ;\
+	OS=$$(uname | tr '[:upper:]' '[:lower:]') ;\
+	if [ "$$OS" = "darwin" ]; then OS=osx; fi ;\
+	ARCH=$$(go env GOARCH) ;\
+	ARCHIVE="istio-$(ISTIO_VERSION)-$${OS}-$${ARCH}.tar.gz" ;\
+	URL="https://github.com/istio/istio/releases/download/$(ISTIO_VERSION)/$${ARCHIVE}" ;\
+	TMP_DIR=$$(mktemp -d) ;\
+	echo "Downloading istioctl $(ISTIO_VERSION) for $${OS}-$${ARCH}..." ;\
+	curl -sSLo "$$TMP_DIR/$${ARCHIVE}" "$${URL}" ;\
+	curl -sSLo "$$TMP_DIR/$${ARCHIVE}.sha256" "$${URL}.sha256" ;\
+	cd "$$TMP_DIR" ;\
+	if command -v sha256sum >/dev/null 2>&1; then \
+		sha256sum -c "$${ARCHIVE}.sha256" ;\
+	else \
+		shasum -a 256 -c "$${ARCHIVE}.sha256" ;\
+	fi ;\
+	tar xzf "$${ARCHIVE}" ;\
+	cd - > /dev/null ;\
+	mv "$$TMP_DIR/istio-$(ISTIO_VERSION)/bin/istioctl" "$(ISTIOCTL)" ;\
+	rm -rf "$$TMP_DIR" ;\
+	chmod +x "$(ISTIOCTL)" ;\
+	echo "istioctl successfully installed to $(ISTIOCTL)" ;\
+	}
+else
+ISTIOCTL = $(shell which istioctl)
+endif
+endif
+
 .PHONY: operator-sdk
 OPERATOR_SDK ?= $(LOCALBIN)/operator-sdk
 operator-sdk: ## Download operator-sdk locally if necessary.
@@ -370,7 +434,7 @@ $(HELMIFY): $(LOCALBIN)
 
 helm: manifests kustomize helmify
 	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
-	$(KUSTOMIZE) build config/default | $(HELMIFY) -image-pull-secrets -original-name charts/marklogic-operator-kubernetes 
+	$(KUSTOMIZE) build config/default | $(HELMIFY) -image-pull-secrets -original-name charts/marklogic-operator-kubernetes
 
 .PHONY: image-scan
 image-scan: docker-build

README.md

@@ -1,4 +1,4 @@
-# MarkLogic Operator for Kuberentes
+# MarkLogic Operator for Kubernetes
 
 ## Introduction
 
@@ -29,71 +29,89 @@ helm repo update
 
 2. Install or upgrade the Helm Chart for MarkLogic Operator: 
 ```sh
-helm upgrade marklogic-operator marklogic-operator/marklogic-operator-kubernetes --version=1.1.1 --install --namespace marklogic-operator-system --create-namespace
+helm upgrade marklogic-operator marklogic-operator/marklogic-operator-kubernetes --version=1.2.0 --install --namespace marklogic-operator-system --create-namespace
 ```
 
-3. Make sure the Marklogic Operator pod is running:
+3. Make sure the MarkLogic Operator pod is running:
 ```sh
 kubectl get pods -n marklogic-operator-system 
 ```
 
 4. Use this command to verify CRDs are correctly installed:
 ```sh
- kubectl get crd -n marklogic-operator-system | grep 'marklogic'
+kubectl get crd -n marklogic-operator-system | grep 'marklogic'
 ```
 
 ### Install MarkLogic Cluster
-Once MarkLogic Operator Pod is running, use your custom manifests or choose from sample manifests from this repository located in the ./config/samples directory.
-Optionally, create a dedicated namespace for new MarkLogic resources.
-  ```sh
-  kubectl create namespace <namespace-name>
-  ```
-To deploy marklogic single group, use the `quick_start.yaml` from the config/samples: 
-  ```sh
-  kubectl apply -f quick_start.yaml --namespace=<namespace-name>
-  ```
-Once the installation is complete and the pod is in a running state, the MarkLogic Admin UI can be accessed using the port-forwarding command:
+Once MarkLogic Operator Pod is running, use your custom manifests or choose from sample manifests from this repository located in the `./config/samples` directory.
+Optionally, create a dedicated namespace for new MarkLogic resources:
+```sh
+kubectl create namespace <namespace-name>
+```
+
+To deploy a MarkLogic single group, use the `quick_start.yaml` from the `config/samples`: 
+```sh
+kubectl apply -f quick_start.yaml --namespace=<namespace-name>
+```
 
-  ```sh
-  kubectl port-forward <pod-name> 8000:8000 8001:8001 --namespace=<namespace-name>
-  ```
+Once the installation is complete and the pod is in a running state, the MarkLogic Admin UI can be accessed using the port-forwarding command:
+```sh
+kubectl port-forward <pod-name> 8000:8000 8001:8001 --namespace=<namespace-name>
+```
 
 If you used the automatically generated admin credentials, use these steps to extract the admin username, password, and wallet-password from a secret:
 
 1. Run this command to fetch all of the secret names:
-  ```sh
-  kubectl get secrets --namespace=<namespace-name>
-  ```
-The MarkLogic admin secret name is in the format  `<marklogicCluster-name>-admin`. For example if markLogicCluster name is `single-node`, the secret name is `single-node-admin`.
+```sh
+kubectl get secrets --namespace=<namespace-name>
+```
+The MarkLogic admin secret name is in the format `<marklogicCluster-name>-admin`. For example, if the markLogicCluster name is `single-node`, the secret name is `single-node-admin`.
 
 2. Using the secret name from step 1, retrieve the MarkLogic admin credentials using these commands:
-  ```sh
-  kubectl get secret single-node-admin --namespace=<namespace-name> -o jsonpath='{.data.username}' | base64 --decode; echo
+```sh
+kubectl get secret single-node-admin --namespace=<namespace-name> -o jsonpath='{.data.username}' | base64 --decode; echo
 
-  kubectl get secret single-node-admin --namespace=<namespace-name> -o jsonpath='{.data.password}' | base64 --decode; echo
+kubectl get secret single-node-admin --namespace=<namespace-name> -o jsonpath='{.data.password}' | base64 --decode; echo
 
-  kubectl get secret single-node-admin --namespace=<namespace-name> -o jsonpath='{.data.wallet-password}' | base64 --decode; echo
-  ```
+kubectl get secret single-node-admin --namespace=<namespace-name> -o jsonpath='{.data.wallet-password}' | base64 --decode; echo
+```
 
 For additional manifests to deploy a MarkLogic cluster inside a Kubernetes cluster, see [Operator manifest](https://docs.progress.com/bundle/marklogic-server-on-kubernetes/operator/Operator-manifest.html) in the documentation.
 
 ## Clean Up
 
 #### Cleaning up MarkLogic Cluster
-Use this step to delete MarkLogic cluster and other resources created from the manifests used in the above [step](#install-marklogic-cluster):
-  ```sh
-  kubectl delete -f quick_start.yaml --namespace=<namespace-name>
-  ```
+Use this step to delete the MarkLogic cluster and other resources created from the manifests used in the above [step](#install-marklogic-cluster):
+```sh
+kubectl delete -f quick_start.yaml --namespace=<namespace-name>
+```
+
+Manually delete the persistent volume claims:
+```sh
+kubectl delete pvc -n <namespace-name> -l app.kubernetes.io/name=marklogic
+```
 
 #### Deleting Helm chart
-Use these steps to delete MarkLogic Operator Helm chart and the namespace created:
+Use these steps to delete the MarkLogic Operator Helm chart and the namespace created:
 ```sh
 helm delete marklogic-operator --namespace marklogic-operator-system
 kubectl delete namespace marklogic-operator-system
 ```
 
+> **Note for version 1.2.0 and later:** The MarkLogic Operator includes the `helm.sh/resource-policy: keep` annotation. When you delete the operator using the Helm command above, the Custom Resource Definitions (CRDs) and your existing MarkLogic deployments are preserved and will **not** be deleted automatically. 
+
+#### Deleting Custom Resource Definitions (CRDs)
+To perform a complete system wipe and manually delete the Custom Resource Definitions (CRDs):
+
+**Warning:** Deleting a CRD will automatically delete all Custom Resources of that type across the entire Kubernetes cluster. Only proceed if you are certain you want to permanently remove all MarkLogic resources.
+
+```sh
+kubectl delete crd marklogicclusters.marklogic.progress.com
+kubectl delete crd marklogicgroups.marklogic.progress.com
+```
+
 ## Known Issues and Limitations
 
-1. The latest released version of fluent/fluent-bit:4.1.1 has high security vulnerabilities. If you decide to enable the log collection feature, choose and deploy the fluent-bit or an alternate image with no vulnerabilities as per your requirements.
-2. Known Issues and Limitations for the MarkLogic Server Docker image can be viewed using the link: https://github.com/marklogic/marklogic-docker?tab=readme-ov-file#Known-Issues-and-Limitations.
-3. If you're updating the group name configuration, ensure that you delete the pod to apply the changes, as we are using the OnDelete upgrade strategy.
+1. The latest released version of `fluent/fluent-bit:4.1.1` has high security vulnerabilities. If you decide to enable the log collection feature, choose and deploy the fluent-bit or an alternate image with no vulnerabilities as per your requirements.
+2. Known Issues and Limitations for the MarkLogic Server Docker image can be viewed using the link: [https://github.com/marklogic/marklogic-docker?tab=readme-ov-file#Known-Issues-and-Limitations](https://github.com/marklogic/marklogic-docker?tab=readme-ov-file#Known-Issues-and-Limitations).
+3. If you're updating the group name configuration, ensure that you delete the pod to apply the changes, as we are using the OnDelete upgrade strategy.