Helm Chart parameter reference
- Last Updated: April 14, 2026
- 5 minute read
- MarkLogic Server
- Documentation
| Name | Description | Default Value |
|---|---|---|
| additionalContainerPorts | List of ports in addition to the defaults exposed at the container level. This does not typically need to be updated. Use service.additionalPorts to expose app server ports |
[] |
| additionalVolumeClaimTemplates | List of additional volumeClaimTemplates to each MarkLogic container | [] |
| additionalVolumeMounts | List of mount points for the additional volumes to add to the MarkLogic containers | [] |
| additionalVolumes | List of additional volumes to add to the MarkLogic containers | [] |
| affinity | Affinity for MarkLogic pods assignment | {} |
| allowLongHostnames | Indicates whether to allow deployment with hostnames over 64 characters | false |
| bootstrapHostName | Host name of MarkLogic bootstrap host (to join a cluster) | "" |
| clusterDomain | Domain for the Kubernetes cluster | cluster.local |
| enableConverters | Parameter to Install converters for the client if they are not already installed | false |
| fullnameOverride | String to completely replace the generated name | "" |
| imagePullSecrets | Registry secret names as an array | [] |
| nameOverride | String to override the app name | "" |
| nodeSelector | Node labels for MarkLogic pods assignment | {} |
| podAnnotations | Pod annotations | {} |
| priorityClassName | Name of a PriortyClass defined to set pod priority | "" |
| replicaCount | Number of MarkLogic nodes | 1 |
| resources | The resource requests and limits for MarkLogic container | {} |
| rootToRootlessUpgrade | Migrate from MarkLogic root to rootless image | false |
| terminationGracePeriod | Seconds before the MarkLogic pod terminates gracefully | 120 |
| topologySpreadConstraints | POD topology spread constraints to spread pods across the cluster | [] |
| useLegacyHostnames | Use the legacy hostnames used before the 1.1.0 version | false |
| auth.adminPassword | Password for default MarkLogic Administrator | "" |
| auth.adminUsername | Username for default MarkLogic Administrator | "" |
| auth.secretName | Kubernetes Secret name for MarkLogic Admin credentials | "" |
| auth.walletPassword | Password for wallet | "" |
| containerSecurityContext.allowPrivilegeEscalation | Controls whether a process can gain more privileges than its parent process | false |
| containerSecurityContext.enabled | Parameter to enable security context for MarkLogic containers | true |
| containerSecurityContext.runAsNonRoot | Indicates that the container must run as a non-root user | true |
| containerSecurityContext.runAsUser | User ID to run the entrypoint of the container process | 1000 |
| group.enableXdqpSsl | SSL encryption for XDQP | true |
| group.name | Group name for joining MarkLogic Cluster | Default |
| haproxy.additionalAppServers | List of additional HTTP ports configuration for HAproxy | [] |
| haproxy.affinity | Affinity for HAProxy pods assignment | {} |
| haproxy.defaultAppServers.admin.path | Path used to expose MarkLogic Admin App-Server | "" |
| haproxy.defaultAppServers.appservices.path | Path used to expose MarkLogic App-Services App-Server | "" |
| haproxy.defaultAppServers.manage.path | Path used to expose the MarkLogic Manage App-Server | "" |
| haproxy.enabled | Parameter to enable the HAProxy Load Balancer for MarkLogic Server | false |
| haproxy.existingConfigmap | Name of an existing configmap with configuration for HAProxy | marklogic-haproxy |
| haproxy.frontendPort | Listening port in the front-end section of the HAProxy when using path-based routing | 443 |
| haproxy.nodeSelector | Node labels for HAProxy pods assignment | {} |
| haproxy.pathbased.enabled | Parameter to enable path based routing on the HAProxy Load Balancer for MarkLogic | false |
| haproxy.replicaCount | Number of HAProxy deployment | 2 |
| haproxy.resources.limits.cpu | The cpu resource limit for the HAProxy container | 250m |
| haproxy.resources.limits.memory | The memory resource limit for the HAProxy container | 128Mi |
| haproxy.resources.requests.cpu | The requested cpu resource for the HAProxy container | 250m |
| haproxy.resources.requests.memory | The requested memory resource for the HAProxy container | 128Mi |
| haproxy.restartWhenUpgrade.enabled | Indicates whether to automatically roll deployments for every helm upgrade | true |
| haproxy.service.type | The service type of the HAproxy | ClusterIP |
| haproxy.stats.auth.enabled | Parameter to enable the basic auth for stats page | false |
| haproxy.stats.auth.password | Password for stats page | "" |
| haproxy.stats.auth.username | Username for stats page | "" |
| haproxy.stats.enabled | Parameter to enable the stats page for HAProxy | false |
| haproxy.stats.port | Port for stats page | 1024 |
| haproxy.tcpports | TCP ports and load balancing type configuration for HAproxy | [] |
| haproxy.tcpports.enabled | Parameter to enable TCP port routing on HAProxy | false |
| haproxy.timeout.connect | This parameter configures the time that HAProxy will wait for a TCP connection to a backend server to be established | 600s |
| haproxy.timeout.server | This parameter measures inactivity when the backend server is expected to be speaking | 600s |
| haproxy.timemout.client | The timeout for inactivity during periods that the client is expected to be speaking | 600s |
| haproxy.tls.certFileName | The name of the certificate file in the secret | "" |
| haproxy.tls.enabled | Parameter that enables TLS for HAProxy | false |
| haproxy.tls.secretName | Name of the secret that stores the certificate | "" |
| hugepages.enabled | Parameter to enable Hugepages on MarkLogic | false |
| hugepages.mountPath | Mountpath for Hugepages | /dev/hugepages |
| image.pullPolicy | Image pull policy for MarkLogic image | IfNotPresent |
| image.repository | Repository for MarkLogic image | progressofficial/marklogic-db |
| image.tag | Image tag for MarkLogic image | 11.3.1-ubi-rootless-2.1.2 |
| ingress.additionalHost | List of ingress additional hosts | [] |
| ingress.annotations | Additional ingress annotations | {} |
| ingress.className | Defines which ingress controller will implement the resource | "" |
| ingress.enabled | Enables an ingress resource for the MarkLogic Cluster | false |
| ingress.hosts | List of ingress hosts | [] |
| ingress.labels | Additional ingress labels | {} |
| ingress.tls.hosts | List hostnames that matches tls certificates | "" |
| ingress.tls.secretName | Name of the secret that stores the certificate | "" |
| initContainers.utilContainer.image | Image for copyCerts and volume permission change for root to rootless upgrade InitContainer | redhat/ubi9:9.5 |
| initContainers.utilContainer.pullPolicy | Pull policy for copyCerts and volume permission change for root to rootless upgrade InitContainer | IfNotPresent |
| license.key | Used to set the MarkLogic license key installed | "" |
| license.licensee | Used to set the MarkLogic licensee information | "" |
| livenessProbe.enabled | Parameter to enable the liveness probe | true |
| livenessProbe.failureThreshold | Failure threshold for liveness probe | 15 |
| livenessProbe.initialDelaySeconds | Initial delay (in seconds) for liveness probe | 300 |
| livenessProbe.periodSeconds | Period (in seconds) for liveness probe | 10 |
| livenessProbe.successThreshold | Success threshold for liveness probe | 1 |
| livenessProbe.timeoutSeconds | Timeout (in seconds) for liveness probe | 5 |
| logCollection.enabled | Parameter to enable cluster wide log collection of MarkLogic server logs | false |
| logCollection.files.accessLogs | Parameter to enable collection of MarkLogic's access logs when log collection is enabled | true |
| logCollection.files.auditLogs | Parameter to enable collection of MarkLogic's audit logs when log collection is enabled | true |
| logCollection.files.crashLogs | Parameter to enable collection of MarkLogic's crash logs when log collection is enabled | true |
| logCollection.files.errorLogs | Parameter to enable collection of MarkLogic's error logs when log collection is enabled | true |
| logCollection.files.requestLogs | Parameter to enable collection of MarkLogic's request logs when log collection is enabled | true |
| logCollection.image | Image repository and tag for fluent-bit container | fluent/fluent-bit:3.2.9 |
| logCollection.outputs | Used to configure the desired output for fluent-bit | "" |
| logCollection.resources.limits.cpu | The cpu resource limit for the fluent-bit container | 100m |
| logCollection.resources.limits.memory | The memory resource limit for the fluent-bit container | 128Mi |
| logCollection.resources.requests.cpu | The requested cpu resource for the fluent-bit container | 100m |
| logCollection.resources.requests.memory | The requested memory resource for the fluent-bit container | 128Mi |
| networkPolicy.egress | Placeholder to specify egress traffic rules | [] |
| networkPolicy.enabled | Parameter to enable network policy | false |
| networkPolicy.ingress | Placeholder to specify ingress traffic rules | [] |
| networkPolicy.podSelector | Parameter to specify podSelector which selects the group of pods to which the policy applies. | {} |
| networkPolicy.policyTypes | Parameter to specify the policyTypes. For example, ingress or egress or both | [] |
| persistence.accessModes | Access mode for persistence volume | ["ReadWriteOnce"] |
| persistence.annotations | Annotations for Persistence Volume Claim (PVC) | {} |
| persistence.enabled | Parameter to enable MarkLogic data persistence using Persistence Volume Claim (PVC). If set to false, EmptyDir will be used. | true |
| persistence.size | Size of storage request for MarkLogic data volume | 10Gi |
| persistence.storageClass | Storage class for MarkLogic data volume. Leave this parameter empty to use the default storage class | "" |
| podSecurityContext.enabled | Parameter to enable security context for a pod running MarkLogic containers | true |
| podSecurityContext.fsGroup | Parameter to specify the group id for a mounted data volume | 2 |
| podSecurityContext.fsGroupChangePolicy | Parameter to specify how the volume ownership should be changed when a pod's volumes needs to be updated with an fsGroup | OnRootMismatch |
| readinessProbe.enabled | Parameter to enable the readiness probe | true |
| readinessProbe.failureThreshold | Failure threshold for readiness probe | 3 |
| readinessProbe.initialDelaySeconds | Initial delay (in seconds) for readiness probe | 10 |
| readinessProbe.periodSeconds | Period seconds for readiness probe | 10 |
| readinessProbe.successThreshold | Success threshold for readiness probe | 1 |
| readinessProbe.timeoutSeconds | Timeout seconds for readiness probe | 5 |
| service.annotations | Annotations for MarkLogic service | {} |
| service.additionalPorts | List of ports, in addition to the defaults exposed at the service level | [] |
| service.type | Default service type | ClusterIP |
| serviceAccount.annotations | Annotations for MarkLogic service account | {} |
| serviceAccount.create | Parameter to enable creating a service account for a MarkLogic Pod | true |
| serviceAccount.name | Name of the serviceAccount | "" |
| tls.caSecretName | Name of the secret that contains the CA certificate | "" |
| tls.certSecretNames | Names of the secret that contains the named certificate | [] |
| tls.enableOnDefaultAppServers | Parameter to enable TLS on Default App Servers (8000, 8001, 8002) | false |
| updateStrategy.type | Update strategy for MarkLogic pods | OnDelete |