Operator manifest
- Last Updated: April 14, 2026
- 5 minute read
- MarkLogic Server
- Documentation
An operator manifest is required to create a MarkLogic Cluster. Refer to the sample:
apiVersion:apiVersion: marklogic.progress.com/v1
kind: MarklogicCluster
metadata:
labels: {}
annotations: {}
name: ml-cluster
namespace: prod
spec:
persistence:
enabled: true
size: 20Gi
storageClassName: gp3 # Here gp3 is used for EKS cluster using AWS EBS CNI
# additionalVolumes:
# - name: "logsdir"
# emptyDir: {}
## specify additional list of volumeMounts
# additionalVolumeMounts:
# - name: "logsdir"
# mountPath: "/var/opt/MarkLogic/Logs"
image: "progressofficial/marklogic-db:12.0.0-ubi9-rootless-2.2.2"
imagePullPolicy: IfNotPresent
imagePullSecrets:
- name: regcred
## If not specified, the operator will generate a random password
# auth:
# secretName: <SECRET_NAME>
# adminUsername: user
# adminPassword: pass
clusterDomain: cluster.local
## To configure networkPolicy, set enabled: true and uncomment the following lines
## Below is an example of networkPolicy, update it as per your requirements
## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies
networkPolicy:
enabled: false
policyTypes:
- Ingress
- Egress
podSelector: {}
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: marklogiccluster
app.kubernetes.io/instance: marklogiccluster-prod-sample
ports:
- protocol: TCP
port: 8000
egress:
- to:
- podSelector:
matchLabels:
app.kubernetes.io/name: marklogiccluster
app.kubernetes.io/instance: marklogiccluster-prod-sample
ports:
- protocol: TCP
port: 8000
## Configuration for the HAProxy load balancer for all groups
## An out of box load balancer configured to handle cookie based session affinity that's required by most MarkLogic applications.
## NOTE : To configure HAProxy at marklogicGroups level it has to be enabled at marklogicCluster level.
haproxy:
enabled: true
pathBasedRouting: true
frontendPort: 443
tcpPorts:
enabled: true
ports:
- name: odbc
type: TCP
port: 5432
appServers:
- name: "app-service"
port: 8000
path: "/console"
- name: "admin"
port: 8001
path: "/adminUI"
- name: "manage"
port: 8002
path: "/manage"
stats:
enabled: true
port: 1024
timeout:
client: 600s
connect: 600s
server: 600s
# resources:
# requests:
# memory: "2Gi"
# cpu: "1"
# limits:
# memory: "2Gi"
# cpu: "1"
## Configure Ingress for all groups
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
ingress:
enabled: true
ingressClassName: ""
## Ingress labels
## ref: https://kubernetes.io/docs/concepts/overvsiew/working-with-objects/labels/
labels: {}
# app.kubernetes.io/name: marklogiccluster
# app.kubernetes.io/instance: marklogiccluster-sample
## Ingress annotations
## Update the annotations as per your requirements
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
annotations: {}
# alb.ingress.kubernetes.io/healthcheck-port: '80'
# alb.ingress.kubernetes.io/healthcheck-path: /adminUI
# alb.ingress.kubernetes.io/success-codes: '200-401'
# alb.ingress.kubernetes.io/load-balancer-name: mlingress
# alb.ingress.kubernetes.io/scheme: internet-facing
# alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}]'
# alb.ingress.kubernetes.io/target-group-attributes: load_balancing.algorithm.type=least_outstanding_requests
# alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:XXXXXXXXXXX:certificate/XxXXXXXX-xxxx-XXXX-XXXX-XXXXXXXxxxxXXX
# alb.ingress.kubernetes.io/target-type: ip
# alb.ingress.kubernetes.io/group.name: mlingress-group
# alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=600,routing.http.xff_header_processing.mode=append
# Ingress hosts
# add default hosts and additional hosts
# ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
host: ""
additionalHosts: []
## Ingress TLS
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
tls: []
# secretName: your-certificate-name
# hosts:
# - marklogic.example.com
podSecurityContext:
fsGroup: 2
fsGroupChangePolicy: OnRootMismatch
securityContext:
runAsUser: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
## Node Affinity for pod-node scheduling constraints
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
## Configure NodeSelector property for scheduling pods to nodes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/#create-a-pod-that-gets-scheduled-to-your-chosen-node
nodeSelector: {}
# disktype: ssd
## Configure POD Topology Spread Constraints to spread pods across cluster
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## Preferred Topology Spread Constraints rule to evenly distribute Marklogic pods across worker nodes and zones
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/name: marklogiccluster
- maxSkew: 1
topologyKey: topology.kubernetes.io/zone
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app.kubernetes.io/name: marklogiccluster
## Configure priority class for pods
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
priorityClassName: ""
## Supply license information for MarkLogic server
license:
key: ""
licensee: ""
## Optionally install converters package on MarkLogic
enableConverters: false
## Configure TLS for App Servers
## If certSecretNames is not provided, self-signed temporary certificate will be generated.
tls:
enableOnDefaultAppServers: false
certSecretNames: []
caSecretName: ""
## Configure common resources for all nodes of the cluster.
# resources:
# requests:
# memory: "64Gi"
# cpu: "8"
# hugepages-2Mi: "24Gi"
# limits:
# memory: "64Gi"
# cpu: "8"
# hugepages-2Mi: "24Gi"
# hugePages:
# enabled: true
# mountPath: /dev/hugepages
## Configure options for log collection
## Log collection will collect all logs for each file type enabled, parse them,
## And export them to a logging backend specified in the outputs section below
# logCollection:
# enabled: true
# image: fluent/fluent-bit:4.1.1
# files:
# errorLogs: true
# accessLogs: true
# requestLogs: true
# crashLogs: true
# auditLogs: true
# outputs: |-
# - name: loki
# match: "*"
# host: loki.loki.svc.cluster.local
# port: 3100
# labels: job=fluent-bit
# http_user: admin
# http_passwd: admin
## Below is an example of markLogicGroups: dnode and enode with sample production configurations, update it as per your requirements
markLogicGroups:
- name: dnode # Name of the statefulset
replicas: 3
groupConfig:
name: dnode
enableXdqpSsl: true
isBootstrap: true
persistence:
enabled: true
size: 100Gi
storageClassName: gp3 # Here gp3 is used for EKS cluster using AWS EBS CNI
# additionalVolumes:
# - name: "logsdir"
# emptyDir: {}
## specify additional list of volumeMounts
# additionalVolumeMounts:
# - name: "logsdir"
# mountPath: "/var/opt/MarkLogic/Logs"
## Configure resources for all the nodes of the group
# resources:
# requests:
# memory: "64Gi"
# cpu: "8"
# hugepages-2Mi: "24Gi"
# limits:
# memory: "64Gi"
# cpu: "8"
# hugepages-2Mi: "24Gi"
# hugePages:
# enabled: true
# mountPath: /dev/hugepages
service:
type: ClusterIP
# additionalPorts:
# - name: app1
# port: 8010
# targetPort: 8010
# protocol: TCP
# - name: app2
# port: 8011
# targetPort: 8011
# protocol: TCP
# annotations: {}
## Configuration for the HAProxy load balancer for the specific group
## An out of box load balancer configured to handle cookie based session affinity that's required by most MarkLogic applications.
haproxy:
enabled: false
- name: enode
persistence:
enabled: true
size: 20Gi
storageClassName: gp3 # Here gp3 is used for EKS cluster using AWS EBS CNI
replicas: 3
groupConfig:
name: enode
enableXdqpSsl: true
isBootstrap: false
## Configure resources for all the nodes of the group
# resources:
# requests:
# memory: "64Gi"
# cpu: "8"
# hugepages-2Mi: "24Gi"
# limits:
# memory: "64Gi"
# cpu: "8"
# hugepages-2Mi: "24Gi"
# hugePages:
# enabled: true
# mountPath: /dev/hugepages
service:
type: ClusterIP
# additionalPorts:
# - name: app1
# port: 8012
# targetPort: 8012
# protocol: TCP
# annotations: {}
## Configuration for the HAProxy load balancer for the specific group
## An out of box load balancer configured to handle cookie based session affinity that's required by most MarkLogic applications.
haproxy:
enabled: true
Manifest structure
A MarkLogic Operator manifest is a YAML document. Individual parameters and parameter groups are defined on the top-level. Parameter names are written in camelCase.
Cluster metadata
These cluster metadata parameters are grouped under the metadata top-level key:
-
name: the name of the cluster. This field cannot be changed after the cluster is created. (Required).
-
namespace: the namespace where the operator creates Kubernetes objects such as pods, services, and secrets for the cluster. If this field is updated after the cluster is created, a completely separate cluster is deployed or updated a in the target namespace. (Optional. This field should match the namespace where the manifest is applied).
-
labels: labels will be applied to all objects created by the Operator.
-
annotations: annotations will be applied to all objects created by the Operator.
marklogicCluster
Defines MarkLogic Cluster configuration.
spec: all options underspec.apply at the cluster level. The options will be applied for all groups. However, the default can be changed.spec.auth: defines how admin credentials are defined.spec.persistence: defines the persistency configuration.spec.haproxy: defines how the haproxy is configured. Groups to be exposed can be configured at the marklogicGroup level see marklogicGroups.spec.haproxy.ingress: defines the ingress to expose the haproxy.spec.tls: defines how tls on default AppServers is configured.spec.logCollection: defines how log collection is configured.spec.networkPolicy: defines Network Policies.
marklogicGroups
Defines MarkLogic group configuration.
replicas: defines the number of replicas for the given group.haproxy.enabled: defines if group should be exposed using the HAProxy/Ingress.name: defines the statefulset managing the group.groupConfig: defines the group name and XDQP over SSL.isBootstrap: defines if the group contains the bootstrap host.persistence: defines persistency for the given group.