diff --git a/.gitignore b/.gitignore index 723ef36..485dee6 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -.idea \ No newline at end of file +.idea diff --git a/README.md b/README.md index e5f4b94..11dc0c5 100644 --- a/README.md +++ b/README.md @@ -27,14 +27,14 @@ This page describe how to deploy Redis Enterprise on Kubernetes using the Redis The following are the images and tags for this release: | Component | k8s | Openshift | | --- | --- | --- | -| Redis Enterprise | `redislabs/redis:6.0.8-30` | `redislabs/redis:6.0.8-30.rhel7-openshift` | -| Operator | `redislabs/operator:6.0.8-20` | `redislabs/operator:6.0.8-20` | -| Services Rigger | `redislabs/k8s-controller:6.0.8-20` | `redislabs/k8s-controller:6.0.8-20` | +| Redis Enterprise | `redislabs/redis:6.0.12-57` | `redislabs/redis:6.0.12-57.rhel7-openshift` | +| Operator | `redislabs/operator:6.0.12-5` | `redislabs/operator:6.0.12-5` | +| Services Rigger | `redislabs/k8s-controller:6.0.12-5` | `redislabs/k8s-controller:6.0.12-5` | > * RedHat certified images are available on [Redhat Catalog](https://access.redhat.com/containers/#/product/71f6d1bb3408bd0d)
### Installation -The "Basic" installation deploys the operator (from the current release) with the default Ubuntu/Alpine base OS images from DockerHub and default settings. +The "Basic" installation deploys the operator (from the current release) from DockerHub and default settings. Recommended for KOPS, GKE, AKS, Rancher, VMWare Tanzu. This is the fastest way to get up and running with a new Redis Enterprise on Kubernetes. 1. Create a new namespace: @@ -63,16 +63,12 @@ This is the fastest way to get up and running with a new Redis Enterprise on Kub kubectl apply -f role.yaml kubectl apply -f role_binding.yaml kubectl apply -f service_account.yaml - kubectl apply -f crds/app_v1_redisenterprisecluster_crd.yaml - kubectl apply -f crds/app_v1alpha1_redisenterprisedatabase_crd.yaml + kubectl apply -f crds/v1/rec_crd.yaml + kubectl apply -f crds/v1alpha1/redb_crd.yaml kubectl apply -f operator.yaml ``` - > Note: The rbac.yaml file used in previous releases has been broken down into three distinct files: - `role.yaml`, `role_binding.yaml` and `service_account.yaml`. - The `crd.yaml` file was renamed to `redisenterprisecluster_crd.yaml`, with the API version prepended to the filename. - Apply the `crds/app_v1alpha1_redisenterprisedatabase_crd.yaml` if managing database instances through Kubernetes API and commands is desired. -3. Run `kubectl get deployment` and verify redis-enterprise-operator deployment is running. + Run `kubectl get deployment` and verify redis-enterprise-operator deployment is running. A typical response may look like this: @@ -81,25 +77,79 @@ This is the fastest way to get up and running with a new Redis Enterprise on Kub redis-enterprise-operator 1/1 1 1 2m ``` -4. Redis Enterprise Cluster custom resource - `RedisEnterpriseCluster` +3. Redis Enterprise Cluster custom resource - `RedisEnterpriseCluster` - Create a `RedisEnterpriseCluster`(REC) using the default configuration, which is suitable for development type deployments and works in typical scenarios. For more advanced deployment options you may choose the configuration relevant for you - see the index at the top for documentation references that cover many scenarios and the examples in the example folder. + Create a `RedisEnterpriseCluster`(REC) using the default configuration, which is suitable for development type deployments and works in typical scenarios. The full list of attributes supported through the Redis Enterprise Cluster (REC) API can be found [HERE](redis_enterprise_cluster_api.md). Some examples can be found in the examples folder. ```bash - kubectl apply -f crds/app_v1_redisenterprisecluster_cr.yaml + kubectl apply -f examples/v1/rec.yaml ``` - > Notes: - > 1. The `redis-enterprise-cluster.yaml` file was renamed to `redisenterprisecluster_cr.yaml`, with the API version prepended to the filename. - > 2. The Operator can only manage one Redis Enterprise Cluster custom resource in a namespace. To deploy another Enterprise Clusters in the same Kubernetes cluster, deploy an Operator in an additional namespace for each additional Enterprise Cluster required. Note that each Enterprise Cluster can effectively host hundreds of Redis Database instances. Deploying multiple clusters is typically used for scenarios where complete operational isolation is required at the cluster level. - -5. Run ```kubectl get rec``` and verify creation was successful. `rec` is a shortcut for RedisEnterpriseCluster. + > Note: + The Operator can only manage one Redis Enterprise Cluster custom resource in a namespace. To deploy another Enterprise Clusters in the same Kubernetes cluster, deploy an Operator in an additional namespace for each additional Enterprise Cluster required. Note that each Enterprise Cluster can effectively host hundreds of Redis Database instances. Deploying multiple clusters is typically used for scenarios where complete operational isolation is required at the cluster level. + +4. Run ```kubectl get rec``` and verify creation was successful. `rec` is a shortcut for RedisEnterpriseCluster. The cluster takes around 5-10 minutes to come up. A typical response may look like this: ``` - NAME AGE - redis-enterprise 5m + NAME AGE + rec 5m ``` - + > Note: Once the cluster is up, the cluster GUI and API could be used to configure databases. It is recommended to use the K8s REDB API that is configured through the following steps. To configure the cluster using the cluster GUI/API, use the ui service created by the operator and the default credentials as set in a secret. The secret name is the same as the cluster name within the namespace. +5. Redis Enterprise Database (REDB) Admission Controller: + The Admission Controlller is recommended for use. It uses the Redis Enterprise Cluster to dynamically validate that REDB resources as configured by the operator are valid. + Steps to configure the Admission Controller: + * Install the Admission Controller via a bundle: + ```shell script + kubectl create -f admission.bundle.yaml + ``` + * Wait for the secret to be created: + ```shell script + kubectl get secret admission-tls + NAME TYPE DATA AGE + admission-tls Opaque 2 2m43s + ``` + * Enable the Kubernetes webhook using the generated certificate + + **NOTE**: One must replace REPLACE_WITH_NAMESPACE in the following command with the namespace the REC was installed into. + + ```shell script + # save cert + CERT=`kubectl get secret admission-tls -o jsonpath='{.data.cert}'` + sed 's/NAMESPACE_OF_SERVICE_ACCOUNT/REPLACE_WITH_NAMESPACE/g' webhook.yaml | kubectl create -f - + + # create patch file + cat > modified-webhook.yaml < Note: procedure to enable admission is documented with further detail [here](admission/README.md + 6. Redis Enterprise Database custom resource - `RedisEnterpriseDatabase` Create a `RedisEnterpriseDatabase` (REDB) by using Custom Resource. @@ -112,8 +162,6 @@ This is the fastest way to get up and running with a new Redis Enterprise on Kub metadata: name: redis-enterprise-database spec: - redisEnterpriseCluster: - name: redis-enterprise memorySize: 100MB EOF kubectl apply -f /tmp/redis-enterprise-database.yml @@ -122,9 +170,6 @@ This is the fastest way to get up and running with a new Redis Enterprise on Kub All REDB configuration options are documented [here](redis_enterprise_database_api.md). - > Optional: REDB admission controller - > - > When using the REDB Custom Resource Definition (Redis Enterprise Database) it is recommended to set up admission control to improve input validation and catch configuration errors before they reach the cluster. The procedure is documented [here](admission/README.md) @@ -169,10 +214,64 @@ Other custom configurations are referenced in this repository. Apply the `RedisEnterpriseCluster` resource with RHEL7 based images: ```bash - oc apply -f openshift/redis-enterprise-cluster_rhel.yaml + oc apply -f openshift/rec_rhel.yaml ``` - -6. Redis Enterprise Database custom resource - `RedisEnterpriseDatabase` +6. Redis Enterprise Database (REDB) Admission Controller: + The Admission Controlller is recommended for use. It uses the Redis Enterprise Cluster to dynamically validate that REDB resources as configured by the operator are valid. + Steps to configure the Admission Controller: + * Install the Admission Controller via a bundle: + ```shell script + kubectl create -f admission.bundle.yaml + ``` + * Wait for the secret to be created: + ```shell script + kubectl get secret admission-tls + NAME TYPE DATA AGE + admission-tls Opaque 2 2m43s + ``` + * Enable the Kubernetes webhook using the generated certificate + + **NOTE**: One must replace REPLACE_WITH_NAMESPACE in the following command with the namespace the REC was installed into. + + ```shell script + # save cert + CERT=`kubectl get secret admission-tls -o jsonpath='{.data.cert}'` + sed 's/NAMESPACE_OF_SERVICE_ACCOUNT/REPLACE_WITH_NAMESPACE/g' webhook.yaml | kubectl create -f - + + # create patch file + cat > modified-webhook.yaml < Note: procedure to enable admission is documented with further detail [here](admission/README.md + +7. Redis Enterprise Database custom resource - `RedisEnterpriseDatabase` Create a `RedisEnterpriseDatabase` (REDB) by using Custom Resource. The Redis Enterprise Operator can be instructed to manage databases on the Redis Enterprise Cluster using the REDB custom resource. @@ -184,8 +283,7 @@ Other custom configurations are referenced in this repository. metadata: name: redis-enterprise-database spec: - redisEnterpriseCluster: - name: redis-enterprise + memorySize: 100MB EOF kubectl apply -f /tmp/redis-enterprise-database.yml @@ -194,13 +292,9 @@ Other custom configurations are referenced in this repository. All REDB configuration options are documented [here](redis_enterprise_database_api.md). - > Optional: REDB admission controller - > - > When using the REDB Custom Resource Definition (Redis Enterprise Database) it is recommended to set up admission controller to improve input validation and catch configuration errors before they reach the cluster. The procedure is documented [here](admission/README.md). - -### Installation on PKS - Instruction on how to deploy the Operator on PKS can be found on the [Redis Labs documentation Website](https://docs.redislabs.com/latest/platforms/pks/) +### Installation on VMWare Tanzu + Instruction on how to deploy the Operator on PKS can be found on the [Redis Labs documentation Website](https://docs.redislabs.com/latest/platforms/kubernetes/getting-started/tanzu/) ## Configuration @@ -213,7 +307,7 @@ The operator deploys a `RedisEnterpriseCluster` with default configurations valu redisEnterpriseImageSpec: imagePullPolicy: IfNotPresent repository: redislabs/redis - versionTag: 6.0.8-30 + versionTag: 6.0.12-57 ``` * Persistence @@ -315,21 +409,21 @@ For example: redisEnterpriseImageSpec: imagePullPolicy: IfNotPresent repository: harbor.corp.local/redisenterprise/redis - versionTag: 6.0.8-30 + versionTag: 6.0.12-57 ``` ```yaml redisEnterpriseServicesRiggerImageSpec: imagePullPolicy: IfNotPresent repository: harbor.corp.local/redisenterprise/k8s-controller - versionTag: 6.0.8-20 + versionTag: 6.0.12-5 ``` ```yaml bootstrapperImageSpec: imagePullPolicy: IfNotPresent repository: harbor.corp.local/redisenterprise/operator - versionTag: 6.0.8-20 + versionTag: 6.0.12-5 ``` In Operator Deployment spec (operator.yaml): @@ -341,7 +435,7 @@ spec: spec: containers: - name: redis-enterprise-operator - image: harbor.corp.local/redisenterprise/operator:6.0.8-20 + image: harbor.corp.local/redisenterprise/operator:6.0.12-5 ``` Image specification follow the [K8s Container schema](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#container-v1-core). @@ -392,7 +486,7 @@ spec: The Operator automates and simplifies the upgrade process. The Redis Enterprise Cluster Software, and the Redis Enterprise Operator for Kubernetes versions are tightly coupled and should be upgraded together. It is recommended to use the bundle.yaml to upgrade, as it loads all the relevant CRD documents for this version. If the updated CRDs are not loaded, the operator might fail. -There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within the Redis Enterprise Cluster Spec to instruct the operator to automatically upgrade to the compatible version, or specify the correct Redis Enterprise image manually using the versionTag attribute. The Redis Enterprise Version compatible with this release is 6.0.8-30 +There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within the Redis Enterprise Cluster Spec to instruct the operator to automatically upgrade to the compatible version, or specify the correct Redis Enterprise image manually using the versionTag attribute. The Redis Enterprise Version compatible with this release is 6.0.12-57 ```yaml autoUpgradeRedisEnterprise: true @@ -401,29 +495,39 @@ There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within t Alternatively: ```yaml RedisEnterpriseImageSpec: - versionTag: redislabs/redis:6.0.8-30 + versionTag: redislabs/redis:6.0.12-57 ``` ## Supported K8S Distributions -Each release of the Redis Enterprise Operator deployment is thoroughly tested against a set of Kubernetes distributions. The table below lists these, along with the current release's support status. "Supported", as well as "deprecated" support status indicates the current release has been tested in this environment and supported by RedisLabs. "Deprecated" also indicates that support will be dropped in a coming future release. "No longer supported" indicates that support has been dropped for this distribution. Any distribution that isn't explicitly listed is not supported for production workloads by RedisLabs. -| Distribution | Support Status | -|-------------------|---------------------| -| Openshift 3.11 | supported | -| Openshift 4.1 | supported | -| Openshift 4.2 | supported | -| Openshift 4.3 | supported | -| Openshift 4.4 | supported | -| OpenShift 4.5 | supported | -| KOPS vanilla 1.9 | no longer supported | -| KOPS vanilla 1.10 | no longer supported | -| KOPS vanilla 1.11 | no longer supported | -| KOPS vanilla 1.12 | no longer supported | -| KOPS vanilla 1.13 | supported | -| KOPS vanilla 1.14 | supported | -| KOPS vanilla 1.15 | supported | -| KOPS vanilla 1.16 | supported | -| KOPS vanilla 1.17 | supported | -| GKE 1.14 | supported | -| GKE 1.15 | supported | -| GKE 1.16 | supported | -| Rancher 2.4 | supported | +Each release of the Redis Enterprise Operator deployment is thoroughly tested against a set of Kubernetes distributions. The table below lists these, along with the current release's support status. "Supported", as well as "deprecated" support status indicates the current release has been tested in this environment and supported by RedisLabs. "Deprecated" also indicates that support will be dropped in a coming future release. "No longer supported" indicates that support has been dropped for this distribution. Any distribution that isn't explicitly listed is not supported for production workloads by RedisLabs. +Supported versions (platforms/versions that are not listed are not supported): +| Distribution | Support Status | +|---------------------------------|----------------| +| Openshift 3.11 (K8s 1.11) | supported | +| Openshift 4.1 (K8s 1.13) | deprecated* | +| Openshift 4.2 (K8s 1.14) | deprecated* | +| Openshift 4.3 (K8s 1.16) | deprecated* | +| Openshift 4.4 (K8s 1.17) | supported | +| OpenShift 4.5 (K8s 1.18) | supported | +| OpenShift 4.6 (K8s 1.19) | supported | +| KOPS vanilla 1.13 | deprecated | +| KOPS vanilla 1.14 | deprecated | +| KOPS vanilla 1.15 | supported | +| KOPS vanilla 1.16 | supported | +| KOPS vanilla 1.17 | supported | +| KOPS vanilla 1.18 | supported | +| KOPS vanilla 1.19 | supported | +| GKE 1.14 | deprecated** | +| GKE 1.15 | supported | +| GKE 1.16 | supported | +| Rancher 2.4 (K8s 1.17) | supported | +| Rancher 2.4 (K8s 1.18) | supported | +| Rancher 2.5 (K8s 1.17) | supported | +| Rancher 2.5 (K8s 1.18) | supported | +| Rancher 2.5 (K8s 1.19). | supported | +| VMWare TKGIE*** 1.7 (K8s 1.16) | supported | +| AKS 1.18 | supported | + +\* No longer supported by Red Hat +\*\* No longer supported by Google +\*\*\* Tanzu Kubernetes Grid Integrated Edition diff --git a/admission.bundle.yaml b/admission.bundle.yaml index 67ffe6b..a1c1a04 100644 --- a/admission.bundle.yaml +++ b/admission.bundle.yaml @@ -57,7 +57,7 @@ spec: serviceAccountName: redis-enterprise-admission containers: - name: admin - image: redislabs/operator:6.0.8-20 + image: redislabs/operator:6.0.12-5 command: - /usr/local/bin/admission imagePullPolicy: Always @@ -86,7 +86,7 @@ spec: scheme: HTTPS initContainers: - name: admin-init - image: redislabs/operator:6.0.8-20 + image: redislabs/operator:6.0.12-5 command: - /usr/local/bin/admission args: diff --git a/admission/GESHER.md b/admission/GESHER.md index ec275cc..d6781d5 100644 --- a/admission/GESHER.md +++ b/admission/GESHER.md @@ -86,7 +86,7 @@ This will deploy the admission proxy, and via an included **NamespacedValidating 8. Deployment for the Gesher operator -**Note:** if one is using openshift, one should replace `operator.yaml` with `operator.openshift.yaml` + **Note:** if one is using openshift, one should replace `operator.yaml` with `operator.openshift.yaml` ```shell script kubectl apply -f gesher/operator.yaml @@ -239,12 +239,14 @@ $ kubectl apply -f - << EOF apiVersion: app.redislabs.com/v1alpha1 kind: RedisEnterpriseDatabase metadata: - name: test-database-custom-resource + name: redis-enterprise-database +spec: + evictionPolicy: illegal EOF ``` -This must fail with an error output by the admission webhook redb.admisison.redislabs that is being denied because it can't get the login credentials for the Redis Enterprise Cluster as none were specified. +This must fail with an error output by the admission webhook proxy.webhook.gesher that is being denied because 'illegal' is not a valid eviction policy. ```shell script -Error from server: error when creating "STDIN": admission webhook "proxy.webhook.gesher" denied the request: proxied webhook webhook denied the request: failed get RedisEnterpriseCluster client: custom resource (RedisEnterpriseCluster) not found: resource name may not be empty -``` \ No newline at end of file +Error from server: error when creating "STDIN": admission webhook "proxy.webhook.gesher" denied the request: proxied webhook webhook denied the request: eviction_policy: u'illegal' is not one of [u'volatile-lru', u'volatile-ttl', u'volatile-random', u'allkeys-lru', u'allkeys-random', u'noeviction', u'volatile-lfu', u'allkeys-lfu'] +``` diff --git a/admission/deployment.yaml b/admission/deployment.yaml index b062850..baae0f8 100644 --- a/admission/deployment.yaml +++ b/admission/deployment.yaml @@ -14,7 +14,7 @@ spec: serviceAccountName: redis-enterprise-admission containers: - name: admin - image: redislabs/operator:6.0.8-20 + image: redislabs/operator:6.0.12-5 command: - /usr/local/bin/admission imagePullPolicy: Always @@ -43,7 +43,7 @@ spec: scheme: HTTPS initContainers: - name: admin-init - image: redislabs/operator:6.0.8-20 + image: redislabs/operator:6.0.12-5 command: - /usr/local/bin/admission args: diff --git a/advanced/psp.yaml b/advanced/psp.yaml index de095e1..019d294 100644 --- a/advanced/psp.yaml +++ b/advanced/psp.yaml @@ -1,4 +1,4 @@ -apiVersion: extensions/v1beta1 +apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: redis-enterprise-psp diff --git a/bundle.yaml b/bundle.yaml index 7f3fe63..ce56340 100644 --- a/bundle.yaml +++ b/bundle.yaml @@ -23,7 +23,7 @@ rules: resources: ["events"] verbs: ["create"] - apiGroups: ["apps"] - resources: ["deployments", "statefulsets"] + resources: ["deployments", "statefulsets", "replicasets"] verbs: ["*"] - apiGroups: ["policy"] resources: ["poddisruptionbudgets"] @@ -1772,7 +1772,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.8-20 + image: redislabs/operator:6.0.12-5 command: - redis-enterprise-operator imagePullPolicy: Always @@ -2123,6 +2123,9 @@ spec: description: The name of the K8s secret that holds the password to the database. type: string + defaultUser: + description: Is connecting with a default user allowed? + type: boolean evictionPolicy: description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/ type: string @@ -2213,6 +2216,26 @@ spec: description: In-memory database replication. When enabled, database will have replica shard for every master - leading to higher availability. type: boolean + rolesPermissions: + description: List of Redis Enteprise ACL and Role bindings to apply + items: + description: Redis Enterprise Role and ACL Binding + properties: + acl: + description: Acl Name of RolePermissionType + type: string + role: + description: Role Name of RolePermissionType + type: string + type: + description: Type of Redis Enterprise Database Role Permission + type: string + required: + - acl + - role + - type + type: object + type: array shardCount: description: Number of database server-side shards type: integer diff --git a/crds/app_v1_redisenterprisecluster_crd.yaml b/crds/v1/rec_crd.yaml similarity index 100% rename from crds/app_v1_redisenterprisecluster_crd.yaml rename to crds/v1/rec_crd.yaml diff --git a/crds/app_v1alpha1_redisenterprisecluster_crd.yaml b/crds/v1alpha1/rec_crd.yaml similarity index 98% rename from crds/app_v1alpha1_redisenterprisecluster_crd.yaml rename to crds/v1alpha1/rec_crd.yaml index 7f7f2c7..9788a7a 100644 --- a/crds/app_v1alpha1_redisenterprisecluster_crd.yaml +++ b/crds/v1alpha1/rec_crd.yaml @@ -3,6 +3,31 @@ kind: CustomResourceDefinition metadata: name: redisenterpriseclusters.app.redislabs.com spec: + additionalPrinterColumns: + - JSONPath: .spec.nodes + name: Nodes + type: string + - JSONPath: .spec.redisEnterpriseImageSpec.versionTag + name: Version + type: string + - JSONPath: .status.state + name: State + type: string + - JSONPath: .status.specStatus + name: Spec Status + type: string + - JSONPath: .status.licenseStatus.licenseState + name: License State + type: string + - JSONPath: .status.licenseStatus.shardsLimit + name: Shards Limit + type: string + - JSONPath: .status.licenseStatus.expirationDate + name: License Expiration Date + type: string + - name: Age + type: date + JSONPath: .metadata.creationTimestamp group: app.redislabs.com names: kind: RedisEnterpriseCluster diff --git a/crds/app_v1alpha1_redisenterprisedatabase_crd.yaml b/crds/v1alpha1/redb_crd.yaml similarity index 96% rename from crds/app_v1alpha1_redisenterprisedatabase_crd.yaml rename to crds/v1alpha1/redb_crd.yaml index e73b213..6965ad4 100644 --- a/crds/app_v1alpha1_redisenterprisedatabase_crd.yaml +++ b/crds/v1alpha1/redb_crd.yaml @@ -324,6 +324,9 @@ spec: description: The name of the K8s secret that holds the password to the database. type: string + defaultUser: + description: Is connecting with a default user allowed? + type: boolean evictionPolicy: description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/ type: string @@ -414,6 +417,26 @@ spec: description: In-memory database replication. When enabled, database will have replica shard for every master - leading to higher availability. type: boolean + rolesPermissions: + description: List of Redis Enteprise ACL and Role bindings to apply + items: + description: Redis Enterprise Role and ACL Binding + properties: + acl: + description: Acl Name of RolePermissionType + type: string + role: + description: Role Name of RolePermissionType + type: string + type: + description: Type of Redis Enterprise Database Role Permission + type: string + required: + - acl + - role + - type + type: object + type: array shardCount: description: Number of database server-side shards type: integer diff --git a/crds/app_v1_redisenterprisecluster_cr.yaml b/examples/v1/rec.yaml similarity index 80% rename from crds/app_v1_redisenterprisecluster_cr.yaml rename to examples/v1/rec.yaml index b66bfbb..2480955 100644 --- a/crds/app_v1_redisenterprisecluster_cr.yaml +++ b/examples/v1/rec.yaml @@ -1,7 +1,7 @@ apiVersion: app.redislabs.com/v1 kind: RedisEnterpriseCluster metadata: - name: "redis-enterprise" + name: rec spec: # Add fields here nodes: 3 diff --git a/crds/app_v1alpha1_redisenterprisecluster_cr.yaml b/examples/v1alpha1/rec.yaml similarity index 100% rename from crds/app_v1alpha1_redisenterprisecluster_cr.yaml rename to examples/v1alpha1/rec.yaml diff --git a/crds/app_v1alpha1_redisenterprisedatabase_cr.yaml b/examples/v1alpha1/redb.yaml similarity index 100% rename from crds/app_v1alpha1_redisenterprisedatabase_cr.yaml rename to examples/v1alpha1/redb.yaml diff --git a/log_collector/log_collector.py b/log_collector/log_collector.py index ba62f2a..54d295a 100755 --- a/log_collector/log_collector.py +++ b/log_collector/log_collector.py @@ -76,6 +76,23 @@ def make_dir(directory): sys.exit() +def _filter_non_existing_namespaces(namespaces): + """ + Filter non-existing namespaces from user's input + """ + return_code, out = run_shell_command("kubectl get ns -o=custom-columns='DATA:metadata.name' --no-headers=true") + if return_code: + return [] + res = [] + existing_namespaces = set(out.split()) + for ns in namespaces: + if ns in existing_namespaces: + res.append(ns) + else: + logger.warning("Namespace %s doesn't exist - Skipping", ns) + return res + + def _get_namespaces_to_run_on(namespace): def _get_namespace_from_config(): config_namespace = get_namespace_from_config() @@ -94,7 +111,12 @@ def _get_namespace_from_config(): return out.split() # comma separated string - return namespace.split(',') + namespaces = namespace.split(',') + existing_namespaces = _filter_non_existing_namespaces(namespaces) + if not existing_namespaces: + logger.warning("Input doesn't contain an existing namespace - will use namespace from config") + return _get_namespace_from_config() + return existing_namespaces def collect_from_ns(namespace, output_dir): @@ -168,11 +190,10 @@ def collect_pod_rs_logs(namespace, output_dir): get logs from rs pods that are not ready """ rs_pod_logs_dir = os.path.join(output_dir, "rs_pod_logs") - non_ready_rs_pod_names = get_non_ready_rs_pod_names(namespace) - if not non_ready_rs_pod_names: - return + rs_pod_names = get_pod_names(namespace=namespace, selector='redis.io/role=node') make_dir(rs_pod_logs_dir) - for rs_pod_name in non_ready_rs_pod_names: + # TODO restore usage of get_non_ready_rs_pod_names once RS bug is resolved (RED-51857) # pylint: disable=W0511 + for rs_pod_name in rs_pod_names: pod_log_dir = os.path.join(rs_pod_logs_dir, rs_pod_name) make_dir(pod_log_dir) cmd = "kubectl -n {} cp {}:{} {} -c {}".format(namespace, diff --git a/multi-namespace-redb/README.md b/multi-namespace-redb/README.md index f845575..cbc0fcd 100644 --- a/multi-namespace-redb/README.md +++ b/multi-namespace-redb/README.md @@ -45,6 +45,9 @@ subjects: - kind: ServiceAccount name: redis-enterprise-operator namespace: NAMESPACE_OF_SERVICE_ACCOUNT +- kind: ServiceAccount + name: redis-enterprise-admission + namespace: NAMESPACE_OF_SERVICE_ACCOUNT - kind: ServiceAccount name: NAME_OF_REC_SERVICE_ACCOUNT # service account of the REC, usually the same as the name of the custom resource namespace: NAMESPACE_OF_SERVICE_ACCOUNT diff --git a/multi-namespace-redb/operator.yaml b/multi-namespace-redb/operator.yaml index d35005b..b326831 100644 --- a/multi-namespace-redb/operator.yaml +++ b/multi-namespace-redb/operator.yaml @@ -15,7 +15,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator-internal:6.0.8-20 + image: redislabs/operator:6.0.12-5 command: - redis-enterprise-operator imagePullPolicy: Always diff --git a/openshift.bundle.yaml b/openshift.bundle.yaml index b23269c..8be4689 100644 --- a/openshift.bundle.yaml +++ b/openshift.bundle.yaml @@ -39,7 +39,7 @@ rules: resources: ["events"] verbs: ["create"] - apiGroups: ["apps"] - resources: ["deployments", "statefulsets"] + resources: ["deployments", "statefulsets", "replicasets"] verbs: ["*"] - apiGroups: ["policy"] resources: ["poddisruptionbudgets"] @@ -1788,7 +1788,7 @@ spec: serviceAccount: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.8-20 + image: redislabs/operator:6.0.12-5 securityContext: runAsUser: 1001 command: @@ -2139,6 +2139,9 @@ spec: description: The name of the K8s secret that holds the password to the database. type: string + defaultUser: + description: Is connecting with a default user allowed? + type: boolean evictionPolicy: description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/ type: string @@ -2229,6 +2232,26 @@ spec: description: In-memory database replication. When enabled, database will have replica shard for every master - leading to higher availability. type: boolean + rolesPermissions: + description: List of Redis Enteprise ACL and Role bindings to apply + items: + description: Redis Enterprise Role and ACL Binding + properties: + acl: + description: Acl Name of RolePermissionType + type: string + role: + description: Role Name of RolePermissionType + type: string + type: + description: Type of Redis Enterprise Database Role Permission + type: string + required: + - acl + - role + - type + type: object + type: array shardCount: description: Number of database server-side shards type: integer diff --git a/openshift/operator_rhel.yaml b/openshift/operator_rhel.yaml index d22d137..3eb62cb 100644 --- a/openshift/operator_rhel.yaml +++ b/openshift/operator_rhel.yaml @@ -15,7 +15,7 @@ spec: serviceAccount: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.8-20 + image: redislabs/operator:6.0.12-5 securityContext: runAsUser: 1001 command: diff --git a/openshift/rec_rhel.yaml b/openshift/rec_rhel.yaml new file mode 100644 index 0000000..fa28deb --- /dev/null +++ b/openshift/rec_rhel.yaml @@ -0,0 +1,14 @@ +apiVersion: app.redislabs.com/v1 +kind: RedisEnterpriseCluster +metadata: + name: rec +spec: + # Add fields here + nodes: 3 + redisEnterpriseImageSpec: + repository: registry.connect.redhat.com/redislabs/redis-enterprise + versionTag: 6.0.12-57.rhel7-openshift + redisEnterpriseServicesRiggerImageSpec: + repository: registry.connect.redhat.com/redislabs/services-manager + bootstrapperImageSpec: + repository: registry.connect.redhat.com/redislabs/redis-enterprise-operator diff --git a/openshift/redis-enterprise-cluster_rhel.yaml b/openshift/redis-enterprise-cluster_rhel.yaml deleted file mode 100644 index d55a4c9..0000000 --- a/openshift/redis-enterprise-cluster_rhel.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: "app.redislabs.com/v1" -kind: "RedisEnterpriseCluster" -metadata: - name: "redis-enterprise" -spec: - nodes: 3 - persistentSpec: - enabled: true - storageClassName: "gp2" # ! edit according to infrastructure - uiServiceType: LoadBalancer - username: "admin@acme.com" - redisEnterpriseNodeResources: - limits: - cpu: "4000m" - memory: 4Gi - requests: - cpu: "4000m" - memory: 4Gi - redisEnterpriseImageSpec: - imagePullPolicy: IfNotPresent - repository: redislabs/redis - versionTag: 6.0.8-30.rhel7-openshift - diff --git a/openshift/role.yaml b/openshift/role.yaml index aed5a32..698941c 100644 --- a/openshift/role.yaml +++ b/openshift/role.yaml @@ -22,7 +22,7 @@ rules: resources: ["events"] verbs: ["create"] - apiGroups: ["apps"] - resources: ["deployments", "statefulsets"] + resources: ["deployments", "statefulsets", "replicasets"] verbs: ["*"] - apiGroups: ["policy"] resources: ["poddisruptionbudgets"] diff --git a/operator.yaml b/operator.yaml index 2a284bf..fd16e51 100644 --- a/operator.yaml +++ b/operator.yaml @@ -15,7 +15,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.8-20 + image: redislabs/operator:6.0.12-5 command: - redis-enterprise-operator imagePullPolicy: Always diff --git a/redis_enterprise_cluster_api.md b/redis_enterprise_cluster_api.md index 8a896b3..3150a00 100644 --- a/redis_enterprise_cluster_api.md +++ b/redis_enterprise_cluster_api.md @@ -5,6 +5,7 @@ This document describes the parameters for the Redis Enterprise Cluster custom r * [Objects](#objects) * [ActiveActive](#activeactive) * [ImageSpec](#imagespec) + * [LicenseStatus](#licensestatus) * [Module](#module) * [PersistentConfigurationSpec](#persistentconfigurationspec) * [RedisEnterpriseCluster](#redisenterprisecluster) @@ -42,6 +43,17 @@ Image specification | imagePullPolicy | | v1.PullPolicy | | true | [Back to Table of Contents](#table-of-contents) +### LicenseStatus + + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| licenseState | Is the license expired | string | | true | +| activationDate | When the license was activated | string | | true | +| expirationDate | When the license will\has expired | string | | true | +| shardsLimit | Number of redis shards allowed under this license | int32 | | true | +[Back to Table of Contents](#table-of-contents) + ### Module @@ -129,6 +141,7 @@ RedisEnterpriseClusterStatus defines the observed state of RedisEnterpriseCluste | state | State of Redis Enterprise Cluster | [ClusterState](#clusterstate) | | true | | specStatus | Validity of Redis Enterprise Cluster specification | [SpecStatusName](#specstatusname) | | true | | modules | Modules Available in Cluster | [][Module](#module) | | false | +| licenseStatus | State of the Cluster's License | *[LicenseStatus](#licensestatus) | | false | [Back to Table of Contents](#table-of-contents) ### ServicesRiggerConfigurationSpec @@ -191,6 +204,7 @@ State of the Redis Enterprise Cluster | "Invalid" | ClusterConfigurationInvalid means an invalid spec was applied | | "InvalidUpgrade" | ClusterInvalidUpgrade means an upgrade is not possible at this time | | "Upgrade" | ClusterUpgrade | +| "Deleting" | ClusterDeleting | [Back to Table of Contents](#table-of-contents) ### SpecStatusName diff --git a/redis_enterprise_database_api.md b/redis_enterprise_database_api.md index 2e9b8ea..609acb6 100644 --- a/redis_enterprise_database_api.md +++ b/redis_enterprise_database_api.md @@ -19,6 +19,7 @@ This document describes the parameters for the Redis Enterprise Database custom * [RedisEnterpriseDatabaseStatus](#redisenterprisedatabasestatus) * [ReplicaSource](#replicasource) * [ReplicaSourceStatus](#replicasourcestatus) + * [RolePermission](#rolepermission) * [S3Storage](#s3storage) * [SftpStorage](#sftpstorage) * [SwiftStorage](#swiftstorage) @@ -26,6 +27,7 @@ This document describes the parameters for the Redis Enterprise Database custom * [DatabasePersistence](#databasepersistence) * [DatabaseStatus](#databasestatus) * [RepliceSourceType](#replicesourcetype) + * [RolePermissionType](#rolepermissiontype) ## Objects ### AzureBlobStorage @@ -91,7 +93,6 @@ Redis Enterprise Module: https://redislabs.com/redis-enterprise/modules/ | name | The module's name e.g \"ft\" for redissearch | string | | true | | version | Module's semantic version e.g \"1.6.12\" | string | | true | | config | Module command line arguments e.g. VKEY_MAX_ENTITY_COUNT 30 | string | | false | -| uid | Module's uid - do not set, for system use only | string | | false | [Back to Table of Contents](#table-of-contents) ### FtpStorage @@ -175,6 +176,8 @@ RedisEnterpriseDatabaseSpec defines the desired state of RedisEnterpriseDatabase | alertSettings | Settings for database alerts | *[DbAlertsSettings](#dbalertssettings) | | false | | backup | Target for automatic database backups. | *[BackupSpec](#backupspec) | | false | | modulesList | List of modules associated with database | *[][DbModule](#dbmodule) | | false | +| rolesPermissions | List of Redis Enteprise ACL and Role bindings to apply | [][RolePermission](#rolepermission) | | false | +| defaultUser | Is connecting with a default user allowed? If disabled, the DatabaseSecret will not be created or updated | *bool | true | false | [Back to Table of Contents](#table-of-contents) ### RedisEnterpriseDatabaseStatus @@ -224,6 +227,16 @@ RedisEnterpriseDatabaseStatus defines the observed state of RedisEnterpriseDatab | endpointHost | The internal host name of the replica source database. Can be used as an identifier. See the internalEndpoints list on the REDB status. | string | | true | [Back to Table of Contents](#table-of-contents) +### RolePermission +Redis Enterprise Role and ACL Binding + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| type | Type of Redis Enterprise Database Role Permission | [RolePermissionType](#rolepermissiontype) | | true | +| role | Role Name of RolePermissionType (note: use exact name of the role from the Redis Enterprise role list, case sensitive) | string | | true | +| acl | Acl Name of RolePermissionType (note: use exact name of the ACL from the Redis Enterprise ACL list, case sensitive) | string | | true | +[Back to Table of Contents](#table-of-contents) + ### S3Storage @@ -288,5 +301,12 @@ State of the Redis Enterprise Database | Value | Description | | ----- | ----------- | | "SECRET" | Information on DB to Replicate from stored in a secret | -| "REDB" | Replicate from a DB created via the RedisEnterpriseDatabase Controller | +| "REDB" | Replicate from a DB created via the RedisEnterpriseDatabase Controller. Note - specify only names of REDBs created on the same namespace. To configure replicaof with a database configured on another namespace, use \"SECRET\". | +[Back to Table of Contents](#table-of-contents) + +### RolePermissionType + +| Value | Description | +| ----- | ----------- | +| "redis-enterprise" | Use Roles and ACLs defined within Redis Enterprise directly | [Back to Table of Contents](#table-of-contents) diff --git a/release_info.yaml b/release_info.yaml index 6722332..be06515 100644 --- a/release_info.yaml +++ b/release_info.yaml @@ -1,2 +1,2 @@ -operatorVersion: 6.0.8-20 -rsVersion: 6.0.8-30 +operatorVersion: 6.0.12-5 +rsVersion: 6.0.12-57 diff --git a/role.yaml b/role.yaml index aed5a32..698941c 100644 --- a/role.yaml +++ b/role.yaml @@ -22,7 +22,7 @@ rules: resources: ["events"] verbs: ["create"] - apiGroups: ["apps"] - resources: ["deployments", "statefulsets"] + resources: ["deployments", "statefulsets", "replicasets"] verbs: ["*"] - apiGroups: ["policy"] resources: ["poddisruptionbudgets"]