diff --git a/README.md b/README.md
index 33ceb8c..b4687cb 100644
--- a/README.md
+++ b/README.md
@@ -32,9 +32,9 @@ High level architecture and overview of the solution can be found [HERE](https:/
The following are the images and tags for this release:
| Component | k8s | Openshift |
| --- | --- | --- |
-| Redis Enterprise | `redislabs/redis:6.2.8-64` | `redislabs/redis:6.2.8-64.rhel7-openshift` |
-| Operator | `redislabs/operator:6.2.8-15` | `redislabs/operator:6.2.8-15` |
-| Services Rigger | `redislabs/k8s-controller:6.2.8-15` | `redislabs/k8s-controller:6.2.8-15` |
+| Redis Enterprise | `redislabs/redis:6.2.10-83` | `redislabs/redis:6.2.10-83.rhel7-openshift` |
+| Operator | `redislabs/operator:6.2.10-3` | `redislabs/operator:6.2.10-3` |
+| Services Rigger | `redislabs/k8s-controller:6.2.10-3` | `redislabs/k8s-controller:6.2.10-3` |
> * RedHat certified images are available on [Redhat Catalog](https://access.redhat.com/containers/#/product/71f6d1bb3408bd0d)
@@ -139,8 +139,6 @@ This is the fastest way to get up and running with a new Redis Enterprise on Kub
> **Note:** If you're not using multiple namespaces you may skip to ["Verify the installation"](#verify_admission_installation) step.
- > **Note:** If you're not using multiple namespaces you may proceed to step 6.
-
* Limiting the webhook to the relevant namespaces:
Unless limited, webhooks will intercept requests from all namespaces.
In case you have several REC objects on your K8S cluster you need to limit the webhook to the relevant namespace.
@@ -383,7 +381,7 @@ The operator deploys a `RedisEnterpriseCluster` with default configurations valu
redisEnterpriseImageSpec:
imagePullPolicy: IfNotPresent
repository: redislabs/redis
- versionTag: 6.2.8-64
+ versionTag: 6.2.10-83
```
* Persistence
@@ -485,21 +483,21 @@ For example:
redisEnterpriseImageSpec:
imagePullPolicy: IfNotPresent
repository: harbor.corp.local/redisenterprise/redis
- versionTag: 6.2.8-64
+ versionTag: 6.2.10-83
```
```yaml
redisEnterpriseServicesRiggerImageSpec:
imagePullPolicy: IfNotPresent
repository: harbor.corp.local/redisenterprise/k8s-controller
- versionTag: 6.2.8-15
+ versionTag: 6.2.10-3
```
```yaml
bootstrapperImageSpec:
imagePullPolicy: IfNotPresent
repository: harbor.corp.local/redisenterprise/operator
- versionTag: 6.2.8-15
+ versionTag: 6.2.10-3
```
In Operator Deployment spec (operator.yaml):
@@ -511,7 +509,7 @@ spec:
spec:
containers:
- name: redis-enterprise-operator
- image: harbor.corp.local/redisenterprise/operator:6.2.8-15
+ image: harbor.corp.local/redisenterprise/operator:6.2.10-3
```
Image specification follow the [K8s Container schema](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#container-v1-core).
@@ -634,7 +632,7 @@ Note: in the examples above the Redis Enterprise Cluster name is: 'rec' and the
The Operator automates and simplifies the upgrade process.
The Redis Enterprise Cluster Software, and the Redis Enterprise Operator for Kubernetes versions are tightly coupled and should be upgraded together.
It is recommended to use the bundle.yaml to upgrade, as it loads all the relevant CRD documents for this version. If the updated CRDs are not loaded, the operator might fail.
-There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within the Redis Enterprise Cluster Spec to instruct the operator to automatically upgrade to the compatible version, or specify the correct Redis Enterprise image manually using the versionTag attribute. The Redis Enterprise Version compatible with this release is 6.2.8-64
+There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within the Redis Enterprise Cluster Spec to instruct the operator to automatically upgrade to the compatible version, or specify the correct Redis Enterprise image manually using the versionTag attribute. The Redis Enterprise Version compatible with this release is 6.2.10-83
```yaml
autoUpgradeRedisEnterprise: true
@@ -643,7 +641,7 @@ There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within t
Alternatively:
```yaml
RedisEnterpriseImageSpec:
- versionTag: redislabs/redis:6.2.8-64
+ versionTag: redislabs/redis:6.2.10-83
```
## Supported K8S Distributions
@@ -665,12 +663,17 @@ Supported versions (platforms/versions that are not listed are not supported):
| GKE 1.20 | supported |
| GKE 1.21 | supported |
| GKE 1.22 | supported |
-| Rancher 2.5 (K8s 1.17) | deprecated |
-| Rancher 2.5 (K8s 1.18) | supported |
-| Rancher 2.5 (K8s 1.19) | supported |
-| Rancher 2.5 (K8s 1.20) | supported |
+| Rancher 2.5 (K8s 1.17) | *deprecated |
+| Rancher 2.5 (K8s 1.18) | *deprecated |
+| Rancher 2.5 (K8s 1.19) | *deprecated |
+| Rancher 2.5 (K8s 1.20) | *deprecated |
+| Rancher 2.6 (K8s 1.18) | supported |
+| Rancher 2.6 (K8s 1.19) | supported |
+| Rancher 2.6 (K8s 1.20) | supported |
+| Rancher 2.6 (K8s 1.21) | supported |
| VMWare TKGIE** 1.10 (K8s 1.19) | supported |
-| AKS 1.19 | supported |
+| VMWare TKGIE 1.11 (K8s 1.20) | supported |
+| AKS 1.19* | deprecated |
| AKS 1.20 | supported |
| AKS 1.21 | supported |
| AKS 1.22 | supported |
diff --git a/advanced/Redis-gears/gears.yaml b/advanced/Redis-gears/gears.yaml
new file mode 100644
index 0000000..60f0267
--- /dev/null
+++ b/advanced/Redis-gears/gears.yaml
@@ -0,0 +1,30 @@
+spec:
+ redisEnterpriseAdditionalPodSpecAttributes:
+ initContainers:
+ - name: initcontainer
+ volumeMounts:
+ - mountPath: /opt/redislabs/gears-packages
+ name: gears-volume
+ image: python:3.7
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: "GEARS_PACKAGES"
+ value: ""
+ command:
+ - "/bin/bash"
+ args:
+ - "-c"
+ - "for package in ${GEARS_PACKAGES}; do echo $package >>/tmp/requirements.txt; done; pip install -r /tmp/requirements.txt -t /opt/redislabs/gears-packages"
+ resources:
+ limits:
+ memory: 4Gi
+ cpu: 2
+ requests:
+ memory: 4Gi
+ cpu: 2
+ redisEnterpriseVolumeMounts:
+ - mountPath: /opt/redislabs/gears-packages
+ name: gears-volume
+ volumes:
+ - emptyDir: {}
+ name: gears-volume
diff --git a/advanced/Redis-gears/install_gears_python_packages.txt b/advanced/Redis-gears/install_gears_python_packages.txt
new file mode 100644
index 0000000..ddf2020
--- /dev/null
+++ b/advanced/Redis-gears/install_gears_python_packages.txt
@@ -0,0 +1,31 @@
+Install Python packages for Redis Gears
+
+Disclaimer:
+This instructions are provided as a work around and not considered official, any use of this is the user responsibility.
+
+Notes:
+This doc is assuming the following:
+• Redis Gears is already installed on the Redis enterprise cluster.
+• The Redis gears Python version is 3.7 (if not the sidecar container image should be changed).
+
+Instructions:
+a. edit the gears.yaml, replace the with the Python packages that should be installed.
+The packages must be separated by a ' ' (space).
+For example to install the packages pytz version 2021.3 and kubernetes the yaml should be:
+```
+...
+ - name: "GEARS_PACKAGES"
+ value: "pytz==2021.3 kubernetes"
+...
+```
+b. Run the kubectl patch command on your cluster with the modified gears.yaml from the previous step, replace the with the name of your Redis enterprise cluster:
+kubectl patch rec --type merge --patch "$(cat gears.yaml)"
+c. Wait until all the Redis enterprise nodes are restarted with the new configurations.
+d. Add the below code snippet in the top of your Redis gears Python function that wants to use the installed package/s:
+```
+import sys
+if '/opt/redislabs/gears-packages' not in sys.path:
+ sys.path.append('/opt/redislabs/gears-packages')
+# Your code below...
+```
+
\ No newline at end of file
diff --git a/bundle.yaml b/bundle.yaml
index 16046d4..5d40b9d 100644
--- a/bundle.yaml
+++ b/bundle.yaml
@@ -34,7 +34,7 @@ rules:
verbs: ["create", "delete", "get" , "update", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
- verbs: ["create", "delete", "get" , "update"]
+ verbs: ["create", "delete", "get" , "update", "list", "watch"]
# needed rbac rules for services controller
- apiGroups: [""]
@@ -578,6 +578,13 @@ spec:
shardCount:
description: Number of database server-side shards
type: integer
+ shardsPlacement:
+ description: Control the density of shards - should they reside on as few or as many nodes as possible.
+ Available options are "dense" or "sparse". If left unset, defaults to "dense".
+ enum:
+ - dense
+ - sparse
+ type: string
tlsMode:
description: Require SSL authenticated and encrypted connections to
the database. enabled - all incoming connections to the Database must
@@ -674,6 +681,36 @@ spec:
type: integer
description: Aggregated statuses of shards
type: object
+ backupInfo:
+ description: Information on the database's periodic backup
+ properties:
+ backupFailureReason:
+ description: Reason of last failed backup process
+ type: string
+ backupHistory:
+ description: Backup history retention policy (number of days,
+ 0 is forever)
+ type: integer
+ backupInterval:
+ description: Interval in seconds in which automatic backup will
+ be initiated
+ type: integer
+ backupIntervalOffset:
+ description: Offset (in seconds) from round backup interval when
+ automatic backup will be initiated (should be less than backup_interval)
+ type: integer
+ backupProgressPercentage:
+ description: Database scheduled periodic backup progress (percentage)
+ type: integer
+ backupStatus:
+ description: Status of scheduled periodic backup process
+ type: string
+ lastBackupTime:
+ description: Time of last successful backup
+ type: string
+ required:
+ - backupHistory
+ type: object
specStatus:
description: Whether the desired specification is valid
type: string
@@ -715,7 +752,7 @@ spec:
serviceAccountName: redis-enterprise-operator
containers:
- name: redis-enterprise-operator
- image: redislabs/operator:6.2.8-15
+ image: redislabs/operator:6.2.10-3
command:
- redis-enterprise-operator
imagePullPolicy: Always
@@ -757,7 +794,7 @@ spec:
port: 8080
scheme: HTTP
- name: admission
- image: redislabs/operator:6.2.8-15
+ image: redislabs/operator:6.2.10-3
command:
- /usr/local/bin/admission
imagePullPolicy: Always
@@ -875,6 +912,33 @@ spec:
type: array
items:
type: string
+ ocspStatus:
+ description: An API object that represents the cluster's OCSP status
+ properties:
+ certStatus:
+ description: Indicates the proxy certificate status - GOOD/REVOKED/UNKNOWN.
+ type: string
+ nextUpdate:
+ description: The time at or before which newer information will
+ be available about the status of the certificate (if available)
+ type: string
+ producedAt:
+ description: The time at which the OCSP responder signed this
+ response.
+ type: string
+ responderUrl:
+ description: The OCSP responder url from which this status came
+ from.
+ type: string
+ revocationTime:
+ description: The time at which the certificate was revoked or
+ placed on hold.
+ type: string
+ thisUpdate:
+ description: The most recent time at which the status being indicated
+ is known by the responder to have been correct.
+ type: string
+ type: object
licenseStatus:
type: object
properties:
@@ -886,6 +950,22 @@ spec:
type: string
shardsLimit:
type: integer
+ bundledDatabaseVersions:
+ description: Versions of open source databases bundled by Redis Enterprise
+ Software - please note that in order to use a specific version it
+ should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according
+ to the desired version (major/minor)
+ items:
+ properties:
+ dbType:
+ type: string
+ version:
+ type: string
+ required:
+ - dbType
+ - version
+ type: object
+ type: array
spec:
description: RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster
properties:
@@ -992,6 +1072,11 @@ spec:
May be overridden for specific REDB via similar setting,
please view the similar setting for REDB for more info.
type: boolean
+ encryptPkeys:
+ description: 'Private key encryption - in order to enable, first need
+ to mount ${ephemeralconfdir}/secrets/pem/passphrase and add the passphrase
+ and then set fields value to ''true'' Possible values: true/false'
+ type: boolean
certificates:
description: RS Cluster Certificates.
Used to modify the certificates used by the cluster.
@@ -1056,6 +1141,39 @@ spec:
type: string
description: Selector for nodes that could fit Redis Enterprise pod
type: object
+ ocspConfiguration:
+ description: An API object that represents the cluster's OCSP configuration.
+ To enable OCSP, the cluster's proxy certificate should contain the
+ OCSP responder URL.
+ properties:
+ ocspFunctionality:
+ description: Whether to enable/disable OCSP mechanism for the
+ cluster.
+ type: boolean
+ queryFrequency:
+ description: Determines the interval (in seconds) in which the
+ control plane will poll the OCSP responder for a new status
+ for the server certificate. Minimum value is 60. Maximum value
+ is 86400.
+ type: integer
+ recoveryFrequency:
+ description: Determines the interval (in seconds) in which the
+ control plane will poll the OCSP responder for a new status
+ for the server certificate when the current staple is invalid.
+ Minimum value is 60. Maximum value is 86400.
+ type: integer
+ recoveryMaxTries:
+ description: Determines the maximum number for the OCSP recovery
+ attempts. After max number of tries passed, the control plane
+ will revert back to the regular frequency. Minimum value is
+ 1. Maximum value is 100.
+ type: integer
+ responseTimeout:
+ description: Determines the time interval (in seconds) for which
+ the request waits for a response from the OCSP responder. Minimum
+ value is 1. Maximum value is 60.
+ type: integer
+ type: object
nodes:
description: Number of Redis Enterprise nodes (pods)
format: int32
@@ -6925,6 +7043,29 @@ spec:
- LoadBalancer
- ExternalName
type: string
+ redisOnFlashSpec:
+ description: Stores configurations specific to redis on flash. If provided, the cluster will be capable of
+ creating redis on flash databases
+ properties:
+ enabled:
+ type: boolean
+ flashStorageEngine:
+ type: string
+ enum:
+ - rocksdb
+ storageClassName:
+ type: string
+ flashDiskSize:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - enabled
+ - flashStorageEngine
+ - storageClassName
+ type: object
upgradeSpec:
description: Specification for upgrades of Redis Enterprise
properties:
@@ -7602,6 +7743,33 @@ spec:
type: array
items:
type: string
+ ocspStatus:
+ description: An API object that represents the cluster's OCSP status
+ properties:
+ certStatus:
+ description: Indicates the proxy certificate status - GOOD/REVOKED/UNKNOWN.
+ type: string
+ nextUpdate:
+ description: The time at or before which newer information will
+ be available about the status of the certificate (if available)
+ type: string
+ producedAt:
+ description: The time at which the OCSP responder signed this
+ response.
+ type: string
+ responderUrl:
+ description: The OCSP responder url from which this status came
+ from.
+ type: string
+ revocationTime:
+ description: The time at which the certificate was revoked or
+ placed on hold.
+ type: string
+ thisUpdate:
+ description: The most recent time at which the status being indicated
+ is known by the responder to have been correct.
+ type: string
+ type: object
licenseStatus:
type: object
properties:
@@ -7613,6 +7781,22 @@ spec:
type: string
shardsLimit:
type: integer
+ bundledDatabaseVersions:
+ description: Versions of open source databases bundled by Redis Enterprise
+ Software - please note that in order to use a specific version it
+ should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according
+ to the desired version (major/minor)
+ items:
+ properties:
+ dbType:
+ type: string
+ version:
+ type: string
+ required:
+ - dbType
+ - version
+ type: object
+ type: array
spec:
description: RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster
properties:
@@ -7719,6 +7903,11 @@ spec:
May be overridden for specific REDB via similar setting,
please view the similar setting for REDB for more info.
type: boolean
+ encryptPkeys:
+ description: 'Private key encryption - in order to enable, first need
+ to mount ${ephemeralconfdir}/secrets/pem/passphrase and add the passphrase
+ and then set fields value to ''true'' Possible values: true/false'
+ type: boolean
certificates:
description: RS Cluster Certificates.
Used to modify the certificates used by the cluster.
@@ -7783,6 +7972,39 @@ spec:
type: string
description: Selector for nodes that could fit Redis Enterprise pod
type: object
+ ocspConfiguration:
+ description: An API object that represents the cluster's OCSP configuration.
+ To enable OCSP, the cluster's proxy certificate should contain the
+ OCSP responder URL.
+ properties:
+ ocspFunctionality:
+ description: Whether to enable/disable OCSP mechanism for the
+ cluster.
+ type: boolean
+ queryFrequency:
+ description: Determines the interval (in seconds) in which the
+ control plane will poll the OCSP responder for a new status
+ for the server certificate. Minimum value is 60. Maximum value
+ is 86400.
+ type: integer
+ recoveryFrequency:
+ description: Determines the interval (in seconds) in which the
+ control plane will poll the OCSP responder for a new status
+ for the server certificate when the current staple is invalid.
+ Minimum value is 60. Maximum value is 86400.
+ type: integer
+ recoveryMaxTries:
+ description: Determines the maximum number for the OCSP recovery
+ attempts. After max number of tries passed, the control plane
+ will revert back to the regular frequency. Minimum value is
+ 1. Maximum value is 100.
+ type: integer
+ responseTimeout:
+ description: Determines the time interval (in seconds) for which
+ the request waits for a response from the OCSP responder. Minimum
+ value is 1. Maximum value is 60.
+ type: integer
+ type: object
nodes:
description: Number of Redis Enterprise nodes (pods)
format: int32
@@ -13653,6 +13875,29 @@ spec:
- LoadBalancer
- ExternalName
type: string
+ redisOnFlashSpec:
+ description: Stores configurations specific to redis on flash. If provided, the cluster will be capable of
+ creating redis on flash databases
+ properties:
+ enabled:
+ type: boolean
+ flashStorageEngine:
+ type: string
+ enum:
+ - rocksdb
+ storageClassName:
+ type: string
+ flashDiskSize:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - enabled
+ - flashStorageEngine
+ - storageClassName
+ type: object
upgradeSpec:
description: Specification for upgrades of Redis Enterprise
properties:
diff --git a/crds/rec_crd.yaml b/crds/rec_crd.yaml
index d5f0116..8815913 100644
--- a/crds/rec_crd.yaml
+++ b/crds/rec_crd.yaml
@@ -75,6 +75,33 @@ spec:
type: array
items:
type: string
+ ocspStatus:
+ description: An API object that represents the cluster's OCSP status
+ properties:
+ certStatus:
+ description: Indicates the proxy certificate status - GOOD/REVOKED/UNKNOWN.
+ type: string
+ nextUpdate:
+ description: The time at or before which newer information will
+ be available about the status of the certificate (if available)
+ type: string
+ producedAt:
+ description: The time at which the OCSP responder signed this
+ response.
+ type: string
+ responderUrl:
+ description: The OCSP responder url from which this status came
+ from.
+ type: string
+ revocationTime:
+ description: The time at which the certificate was revoked or
+ placed on hold.
+ type: string
+ thisUpdate:
+ description: The most recent time at which the status being indicated
+ is known by the responder to have been correct.
+ type: string
+ type: object
licenseStatus:
type: object
properties:
@@ -86,6 +113,22 @@ spec:
type: string
shardsLimit:
type: integer
+ bundledDatabaseVersions:
+ description: Versions of open source databases bundled by Redis Enterprise
+ Software - please note that in order to use a specific version it
+ should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according
+ to the desired version (major/minor)
+ items:
+ properties:
+ dbType:
+ type: string
+ version:
+ type: string
+ required:
+ - dbType
+ - version
+ type: object
+ type: array
spec:
description: RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster
properties:
@@ -192,6 +235,11 @@ spec:
May be overridden for specific REDB via similar setting,
please view the similar setting for REDB for more info.
type: boolean
+ encryptPkeys:
+ description: 'Private key encryption - in order to enable, first need
+ to mount ${ephemeralconfdir}/secrets/pem/passphrase and add the passphrase
+ and then set fields value to ''true'' Possible values: true/false'
+ type: boolean
certificates:
description: RS Cluster Certificates.
Used to modify the certificates used by the cluster.
@@ -256,6 +304,39 @@ spec:
type: string
description: Selector for nodes that could fit Redis Enterprise pod
type: object
+ ocspConfiguration:
+ description: An API object that represents the cluster's OCSP configuration.
+ To enable OCSP, the cluster's proxy certificate should contain the
+ OCSP responder URL.
+ properties:
+ ocspFunctionality:
+ description: Whether to enable/disable OCSP mechanism for the
+ cluster.
+ type: boolean
+ queryFrequency:
+ description: Determines the interval (in seconds) in which the
+ control plane will poll the OCSP responder for a new status
+ for the server certificate. Minimum value is 60. Maximum value
+ is 86400.
+ type: integer
+ recoveryFrequency:
+ description: Determines the interval (in seconds) in which the
+ control plane will poll the OCSP responder for a new status
+ for the server certificate when the current staple is invalid.
+ Minimum value is 60. Maximum value is 86400.
+ type: integer
+ recoveryMaxTries:
+ description: Determines the maximum number for the OCSP recovery
+ attempts. After max number of tries passed, the control plane
+ will revert back to the regular frequency. Minimum value is
+ 1. Maximum value is 100.
+ type: integer
+ responseTimeout:
+ description: Determines the time interval (in seconds) for which
+ the request waits for a response from the OCSP responder. Minimum
+ value is 1. Maximum value is 60.
+ type: integer
+ type: object
nodes:
description: Number of Redis Enterprise nodes (pods)
format: int32
@@ -6125,6 +6206,29 @@ spec:
- LoadBalancer
- ExternalName
type: string
+ redisOnFlashSpec:
+ description: Stores configurations specific to redis on flash. If provided, the cluster will be capable of
+ creating redis on flash databases
+ properties:
+ enabled:
+ type: boolean
+ flashStorageEngine:
+ type: string
+ enum:
+ - rocksdb
+ storageClassName:
+ type: string
+ flashDiskSize:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - enabled
+ - flashStorageEngine
+ - storageClassName
+ type: object
upgradeSpec:
description: Specification for upgrades of Redis Enterprise
properties:
@@ -6802,6 +6906,33 @@ spec:
type: array
items:
type: string
+ ocspStatus:
+ description: An API object that represents the cluster's OCSP status
+ properties:
+ certStatus:
+ description: Indicates the proxy certificate status - GOOD/REVOKED/UNKNOWN.
+ type: string
+ nextUpdate:
+ description: The time at or before which newer information will
+ be available about the status of the certificate (if available)
+ type: string
+ producedAt:
+ description: The time at which the OCSP responder signed this
+ response.
+ type: string
+ responderUrl:
+ description: The OCSP responder url from which this status came
+ from.
+ type: string
+ revocationTime:
+ description: The time at which the certificate was revoked or
+ placed on hold.
+ type: string
+ thisUpdate:
+ description: The most recent time at which the status being indicated
+ is known by the responder to have been correct.
+ type: string
+ type: object
licenseStatus:
type: object
properties:
@@ -6813,6 +6944,22 @@ spec:
type: string
shardsLimit:
type: integer
+ bundledDatabaseVersions:
+ description: Versions of open source databases bundled by Redis Enterprise
+ Software - please note that in order to use a specific version it
+ should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according
+ to the desired version (major/minor)
+ items:
+ properties:
+ dbType:
+ type: string
+ version:
+ type: string
+ required:
+ - dbType
+ - version
+ type: object
+ type: array
spec:
description: RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster
properties:
@@ -6919,6 +7066,11 @@ spec:
May be overridden for specific REDB via similar setting,
please view the similar setting for REDB for more info.
type: boolean
+ encryptPkeys:
+ description: 'Private key encryption - in order to enable, first need
+ to mount ${ephemeralconfdir}/secrets/pem/passphrase and add the passphrase
+ and then set fields value to ''true'' Possible values: true/false'
+ type: boolean
certificates:
description: RS Cluster Certificates.
Used to modify the certificates used by the cluster.
@@ -6983,6 +7135,39 @@ spec:
type: string
description: Selector for nodes that could fit Redis Enterprise pod
type: object
+ ocspConfiguration:
+ description: An API object that represents the cluster's OCSP configuration.
+ To enable OCSP, the cluster's proxy certificate should contain the
+ OCSP responder URL.
+ properties:
+ ocspFunctionality:
+ description: Whether to enable/disable OCSP mechanism for the
+ cluster.
+ type: boolean
+ queryFrequency:
+ description: Determines the interval (in seconds) in which the
+ control plane will poll the OCSP responder for a new status
+ for the server certificate. Minimum value is 60. Maximum value
+ is 86400.
+ type: integer
+ recoveryFrequency:
+ description: Determines the interval (in seconds) in which the
+ control plane will poll the OCSP responder for a new status
+ for the server certificate when the current staple is invalid.
+ Minimum value is 60. Maximum value is 86400.
+ type: integer
+ recoveryMaxTries:
+ description: Determines the maximum number for the OCSP recovery
+ attempts. After max number of tries passed, the control plane
+ will revert back to the regular frequency. Minimum value is
+ 1. Maximum value is 100.
+ type: integer
+ responseTimeout:
+ description: Determines the time interval (in seconds) for which
+ the request waits for a response from the OCSP responder. Minimum
+ value is 1. Maximum value is 60.
+ type: integer
+ type: object
nodes:
description: Number of Redis Enterprise nodes (pods)
format: int32
@@ -12853,6 +13038,29 @@ spec:
- LoadBalancer
- ExternalName
type: string
+ redisOnFlashSpec:
+ description: Stores configurations specific to redis on flash. If provided, the cluster will be capable of
+ creating redis on flash databases
+ properties:
+ enabled:
+ type: boolean
+ flashStorageEngine:
+ type: string
+ enum:
+ - rocksdb
+ storageClassName:
+ type: string
+ flashDiskSize:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - enabled
+ - flashStorageEngine
+ - storageClassName
+ type: object
upgradeSpec:
description: Specification for upgrades of Redis Enterprise
properties:
diff --git a/crds/redb_crd.yaml b/crds/redb_crd.yaml
index 46b3355..cef144d 100644
--- a/crds/redb_crd.yaml
+++ b/crds/redb_crd.yaml
@@ -501,6 +501,13 @@ spec:
shardCount:
description: Number of database server-side shards
type: integer
+ shardsPlacement:
+ description: Control the density of shards - should they reside on as few or as many nodes as possible.
+ Available options are "dense" or "sparse". If left unset, defaults to "dense".
+ enum:
+ - dense
+ - sparse
+ type: string
tlsMode:
description: Require SSL authenticated and encrypted connections to
the database. enabled - all incoming connections to the Database must
@@ -597,6 +604,36 @@ spec:
type: integer
description: Aggregated statuses of shards
type: object
+ backupInfo:
+ description: Information on the database's periodic backup
+ properties:
+ backupFailureReason:
+ description: Reason of last failed backup process
+ type: string
+ backupHistory:
+ description: Backup history retention policy (number of days,
+ 0 is forever)
+ type: integer
+ backupInterval:
+ description: Interval in seconds in which automatic backup will
+ be initiated
+ type: integer
+ backupIntervalOffset:
+ description: Offset (in seconds) from round backup interval when
+ automatic backup will be initiated (should be less than backup_interval)
+ type: integer
+ backupProgressPercentage:
+ description: Database scheduled periodic backup progress (percentage)
+ type: integer
+ backupStatus:
+ description: Status of scheduled periodic backup process
+ type: string
+ lastBackupTime:
+ description: Time of last successful backup
+ type: string
+ required:
+ - backupHistory
+ type: object
specStatus:
description: Whether the desired specification is valid
type: string
@@ -607,4 +644,4 @@ spec:
description: Database compatibility version
type: string
type: object
- type: object
\ No newline at end of file
+ type: object
diff --git a/log_collector/log_collector.py b/log_collector/log_collector.py
index 8d258c2..2ac546f 100755
--- a/log_collector/log_collector.py
+++ b/log_collector/log_collector.py
@@ -28,6 +28,9 @@
TIME_FORMAT = time.strftime("%Y%m%d-%H%M%S")
+KUBCTL_DESCRIBE_RETRIES = 3
+KUBCTL_GET_YAML_RETRIES = 3
+
timeout = 180
API_RESOURCES = [
@@ -121,7 +124,7 @@ def _get_namespace_from_config():
return existing_namespaces
-def collect_from_ns(namespace, output_dir):
+def collect_from_ns(namespace, output_dir, logs_from_all_pods=False):
"Collect the context of a specific namespace. Typically runs in parallel processes."
logger.info("Started collecting from namespace '%s'", namespace)
ns_output_dir = os.path.join(output_dir, namespace)
@@ -134,10 +137,10 @@ def collect_from_ns(namespace, output_dir):
collect_events(namespace, ns_output_dir)
collect_api_resources(namespace, ns_output_dir)
collect_api_resources_description(namespace, ns_output_dir)
- collect_pods_logs(namespace, ns_output_dir)
+ collect_pods_logs(namespace, ns_output_dir, logs_from_all_pods)
-def run(namespace_input, output_dir):
+def run(namespace_input, output_dir, logs_from_all_pods=False):
"""
Collect logs
"""
@@ -154,7 +157,7 @@ def run(namespace_input, output_dir):
processes = []
for namespace in namespaces:
- p = Process(target=collect_from_ns, args=[namespace, output_dir])
+ p = Process(target=collect_from_ns, args=[namespace, output_dir, logs_from_all_pods])
p.start()
processes.append(p)
@@ -379,49 +382,29 @@ def collect_api_resources_description(namespace, output_dir):
file_handle.write(out)
-def collect_pods_logs(namespace, output_dir):
+def collect_pods_logs(namespace, output_dir, logs_from_all_pods=False):
"""
Collects all the pods logs from given namespace
"""
logger.info("Namespace '%s': Collecting pods' logs:", namespace)
logs_dir = os.path.join(output_dir, "pods")
- pods = get_pod_names(namespace)
+ if logs_from_all_pods:
+ pods = get_pod_names(namespace)
+ else:
+ pods = []
+ for selector in ["app=redis-enterprise", "name=redis-enterprise-operator"]:
+ pods.extend(get_pod_names(namespace, selector))
+
if not pods:
logger.warning("Namespace '%s' Could not get pods list - "
"skipping pods logs collection", namespace)
return
make_dir(logs_dir)
- for pod in pods:
- containers = get_list_of_containers_from_pod(namespace, pod)
- init_containers = get_list_of_init_containers_from_pod(namespace, pod)
- containers.extend(init_containers)
- if containers is None:
- logger.warning("Namespace '%s' Could not get containers for pod: %s list - "
- "skipping pods logs collection", namespace, pod)
- continue
- for container in containers:
- cmd = "kubectl logs -c {} -n {} {}" \
- .format(container, namespace, pod)
- with open(os.path.join(logs_dir, "{}.log".format(f'{pod}-{container}')),
- "w+") as file_handle:
- _, output = run_shell_command(cmd)
- file_handle.write(output)
- # operator and admission containers restart after changing the operator-environment-configmap
- # getting the logs of the containers before the restart can help us with debugging potential bugs
- get_logs_before_restart_cmd = "kubectl logs -c {} -n {} {} -p" \
- .format(container, namespace, pod)
- with open(os.path.join(logs_dir, "{}.log".format(f'{pod}-{container}-instance-before-restart')),
- "w+") as file_handle:
- err_code, output = run_shell_command(get_logs_before_restart_cmd)
- if err_code == 0:
- file_handle.write(output)
- else: # no previous container instance found; did not restart
- os.unlink(file_handle.name)
-
- logger.info("Namespace '%s': + %s-%s", namespace, pod, container)
+ for pod in pods:
+ collect_logs_from_pod(namespace, pod, logs_dir)
def collect_connectivity_check(namespace, output_dir):
@@ -498,6 +481,40 @@ def get_list_of_init_containers_from_pod(namespace, pod_name):
return out.replace("'", "").split()
+def collect_logs_from_pod(namespace, pod, logs_dir):
+ """
+ Helper function getting logs of a pod
+ """
+ containers = get_list_of_containers_from_pod(namespace, pod)
+ init_containers = get_list_of_init_containers_from_pod(namespace, pod)
+ containers.extend(init_containers)
+ if containers is None:
+ logger.warning("Namespace '%s' Could not get containers for pod: %s list - "
+ "skipping pods logs collection", namespace, pod)
+ return
+ for container in containers:
+ cmd = "kubectl logs -c {} -n {} {}" \
+ .format(container, namespace, pod)
+ with open(os.path.join(logs_dir, "{}.log".format(f'{pod}-{container}')),
+ "w+") as file_handle:
+ _, output = run_shell_command(cmd)
+ file_handle.write(output)
+
+ # operator and admission containers restart after changing the operator-environment-configmap
+ # getting the logs of the containers before the restart can help us with debugging potential bugs
+ get_logs_before_restart_cmd = "kubectl logs -c {} -n {} {} -p" \
+ .format(container, namespace, pod)
+ with open(os.path.join(logs_dir, "{}.log".format(f'{pod}-{container}-instance-before-restart')),
+ "w+") as file_handle:
+ err_code, output = run_shell_command(get_logs_before_restart_cmd)
+ if err_code == 0:
+ file_handle.write(output)
+ else: # no previous container instance found; did not restart
+ os.unlink(file_handle.name)
+
+ logger.info("Namespace '%s': + %s-%s", namespace, pod, container)
+
+
def get_pod_names(namespace, selector=""):
"""
Returns list of pod names
@@ -560,10 +577,11 @@ def run_kubectl_get_yaml(namespace, resource_type):
Runs kubectl get command with yaml format
"""
cmd = "kubectl get -n {} {} -o yaml".format(namespace, resource_type)
- return_code, out = run_shell_command(cmd)
- if return_code == 0:
- return out
- logger.warning("Namespace '%s': Failed to get %s resource %s.", namespace, resource_type, out.rstrip())
+ for _ in range(KUBCTL_GET_YAML_RETRIES):
+ return_code, out = run_shell_command(cmd)
+ if return_code == 0:
+ return out
+ logger.warning("Namespace '%s': Failed to get %s resource %s.", namespace, resource_type, out.rstrip())
return None
@@ -654,10 +672,11 @@ def run_kubectl_describe(namespace, resource_type):
Runs kubectl describe command
"""
cmd = "kubectl describe -n {} {}".format(namespace, resource_type)
- return_code, out = run_shell_command(cmd)
- if return_code == 0:
- return out
- logger.warning("Namespace: '%s': Failed to describe %s resource: %s", namespace, resource_type, out)
+ for _ in range(KUBCTL_DESCRIBE_RETRIES):
+ return_code, out = run_shell_command(cmd)
+ if return_code == 0:
+ return out
+ logger.warning("Namespace: '%s': Failed to describe %s resource: %s", namespace, resource_type, out)
return None
@@ -673,6 +692,8 @@ def run_kubectl_describe(namespace, resource_type):
help="pass namespace name or comma separated list or 'all' "
"when left empty will use namespace from kube config")
parser.add_argument('-o', '--output_dir', action="store", type=str)
+ parser.add_argument('-a', '--logs_from_all_pods', action="store_true",
+ help="collect logs from all pods, not only the operator and pods run by the operator")
parser.add_argument('-t', '--timeout', action="store",
type=int, default=timeout,
help="time to wait for external commands to "
@@ -690,4 +711,4 @@ def run_kubectl_describe(namespace, resource_type):
sys.exit(1)
logger.info("Started Redis Enterprise k8s log collector")
- run(results.namespace, results.output_dir)
+ run(results.namespace, results.output_dir, results.logs_from_all_pods)
diff --git a/multi-namespace-redb/operator.yaml b/multi-namespace-redb/operator.yaml
index 4c867d5..c5e33de 100644
--- a/multi-namespace-redb/operator.yaml
+++ b/multi-namespace-redb/operator.yaml
@@ -15,7 +15,7 @@ spec:
serviceAccountName: redis-enterprise-operator
containers:
- name: redis-enterprise-operator
- image: redislabs/operator:6.2.8-15
+ image: redislabs/operator:6.2.10-3
command:
- redis-enterprise-operator
imagePullPolicy: Always
@@ -57,7 +57,7 @@ spec:
port: 8080
scheme: HTTP
- name: admission
- image: redislabs/operator:6.2.8-15
+ image: redislabs/operator:6.2.10-3
command:
- /usr/local/bin/admission
imagePullPolicy: Always
diff --git a/openshift.bundle.yaml b/openshift.bundle.yaml
index faef8ec..6649d87 100644
--- a/openshift.bundle.yaml
+++ b/openshift.bundle.yaml
@@ -50,7 +50,7 @@ rules:
verbs: ["create", "delete", "get" , "update", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
- verbs: ["create", "delete", "get" , "update"]
+ verbs: ["create", "delete", "get" , "update", "list", "watch"]
# needed rbac rules for services controller
- apiGroups: [""]
@@ -599,6 +599,13 @@ spec:
shardCount:
description: Number of database server-side shards
type: integer
+ shardsPlacement:
+ description: Control the density of shards - should they reside on as few or as many nodes as possible.
+ Available options are "dense" or "sparse". If left unset, defaults to "dense".
+ enum:
+ - dense
+ - sparse
+ type: string
tlsMode:
description: Require SSL authenticated and encrypted connections to
the database. enabled - all incoming connections to the Database must
@@ -695,6 +702,36 @@ spec:
type: integer
description: Aggregated statuses of shards
type: object
+ backupInfo:
+ description: Information on the database's periodic backup
+ properties:
+ backupFailureReason:
+ description: Reason of last failed backup process
+ type: string
+ backupHistory:
+ description: Backup history retention policy (number of days,
+ 0 is forever)
+ type: integer
+ backupInterval:
+ description: Interval in seconds in which automatic backup will
+ be initiated
+ type: integer
+ backupIntervalOffset:
+ description: Offset (in seconds) from round backup interval when
+ automatic backup will be initiated (should be less than backup_interval)
+ type: integer
+ backupProgressPercentage:
+ description: Database scheduled periodic backup progress (percentage)
+ type: integer
+ backupStatus:
+ description: Status of scheduled periodic backup process
+ type: string
+ lastBackupTime:
+ description: Time of last successful backup
+ type: string
+ required:
+ - backupHistory
+ type: object
specStatus:
description: Whether the desired specification is valid
type: string
@@ -736,7 +773,7 @@ spec:
serviceAccountName: redis-enterprise-operator
containers:
- name: redis-enterprise-operator
- image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.2.8-15
+ image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.2.10-3
securityContext:
runAsUser: 1001
command:
@@ -782,7 +819,7 @@ spec:
port: 8080
scheme: HTTP
- name: admission
- image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.2.8-15
+ image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.2.10-3
command:
- /usr/local/bin/admission
imagePullPolicy: Always
@@ -900,6 +937,33 @@ spec:
type: array
items:
type: string
+ ocspStatus:
+ description: An API object that represents the cluster's OCSP status
+ properties:
+ certStatus:
+ description: Indicates the proxy certificate status - GOOD/REVOKED/UNKNOWN.
+ type: string
+ nextUpdate:
+ description: The time at or before which newer information will
+ be available about the status of the certificate (if available)
+ type: string
+ producedAt:
+ description: The time at which the OCSP responder signed this
+ response.
+ type: string
+ responderUrl:
+ description: The OCSP responder url from which this status came
+ from.
+ type: string
+ revocationTime:
+ description: The time at which the certificate was revoked or
+ placed on hold.
+ type: string
+ thisUpdate:
+ description: The most recent time at which the status being indicated
+ is known by the responder to have been correct.
+ type: string
+ type: object
licenseStatus:
type: object
properties:
@@ -911,6 +975,22 @@ spec:
type: string
shardsLimit:
type: integer
+ bundledDatabaseVersions:
+ description: Versions of open source databases bundled by Redis Enterprise
+ Software - please note that in order to use a specific version it
+ should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according
+ to the desired version (major/minor)
+ items:
+ properties:
+ dbType:
+ type: string
+ version:
+ type: string
+ required:
+ - dbType
+ - version
+ type: object
+ type: array
spec:
description: RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster
properties:
@@ -1017,6 +1097,11 @@ spec:
May be overridden for specific REDB via similar setting,
please view the similar setting for REDB for more info.
type: boolean
+ encryptPkeys:
+ description: 'Private key encryption - in order to enable, first need
+ to mount ${ephemeralconfdir}/secrets/pem/passphrase and add the passphrase
+ and then set fields value to ''true'' Possible values: true/false'
+ type: boolean
certificates:
description: RS Cluster Certificates.
Used to modify the certificates used by the cluster.
@@ -1081,6 +1166,39 @@ spec:
type: string
description: Selector for nodes that could fit Redis Enterprise pod
type: object
+ ocspConfiguration:
+ description: An API object that represents the cluster's OCSP configuration.
+ To enable OCSP, the cluster's proxy certificate should contain the
+ OCSP responder URL.
+ properties:
+ ocspFunctionality:
+ description: Whether to enable/disable OCSP mechanism for the
+ cluster.
+ type: boolean
+ queryFrequency:
+ description: Determines the interval (in seconds) in which the
+ control plane will poll the OCSP responder for a new status
+ for the server certificate. Minimum value is 60. Maximum value
+ is 86400.
+ type: integer
+ recoveryFrequency:
+ description: Determines the interval (in seconds) in which the
+ control plane will poll the OCSP responder for a new status
+ for the server certificate when the current staple is invalid.
+ Minimum value is 60. Maximum value is 86400.
+ type: integer
+ recoveryMaxTries:
+ description: Determines the maximum number for the OCSP recovery
+ attempts. After max number of tries passed, the control plane
+ will revert back to the regular frequency. Minimum value is
+ 1. Maximum value is 100.
+ type: integer
+ responseTimeout:
+ description: Determines the time interval (in seconds) for which
+ the request waits for a response from the OCSP responder. Minimum
+ value is 1. Maximum value is 60.
+ type: integer
+ type: object
nodes:
description: Number of Redis Enterprise nodes (pods)
format: int32
@@ -6950,6 +7068,29 @@ spec:
- LoadBalancer
- ExternalName
type: string
+ redisOnFlashSpec:
+ description: Stores configurations specific to redis on flash. If provided, the cluster will be capable of
+ creating redis on flash databases
+ properties:
+ enabled:
+ type: boolean
+ flashStorageEngine:
+ type: string
+ enum:
+ - rocksdb
+ storageClassName:
+ type: string
+ flashDiskSize:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - enabled
+ - flashStorageEngine
+ - storageClassName
+ type: object
upgradeSpec:
description: Specification for upgrades of Redis Enterprise
properties:
@@ -7627,6 +7768,33 @@ spec:
type: array
items:
type: string
+ ocspStatus:
+ description: An API object that represents the cluster's OCSP status
+ properties:
+ certStatus:
+ description: Indicates the proxy certificate status - GOOD/REVOKED/UNKNOWN.
+ type: string
+ nextUpdate:
+ description: The time at or before which newer information will
+ be available about the status of the certificate (if available)
+ type: string
+ producedAt:
+ description: The time at which the OCSP responder signed this
+ response.
+ type: string
+ responderUrl:
+ description: The OCSP responder url from which this status came
+ from.
+ type: string
+ revocationTime:
+ description: The time at which the certificate was revoked or
+ placed on hold.
+ type: string
+ thisUpdate:
+ description: The most recent time at which the status being indicated
+ is known by the responder to have been correct.
+ type: string
+ type: object
licenseStatus:
type: object
properties:
@@ -7638,6 +7806,22 @@ spec:
type: string
shardsLimit:
type: integer
+ bundledDatabaseVersions:
+ description: Versions of open source databases bundled by Redis Enterprise
+ Software - please note that in order to use a specific version it
+ should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according
+ to the desired version (major/minor)
+ items:
+ properties:
+ dbType:
+ type: string
+ version:
+ type: string
+ required:
+ - dbType
+ - version
+ type: object
+ type: array
spec:
description: RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster
properties:
@@ -7744,6 +7928,11 @@ spec:
May be overridden for specific REDB via similar setting,
please view the similar setting for REDB for more info.
type: boolean
+ encryptPkeys:
+ description: 'Private key encryption - in order to enable, first need
+ to mount ${ephemeralconfdir}/secrets/pem/passphrase and add the passphrase
+ and then set fields value to ''true'' Possible values: true/false'
+ type: boolean
certificates:
description: RS Cluster Certificates.
Used to modify the certificates used by the cluster.
@@ -7808,6 +7997,39 @@ spec:
type: string
description: Selector for nodes that could fit Redis Enterprise pod
type: object
+ ocspConfiguration:
+ description: An API object that represents the cluster's OCSP configuration.
+ To enable OCSP, the cluster's proxy certificate should contain the
+ OCSP responder URL.
+ properties:
+ ocspFunctionality:
+ description: Whether to enable/disable OCSP mechanism for the
+ cluster.
+ type: boolean
+ queryFrequency:
+ description: Determines the interval (in seconds) in which the
+ control plane will poll the OCSP responder for a new status
+ for the server certificate. Minimum value is 60. Maximum value
+ is 86400.
+ type: integer
+ recoveryFrequency:
+ description: Determines the interval (in seconds) in which the
+ control plane will poll the OCSP responder for a new status
+ for the server certificate when the current staple is invalid.
+ Minimum value is 60. Maximum value is 86400.
+ type: integer
+ recoveryMaxTries:
+ description: Determines the maximum number for the OCSP recovery
+ attempts. After max number of tries passed, the control plane
+ will revert back to the regular frequency. Minimum value is
+ 1. Maximum value is 100.
+ type: integer
+ responseTimeout:
+ description: Determines the time interval (in seconds) for which
+ the request waits for a response from the OCSP responder. Minimum
+ value is 1. Maximum value is 60.
+ type: integer
+ type: object
nodes:
description: Number of Redis Enterprise nodes (pods)
format: int32
@@ -13678,6 +13900,29 @@ spec:
- LoadBalancer
- ExternalName
type: string
+ redisOnFlashSpec:
+ description: Stores configurations specific to redis on flash. If provided, the cluster will be capable of
+ creating redis on flash databases
+ properties:
+ enabled:
+ type: boolean
+ flashStorageEngine:
+ type: string
+ enum:
+ - rocksdb
+ storageClassName:
+ type: string
+ flashDiskSize:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - enabled
+ - flashStorageEngine
+ - storageClassName
+ type: object
upgradeSpec:
description: Specification for upgrades of Redis Enterprise
properties:
diff --git a/openshift/operator_rhel.yaml b/openshift/operator_rhel.yaml
index cd61c08..34e8bf5 100644
--- a/openshift/operator_rhel.yaml
+++ b/openshift/operator_rhel.yaml
@@ -15,7 +15,7 @@ spec:
serviceAccountName: redis-enterprise-operator
containers:
- name: redis-enterprise-operator
- image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.2.8-15
+ image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.2.10-3
securityContext:
runAsUser: 1001
command:
@@ -61,7 +61,7 @@ spec:
port: 8080
scheme: HTTP
- name: admission
- image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.2.8-15
+ image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.2.10-3
command:
- /usr/local/bin/admission
imagePullPolicy: Always
diff --git a/openshift/rec_rhel.yaml b/openshift/rec_rhel.yaml
index 986778d..be37799 100644
--- a/openshift/rec_rhel.yaml
+++ b/openshift/rec_rhel.yaml
@@ -7,7 +7,7 @@ spec:
nodes: 3
redisEnterpriseImageSpec:
repository: registry.connect.redhat.com/redislabs/redis-enterprise
- versionTag: 6.2.8-64.rhel7-openshift
+ versionTag: 6.2.10-83.rhel7-openshift
redisEnterpriseServicesRiggerImageSpec:
repository: registry.connect.redhat.com/redislabs/services-manager
bootstrapperImageSpec:
diff --git a/openshift/role.yaml b/openshift/role.yaml
index b254ebd..6576d2e 100644
--- a/openshift/role.yaml
+++ b/openshift/role.yaml
@@ -33,7 +33,7 @@ rules:
verbs: ["create", "delete", "get" , "update", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
- verbs: ["create", "delete", "get" , "update"]
+ verbs: ["create", "delete", "get" , "update", "list", "watch"]
# needed rbac rules for services controller
- apiGroups: [""]
diff --git a/operator.yaml b/operator.yaml
index 4c867d5..c5e33de 100644
--- a/operator.yaml
+++ b/operator.yaml
@@ -15,7 +15,7 @@ spec:
serviceAccountName: redis-enterprise-operator
containers:
- name: redis-enterprise-operator
- image: redislabs/operator:6.2.8-15
+ image: redislabs/operator:6.2.10-3
command:
- redis-enterprise-operator
imagePullPolicy: Always
@@ -57,7 +57,7 @@ spec:
port: 8080
scheme: HTTP
- name: admission
- image: redislabs/operator:6.2.8-15
+ image: redislabs/operator:6.2.10-3
command:
- /usr/local/bin/admission
imagePullPolicy: Always
diff --git a/redis_enterprise_cluster_api.md b/redis_enterprise_cluster_api.md
index dc0efe5..297a699 100644
--- a/redis_enterprise_cluster_api.md
+++ b/redis_enterprise_cluster_api.md
@@ -4,6 +4,7 @@ This document describes the parameters for the Redis Enterprise Cluster custom r
## Table of Contents
* [Objects](#objects)
* [ActiveActive](#activeactive)
+ * [BundledDatabaseVersions](#bundleddatabaseversions)
* [ClusterCertificate](#clustercertificate)
* [CmServer](#cmserver)
* [CrdbCoordinator](#crdbcoordinator)
@@ -12,6 +13,8 @@ This document describes the parameters for the Redis Enterprise Cluster custom r
* [LicenseStatus](#licensestatus)
* [MdnsServer](#mdnsserver)
* [Module](#module)
+ * [OcspConfiguration](#ocspconfiguration)
+ * [OcspStatus](#ocspstatus)
* [PdnsServer](#pdnsserver)
* [PersistentConfigurationSpec](#persistentconfigurationspec)
* [RSClusterCertificates](#rsclustercertificates)
@@ -20,6 +23,7 @@ This document describes the parameters for the Redis Enterprise Cluster custom r
* [RedisEnterpriseClusterSpec](#redisenterpriseclusterspec)
* [RedisEnterpriseClusterStatus](#redisenterpriseclusterstatus)
* [RedisEnterpriseServicesConfiguration](#redisenterpriseservicesconfiguration)
+ * [RedisOnFlashSpec](#redisonflashspec)
* [Saslauthd](#saslauthd)
* [ServicesRiggerConfigurationSpec](#servicesriggerconfigurationspec)
* [SlaveHA](#slaveha)
@@ -45,6 +49,15 @@ This document describes the parameters for the Redis Enterprise Cluster custom r
| ingressAnnotations | Used for ingress controllers such as ha-proxy or nginx in GKE | map[string]string | | false |
[Back to Table of Contents](#table-of-contents)
+### BundledDatabaseVersions
+
+
+| Field | Description | Scheme | Default Value | Required |
+| ----- | ----------- | ------ | -------- | -------- |
+| dbType | | string | | true |
+| version | | string | | true |
+[Back to Table of Contents](#table-of-contents)
+
### ClusterCertificate
@@ -118,6 +131,31 @@ Image specification
| versions | | []string | | true |
[Back to Table of Contents](#table-of-contents)
+### OcspConfiguration
+An API object that represents the cluster's OCSP configuration
+
+| Field | Description | Scheme | Default Value | Required |
+| ----- | ----------- | ------ | -------- | -------- |
+| ocspFunctionality | Whether to enable/disable OCSP mechanism for the cluster. | *bool | | false |
+| queryFrequency | Determines the interval (in seconds) in which the control plane will poll the OCSP responder for a new status for the server certificate. Minimum value is 60. Maximum value is 86400. | *int | | false |
+| responseTimeout | Determines the time interval (in seconds) for which the request waits for a response from the OCSP responder. Minimum value is 1. Maximum value is 60. | *int | | false |
+| recoveryFrequency | Determines the interval (in seconds) in which the control plane will poll the OCSP responder for a new status for the server certificate when the current staple is invalid. Minimum value is 60. Maximum value is 86400. | *int | | false |
+| recoveryMaxTries | Determines the maximum number for the OCSP recovery attempts. After max number of tries passed, the control plane will revert back to the regular frequency. Minimum value is 1. Maximum value is 100. | *int | | false |
+[Back to Table of Contents](#table-of-contents)
+
+### OcspStatus
+An API object that represents the cluster's OCSP status
+
+| Field | Description | Scheme | Default Value | Required |
+| ----- | ----------- | ------ | -------- | -------- |
+| responderUrl | The OCSP responder url from which this status came from. | string | | false |
+| certStatus | Indicates the proxy certificate status - GOOD/REVOKED/UNKNOWN. | string | | false |
+| producedAt | The time at which the OCSP responder signed this response. | string | | false |
+| thisUpdate | The most recent time at which the status being indicated is known by the responder to have been correct. | string | | false |
+| nextUpdate | The time at or before which newer information will be available about the status of the certificate (if available) | string | | false |
+| revocationTime | The time at which the certificate was revoked or placed on hold. | string | | false |
+[Back to Table of Contents](#table-of-contents)
+
### PdnsServer
@@ -217,6 +255,9 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster
| certificates | RS Cluster Certificates. Used to modify the certificates used by the cluster. See the \"RSClusterCertificates\" struct described above to see the supported certificates. | *[RSClusterCertificates](#rsclustercertificates) | | false |
| podStartingPolicy | Mitigation setting for STS pods stuck in \"ContainerCreating\" | *[StartingPolicy](#startingpolicy) | | false |
| redisEnterpriseTerminationGracePeriodSeconds | The TerminationGracePeriodSeconds value for the (STS created) REC pods. Note that pods should not be taken down intentionally by force. Because clean pod shutdown is essential to prevent data loss, the default value is intentionally large (1 year). When data loss is acceptable (such as pure caching configurations), a value of a few minutes may be acceptable. | *int64 | 31536000 | false |
+| redisOnFlashSpec | Stores configurations specific to redis on flash. Note: this feature is currently unsupported. | *[RedisOnFlashSpec](#redisonflashspec) | | false |
+| ocspConfiguration | An API object that represents the cluster's OCSP configuration. To enable OCSP, the cluster's proxy certificate should contain the OCSP responder URL. Note: this feature is currently unsupported. | *[OcspConfiguration](#ocspconfiguration) | | false |
+| encryptPkeys | Private key encryption - in order to enable, first need to mount ${ephemeralconfdir}/secrets/pem/passphrase and add the passphrase and then set fields value to 'true' Possible values: true/false. Note: this feature is currently unsupported. | *bool | | false |
[Back to Table of Contents](#table-of-contents)
### RedisEnterpriseClusterStatus
@@ -228,6 +269,8 @@ RedisEnterpriseClusterStatus defines the observed state of RedisEnterpriseCluste
| specStatus | Validity of Redis Enterprise Cluster specification | [SpecStatusName](#specstatusname) | | true |
| modules | Modules Available in Cluster | [][Module](#module) | | false |
| licenseStatus | State of the Cluster's License | *[LicenseStatus](#licensestatus) | | false |
+| bundledDatabaseVersions | Versions of open source databases bundled by Redis Enterprise Software - please note that in order to use a specific version it should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according to the desired version (major/minor) | []*[BundledDatabaseVersions](#bundleddatabaseversions) | | false |
+| ocspStatus | An API object that represents the cluster's OCSP status | *[OcspStatus](#ocspstatus) | | false |
[Back to Table of Contents](#table-of-contents)
### RedisEnterpriseServicesConfiguration
@@ -244,6 +287,17 @@ RedisEnterpriseClusterStatus defines the observed state of RedisEnterpriseCluste
| crdbWorker | | *[CrdbWorker](#crdbworker) | | false |
[Back to Table of Contents](#table-of-contents)
+### RedisOnFlashSpec
+RedisOnFlashSpec contains all the parameters needed to configure in order to enable creation of redis on flash databases.
+
+| Field | Description | Scheme | Default Value | Required |
+| ----- | ----------- | ------ | -------- | -------- |
+| enabled | Indicates whether RoF is turned on or not. | bool | | true |
+| flashStorageEngine | The type of DB engine used on flash. Currently the only supported value is \"rocksdb\", but this will change in the figure. | string | | true |
+| storageClassName | Used to identify the storage class name of the corresponding volume claim template. | string | | true |
+| flashDiskSize | Required flash disk size. | resource.Quantity | | false |
+[Back to Table of Contents](#table-of-contents)
+
### Saslauthd
diff --git a/redis_enterprise_database_api.md b/redis_enterprise_database_api.md
index b9ea7f0..ae2ad36 100644
--- a/redis_enterprise_database_api.md
+++ b/redis_enterprise_database_api.md
@@ -4,6 +4,7 @@ This document describes the parameters for the Redis Enterprise Database custom
## Table of Contents
* [Objects](#objects)
* [AzureBlobStorage](#azureblobstorage)
+ * [BackupInfo](#backupinfo)
* [BackupSpec](#backupspec)
* [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold)
* [DbAlertsSettings](#dbalertssettings)
@@ -40,6 +41,20 @@ This document describes the parameters for the Redis Enterprise Database custom
| subdir | Optional. Azure Blob Storage subdir under container. | string | empty | false |
[Back to Table of Contents](#table-of-contents)
+### BackupInfo
+
+
+| Field | Description | Scheme | Default Value | Required |
+| ----- | ----------- | ------ | -------- | -------- |
+| backupFailureReason | Reason of last failed backup process | string | | false |
+| backupHistory | Backup history retention policy (number of days, 0 is forever) | int | | true |
+| backupInterval | Interval in seconds in which automatic backup will be initiated | int | | false |
+| backupIntervalOffset | Offset (in seconds) from round backup interval when automatic backup will be initiated (should be less than backup_interval) | int | | false |
+| backupProgressPercentage | Database scheduled periodic backup progress (percentage) | int | | false |
+| backupStatus | Status of scheduled periodic backup process | string | | false |
+| lastBackupTime | Time of last successful backup | string | | false |
+[Back to Table of Contents](#table-of-contents)
+
### BackupSpec
The various backup storage options are validated to be mutually exclusive, although for technical reasons, the relevant error is not very clear and indicates a conflict in the specified storage type.
@@ -182,6 +197,7 @@ RedisEnterpriseDatabaseSpec defines the desired state of RedisEnterpriseDatabase
| proxyPolicy | The policy used for proxy binding to the endpoint. Supported proxy policies are: single/all-master-shards/all-nodes When left blank, the default value will be chosen according to the value of ossCluster - single if disabled, all-master-shards when enabled | string | | false |
| dataInternodeEncryption | Internode encryption (INE) setting. An optional boolean setting, overriding a similar cluster-wide policy. If set to False, INE is guaranteed to be turned off for this DB (regardless of cluster-wide policy). If set to True, INE will be turned on, unless the capability is not supported by the DB ( in such a case we will get an error and database creation will fail). If left unspecified, will be disabled if internode encryption is not supported by the DB (regardless of cluster default). Deleting this property after explicitly setting its value shall have no effect. | *bool | | false |
| databasePort | Database port number. TCP port on which the database is available. Will be generated automatically if omitted. can not be changed after creation | *int | | false |
+| shardsPlacement | Control the density of shards - should they reside on as few or as many nodes as possible. Available options are \"dense\" or \"sparse\". If left unset, defaults to \"dense\". | string | | false |
[Back to Table of Contents](#table-of-contents)
### RedisEnterpriseDatabaseStatus
@@ -202,6 +218,7 @@ RedisEnterpriseDatabaseStatus defines the observed state of RedisEnterpriseDatab
| internalEndpoints | Endpoints listed internally by the Redis Enterprise Cluster. Can be used to correlate a ReplicaSourceStatus entry. | [][InternalEndpoint](#internalendpoint) | | false |
| redisEnterpriseCluster | The Redis Enterprise Cluster Object this Resource is associated with | string | | false |
| observedGeneration | The generation (built in update counter of K8s) of the REDB resource that was fully acted upon, meaning that all changes were handled and sent as an API call to the Redis Enterprise Cluster (REC). This field value should equal the current generation when the resource changes were handled. Note: the lastActionStatus field tracks actions handled asynchronously by the Redis Enterprise Cluster. | int64 | | false |
+| backupInfo | Information on the database's periodic backup | *[BackupInfo](#backupinfo) | | false |
[Back to Table of Contents](#table-of-contents)
### ReplicaSource
diff --git a/role.yaml b/role.yaml
index 9fd244c..3e13085 100644
--- a/role.yaml
+++ b/role.yaml
@@ -33,7 +33,7 @@ rules:
verbs: ["create", "delete", "get" , "update", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
- verbs: ["create", "delete", "get" , "update"]
+ verbs: ["create", "delete", "get" , "update", "list", "watch"]
# needed rbac rules for services controller
- apiGroups: [""]