From 1ab39a39ced9f1d15e7988c82c9f1efa507880e2 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 28 Feb 2022 09:09:11 +0000 Subject: [PATCH 1/6] promoting version 6.2.10-3 --- .gitignore | 2 +- README.md | 34 +-- advanced/Redis-gears/gears.yaml | 30 +++ .../install_gears_python_packages.txt | 31 +++ bundle.yaml | 251 +++++++++++++++++- crds/rec_crd.yaml | 208 +++++++++++++++ crds/redb_crd.yaml | 39 ++- google_private_cloud/README.md | 100 +++++++ .../bundle/kustomization.yaml | 4 + google_private_cloud/rec/kustomization.yaml | 4 + google_private_cloud/rec/kustomize_rec.yaml | 17 ++ google_private_cloud/rec/rec.yaml | 7 + log_collector/log_collector.py | 21 +- multi-namespace-redb/operator.yaml | 4 +- openshift.bundle.yaml | 251 +++++++++++++++++- openshift/operator_rhel.yaml | 4 +- openshift/rec_rhel.yaml | 2 +- openshift/role.yaml | 2 +- operator.yaml | 4 +- redis_enterprise_cluster_api.md | 54 ++++ redis_enterprise_database_api.md | 17 ++ role.yaml | 2 +- 22 files changed, 1047 insertions(+), 41 deletions(-) create mode 100644 advanced/Redis-gears/gears.yaml create mode 100644 advanced/Redis-gears/install_gears_python_packages.txt create mode 100644 google_private_cloud/README.md create mode 100644 google_private_cloud/bundle/kustomization.yaml create mode 100644 google_private_cloud/rec/kustomization.yaml create mode 100644 google_private_cloud/rec/kustomize_rec.yaml create mode 100644 google_private_cloud/rec/rec.yaml diff --git a/.gitignore b/.gitignore index 485dee6..5c3bdbb 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -.idea +*bundle.yaml diff --git a/README.md b/README.md index 33ceb8c..fab4ebf 100644 --- a/README.md +++ b/README.md @@ -32,9 +32,9 @@ High level architecture and overview of the solution can be found [HERE](https:/ The following are the images and tags for this release: | Component | k8s | Openshift | | --- | --- | --- | -| Redis Enterprise | `redislabs/redis:6.2.8-64` | `redislabs/redis:6.2.8-64.rhel7-openshift` | -| Operator | `redislabs/operator:6.2.8-15` | `redislabs/operator:6.2.8-15` | -| Services Rigger | `redislabs/k8s-controller:6.2.8-15` | `redislabs/k8s-controller:6.2.8-15` | +| Redis Enterprise | `redislabs/redis:6.2.10-83` | `redislabs/redis:6.2.10-83.rhel7-openshift` | +| Operator | `redislabs/operator:6.2.10-3` | `redislabs/operator:6.2.10-3` | +| Services Rigger | `redislabs/k8s-controller:6.2.10-3` | `redislabs/k8s-controller:6.2.10-3` | > * RedHat certified images are available on [Redhat Catalog](https://access.redhat.com/containers/#/product/71f6d1bb3408bd0d)
@@ -139,8 +139,6 @@ This is the fastest way to get up and running with a new Redis Enterprise on Kub > **Note:** If you're not using multiple namespaces you may skip to ["Verify the installation"](#verify_admission_installation) step. - > **Note:** If you're not using multiple namespaces you may proceed to step 6. - * Limiting the webhook to the relevant namespaces: Unless limited, webhooks will intercept requests from all namespaces.
In case you have several REC objects on your K8S cluster you need to limit the webhook to the relevant namespace. @@ -383,7 +381,7 @@ The operator deploys a `RedisEnterpriseCluster` with default configurations valu redisEnterpriseImageSpec: imagePullPolicy: IfNotPresent repository: redislabs/redis - versionTag: 6.2.8-64 + versionTag: 6.2.10-83 ``` * Persistence @@ -485,21 +483,21 @@ For example: redisEnterpriseImageSpec: imagePullPolicy: IfNotPresent repository: harbor.corp.local/redisenterprise/redis - versionTag: 6.2.8-64 + versionTag: 6.2.10-83 ``` ```yaml redisEnterpriseServicesRiggerImageSpec: imagePullPolicy: IfNotPresent repository: harbor.corp.local/redisenterprise/k8s-controller - versionTag: 6.2.8-15 + versionTag: 6.2.10-3 ``` ```yaml bootstrapperImageSpec: imagePullPolicy: IfNotPresent repository: harbor.corp.local/redisenterprise/operator - versionTag: 6.2.8-15 + versionTag: 6.2.10-3 ``` In Operator Deployment spec (operator.yaml): @@ -511,7 +509,7 @@ spec: spec: containers: - name: redis-enterprise-operator - image: harbor.corp.local/redisenterprise/operator:6.2.8-15 + image: harbor.corp.local/redisenterprise/operator:6.2.10-3 ``` Image specification follow the [K8s Container schema](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#container-v1-core). @@ -634,7 +632,7 @@ Note: in the examples above the Redis Enterprise Cluster name is: 'rec' and the The Operator automates and simplifies the upgrade process. The Redis Enterprise Cluster Software, and the Redis Enterprise Operator for Kubernetes versions are tightly coupled and should be upgraded together. It is recommended to use the bundle.yaml to upgrade, as it loads all the relevant CRD documents for this version. If the updated CRDs are not loaded, the operator might fail. -There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within the Redis Enterprise Cluster Spec to instruct the operator to automatically upgrade to the compatible version, or specify the correct Redis Enterprise image manually using the versionTag attribute. The Redis Enterprise Version compatible with this release is 6.2.8-64 +There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within the Redis Enterprise Cluster Spec to instruct the operator to automatically upgrade to the compatible version, or specify the correct Redis Enterprise image manually using the versionTag attribute. The Redis Enterprise Version compatible with this release is 6.2.10-83 ```yaml autoUpgradeRedisEnterprise: true @@ -643,7 +641,7 @@ There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within t Alternatively: ```yaml RedisEnterpriseImageSpec: - versionTag: redislabs/redis:6.2.8-64 + versionTag: redislabs/redis:6.2.10-83 ``` ## Supported K8S Distributions @@ -665,10 +663,14 @@ Supported versions (platforms/versions that are not listed are not supported): | GKE 1.20 | supported | | GKE 1.21 | supported | | GKE 1.22 | supported | -| Rancher 2.5 (K8s 1.17) | deprecated | -| Rancher 2.5 (K8s 1.18) | supported | -| Rancher 2.5 (K8s 1.19) | supported | -| Rancher 2.5 (K8s 1.20) | supported | +| Rancher 2.5 (K8s 1.17) | *deprecated | +| Rancher 2.5 (K8s 1.18) | *deprecated | +| Rancher 2.5 (K8s 1.19) | *deprecated | +| Rancher 2.5 (K8s 1.20) | *deprecated | +| Rancher 2.6 (K8s 1.18) | supported | +| Rancher 2.6 (K8s 1.19) | supported | +| Rancher 2.6 (K8s 1.20) | supported | +| Rancher 2.6 (K8s 1.21) | supported | | VMWare TKGIE** 1.10 (K8s 1.19) | supported | | AKS 1.19 | supported | | AKS 1.20 | supported | diff --git a/advanced/Redis-gears/gears.yaml b/advanced/Redis-gears/gears.yaml new file mode 100644 index 0000000..60f0267 --- /dev/null +++ b/advanced/Redis-gears/gears.yaml @@ -0,0 +1,30 @@ +spec: + redisEnterpriseAdditionalPodSpecAttributes: + initContainers: + - name: initcontainer + volumeMounts: + - mountPath: /opt/redislabs/gears-packages + name: gears-volume + image: python:3.7 + imagePullPolicy: IfNotPresent + env: + - name: "GEARS_PACKAGES" + value: "" + command: + - "/bin/bash" + args: + - "-c" + - "for package in ${GEARS_PACKAGES}; do echo $package >>/tmp/requirements.txt; done; pip install -r /tmp/requirements.txt -t /opt/redislabs/gears-packages" + resources: + limits: + memory: 4Gi + cpu: 2 + requests: + memory: 4Gi + cpu: 2 + redisEnterpriseVolumeMounts: + - mountPath: /opt/redislabs/gears-packages + name: gears-volume + volumes: + - emptyDir: {} + name: gears-volume diff --git a/advanced/Redis-gears/install_gears_python_packages.txt b/advanced/Redis-gears/install_gears_python_packages.txt new file mode 100644 index 0000000..ddf2020 --- /dev/null +++ b/advanced/Redis-gears/install_gears_python_packages.txt @@ -0,0 +1,31 @@ +Install Python packages for Redis Gears + +Disclaimer: +This instructions are provided as a work around and not considered official, any use of this is the user responsibility. + +Notes: +This doc is assuming the following: +• Redis Gears is already installed on the Redis enterprise cluster. +• The Redis gears Python version is 3.7 (if not the sidecar container image should be changed). + +Instructions: +a. edit the gears.yaml, replace the with the Python packages that should be installed. +The packages must be separated by a ' ' (space). +For example to install the packages pytz version 2021.3 and kubernetes the yaml should be: +``` +... + - name: "GEARS_PACKAGES" + value: "pytz==2021.3 kubernetes" +... +``` +b. Run the kubectl patch command on your cluster with the modified gears.yaml from the previous step, replace the with the name of your Redis enterprise cluster: +kubectl patch rec --type merge --patch "$(cat gears.yaml)" +c. Wait until all the Redis enterprise nodes are restarted with the new configurations. +d. Add the below code snippet in the top of your Redis gears Python function that wants to use the installed package/s: +``` +import sys +if '/opt/redislabs/gears-packages' not in sys.path: + sys.path.append('/opt/redislabs/gears-packages') +# Your code below... +``` + \ No newline at end of file diff --git a/bundle.yaml b/bundle.yaml index 16046d4..5d40b9d 100644 --- a/bundle.yaml +++ b/bundle.yaml @@ -34,7 +34,7 @@ rules: verbs: ["create", "delete", "get" , "update", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] - verbs: ["create", "delete", "get" , "update"] + verbs: ["create", "delete", "get" , "update", "list", "watch"] # needed rbac rules for services controller - apiGroups: [""] @@ -578,6 +578,13 @@ spec: shardCount: description: Number of database server-side shards type: integer + shardsPlacement: + description: Control the density of shards - should they reside on as few or as many nodes as possible. + Available options are "dense" or "sparse". If left unset, defaults to "dense". + enum: + - dense + - sparse + type: string tlsMode: description: Require SSL authenticated and encrypted connections to the database. enabled - all incoming connections to the Database must @@ -674,6 +681,36 @@ spec: type: integer description: Aggregated statuses of shards type: object + backupInfo: + description: Information on the database's periodic backup + properties: + backupFailureReason: + description: Reason of last failed backup process + type: string + backupHistory: + description: Backup history retention policy (number of days, + 0 is forever) + type: integer + backupInterval: + description: Interval in seconds in which automatic backup will + be initiated + type: integer + backupIntervalOffset: + description: Offset (in seconds) from round backup interval when + automatic backup will be initiated (should be less than backup_interval) + type: integer + backupProgressPercentage: + description: Database scheduled periodic backup progress (percentage) + type: integer + backupStatus: + description: Status of scheduled periodic backup process + type: string + lastBackupTime: + description: Time of last successful backup + type: string + required: + - backupHistory + type: object specStatus: description: Whether the desired specification is valid type: string @@ -715,7 +752,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.2.8-15 + image: redislabs/operator:6.2.10-3 command: - redis-enterprise-operator imagePullPolicy: Always @@ -757,7 +794,7 @@ spec: port: 8080 scheme: HTTP - name: admission - image: redislabs/operator:6.2.8-15 + image: redislabs/operator:6.2.10-3 command: - /usr/local/bin/admission imagePullPolicy: Always @@ -875,6 +912,33 @@ spec: type: array items: type: string + ocspStatus: + description: An API object that represents the cluster's OCSP status + properties: + certStatus: + description: Indicates the proxy certificate status - GOOD/REVOKED/UNKNOWN. + type: string + nextUpdate: + description: The time at or before which newer information will + be available about the status of the certificate (if available) + type: string + producedAt: + description: The time at which the OCSP responder signed this + response. + type: string + responderUrl: + description: The OCSP responder url from which this status came + from. + type: string + revocationTime: + description: The time at which the certificate was revoked or + placed on hold. + type: string + thisUpdate: + description: The most recent time at which the status being indicated + is known by the responder to have been correct. + type: string + type: object licenseStatus: type: object properties: @@ -886,6 +950,22 @@ spec: type: string shardsLimit: type: integer + bundledDatabaseVersions: + description: Versions of open source databases bundled by Redis Enterprise + Software - please note that in order to use a specific version it + should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according + to the desired version (major/minor) + items: + properties: + dbType: + type: string + version: + type: string + required: + - dbType + - version + type: object + type: array spec: description: RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster properties: @@ -992,6 +1072,11 @@ spec: May be overridden for specific REDB via similar setting, please view the similar setting for REDB for more info. type: boolean + encryptPkeys: + description: 'Private key encryption - in order to enable, first need + to mount ${ephemeralconfdir}/secrets/pem/passphrase and add the passphrase + and then set fields value to ''true'' Possible values: true/false' + type: boolean certificates: description: RS Cluster Certificates. Used to modify the certificates used by the cluster. @@ -1056,6 +1141,39 @@ spec: type: string description: Selector for nodes that could fit Redis Enterprise pod type: object + ocspConfiguration: + description: An API object that represents the cluster's OCSP configuration. + To enable OCSP, the cluster's proxy certificate should contain the + OCSP responder URL. + properties: + ocspFunctionality: + description: Whether to enable/disable OCSP mechanism for the + cluster. + type: boolean + queryFrequency: + description: Determines the interval (in seconds) in which the + control plane will poll the OCSP responder for a new status + for the server certificate. Minimum value is 60. Maximum value + is 86400. + type: integer + recoveryFrequency: + description: Determines the interval (in seconds) in which the + control plane will poll the OCSP responder for a new status + for the server certificate when the current staple is invalid. + Minimum value is 60. Maximum value is 86400. + type: integer + recoveryMaxTries: + description: Determines the maximum number for the OCSP recovery + attempts. After max number of tries passed, the control plane + will revert back to the regular frequency. Minimum value is + 1. Maximum value is 100. + type: integer + responseTimeout: + description: Determines the time interval (in seconds) for which + the request waits for a response from the OCSP responder. Minimum + value is 1. Maximum value is 60. + type: integer + type: object nodes: description: Number of Redis Enterprise nodes (pods) format: int32 @@ -6925,6 +7043,29 @@ spec: - LoadBalancer - ExternalName type: string + redisOnFlashSpec: + description: Stores configurations specific to redis on flash. If provided, the cluster will be capable of + creating redis on flash databases + properties: + enabled: + type: boolean + flashStorageEngine: + type: string + enum: + - rocksdb + storageClassName: + type: string + flashDiskSize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - enabled + - flashStorageEngine + - storageClassName + type: object upgradeSpec: description: Specification for upgrades of Redis Enterprise properties: @@ -7602,6 +7743,33 @@ spec: type: array items: type: string + ocspStatus: + description: An API object that represents the cluster's OCSP status + properties: + certStatus: + description: Indicates the proxy certificate status - GOOD/REVOKED/UNKNOWN. + type: string + nextUpdate: + description: The time at or before which newer information will + be available about the status of the certificate (if available) + type: string + producedAt: + description: The time at which the OCSP responder signed this + response. + type: string + responderUrl: + description: The OCSP responder url from which this status came + from. + type: string + revocationTime: + description: The time at which the certificate was revoked or + placed on hold. + type: string + thisUpdate: + description: The most recent time at which the status being indicated + is known by the responder to have been correct. + type: string + type: object licenseStatus: type: object properties: @@ -7613,6 +7781,22 @@ spec: type: string shardsLimit: type: integer + bundledDatabaseVersions: + description: Versions of open source databases bundled by Redis Enterprise + Software - please note that in order to use a specific version it + should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according + to the desired version (major/minor) + items: + properties: + dbType: + type: string + version: + type: string + required: + - dbType + - version + type: object + type: array spec: description: RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster properties: @@ -7719,6 +7903,11 @@ spec: May be overridden for specific REDB via similar setting, please view the similar setting for REDB for more info. type: boolean + encryptPkeys: + description: 'Private key encryption - in order to enable, first need + to mount ${ephemeralconfdir}/secrets/pem/passphrase and add the passphrase + and then set fields value to ''true'' Possible values: true/false' + type: boolean certificates: description: RS Cluster Certificates. Used to modify the certificates used by the cluster. @@ -7783,6 +7972,39 @@ spec: type: string description: Selector for nodes that could fit Redis Enterprise pod type: object + ocspConfiguration: + description: An API object that represents the cluster's OCSP configuration. + To enable OCSP, the cluster's proxy certificate should contain the + OCSP responder URL. + properties: + ocspFunctionality: + description: Whether to enable/disable OCSP mechanism for the + cluster. + type: boolean + queryFrequency: + description: Determines the interval (in seconds) in which the + control plane will poll the OCSP responder for a new status + for the server certificate. Minimum value is 60. Maximum value + is 86400. + type: integer + recoveryFrequency: + description: Determines the interval (in seconds) in which the + control plane will poll the OCSP responder for a new status + for the server certificate when the current staple is invalid. + Minimum value is 60. Maximum value is 86400. + type: integer + recoveryMaxTries: + description: Determines the maximum number for the OCSP recovery + attempts. After max number of tries passed, the control plane + will revert back to the regular frequency. Minimum value is + 1. Maximum value is 100. + type: integer + responseTimeout: + description: Determines the time interval (in seconds) for which + the request waits for a response from the OCSP responder. Minimum + value is 1. Maximum value is 60. + type: integer + type: object nodes: description: Number of Redis Enterprise nodes (pods) format: int32 @@ -13653,6 +13875,29 @@ spec: - LoadBalancer - ExternalName type: string + redisOnFlashSpec: + description: Stores configurations specific to redis on flash. If provided, the cluster will be capable of + creating redis on flash databases + properties: + enabled: + type: boolean + flashStorageEngine: + type: string + enum: + - rocksdb + storageClassName: + type: string + flashDiskSize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - enabled + - flashStorageEngine + - storageClassName + type: object upgradeSpec: description: Specification for upgrades of Redis Enterprise properties: diff --git a/crds/rec_crd.yaml b/crds/rec_crd.yaml index d5f0116..8815913 100644 --- a/crds/rec_crd.yaml +++ b/crds/rec_crd.yaml @@ -75,6 +75,33 @@ spec: type: array items: type: string + ocspStatus: + description: An API object that represents the cluster's OCSP status + properties: + certStatus: + description: Indicates the proxy certificate status - GOOD/REVOKED/UNKNOWN. + type: string + nextUpdate: + description: The time at or before which newer information will + be available about the status of the certificate (if available) + type: string + producedAt: + description: The time at which the OCSP responder signed this + response. + type: string + responderUrl: + description: The OCSP responder url from which this status came + from. + type: string + revocationTime: + description: The time at which the certificate was revoked or + placed on hold. + type: string + thisUpdate: + description: The most recent time at which the status being indicated + is known by the responder to have been correct. + type: string + type: object licenseStatus: type: object properties: @@ -86,6 +113,22 @@ spec: type: string shardsLimit: type: integer + bundledDatabaseVersions: + description: Versions of open source databases bundled by Redis Enterprise + Software - please note that in order to use a specific version it + should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according + to the desired version (major/minor) + items: + properties: + dbType: + type: string + version: + type: string + required: + - dbType + - version + type: object + type: array spec: description: RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster properties: @@ -192,6 +235,11 @@ spec: May be overridden for specific REDB via similar setting, please view the similar setting for REDB for more info. type: boolean + encryptPkeys: + description: 'Private key encryption - in order to enable, first need + to mount ${ephemeralconfdir}/secrets/pem/passphrase and add the passphrase + and then set fields value to ''true'' Possible values: true/false' + type: boolean certificates: description: RS Cluster Certificates. Used to modify the certificates used by the cluster. @@ -256,6 +304,39 @@ spec: type: string description: Selector for nodes that could fit Redis Enterprise pod type: object + ocspConfiguration: + description: An API object that represents the cluster's OCSP configuration. + To enable OCSP, the cluster's proxy certificate should contain the + OCSP responder URL. + properties: + ocspFunctionality: + description: Whether to enable/disable OCSP mechanism for the + cluster. + type: boolean + queryFrequency: + description: Determines the interval (in seconds) in which the + control plane will poll the OCSP responder for a new status + for the server certificate. Minimum value is 60. Maximum value + is 86400. + type: integer + recoveryFrequency: + description: Determines the interval (in seconds) in which the + control plane will poll the OCSP responder for a new status + for the server certificate when the current staple is invalid. + Minimum value is 60. Maximum value is 86400. + type: integer + recoveryMaxTries: + description: Determines the maximum number for the OCSP recovery + attempts. After max number of tries passed, the control plane + will revert back to the regular frequency. Minimum value is + 1. Maximum value is 100. + type: integer + responseTimeout: + description: Determines the time interval (in seconds) for which + the request waits for a response from the OCSP responder. Minimum + value is 1. Maximum value is 60. + type: integer + type: object nodes: description: Number of Redis Enterprise nodes (pods) format: int32 @@ -6125,6 +6206,29 @@ spec: - LoadBalancer - ExternalName type: string + redisOnFlashSpec: + description: Stores configurations specific to redis on flash. If provided, the cluster will be capable of + creating redis on flash databases + properties: + enabled: + type: boolean + flashStorageEngine: + type: string + enum: + - rocksdb + storageClassName: + type: string + flashDiskSize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - enabled + - flashStorageEngine + - storageClassName + type: object upgradeSpec: description: Specification for upgrades of Redis Enterprise properties: @@ -6802,6 +6906,33 @@ spec: type: array items: type: string + ocspStatus: + description: An API object that represents the cluster's OCSP status + properties: + certStatus: + description: Indicates the proxy certificate status - GOOD/REVOKED/UNKNOWN. + type: string + nextUpdate: + description: The time at or before which newer information will + be available about the status of the certificate (if available) + type: string + producedAt: + description: The time at which the OCSP responder signed this + response. + type: string + responderUrl: + description: The OCSP responder url from which this status came + from. + type: string + revocationTime: + description: The time at which the certificate was revoked or + placed on hold. + type: string + thisUpdate: + description: The most recent time at which the status being indicated + is known by the responder to have been correct. + type: string + type: object licenseStatus: type: object properties: @@ -6813,6 +6944,22 @@ spec: type: string shardsLimit: type: integer + bundledDatabaseVersions: + description: Versions of open source databases bundled by Redis Enterprise + Software - please note that in order to use a specific version it + should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according + to the desired version (major/minor) + items: + properties: + dbType: + type: string + version: + type: string + required: + - dbType + - version + type: object + type: array spec: description: RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster properties: @@ -6919,6 +7066,11 @@ spec: May be overridden for specific REDB via similar setting, please view the similar setting for REDB for more info. type: boolean + encryptPkeys: + description: 'Private key encryption - in order to enable, first need + to mount ${ephemeralconfdir}/secrets/pem/passphrase and add the passphrase + and then set fields value to ''true'' Possible values: true/false' + type: boolean certificates: description: RS Cluster Certificates. Used to modify the certificates used by the cluster. @@ -6983,6 +7135,39 @@ spec: type: string description: Selector for nodes that could fit Redis Enterprise pod type: object + ocspConfiguration: + description: An API object that represents the cluster's OCSP configuration. + To enable OCSP, the cluster's proxy certificate should contain the + OCSP responder URL. + properties: + ocspFunctionality: + description: Whether to enable/disable OCSP mechanism for the + cluster. + type: boolean + queryFrequency: + description: Determines the interval (in seconds) in which the + control plane will poll the OCSP responder for a new status + for the server certificate. Minimum value is 60. Maximum value + is 86400. + type: integer + recoveryFrequency: + description: Determines the interval (in seconds) in which the + control plane will poll the OCSP responder for a new status + for the server certificate when the current staple is invalid. + Minimum value is 60. Maximum value is 86400. + type: integer + recoveryMaxTries: + description: Determines the maximum number for the OCSP recovery + attempts. After max number of tries passed, the control plane + will revert back to the regular frequency. Minimum value is + 1. Maximum value is 100. + type: integer + responseTimeout: + description: Determines the time interval (in seconds) for which + the request waits for a response from the OCSP responder. Minimum + value is 1. Maximum value is 60. + type: integer + type: object nodes: description: Number of Redis Enterprise nodes (pods) format: int32 @@ -12853,6 +13038,29 @@ spec: - LoadBalancer - ExternalName type: string + redisOnFlashSpec: + description: Stores configurations specific to redis on flash. If provided, the cluster will be capable of + creating redis on flash databases + properties: + enabled: + type: boolean + flashStorageEngine: + type: string + enum: + - rocksdb + storageClassName: + type: string + flashDiskSize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - enabled + - flashStorageEngine + - storageClassName + type: object upgradeSpec: description: Specification for upgrades of Redis Enterprise properties: diff --git a/crds/redb_crd.yaml b/crds/redb_crd.yaml index 46b3355..cef144d 100644 --- a/crds/redb_crd.yaml +++ b/crds/redb_crd.yaml @@ -501,6 +501,13 @@ spec: shardCount: description: Number of database server-side shards type: integer + shardsPlacement: + description: Control the density of shards - should they reside on as few or as many nodes as possible. + Available options are "dense" or "sparse". If left unset, defaults to "dense". + enum: + - dense + - sparse + type: string tlsMode: description: Require SSL authenticated and encrypted connections to the database. enabled - all incoming connections to the Database must @@ -597,6 +604,36 @@ spec: type: integer description: Aggregated statuses of shards type: object + backupInfo: + description: Information on the database's periodic backup + properties: + backupFailureReason: + description: Reason of last failed backup process + type: string + backupHistory: + description: Backup history retention policy (number of days, + 0 is forever) + type: integer + backupInterval: + description: Interval in seconds in which automatic backup will + be initiated + type: integer + backupIntervalOffset: + description: Offset (in seconds) from round backup interval when + automatic backup will be initiated (should be less than backup_interval) + type: integer + backupProgressPercentage: + description: Database scheduled periodic backup progress (percentage) + type: integer + backupStatus: + description: Status of scheduled periodic backup process + type: string + lastBackupTime: + description: Time of last successful backup + type: string + required: + - backupHistory + type: object specStatus: description: Whether the desired specification is valid type: string @@ -607,4 +644,4 @@ spec: description: Database compatibility version type: string type: object - type: object \ No newline at end of file + type: object diff --git a/google_private_cloud/README.md b/google_private_cloud/README.md new file mode 100644 index 0000000..21413c6 --- /dev/null +++ b/google_private_cloud/README.md @@ -0,0 +1,100 @@ + +# Deploying Redis Enterprise on Google Private Cloud + +This page describes how to deploy Redis Enterprise on Google Private Cloud Kubernetes solution using the Redis Enterprise Operator. + +### Prerequisites + +- A Kubernetes cluster version of 1.20 or higher, with a minimum of 3 worker nodes. +- A Kubernetes client (kubectl) with a matching version. +- Access to DockerHub, Harbor or a private repository that can serve the required images. + + + +The following are the images and tags for this release: + +| Component | k8s | +| --- | --- | +| Redis Enterprise | `redislabs/redis:6.2.10-83` | +| Operator | `redislabs/operator:6.2.10-3` | +| Services Rigger | `redislabs/k8s-controller:6.2.10-3` | + + +### Installation +The "Basic" installation deploys the operator (from the current release) from DockerHub and default settings. +This is the fastest way to get up and running with a new Redis Enterprise on Kubernetes. + +1. We will need to clone the yamls from [github](https://github.com/RedisLabs/redis-enterprise-k8s-docs/releases) to your local directory. + +2. Create a new namespace: + > Note: + For the purpose of this doc, we'll use the name "demo" for our cluster's namespace. + + ```bash + kubectl create namespace demo + ``` + + Switch context to the newly created namespace: + + ```bash + kubectl config set-context --current --namespace=demo + ``` +*** +For deploying the bundle and the Redis Enterprise Cluster custom resource we will use the [Kustomize](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/kustomization/). +3. Customize the operator deployment - + + Before deploying the bundle.yaml we will need to customize it . + edit the `bundle\kustomize_bundle.yaml` file : + > Note: + Replace the [User Private repo] with your private images repository location. + +4. Deploy the operator bundle + + with `kubectl`, the following command will deploy a bundle of all the yaml declarations required for the operator: + + ```bash + kubectl apply -k bundle + ``` + + Run `kubectl get deployment` and verify redis-enterprise-operator deployment is running. + + A typical response may look like this: + + ```bash + NAME READY UP-TO-DATE AVAILABLE AGE + redis-enterprise-operator 1/1 1 1 2m + ``` + +5. Customize the Redis Enterprise Cluster custom resource - + + Before deploying the rec.yaml we will need to customize it . + edit the `rec\kustomize_rec.yaml` file : + > Note: + Replace the [User Private repo] with your private images repository location. + + The kustomize_rec.yaml configure the Redis Enterprise Cluster custom resource with the default configuration, + which is suitable for development type deployments and works in typical scenarios. + The full list of attributes supported through the Redis Enterprise Cluster (REC) API can be found [HERE](redis_enterprise_cluster_api.md). + + +6. Redis Enterprise Cluster custom resource - `RedisEnterpriseCluster` + + Create a `RedisEnterpriseCluster`(REC) using the kustomize capability, + + ```bash + kubectl apply -k rec + ``` + + > Note: + The Operator can only manage one Redis Enterprise Cluster custom resource in a namespace. To deploy another Enterprise Clusters in the same Kubernetes cluster, deploy an Operator in an additional namespace for each additional Enterprise Cluster required. Note that each Enterprise Cluster can effectively host hundreds of Redis Database instances. Deploying multiple clusters is typically used for scenarios where complete operational isolation is required at the cluster level. + +7. Run ```kubectl get rec``` and verify creation was successful. `rec` is a shortcut for RedisEnterpriseCluster. The cluster takes around 5-10 minutes to come up. + A typical response may look like this: + ``` + NAME AGE + rec 5m + ``` + > Note: Once the cluster is up, the cluster GUI and API could be used to configure databases. It is recommended to use the K8s REDB API that is configured through the following steps. To configure the cluster using the cluster GUI/API, use the ui service created by the operator and the default credentials as set in a secret. The secret name is the same as the cluster name within the namespace. + + +*** For advanced configuration and more info you can visit our formal documentation [here](https://github.com/RedisLabs/redis-enterprise-k8s-docs/blob/master/README.md). \ No newline at end of file diff --git a/google_private_cloud/bundle/kustomization.yaml b/google_private_cloud/bundle/kustomization.yaml new file mode 100644 index 0000000..d0304c1 --- /dev/null +++ b/google_private_cloud/bundle/kustomization.yaml @@ -0,0 +1,4 @@ +resources: +- bundle.yaml +patchesStrategicMerge: +- kustomize_bundle.yaml \ No newline at end of file diff --git a/google_private_cloud/rec/kustomization.yaml b/google_private_cloud/rec/kustomization.yaml new file mode 100644 index 0000000..619df3f --- /dev/null +++ b/google_private_cloud/rec/kustomization.yaml @@ -0,0 +1,4 @@ +resources: +- rec.yaml +patchesStrategicMerge: +- kustomize_rec.yaml \ No newline at end of file diff --git a/google_private_cloud/rec/kustomize_rec.yaml b/google_private_cloud/rec/kustomize_rec.yaml new file mode 100644 index 0000000..8a4daf4 --- /dev/null +++ b/google_private_cloud/rec/kustomize_rec.yaml @@ -0,0 +1,17 @@ +apiVersion: app.redislabs.com/v1alpha1 +kind: RedisEnterpriseCluster +metadata: + name: rec +spec: + persistentSpec: + storageClassName: standard + volumeSize: 20Gi + redisEnterpriseImageSpec: + repository: [User redis Private repo] + versionTag: 6.2.10-83 + redisEnterpriseServicesRiggerImageSpec: + repository: [User service rigger Private repo] + versionTag: 6.2.10-3 + bootstrapperImageSpec: + repository: [User operator Private repo] + versionTag: 6.2.10-3 \ No newline at end of file diff --git a/google_private_cloud/rec/rec.yaml b/google_private_cloud/rec/rec.yaml new file mode 100644 index 0000000..2480955 --- /dev/null +++ b/google_private_cloud/rec/rec.yaml @@ -0,0 +1,7 @@ +apiVersion: app.redislabs.com/v1 +kind: RedisEnterpriseCluster +metadata: + name: rec +spec: + # Add fields here + nodes: 3 diff --git a/log_collector/log_collector.py b/log_collector/log_collector.py index 8d258c2..d4846aa 100755 --- a/log_collector/log_collector.py +++ b/log_collector/log_collector.py @@ -28,6 +28,9 @@ TIME_FORMAT = time.strftime("%Y%m%d-%H%M%S") +KUBCTL_DESCRIBE_RETRIES = 3 +KUBCTL_GET_YAML_RETRIES = 3 + timeout = 180 API_RESOURCES = [ @@ -560,10 +563,11 @@ def run_kubectl_get_yaml(namespace, resource_type): Runs kubectl get command with yaml format """ cmd = "kubectl get -n {} {} -o yaml".format(namespace, resource_type) - return_code, out = run_shell_command(cmd) - if return_code == 0: - return out - logger.warning("Namespace '%s': Failed to get %s resource %s.", namespace, resource_type, out.rstrip()) + for _ in range(KUBCTL_GET_YAML_RETRIES): + return_code, out = run_shell_command(cmd) + if return_code == 0: + return out + logger.warning("Namespace '%s': Failed to get %s resource %s.", namespace, resource_type, out.rstrip()) return None @@ -654,10 +658,11 @@ def run_kubectl_describe(namespace, resource_type): Runs kubectl describe command """ cmd = "kubectl describe -n {} {}".format(namespace, resource_type) - return_code, out = run_shell_command(cmd) - if return_code == 0: - return out - logger.warning("Namespace: '%s': Failed to describe %s resource: %s", namespace, resource_type, out) + for _ in range(KUBCTL_DESCRIBE_RETRIES): + return_code, out = run_shell_command(cmd) + if return_code == 0: + return out + logger.warning("Namespace: '%s': Failed to describe %s resource: %s", namespace, resource_type, out) return None diff --git a/multi-namespace-redb/operator.yaml b/multi-namespace-redb/operator.yaml index 4c867d5..c5e33de 100644 --- a/multi-namespace-redb/operator.yaml +++ b/multi-namespace-redb/operator.yaml @@ -15,7 +15,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.2.8-15 + image: redislabs/operator:6.2.10-3 command: - redis-enterprise-operator imagePullPolicy: Always @@ -57,7 +57,7 @@ spec: port: 8080 scheme: HTTP - name: admission - image: redislabs/operator:6.2.8-15 + image: redislabs/operator:6.2.10-3 command: - /usr/local/bin/admission imagePullPolicy: Always diff --git a/openshift.bundle.yaml b/openshift.bundle.yaml index faef8ec..6649d87 100644 --- a/openshift.bundle.yaml +++ b/openshift.bundle.yaml @@ -50,7 +50,7 @@ rules: verbs: ["create", "delete", "get" , "update", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] - verbs: ["create", "delete", "get" , "update"] + verbs: ["create", "delete", "get" , "update", "list", "watch"] # needed rbac rules for services controller - apiGroups: [""] @@ -599,6 +599,13 @@ spec: shardCount: description: Number of database server-side shards type: integer + shardsPlacement: + description: Control the density of shards - should they reside on as few or as many nodes as possible. + Available options are "dense" or "sparse". If left unset, defaults to "dense". + enum: + - dense + - sparse + type: string tlsMode: description: Require SSL authenticated and encrypted connections to the database. enabled - all incoming connections to the Database must @@ -695,6 +702,36 @@ spec: type: integer description: Aggregated statuses of shards type: object + backupInfo: + description: Information on the database's periodic backup + properties: + backupFailureReason: + description: Reason of last failed backup process + type: string + backupHistory: + description: Backup history retention policy (number of days, + 0 is forever) + type: integer + backupInterval: + description: Interval in seconds in which automatic backup will + be initiated + type: integer + backupIntervalOffset: + description: Offset (in seconds) from round backup interval when + automatic backup will be initiated (should be less than backup_interval) + type: integer + backupProgressPercentage: + description: Database scheduled periodic backup progress (percentage) + type: integer + backupStatus: + description: Status of scheduled periodic backup process + type: string + lastBackupTime: + description: Time of last successful backup + type: string + required: + - backupHistory + type: object specStatus: description: Whether the desired specification is valid type: string @@ -736,7 +773,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.2.8-15 + image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.2.10-3 securityContext: runAsUser: 1001 command: @@ -782,7 +819,7 @@ spec: port: 8080 scheme: HTTP - name: admission - image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.2.8-15 + image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.2.10-3 command: - /usr/local/bin/admission imagePullPolicy: Always @@ -900,6 +937,33 @@ spec: type: array items: type: string + ocspStatus: + description: An API object that represents the cluster's OCSP status + properties: + certStatus: + description: Indicates the proxy certificate status - GOOD/REVOKED/UNKNOWN. + type: string + nextUpdate: + description: The time at or before which newer information will + be available about the status of the certificate (if available) + type: string + producedAt: + description: The time at which the OCSP responder signed this + response. + type: string + responderUrl: + description: The OCSP responder url from which this status came + from. + type: string + revocationTime: + description: The time at which the certificate was revoked or + placed on hold. + type: string + thisUpdate: + description: The most recent time at which the status being indicated + is known by the responder to have been correct. + type: string + type: object licenseStatus: type: object properties: @@ -911,6 +975,22 @@ spec: type: string shardsLimit: type: integer + bundledDatabaseVersions: + description: Versions of open source databases bundled by Redis Enterprise + Software - please note that in order to use a specific version it + should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according + to the desired version (major/minor) + items: + properties: + dbType: + type: string + version: + type: string + required: + - dbType + - version + type: object + type: array spec: description: RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster properties: @@ -1017,6 +1097,11 @@ spec: May be overridden for specific REDB via similar setting, please view the similar setting for REDB for more info. type: boolean + encryptPkeys: + description: 'Private key encryption - in order to enable, first need + to mount ${ephemeralconfdir}/secrets/pem/passphrase and add the passphrase + and then set fields value to ''true'' Possible values: true/false' + type: boolean certificates: description: RS Cluster Certificates. Used to modify the certificates used by the cluster. @@ -1081,6 +1166,39 @@ spec: type: string description: Selector for nodes that could fit Redis Enterprise pod type: object + ocspConfiguration: + description: An API object that represents the cluster's OCSP configuration. + To enable OCSP, the cluster's proxy certificate should contain the + OCSP responder URL. + properties: + ocspFunctionality: + description: Whether to enable/disable OCSP mechanism for the + cluster. + type: boolean + queryFrequency: + description: Determines the interval (in seconds) in which the + control plane will poll the OCSP responder for a new status + for the server certificate. Minimum value is 60. Maximum value + is 86400. + type: integer + recoveryFrequency: + description: Determines the interval (in seconds) in which the + control plane will poll the OCSP responder for a new status + for the server certificate when the current staple is invalid. + Minimum value is 60. Maximum value is 86400. + type: integer + recoveryMaxTries: + description: Determines the maximum number for the OCSP recovery + attempts. After max number of tries passed, the control plane + will revert back to the regular frequency. Minimum value is + 1. Maximum value is 100. + type: integer + responseTimeout: + description: Determines the time interval (in seconds) for which + the request waits for a response from the OCSP responder. Minimum + value is 1. Maximum value is 60. + type: integer + type: object nodes: description: Number of Redis Enterprise nodes (pods) format: int32 @@ -6950,6 +7068,29 @@ spec: - LoadBalancer - ExternalName type: string + redisOnFlashSpec: + description: Stores configurations specific to redis on flash. If provided, the cluster will be capable of + creating redis on flash databases + properties: + enabled: + type: boolean + flashStorageEngine: + type: string + enum: + - rocksdb + storageClassName: + type: string + flashDiskSize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - enabled + - flashStorageEngine + - storageClassName + type: object upgradeSpec: description: Specification for upgrades of Redis Enterprise properties: @@ -7627,6 +7768,33 @@ spec: type: array items: type: string + ocspStatus: + description: An API object that represents the cluster's OCSP status + properties: + certStatus: + description: Indicates the proxy certificate status - GOOD/REVOKED/UNKNOWN. + type: string + nextUpdate: + description: The time at or before which newer information will + be available about the status of the certificate (if available) + type: string + producedAt: + description: The time at which the OCSP responder signed this + response. + type: string + responderUrl: + description: The OCSP responder url from which this status came + from. + type: string + revocationTime: + description: The time at which the certificate was revoked or + placed on hold. + type: string + thisUpdate: + description: The most recent time at which the status being indicated + is known by the responder to have been correct. + type: string + type: object licenseStatus: type: object properties: @@ -7638,6 +7806,22 @@ spec: type: string shardsLimit: type: integer + bundledDatabaseVersions: + description: Versions of open source databases bundled by Redis Enterprise + Software - please note that in order to use a specific version it + should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according + to the desired version (major/minor) + items: + properties: + dbType: + type: string + version: + type: string + required: + - dbType + - version + type: object + type: array spec: description: RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster properties: @@ -7744,6 +7928,11 @@ spec: May be overridden for specific REDB via similar setting, please view the similar setting for REDB for more info. type: boolean + encryptPkeys: + description: 'Private key encryption - in order to enable, first need + to mount ${ephemeralconfdir}/secrets/pem/passphrase and add the passphrase + and then set fields value to ''true'' Possible values: true/false' + type: boolean certificates: description: RS Cluster Certificates. Used to modify the certificates used by the cluster. @@ -7808,6 +7997,39 @@ spec: type: string description: Selector for nodes that could fit Redis Enterprise pod type: object + ocspConfiguration: + description: An API object that represents the cluster's OCSP configuration. + To enable OCSP, the cluster's proxy certificate should contain the + OCSP responder URL. + properties: + ocspFunctionality: + description: Whether to enable/disable OCSP mechanism for the + cluster. + type: boolean + queryFrequency: + description: Determines the interval (in seconds) in which the + control plane will poll the OCSP responder for a new status + for the server certificate. Minimum value is 60. Maximum value + is 86400. + type: integer + recoveryFrequency: + description: Determines the interval (in seconds) in which the + control plane will poll the OCSP responder for a new status + for the server certificate when the current staple is invalid. + Minimum value is 60. Maximum value is 86400. + type: integer + recoveryMaxTries: + description: Determines the maximum number for the OCSP recovery + attempts. After max number of tries passed, the control plane + will revert back to the regular frequency. Minimum value is + 1. Maximum value is 100. + type: integer + responseTimeout: + description: Determines the time interval (in seconds) for which + the request waits for a response from the OCSP responder. Minimum + value is 1. Maximum value is 60. + type: integer + type: object nodes: description: Number of Redis Enterprise nodes (pods) format: int32 @@ -13678,6 +13900,29 @@ spec: - LoadBalancer - ExternalName type: string + redisOnFlashSpec: + description: Stores configurations specific to redis on flash. If provided, the cluster will be capable of + creating redis on flash databases + properties: + enabled: + type: boolean + flashStorageEngine: + type: string + enum: + - rocksdb + storageClassName: + type: string + flashDiskSize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - enabled + - flashStorageEngine + - storageClassName + type: object upgradeSpec: description: Specification for upgrades of Redis Enterprise properties: diff --git a/openshift/operator_rhel.yaml b/openshift/operator_rhel.yaml index cd61c08..34e8bf5 100644 --- a/openshift/operator_rhel.yaml +++ b/openshift/operator_rhel.yaml @@ -15,7 +15,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.2.8-15 + image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.2.10-3 securityContext: runAsUser: 1001 command: @@ -61,7 +61,7 @@ spec: port: 8080 scheme: HTTP - name: admission - image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.2.8-15 + image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.2.10-3 command: - /usr/local/bin/admission imagePullPolicy: Always diff --git a/openshift/rec_rhel.yaml b/openshift/rec_rhel.yaml index 986778d..be37799 100644 --- a/openshift/rec_rhel.yaml +++ b/openshift/rec_rhel.yaml @@ -7,7 +7,7 @@ spec: nodes: 3 redisEnterpriseImageSpec: repository: registry.connect.redhat.com/redislabs/redis-enterprise - versionTag: 6.2.8-64.rhel7-openshift + versionTag: 6.2.10-83.rhel7-openshift redisEnterpriseServicesRiggerImageSpec: repository: registry.connect.redhat.com/redislabs/services-manager bootstrapperImageSpec: diff --git a/openshift/role.yaml b/openshift/role.yaml index b254ebd..6576d2e 100644 --- a/openshift/role.yaml +++ b/openshift/role.yaml @@ -33,7 +33,7 @@ rules: verbs: ["create", "delete", "get" , "update", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] - verbs: ["create", "delete", "get" , "update"] + verbs: ["create", "delete", "get" , "update", "list", "watch"] # needed rbac rules for services controller - apiGroups: [""] diff --git a/operator.yaml b/operator.yaml index 4c867d5..c5e33de 100644 --- a/operator.yaml +++ b/operator.yaml @@ -15,7 +15,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.2.8-15 + image: redislabs/operator:6.2.10-3 command: - redis-enterprise-operator imagePullPolicy: Always @@ -57,7 +57,7 @@ spec: port: 8080 scheme: HTTP - name: admission - image: redislabs/operator:6.2.8-15 + image: redislabs/operator:6.2.10-3 command: - /usr/local/bin/admission imagePullPolicy: Always diff --git a/redis_enterprise_cluster_api.md b/redis_enterprise_cluster_api.md index dc0efe5..6b155cb 100644 --- a/redis_enterprise_cluster_api.md +++ b/redis_enterprise_cluster_api.md @@ -4,6 +4,7 @@ This document describes the parameters for the Redis Enterprise Cluster custom r ## Table of Contents * [Objects](#objects) * [ActiveActive](#activeactive) + * [BundledDatabaseVersions](#bundleddatabaseversions) * [ClusterCertificate](#clustercertificate) * [CmServer](#cmserver) * [CrdbCoordinator](#crdbcoordinator) @@ -12,6 +13,8 @@ This document describes the parameters for the Redis Enterprise Cluster custom r * [LicenseStatus](#licensestatus) * [MdnsServer](#mdnsserver) * [Module](#module) + * [OcspConfiguration](#ocspconfiguration) + * [OcspStatus](#ocspstatus) * [PdnsServer](#pdnsserver) * [PersistentConfigurationSpec](#persistentconfigurationspec) * [RSClusterCertificates](#rsclustercertificates) @@ -20,6 +23,7 @@ This document describes the parameters for the Redis Enterprise Cluster custom r * [RedisEnterpriseClusterSpec](#redisenterpriseclusterspec) * [RedisEnterpriseClusterStatus](#redisenterpriseclusterstatus) * [RedisEnterpriseServicesConfiguration](#redisenterpriseservicesconfiguration) + * [RedisOnFlashSpec](#redisonflashspec) * [Saslauthd](#saslauthd) * [ServicesRiggerConfigurationSpec](#servicesriggerconfigurationspec) * [SlaveHA](#slaveha) @@ -45,6 +49,15 @@ This document describes the parameters for the Redis Enterprise Cluster custom r | ingressAnnotations | Used for ingress controllers such as ha-proxy or nginx in GKE | map[string]string | | false | [Back to Table of Contents](#table-of-contents) +### BundledDatabaseVersions + + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| dbType | | string | | true | +| version | | string | | true | +[Back to Table of Contents](#table-of-contents) + ### ClusterCertificate @@ -118,6 +131,31 @@ Image specification | versions | | []string | | true | [Back to Table of Contents](#table-of-contents) +### OcspConfiguration +An API object that represents the cluster's OCSP configuration + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| ocspFunctionality | Whether to enable/disable OCSP mechanism for the cluster. | *bool | | false | +| queryFrequency | Determines the interval (in seconds) in which the control plane will poll the OCSP responder for a new status for the server certificate. Minimum value is 60. Maximum value is 86400. | *int | | false | +| responseTimeout | Determines the time interval (in seconds) for which the request waits for a response from the OCSP responder. Minimum value is 1. Maximum value is 60. | *int | | false | +| recoveryFrequency | Determines the interval (in seconds) in which the control plane will poll the OCSP responder for a new status for the server certificate when the current staple is invalid. Minimum value is 60. Maximum value is 86400. | *int | | false | +| recoveryMaxTries | Determines the maximum number for the OCSP recovery attempts. After max number of tries passed, the control plane will revert back to the regular frequency. Minimum value is 1. Maximum value is 100. | *int | | false | +[Back to Table of Contents](#table-of-contents) + +### OcspStatus +An API object that represents the cluster's OCSP status + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| responderUrl | The OCSP responder url from which this status came from. | string | | false | +| certStatus | Indicates the proxy certificate status - GOOD/REVOKED/UNKNOWN. | string | | false | +| producedAt | The time at which the OCSP responder signed this response. | string | | false | +| thisUpdate | The most recent time at which the status being indicated is known by the responder to have been correct. | string | | false | +| nextUpdate | The time at or before which newer information will be available about the status of the certificate (if available) | string | | false | +| revocationTime | The time at which the certificate was revoked or placed on hold. | string | | false | +[Back to Table of Contents](#table-of-contents) + ### PdnsServer @@ -217,6 +255,9 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster | certificates | RS Cluster Certificates. Used to modify the certificates used by the cluster. See the \"RSClusterCertificates\" struct described above to see the supported certificates. | *[RSClusterCertificates](#rsclustercertificates) | | false | | podStartingPolicy | Mitigation setting for STS pods stuck in \"ContainerCreating\" | *[StartingPolicy](#startingpolicy) | | false | | redisEnterpriseTerminationGracePeriodSeconds | The TerminationGracePeriodSeconds value for the (STS created) REC pods. Note that pods should not be taken down intentionally by force. Because clean pod shutdown is essential to prevent data loss, the default value is intentionally large (1 year). When data loss is acceptable (such as pure caching configurations), a value of a few minutes may be acceptable. | *int64 | 31536000 | false | +| redisOnFlashSpec | Stores configurations specific to redis on flash. If provided, the cluster will be capable of creating redis on flash databases. | *[RedisOnFlashSpec](#redisonflashspec) | | false | +| ocspConfiguration | An API object that represents the cluster's OCSP configuration. To enable OCSP, the cluster's proxy certificate should contain the OCSP responder URL. Note: This is an ALPHA Feature. For this feature to take effect, set a boolean environment variable with the name \"ENABLE_ALPHA_FEATURES\" to True. This variable can be set via the redis-enterprise-operator pod spec, or through the operator-environment-config Config Map. | *[OcspConfiguration](#ocspconfiguration) | | false | +| encryptPkeys | Private key encryption - in order to enable, first need to mount ${ephemeralconfdir}/secrets/pem/passphrase and add the passphrase and then set fields value to 'true' Possible values: true/false Note: This is an ALPHA Feature. For this feature to take effect, set a boolean environment variable with the name \"ENABLE_ALPHA_FEATURES\" to True. This variable can be set via the redis-enterprise-operator pod spec, or through the operator-environment-config Config Map. | *bool | | false | [Back to Table of Contents](#table-of-contents) ### RedisEnterpriseClusterStatus @@ -228,6 +269,8 @@ RedisEnterpriseClusterStatus defines the observed state of RedisEnterpriseCluste | specStatus | Validity of Redis Enterprise Cluster specification | [SpecStatusName](#specstatusname) | | true | | modules | Modules Available in Cluster | [][Module](#module) | | false | | licenseStatus | State of the Cluster's License | *[LicenseStatus](#licensestatus) | | false | +| bundledDatabaseVersions | Versions of open source databases bundled by Redis Enterprise Software - please note that in order to use a specific version it should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according to the desired version (major/minor) | []*[BundledDatabaseVersions](#bundleddatabaseversions) | | false | +| ocspStatus | An API object that represents the cluster's OCSP status | *[OcspStatus](#ocspstatus) | | false | [Back to Table of Contents](#table-of-contents) ### RedisEnterpriseServicesConfiguration @@ -244,6 +287,17 @@ RedisEnterpriseClusterStatus defines the observed state of RedisEnterpriseCluste | crdbWorker | | *[CrdbWorker](#crdbworker) | | false | [Back to Table of Contents](#table-of-contents) +### RedisOnFlashSpec +RedisOnFlashSpec contains all the parameters needed to configure in order to enable creation of redis on flash databases. + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| enabled | Indicates whether RoF is turned on or not. | bool | | true | +| flashStorageEngine | The type of DB engine used on flash. Currently the only supported value is \"rocksdb\", but this will change in the figure. | string | | true | +| storageClassName | Used to identify the storage class name of the corresponding volume claim template. | string | | true | +| flashDiskSize | Required flash disk size. | resource.Quantity | | false | +[Back to Table of Contents](#table-of-contents) + ### Saslauthd diff --git a/redis_enterprise_database_api.md b/redis_enterprise_database_api.md index b9ea7f0..ae2ad36 100644 --- a/redis_enterprise_database_api.md +++ b/redis_enterprise_database_api.md @@ -4,6 +4,7 @@ This document describes the parameters for the Redis Enterprise Database custom ## Table of Contents * [Objects](#objects) * [AzureBlobStorage](#azureblobstorage) + * [BackupInfo](#backupinfo) * [BackupSpec](#backupspec) * [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) * [DbAlertsSettings](#dbalertssettings) @@ -40,6 +41,20 @@ This document describes the parameters for the Redis Enterprise Database custom | subdir | Optional. Azure Blob Storage subdir under container. | string | empty | false | [Back to Table of Contents](#table-of-contents) +### BackupInfo + + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| backupFailureReason | Reason of last failed backup process | string | | false | +| backupHistory | Backup history retention policy (number of days, 0 is forever) | int | | true | +| backupInterval | Interval in seconds in which automatic backup will be initiated | int | | false | +| backupIntervalOffset | Offset (in seconds) from round backup interval when automatic backup will be initiated (should be less than backup_interval) | int | | false | +| backupProgressPercentage | Database scheduled periodic backup progress (percentage) | int | | false | +| backupStatus | Status of scheduled periodic backup process | string | | false | +| lastBackupTime | Time of last successful backup | string | | false | +[Back to Table of Contents](#table-of-contents) + ### BackupSpec The various backup storage options are validated to be mutually exclusive, although for technical reasons, the relevant error is not very clear and indicates a conflict in the specified storage type. @@ -182,6 +197,7 @@ RedisEnterpriseDatabaseSpec defines the desired state of RedisEnterpriseDatabase | proxyPolicy | The policy used for proxy binding to the endpoint. Supported proxy policies are: single/all-master-shards/all-nodes When left blank, the default value will be chosen according to the value of ossCluster - single if disabled, all-master-shards when enabled | string | | false | | dataInternodeEncryption | Internode encryption (INE) setting. An optional boolean setting, overriding a similar cluster-wide policy. If set to False, INE is guaranteed to be turned off for this DB (regardless of cluster-wide policy). If set to True, INE will be turned on, unless the capability is not supported by the DB ( in such a case we will get an error and database creation will fail). If left unspecified, will be disabled if internode encryption is not supported by the DB (regardless of cluster default). Deleting this property after explicitly setting its value shall have no effect. | *bool | | false | | databasePort | Database port number. TCP port on which the database is available. Will be generated automatically if omitted. can not be changed after creation | *int | | false | +| shardsPlacement | Control the density of shards - should they reside on as few or as many nodes as possible. Available options are \"dense\" or \"sparse\". If left unset, defaults to \"dense\". | string | | false | [Back to Table of Contents](#table-of-contents) ### RedisEnterpriseDatabaseStatus @@ -202,6 +218,7 @@ RedisEnterpriseDatabaseStatus defines the observed state of RedisEnterpriseDatab | internalEndpoints | Endpoints listed internally by the Redis Enterprise Cluster. Can be used to correlate a ReplicaSourceStatus entry. | [][InternalEndpoint](#internalendpoint) | | false | | redisEnterpriseCluster | The Redis Enterprise Cluster Object this Resource is associated with | string | | false | | observedGeneration | The generation (built in update counter of K8s) of the REDB resource that was fully acted upon, meaning that all changes were handled and sent as an API call to the Redis Enterprise Cluster (REC). This field value should equal the current generation when the resource changes were handled. Note: the lastActionStatus field tracks actions handled asynchronously by the Redis Enterprise Cluster. | int64 | | false | +| backupInfo | Information on the database's periodic backup | *[BackupInfo](#backupinfo) | | false | [Back to Table of Contents](#table-of-contents) ### ReplicaSource diff --git a/role.yaml b/role.yaml index 9fd244c..3e13085 100644 --- a/role.yaml +++ b/role.yaml @@ -33,7 +33,7 @@ rules: verbs: ["create", "delete", "get" , "update", "list", "watch"] - apiGroups: [""] resources: ["persistentvolumeclaims"] - verbs: ["create", "delete", "get" , "update"] + verbs: ["create", "delete", "get" , "update", "list", "watch"] # needed rbac rules for services controller - apiGroups: [""] From 97482647d89b85f09affd8927b2d2a65c5e612f9 Mon Sep 17 00:00:00 2001 From: Heinrich Koutcherouk Date: Mon, 28 Feb 2022 12:00:17 +0200 Subject: [PATCH 2/6] PR --- .gitignore | 2 +- google_private_cloud/README.md | 100 ------------------ .../bundle/kustomization.yaml | 4 - google_private_cloud/rec/kustomization.yaml | 4 - google_private_cloud/rec/kustomize_rec.yaml | 17 --- google_private_cloud/rec/rec.yaml | 7 -- 6 files changed, 1 insertion(+), 133 deletions(-) delete mode 100644 google_private_cloud/README.md delete mode 100644 google_private_cloud/bundle/kustomization.yaml delete mode 100644 google_private_cloud/rec/kustomization.yaml delete mode 100644 google_private_cloud/rec/kustomize_rec.yaml delete mode 100644 google_private_cloud/rec/rec.yaml diff --git a/.gitignore b/.gitignore index 5c3bdbb..485dee6 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -*bundle.yaml +.idea diff --git a/google_private_cloud/README.md b/google_private_cloud/README.md deleted file mode 100644 index 21413c6..0000000 --- a/google_private_cloud/README.md +++ /dev/null @@ -1,100 +0,0 @@ - -# Deploying Redis Enterprise on Google Private Cloud - -This page describes how to deploy Redis Enterprise on Google Private Cloud Kubernetes solution using the Redis Enterprise Operator. - -### Prerequisites - -- A Kubernetes cluster version of 1.20 or higher, with a minimum of 3 worker nodes. -- A Kubernetes client (kubectl) with a matching version. -- Access to DockerHub, Harbor or a private repository that can serve the required images. - - - -The following are the images and tags for this release: - -| Component | k8s | -| --- | --- | -| Redis Enterprise | `redislabs/redis:6.2.10-83` | -| Operator | `redislabs/operator:6.2.10-3` | -| Services Rigger | `redislabs/k8s-controller:6.2.10-3` | - - -### Installation -The "Basic" installation deploys the operator (from the current release) from DockerHub and default settings. -This is the fastest way to get up and running with a new Redis Enterprise on Kubernetes. - -1. We will need to clone the yamls from [github](https://github.com/RedisLabs/redis-enterprise-k8s-docs/releases) to your local directory. - -2. Create a new namespace: - > Note: - For the purpose of this doc, we'll use the name "demo" for our cluster's namespace. - - ```bash - kubectl create namespace demo - ``` - - Switch context to the newly created namespace: - - ```bash - kubectl config set-context --current --namespace=demo - ``` -*** -For deploying the bundle and the Redis Enterprise Cluster custom resource we will use the [Kustomize](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/kustomization/). -3. Customize the operator deployment - - - Before deploying the bundle.yaml we will need to customize it . - edit the `bundle\kustomize_bundle.yaml` file : - > Note: - Replace the [User Private repo] with your private images repository location. - -4. Deploy the operator bundle - - with `kubectl`, the following command will deploy a bundle of all the yaml declarations required for the operator: - - ```bash - kubectl apply -k bundle - ``` - - Run `kubectl get deployment` and verify redis-enterprise-operator deployment is running. - - A typical response may look like this: - - ```bash - NAME READY UP-TO-DATE AVAILABLE AGE - redis-enterprise-operator 1/1 1 1 2m - ``` - -5. Customize the Redis Enterprise Cluster custom resource - - - Before deploying the rec.yaml we will need to customize it . - edit the `rec\kustomize_rec.yaml` file : - > Note: - Replace the [User Private repo] with your private images repository location. - - The kustomize_rec.yaml configure the Redis Enterprise Cluster custom resource with the default configuration, - which is suitable for development type deployments and works in typical scenarios. - The full list of attributes supported through the Redis Enterprise Cluster (REC) API can be found [HERE](redis_enterprise_cluster_api.md). - - -6. Redis Enterprise Cluster custom resource - `RedisEnterpriseCluster` - - Create a `RedisEnterpriseCluster`(REC) using the kustomize capability, - - ```bash - kubectl apply -k rec - ``` - - > Note: - The Operator can only manage one Redis Enterprise Cluster custom resource in a namespace. To deploy another Enterprise Clusters in the same Kubernetes cluster, deploy an Operator in an additional namespace for each additional Enterprise Cluster required. Note that each Enterprise Cluster can effectively host hundreds of Redis Database instances. Deploying multiple clusters is typically used for scenarios where complete operational isolation is required at the cluster level. - -7. Run ```kubectl get rec``` and verify creation was successful. `rec` is a shortcut for RedisEnterpriseCluster. The cluster takes around 5-10 minutes to come up. - A typical response may look like this: - ``` - NAME AGE - rec 5m - ``` - > Note: Once the cluster is up, the cluster GUI and API could be used to configure databases. It is recommended to use the K8s REDB API that is configured through the following steps. To configure the cluster using the cluster GUI/API, use the ui service created by the operator and the default credentials as set in a secret. The secret name is the same as the cluster name within the namespace. - - -*** For advanced configuration and more info you can visit our formal documentation [here](https://github.com/RedisLabs/redis-enterprise-k8s-docs/blob/master/README.md). \ No newline at end of file diff --git a/google_private_cloud/bundle/kustomization.yaml b/google_private_cloud/bundle/kustomization.yaml deleted file mode 100644 index d0304c1..0000000 --- a/google_private_cloud/bundle/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -resources: -- bundle.yaml -patchesStrategicMerge: -- kustomize_bundle.yaml \ No newline at end of file diff --git a/google_private_cloud/rec/kustomization.yaml b/google_private_cloud/rec/kustomization.yaml deleted file mode 100644 index 619df3f..0000000 --- a/google_private_cloud/rec/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -resources: -- rec.yaml -patchesStrategicMerge: -- kustomize_rec.yaml \ No newline at end of file diff --git a/google_private_cloud/rec/kustomize_rec.yaml b/google_private_cloud/rec/kustomize_rec.yaml deleted file mode 100644 index 8a4daf4..0000000 --- a/google_private_cloud/rec/kustomize_rec.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: app.redislabs.com/v1alpha1 -kind: RedisEnterpriseCluster -metadata: - name: rec -spec: - persistentSpec: - storageClassName: standard - volumeSize: 20Gi - redisEnterpriseImageSpec: - repository: [User redis Private repo] - versionTag: 6.2.10-83 - redisEnterpriseServicesRiggerImageSpec: - repository: [User service rigger Private repo] - versionTag: 6.2.10-3 - bootstrapperImageSpec: - repository: [User operator Private repo] - versionTag: 6.2.10-3 \ No newline at end of file diff --git a/google_private_cloud/rec/rec.yaml b/google_private_cloud/rec/rec.yaml deleted file mode 100644 index 2480955..0000000 --- a/google_private_cloud/rec/rec.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: app.redislabs.com/v1 -kind: RedisEnterpriseCluster -metadata: - name: rec -spec: - # Add fields here - nodes: 3 From cf6ad2b2d8cca54a40e684c8c7d008da9e79e875 Mon Sep 17 00:00:00 2001 From: Heinrich Koutcherouk Date: Mon, 28 Feb 2022 12:03:33 +0200 Subject: [PATCH 3/6] Removed mentions of ENABLE_ALPHA_FEATURE gate --- redis_enterprise_cluster_api.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/redis_enterprise_cluster_api.md b/redis_enterprise_cluster_api.md index 6b155cb..9f99414 100644 --- a/redis_enterprise_cluster_api.md +++ b/redis_enterprise_cluster_api.md @@ -256,8 +256,8 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster | podStartingPolicy | Mitigation setting for STS pods stuck in \"ContainerCreating\" | *[StartingPolicy](#startingpolicy) | | false | | redisEnterpriseTerminationGracePeriodSeconds | The TerminationGracePeriodSeconds value for the (STS created) REC pods. Note that pods should not be taken down intentionally by force. Because clean pod shutdown is essential to prevent data loss, the default value is intentionally large (1 year). When data loss is acceptable (such as pure caching configurations), a value of a few minutes may be acceptable. | *int64 | 31536000 | false | | redisOnFlashSpec | Stores configurations specific to redis on flash. If provided, the cluster will be capable of creating redis on flash databases. | *[RedisOnFlashSpec](#redisonflashspec) | | false | -| ocspConfiguration | An API object that represents the cluster's OCSP configuration. To enable OCSP, the cluster's proxy certificate should contain the OCSP responder URL. Note: This is an ALPHA Feature. For this feature to take effect, set a boolean environment variable with the name \"ENABLE_ALPHA_FEATURES\" to True. This variable can be set via the redis-enterprise-operator pod spec, or through the operator-environment-config Config Map. | *[OcspConfiguration](#ocspconfiguration) | | false | -| encryptPkeys | Private key encryption - in order to enable, first need to mount ${ephemeralconfdir}/secrets/pem/passphrase and add the passphrase and then set fields value to 'true' Possible values: true/false Note: This is an ALPHA Feature. For this feature to take effect, set a boolean environment variable with the name \"ENABLE_ALPHA_FEATURES\" to True. This variable can be set via the redis-enterprise-operator pod spec, or through the operator-environment-config Config Map. | *bool | | false | +| ocspConfiguration | An API object that represents the cluster's OCSP configuration. To enable OCSP, the cluster's proxy certificate should contain the OCSP responder URL. Note: This feature is currently unsupported. | *[OcspConfiguration](#ocspconfiguration) | | false | +| encryptPkeys | Private key encryption - in order to enable, first need to mount ${ephemeralconfdir}/secrets/pem/passphrase and add the passphrase and then set fields value to 'true' Possible values: true/false Note: This feature is currently unsupported. | *bool | | false | [Back to Table of Contents](#table-of-contents) ### RedisEnterpriseClusterStatus From ab250b28cb63ac73ea8190343d295910654d6206 Mon Sep 17 00:00:00 2001 From: Heinrich Koutcherouk Date: Mon, 28 Feb 2022 13:20:34 +0200 Subject: [PATCH 4/6] Updated log-collector from operator main branch --- log_collector/log_collector.py | 86 ++++++++++++++++++++-------------- 1 file changed, 51 insertions(+), 35 deletions(-) diff --git a/log_collector/log_collector.py b/log_collector/log_collector.py index d4846aa..2ac546f 100755 --- a/log_collector/log_collector.py +++ b/log_collector/log_collector.py @@ -124,7 +124,7 @@ def _get_namespace_from_config(): return existing_namespaces -def collect_from_ns(namespace, output_dir): +def collect_from_ns(namespace, output_dir, logs_from_all_pods=False): "Collect the context of a specific namespace. Typically runs in parallel processes." logger.info("Started collecting from namespace '%s'", namespace) ns_output_dir = os.path.join(output_dir, namespace) @@ -137,10 +137,10 @@ def collect_from_ns(namespace, output_dir): collect_events(namespace, ns_output_dir) collect_api_resources(namespace, ns_output_dir) collect_api_resources_description(namespace, ns_output_dir) - collect_pods_logs(namespace, ns_output_dir) + collect_pods_logs(namespace, ns_output_dir, logs_from_all_pods) -def run(namespace_input, output_dir): +def run(namespace_input, output_dir, logs_from_all_pods=False): """ Collect logs """ @@ -157,7 +157,7 @@ def run(namespace_input, output_dir): processes = [] for namespace in namespaces: - p = Process(target=collect_from_ns, args=[namespace, output_dir]) + p = Process(target=collect_from_ns, args=[namespace, output_dir, logs_from_all_pods]) p.start() processes.append(p) @@ -382,49 +382,29 @@ def collect_api_resources_description(namespace, output_dir): file_handle.write(out) -def collect_pods_logs(namespace, output_dir): +def collect_pods_logs(namespace, output_dir, logs_from_all_pods=False): """ Collects all the pods logs from given namespace """ logger.info("Namespace '%s': Collecting pods' logs:", namespace) logs_dir = os.path.join(output_dir, "pods") - pods = get_pod_names(namespace) + if logs_from_all_pods: + pods = get_pod_names(namespace) + else: + pods = [] + for selector in ["app=redis-enterprise", "name=redis-enterprise-operator"]: + pods.extend(get_pod_names(namespace, selector)) + if not pods: logger.warning("Namespace '%s' Could not get pods list - " "skipping pods logs collection", namespace) return make_dir(logs_dir) - for pod in pods: - containers = get_list_of_containers_from_pod(namespace, pod) - init_containers = get_list_of_init_containers_from_pod(namespace, pod) - containers.extend(init_containers) - if containers is None: - logger.warning("Namespace '%s' Could not get containers for pod: %s list - " - "skipping pods logs collection", namespace, pod) - continue - for container in containers: - cmd = "kubectl logs -c {} -n {} {}" \ - .format(container, namespace, pod) - with open(os.path.join(logs_dir, "{}.log".format(f'{pod}-{container}')), - "w+") as file_handle: - _, output = run_shell_command(cmd) - file_handle.write(output) - # operator and admission containers restart after changing the operator-environment-configmap - # getting the logs of the containers before the restart can help us with debugging potential bugs - get_logs_before_restart_cmd = "kubectl logs -c {} -n {} {} -p" \ - .format(container, namespace, pod) - with open(os.path.join(logs_dir, "{}.log".format(f'{pod}-{container}-instance-before-restart')), - "w+") as file_handle: - err_code, output = run_shell_command(get_logs_before_restart_cmd) - if err_code == 0: - file_handle.write(output) - else: # no previous container instance found; did not restart - os.unlink(file_handle.name) - - logger.info("Namespace '%s': + %s-%s", namespace, pod, container) + for pod in pods: + collect_logs_from_pod(namespace, pod, logs_dir) def collect_connectivity_check(namespace, output_dir): @@ -501,6 +481,40 @@ def get_list_of_init_containers_from_pod(namespace, pod_name): return out.replace("'", "").split() +def collect_logs_from_pod(namespace, pod, logs_dir): + """ + Helper function getting logs of a pod + """ + containers = get_list_of_containers_from_pod(namespace, pod) + init_containers = get_list_of_init_containers_from_pod(namespace, pod) + containers.extend(init_containers) + if containers is None: + logger.warning("Namespace '%s' Could not get containers for pod: %s list - " + "skipping pods logs collection", namespace, pod) + return + for container in containers: + cmd = "kubectl logs -c {} -n {} {}" \ + .format(container, namespace, pod) + with open(os.path.join(logs_dir, "{}.log".format(f'{pod}-{container}')), + "w+") as file_handle: + _, output = run_shell_command(cmd) + file_handle.write(output) + + # operator and admission containers restart after changing the operator-environment-configmap + # getting the logs of the containers before the restart can help us with debugging potential bugs + get_logs_before_restart_cmd = "kubectl logs -c {} -n {} {} -p" \ + .format(container, namespace, pod) + with open(os.path.join(logs_dir, "{}.log".format(f'{pod}-{container}-instance-before-restart')), + "w+") as file_handle: + err_code, output = run_shell_command(get_logs_before_restart_cmd) + if err_code == 0: + file_handle.write(output) + else: # no previous container instance found; did not restart + os.unlink(file_handle.name) + + logger.info("Namespace '%s': + %s-%s", namespace, pod, container) + + def get_pod_names(namespace, selector=""): """ Returns list of pod names @@ -678,6 +692,8 @@ def run_kubectl_describe(namespace, resource_type): help="pass namespace name or comma separated list or 'all' " "when left empty will use namespace from kube config") parser.add_argument('-o', '--output_dir', action="store", type=str) + parser.add_argument('-a', '--logs_from_all_pods', action="store_true", + help="collect logs from all pods, not only the operator and pods run by the operator") parser.add_argument('-t', '--timeout', action="store", type=int, default=timeout, help="time to wait for external commands to " @@ -695,4 +711,4 @@ def run_kubectl_describe(namespace, resource_type): sys.exit(1) logger.info("Started Redis Enterprise k8s log collector") - run(results.namespace, results.output_dir) + run(results.namespace, results.output_dir, results.logs_from_all_pods) From 547ec54d81a96d4cac6d54906d2d87272a58bd10 Mon Sep 17 00:00:00 2001 From: Heinrich Koutcherouk Date: Tue, 1 Mar 2022 13:11:15 +0200 Subject: [PATCH 5/6] More API doc fixes --- redis_enterprise_cluster_api.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/redis_enterprise_cluster_api.md b/redis_enterprise_cluster_api.md index 9f99414..297a699 100644 --- a/redis_enterprise_cluster_api.md +++ b/redis_enterprise_cluster_api.md @@ -255,9 +255,9 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster | certificates | RS Cluster Certificates. Used to modify the certificates used by the cluster. See the \"RSClusterCertificates\" struct described above to see the supported certificates. | *[RSClusterCertificates](#rsclustercertificates) | | false | | podStartingPolicy | Mitigation setting for STS pods stuck in \"ContainerCreating\" | *[StartingPolicy](#startingpolicy) | | false | | redisEnterpriseTerminationGracePeriodSeconds | The TerminationGracePeriodSeconds value for the (STS created) REC pods. Note that pods should not be taken down intentionally by force. Because clean pod shutdown is essential to prevent data loss, the default value is intentionally large (1 year). When data loss is acceptable (such as pure caching configurations), a value of a few minutes may be acceptable. | *int64 | 31536000 | false | -| redisOnFlashSpec | Stores configurations specific to redis on flash. If provided, the cluster will be capable of creating redis on flash databases. | *[RedisOnFlashSpec](#redisonflashspec) | | false | -| ocspConfiguration | An API object that represents the cluster's OCSP configuration. To enable OCSP, the cluster's proxy certificate should contain the OCSP responder URL. Note: This feature is currently unsupported. | *[OcspConfiguration](#ocspconfiguration) | | false | -| encryptPkeys | Private key encryption - in order to enable, first need to mount ${ephemeralconfdir}/secrets/pem/passphrase and add the passphrase and then set fields value to 'true' Possible values: true/false Note: This feature is currently unsupported. | *bool | | false | +| redisOnFlashSpec | Stores configurations specific to redis on flash. Note: this feature is currently unsupported. | *[RedisOnFlashSpec](#redisonflashspec) | | false | +| ocspConfiguration | An API object that represents the cluster's OCSP configuration. To enable OCSP, the cluster's proxy certificate should contain the OCSP responder URL. Note: this feature is currently unsupported. | *[OcspConfiguration](#ocspconfiguration) | | false | +| encryptPkeys | Private key encryption - in order to enable, first need to mount ${ephemeralconfdir}/secrets/pem/passphrase and add the passphrase and then set fields value to 'true' Possible values: true/false. Note: this feature is currently unsupported. | *bool | | false | [Back to Table of Contents](#table-of-contents) ### RedisEnterpriseClusterStatus From a147658e0f861b32fa60bde6e699b810a7605b9a Mon Sep 17 00:00:00 2001 From: Heinrich Koutcherouk Date: Tue, 1 Mar 2022 15:23:22 +0200 Subject: [PATCH 6/6] Updated supported versions --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index fab4ebf..b4687cb 100644 --- a/README.md +++ b/README.md @@ -672,7 +672,8 @@ Supported versions (platforms/versions that are not listed are not supported): | Rancher 2.6 (K8s 1.20) | supported | | Rancher 2.6 (K8s 1.21) | supported | | VMWare TKGIE** 1.10 (K8s 1.19) | supported | -| AKS 1.19 | supported | +| VMWare TKGIE 1.11 (K8s 1.20) | supported | +| AKS 1.19* | deprecated | | AKS 1.20 | supported | | AKS 1.21 | supported | | AKS 1.22 | supported |