Skip to content

Commit

Permalink
Merge pull request RedisLabs#133 from RedisLabs/6.0.6-23
Browse files Browse the repository at this point in the history
promoting version 6.0.6-23
  • Loading branch information
yuvallevy2 authored Aug 21, 2020
2 parents 64563eb + 15d2682 commit 0ec741f
Show file tree
Hide file tree
Showing 16 changed files with 330 additions and 252 deletions.
48 changes: 39 additions & 9 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
* [Pull Secrets](#pull-secrets)
* [Advanced Configuration](#advanced-configuration)
* [Upgrade](#upgrade)
* [Supported K8S Distributions](#supported-k8s-distributions)

This page describe how to deploy Redis Enterprise on Kubernetes using the Redis Enterprise Operator. High level architecture and overview of the solution can be found [HERE](https://docs.redislabs.com/latest/platforms/kubernetes/).

Expand All @@ -27,8 +28,8 @@ The following are the images and tags for this release:
| Component | k8s | Openshift |
| --- | --- | --- |
| Redis Enterprise | `redislabs/redis:6.0.6-39` | `redislabs/redis:6.0.6-39.rhel7-openshift` |
| Operator | `redislabs/operator:6.0.6-11` | `redislabs/operator:6.0.6-11.rhel7` |
| Services Rigger | `redislabs/k8s-controller:6.0.6-11` | `redislabs/k8s-controller:6.0.6-11.rhel7` |
| Operator | `redislabs/operator:6.0.6-23` | `redislabs/operator:6.0.6-23` |
| Services Rigger | `redislabs/k8s-controller:6.0.6-23` | `redislabs/k8s-controller:6.0.6-23` |
> * RedHat certified images are available on [Redhat Catalog](https://access.redhat.com/containers/#/product/71f6d1bb3408bd0d) </br>

Expand Down Expand Up @@ -69,6 +70,7 @@ This is the fastest way to get up and running with a new Redis Enterprise on Kub
> Note: The rbac.yaml file used in previous releases has been broken down into three distinct files:
`role.yaml`, `role_binding.yaml` and `service_account.yaml`.
The `crd.yaml` file was renamed to `redisenterprisecluster_crd.yaml`, with the API version prepended to the filename.
Apply the `crds/app_v1alpha1_redisenterprisedatabase_crd.yaml` if managing database instances through Kubernetes API and commands is desired.

3. Run `kubectl get deployment` and verify redis-enterprise-operator deployment is running.

Expand All @@ -87,7 +89,9 @@ This is the fastest way to get up and running with a new Redis Enterprise on Kub
kubectl apply -f crds/app_v1_redisenterprisecluster_cr.yaml
```

> Note: The redis-enterprise-cluster.yaml file was renamed to redisenterprisecluster_cr.yaml, with the API version prepended to the filename.
> Notes:
> 1. The `redis-enterprise-cluster.yaml` file was renamed to `redisenterprisecluster_cr.yaml`, with the API version prepended to the filename.
> 2. The Operator can only manage one Redis Enterprise Cluster custom resource in a namespace. To deploy another Enterprise Clusters in the same Kubernetes cluster, deploy an Operator in an additional namespace for each additional Enterprise Cluster required. Note that each Enterprise Cluster can effectively host hundreds of Redis Database instances. Deploying multiple clusters is typically used for scenarios where complete operational isolation is required at the cluster level.

5. Run ```kubectl get rec``` and verify creation was successful. `rec` is a shortcut for RedisEnterpriseCluster.
A typical response may look like this:
Expand Down Expand Up @@ -154,18 +158,18 @@ Other custom configurations are referenced in this repository.
```
4. Deploy the OpenShift operator bundle:
> NOTE: Update the `storageClassName` setting in `openshift.bundle.yaml` (by default its set to `gp2`).
```bash
oc apply -f openshift.bundle.yaml
```
5. Redis Enterprise Cluster custom resource - `RedisEnterpriseCluster`
> NOTE: Update the `storageClassName` setting in `redis-enterprise-cluster_rhel.yaml` as required (it's set to `gp2` by default).
Apply the `RedisEnterpriseCluster` resource with RHEL7 based images:
```bash
kubectl apply -f openshift/redis-enterprise-cluster_rhel.yaml
oc apply -f openshift/redis-enterprise-cluster_rhel.yaml
```
6. Redis Enterprise Database custom resource - `RedisEnterpriseDatabase`
Expand Down Expand Up @@ -195,6 +199,9 @@ Other custom configurations are referenced in this repository.
> When using the REDB Custom Resource Definition (Redis Enterprise Database) it is recommended to set up admission controller to improve input validation and catch configuration errors before they reach the cluster. The procedure is documented [here](admission/README.md).
### Installation on PKS
Instruction on how to deploy the Operator on PKS can be found on the [Redis Labs documentation Website](https://docs.redislabs.com/latest/platforms/pks/)
## Configuration
Expand Down Expand Up @@ -309,14 +316,14 @@ For example:
redisEnterpriseServicesRiggerImageSpec:
imagePullPolicy: IfNotPresent
repository: harbor.corp.local/redisenterprise/k8s-controller
versionTag: 6.0.6-11
versionTag: 6.0.6-23
```
```yaml
bootstrapperImageSpec:
imagePullPolicy: IfNotPresent
repository: harbor.corp.local/redisenterprise/operator
versionTag: 6.0.6-11
versionTag: 6.0.6-23
```
In Operator Deployment spec (operator.yaml):
Expand All @@ -328,7 +335,7 @@ spec:
spec:
containers:
- name: redis-enterprise-operator
image: harbor.corp.local/redisenterprise/operator:6.0.6-11
image: harbor.corp.local/redisenterprise/operator:6.0.6-23
```
Image specification follow the [K8s Container schema](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#container-v1-core).
Expand All @@ -342,6 +349,8 @@ Private repositories which require login can be accessed by creating a pull secr
```shell
kubectl create secret docker-registry regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
```
> NOTE: Make sure to witch context to the REC namespace or add flag -n <namespace>.
where:
- `<your-registry-server>` is your Private repository FQDN. ([https://index.docker.io/v1/](https://index.docker.io/v1/) for DockerHub)
Expand Down Expand Up @@ -377,7 +386,7 @@ spec:
The Operator automates and simplifies the upgrade process.
The Redis Enterprise Cluster Software, and the Redis Enterprise Operator for Kubernetes versions are tightly coupled and should be upgraded together.
It is recommended to use the bundle.yaml to upgrade, as it loads all the relevant CRD documents for this version. If the updated CRDs are not loaded, the operator might fail.
There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within the Redis Enterprise Cluster Spec to instruct the operator to automatically upgrade to the compatible version, or specify the correct Redis Enterprise image manually using the versionTag attribute. The Redis Enterprise version compatible with this release is 6.0.6-39
There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within the Redis Enterprise Cluster Spec to instruct the operator to automatically upgrade to the compatible version, or specify the correct Redis Enterprise image manually using the versionTag attribute. The Redis Enterprise Version compatible with this release is 6.0.6-39
```yaml
autoUpgradeRedisEnterprise: true
Expand All @@ -388,3 +397,24 @@ Alternatively:
RedisEnterpriseImageSpec:
versionTag: redislabs/redis:6.0.6-39
```
## Supported K8S Distributions
Each release of the Redis Enterprise Operator deployment is thoroughly tested against a set of Kubernetes distributions. The table below lists these, along with the current release's support status. "Supported", as well as "deprecated" support status indicates the current release has been tested in this environment and supported by RedisLabs. "Deprecated" also indicates that support will be dropped in a coming future release. "No longer supported" indicates that support has been dropped for this distribution. Any distribution that isn't explicitly listed is not supported for production workloads by RedisLabs.
| Distribution | Support Status |
|-------------------|---------------------|
| Openshift 3.11 | supported |
| Openshift 4.1 | supported |
| Openshift 4.2 | supported |
| Openshift 4.3 | supported |
| KOPS vanilla 1.9 | no longer supported |
| KOPS vanilla 1.10 | no longer supported |
| KOPS vanilla 1.11 | deprecated |
| KOPS vanilla 1.12 | supported |
| KOPS vanilla 1.13 | supported |
| KOPS vanilla 1.14 | supported |
| KOPS vanilla 1.15 | supported |
| KOPS vanilla 1.16 | supported |
| KOPS vanilla 1.17 | supported |
| GKE 1.14 | supported |
| GKE 1.15 | supported |
| GKE 1.16 | supported |
8 changes: 6 additions & 2 deletions admission.bundle.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["*"]
- apiGroups: ["app.redislabs.com"]
resources: ["*"]
verbs: ["*"]

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
Expand Down Expand Up @@ -75,7 +79,7 @@ spec:
serviceAccountName: redis-enterprise-admission
containers:
- name: admin
image: redislabs/operator:6.0.6-11
image: redislabs/operator:6.0.6-23
command:
- /usr/local/bin/admission
args:
Expand Down Expand Up @@ -106,7 +110,7 @@ spec:
scheme: HTTPS
initContainers:
- name: admin-init
image: redislabs/operator:6.0.6-11
image: redislabs/operator-internal:6.0.6-23
command:
- /usr/local/bin/admission
args:
Expand Down
8 changes: 6 additions & 2 deletions admission.openshift.bundle.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["*"]
- apiGroups: ["app.redislabs.com"]
resources: ["*"]
verbs: ["*"]

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
Expand Down Expand Up @@ -75,7 +79,7 @@ spec:
serviceAccountName: redis-enterprise-admission
containers:
- name: admin
image: redislabs/operator:6.0.6-11.rhel7
image: redislabs/operator:6.0.6-23
command:
- /usr/local/bin/admission
args:
Expand Down Expand Up @@ -106,7 +110,7 @@ spec:
scheme: HTTPS
initContainers:
- name: admin-init
image: redislabs/operator:6.0.6-11.rhel7
image: redislabs/operator:6.0.6-23
command:
- /usr/local/bin/admission
args:
Expand Down
20 changes: 5 additions & 15 deletions admission/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,29 +16,19 @@ sed 's/NAMESPACE_OF_SERVICE_ACCOUNT/REPLACE_WITH_NAMESPACE/g' admission.bundle.y

If this is the first time one is deploying the admission controller, one has to approve the CSR and setup the webhook to enable resource validation. If one has already set these up, and one is just updating the admission controller, one skips steps 2 and 3 as they are already configured correctly

2. and waits for the CSR to ready and approves it

wait for it to be ready to be approved
2. and waits for the secret to be created

```shell script
kubectl get csr admission-tls
```

and approve it once it's pending approval

```shell script
kubectl certificate approve admission-tls
```
or on openshift
```shell script
oc adm certificate approve admission-tls
kubectl get secret admission-tls
NAME TYPE DATA AGE
admission-tls Opaque 2 2m43s
```

3. and modifies the webhook to use the certificate generated

```shell script
# save cert
CERT=`kubectl get csr admission-tls -o jsonpath='{.status.certificate}'`
CERT=`kubectl get secret admission-tls -o jsonpath='{.data.cert}'`
# create patch file
cat > modified-webhook.yaml <<EOF
webhooks:
Expand Down
5 changes: 3 additions & 2 deletions admission/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ spec:
serviceAccountName: redis-enterprise-admission
containers:
- name: admin
image: redislabs/operator:6.0.6-11
image: redislabs/operator:6.0.6-23
command:
- /usr/local/bin/admission
args:
Expand Down Expand Up @@ -45,7 +45,7 @@ spec:
scheme: HTTPS
initContainers:
- name: admin-init
image: redislabs/operator:6.0.6-11
image: redislabs/operator:6.0.6-23
command:
- /usr/local/bin/admission
args:
Expand All @@ -72,3 +72,4 @@ spec:
requests:
cpu: 100m
memory: 256Mi

5 changes: 3 additions & 2 deletions admission/deployment_openshift.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ spec:
serviceAccountName: redis-enterprise-admission
containers:
- name: admin
image: redislabs/operator:6.0.6-11.rhel7
image: redislabs/operator:6.0.6-23
command:
- /usr/local/bin/admission
args:
Expand Down Expand Up @@ -45,7 +45,7 @@ spec:
scheme: HTTPS
initContainers:
- name: admin-init
image: redislabs/operator:6.0.6-11.rhel7
image: redislabs/operator:6.0.6-23
command:
- /usr/local/bin/admission
args:
Expand All @@ -72,3 +72,4 @@ spec:
requests:
cpu: 100m
memory: 256Mi

4 changes: 4 additions & 0 deletions admission/role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,7 @@ rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["*"]
- apiGroups: ["app.redislabs.com"]
resources: ["*"]
verbs: ["*"]

2 changes: 1 addition & 1 deletion bundle.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ spec:
serviceAccountName: redis-enterprise-operator
containers:
- name: redis-enterprise-operator
image: redislabs/operator:6.0.6-11
image: redislabs/operator:6.0.6-23
command:
- redis-enterprise-operator
imagePullPolicy: Always
Expand Down
Loading

0 comments on commit 0ec741f

Please sign in to comment.