From c0c8c4ba9e3f2deaa6c400730722f3ddcba87f0e Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 20 Aug 2020 17:17:39 +0000 Subject: [PATCH 1/4] promoting version 6.0.6-23 --- README.md | 48 +++++-- admission.bundle.yaml | 8 +- admission.openshift.bundle.yaml | 8 +- admission/README.md | 20 +-- admission/deployment.yaml | 5 +- admission/deployment_openshift.yaml | 5 +- admission/role.yaml | 4 + bundle.yaml | 2 +- log_collector/log_collector.py | 80 +++++++---- openshift.bundle.yaml | 2 +- openshift/operator_rhel.yaml | 2 +- operator.yaml | 2 +- redis_enterprise_cluster_api.md | 36 ++--- redis_enterprise_database_api.md | 204 ++++++++++++++++++++++++++-- release_info.yaml | 2 +- topics.md | 154 +-------------------- 16 files changed, 330 insertions(+), 252 deletions(-) diff --git a/README.md b/README.md index ab7ff98..b6a8082 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,7 @@ * [Pull Secrets](#pull-secrets) * [Advanced Configuration](#advanced-configuration) * [Upgrade](#upgrade) +* [Supported K8S Distributions](#supported-k8s-distributions) This page describe how to deploy Redis Enterprise on Kubernetes using the Redis Enterprise Operator. High level architecture and overview of the solution can be found [HERE](https://docs.redislabs.com/latest/platforms/kubernetes/). @@ -27,8 +28,8 @@ The following are the images and tags for this release: | Component | k8s | Openshift | | --- | --- | --- | | Redis Enterprise | `redislabs/redis:6.0.6-39` | `redislabs/redis:6.0.6-39.rhel7-openshift` | -| Operator | `redislabs/operator:6.0.6-11` | `redislabs/operator:6.0.6-11.rhel7` | -| Services Rigger | `redislabs/k8s-controller:6.0.6-11` | `redislabs/k8s-controller:6.0.6-11.rhel7` | +| Operator | `redislabs/operator:6.0.6-23` | `redislabs/operator:6.0.6-23` | +| Services Rigger | `redislabs/k8s-controller:6.0.6-23` | `redislabs/k8s-controller:6.0.6-23` | > * RedHat certified images are available on [Redhat Catalog](https://access.redhat.com/containers/#/product/71f6d1bb3408bd0d)
@@ -69,6 +70,7 @@ This is the fastest way to get up and running with a new Redis Enterprise on Kub > Note: The rbac.yaml file used in previous releases has been broken down into three distinct files: `role.yaml`, `role_binding.yaml` and `service_account.yaml`. The `crd.yaml` file was renamed to `redisenterprisecluster_crd.yaml`, with the API version prepended to the filename. + Apply the `crds/app_v1alpha1_redisenterprisedatabase_crd.yaml` if managing database instances through Kubernetes API and commands is desired. 3. Run `kubectl get deployment` and verify redis-enterprise-operator deployment is running. @@ -87,7 +89,9 @@ This is the fastest way to get up and running with a new Redis Enterprise on Kub kubectl apply -f crds/app_v1_redisenterprisecluster_cr.yaml ``` - > Note: The redis-enterprise-cluster.yaml file was renamed to redisenterprisecluster_cr.yaml, with the API version prepended to the filename. + > Notes: + > 1. The `redis-enterprise-cluster.yaml` file was renamed to `redisenterprisecluster_cr.yaml`, with the API version prepended to the filename. + > 2. The Operator can only manage one Redis Enterprise Cluster customer resource in a namespace. To deploy another Enterprise Clusters in the same Kubernetes cluster, deploy additional an Operator in an additional namespace for each additional Enterprise Cluster required. Note that each Enterprise Cluster can effectively host hundreds of Redis Database instances. Deploying multiple clusters is typically used for scenarios where complete operational isolation is required at the cluster level. 5. Run ```kubectl get rec``` and verify creation was successful. `rec` is a shortcut for RedisEnterpriseCluster. A typical response may look like this: @@ -154,18 +158,18 @@ Other custom configurations are referenced in this repository. ``` 4. Deploy the OpenShift operator bundle: + > NOTE: Update the `storageClassName` setting in `openshift.bundle.yaml` (by default its set to `gp2`). ```bash oc apply -f openshift.bundle.yaml ``` 5. Redis Enterprise Cluster custom resource - `RedisEnterpriseCluster` -> NOTE: Update the `storageClassName` setting in `redis-enterprise-cluster_rhel.yaml` as required (it's set to `gp2` by default). Apply the `RedisEnterpriseCluster` resource with RHEL7 based images: ```bash - kubectl apply -f openshift/redis-enterprise-cluster_rhel.yaml + oc apply -f openshift/redis-enterprise-cluster_rhel.yaml ``` 6. Redis Enterprise Database custom resource - `RedisEnterpriseDatabase` @@ -195,6 +199,9 @@ Other custom configurations are referenced in this repository. > When using the REDB Custom Resource Definition (Redis Enterprise Database) it is recommended to set up admission controller to improve input validation and catch configuration errors before they reach the cluster. The procedure is documented [here](admission/README.md). +### Installation on PKS + Instruction on how to deploy the Operator on PKS can be found on the [Redis Labs documentation Website](https://docs.redislabs.com/latest/platforms/pks/) + ## Configuration @@ -309,14 +316,14 @@ For example: redisEnterpriseServicesRiggerImageSpec: imagePullPolicy: IfNotPresent repository: harbor.corp.local/redisenterprise/k8s-controller - versionTag: 6.0.6-11 + versionTag: 6.0.6-23 ``` ```yaml bootstrapperImageSpec: imagePullPolicy: IfNotPresent repository: harbor.corp.local/redisenterprise/operator - versionTag: 6.0.6-11 + versionTag: 6.0.6-23 ``` In Operator Deployment spec (operator.yaml): @@ -328,7 +335,7 @@ spec: spec: containers: - name: redis-enterprise-operator - image: harbor.corp.local/redisenterprise/operator:6.0.6-11 + image: harbor.corp.local/redisenterprise/operator:6.0.6-23 ``` Image specification follow the [K8s Container schema](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#container-v1-core). @@ -342,6 +349,8 @@ Private repositories which require login can be accessed by creating a pull secr ```shell kubectl create secret docker-registry regcred --docker-server= --docker-username= --docker-password= --docker-email= ``` +> NOTE: Make sure to witch context to the REC namespace or add flag -n . + where: - `` is your Private repository FQDN. ([https://index.docker.io/v1/](https://index.docker.io/v1/) for DockerHub) @@ -377,7 +386,7 @@ spec: The Operator automates and simplifies the upgrade process. The Redis Enterprise Cluster Software, and the Redis Enterprise Operator for Kubernetes versions are tightly coupled and should be upgraded together. It is recommended to use the bundle.yaml to upgrade, as it loads all the relevant CRD documents for this version. If the updated CRDs are not loaded, the operator might fail. -There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within the Redis Enterprise Cluster Spec to instruct the operator to automatically upgrade to the compatible version, or specify the correct Redis Enterprise image manually using the versionTag attribute. The Redis Enterprise version compatible with this release is 6.0.6-39 +There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within the Redis Enterprise Cluster Spec to instruct the operator to automatically upgrade to the compatible version, or specify the correct Redis Enterprise image manually using the versionTag attribute. The Redis Enterprise Version compatible with this release is 6.0.6-39 ```yaml autoUpgradeRedisEnterprise: true @@ -388,3 +397,24 @@ Alternatively: RedisEnterpriseImageSpec: versionTag: redislabs/redis:6.0.6-39 ``` + +## Supported K8S Distributions +Each release of the Redis Enterprise Operator deployment is thoroughly tested against a set of Kubernetes distributions. The table below lists these, along with the current release's support status. "Supported", as well as "deprecated" support status indicates the current release has been tested in this environment and supported by RedisLabs. "Deprecated" also indicates that support will be dropped in a coming future release. "No longer supported" indicates that support has been dropped for this distribution. Any distribution that isn't explicitly listed is not supported for production workloads by RedisLabs. +| Distribution | Support Status | +|-------------------|---------------------| +| Openshift 3.11 | deprecated | +| Openshift 4.1 | supported | +| Openshift 4.2 | supported | +| Openshift 4.3 | supported | +| KOPS vanilla 1.9 | no longer supported | +| KOPS vanilla 1.10 | no longer supported | +| KOPS vanilla 1.11 | deprecated | +| KOPS vanilla 1.12 | supported | +| KOPS vanilla 1.13 | supported | +| KOPS vanilla 1.14 | supported | +| KOPS vanilla 1.15 | supported | +| KOPS vanilla 1.16 | supported | +| KOPS vanilla 1.17 | supported | +| GKE 1.14 | supported | +| GKE 1.15 | supported | +| GKE 1.16 | supported | diff --git a/admission.bundle.yaml b/admission.bundle.yaml index 74eeaac..c0bef91 100644 --- a/admission.bundle.yaml +++ b/admission.bundle.yaml @@ -21,6 +21,10 @@ rules: - apiGroups: [""] resources: ["secrets"] verbs: ["*"] + - apiGroups: ["app.redislabs.com"] + resources: ["*"] + verbs: ["*"] + --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -75,7 +79,7 @@ spec: serviceAccountName: redis-enterprise-admission containers: - name: admin - image: redislabs/operator:6.0.6-11 + image: redislabs/operator-internal:6.0.6-23 command: - /usr/local/bin/admission args: @@ -106,7 +110,7 @@ spec: scheme: HTTPS initContainers: - name: admin-init - image: redislabs/operator:6.0.6-11 + image: redislabs/operator-internal:6.0.6-23 command: - /usr/local/bin/admission args: diff --git a/admission.openshift.bundle.yaml b/admission.openshift.bundle.yaml index b55fa6b..a9534d7 100644 --- a/admission.openshift.bundle.yaml +++ b/admission.openshift.bundle.yaml @@ -21,6 +21,10 @@ rules: - apiGroups: [""] resources: ["secrets"] verbs: ["*"] + - apiGroups: ["app.redislabs.com"] + resources: ["*"] + verbs: ["*"] + --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -75,7 +79,7 @@ spec: serviceAccountName: redis-enterprise-admission containers: - name: admin - image: redislabs/operator:6.0.6-11.rhel7 + image: redislabs/operator:6.0.6-23 command: - /usr/local/bin/admission args: @@ -106,7 +110,7 @@ spec: scheme: HTTPS initContainers: - name: admin-init - image: redislabs/operator:6.0.6-11.rhel7 + image: redislabs/operator:6.0.6-23 command: - /usr/local/bin/admission args: diff --git a/admission/README.md b/admission/README.md index a7eec5f..e53d36c 100644 --- a/admission/README.md +++ b/admission/README.md @@ -16,29 +16,19 @@ sed 's/NAMESPACE_OF_SERVICE_ACCOUNT/REPLACE_WITH_NAMESPACE/g' admission.bundle.y If this is the first time one is deploying the admission controller, one has to approve the CSR and setup the webhook to enable resource validation. If one has already set these up, and one is just updating the admission controller, one skips steps 2 and 3 as they are already configured correctly -2. and waits for the CSR to ready and approves it - -wait for it to be ready to be approved +2. and waits for the secret to be created ```shell script -kubectl get csr admission-tls -``` - -and approve it once it's pending approval - -```shell script -kubectl certificate approve admission-tls -``` -or on openshift -```shell script -oc adm certificate approve admission-tls +kubectl get secret admission-tls +NAME TYPE DATA AGE +admission-tls Opaque 2 2m43s ``` 3. and modifies the webhook to use the certificate generated ```shell script # save cert -CERT=`kubectl get csr admission-tls -o jsonpath='{.status.certificate}'` +CERT=`kubectl get secret admission-tls -o jsonpath='{.data.cert}'` # create patch file cat > modified-webhook.yaml < 0: + time.sleep(1) + if debuginfo_attempt_on_pod(namespace, + output_dir, + pod_name, + attempt + 1): + logger.info("Collected Redis Enterprise cluster debug package") + return def collect_resources_list(namespace, output_dir): @@ -451,7 +473,7 @@ def get_process_children(parent): stdout=subprocess.PIPE, stderr=subprocess.PIPE) stdout, _ = piped_process.communicate() - return [int(piped_process) for proc in stdout.split()] + return [int(proc) for proc in stdout.split()] # no need for pass here: # https://github.com/PyCQA/pylint/issues/2616#issuecomment-442738701 diff --git a/openshift.bundle.yaml b/openshift.bundle.yaml index 7607380..ed34b7b 100644 --- a/openshift.bundle.yaml +++ b/openshift.bundle.yaml @@ -131,7 +131,7 @@ spec: serviceAccount: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.6-11.rhel7 + image: redislabs/operator:6.0.6-23 securityContext: runAsUser: 1001 command: diff --git a/openshift/operator_rhel.yaml b/openshift/operator_rhel.yaml index a8ac2d9..139256c 100644 --- a/openshift/operator_rhel.yaml +++ b/openshift/operator_rhel.yaml @@ -15,7 +15,7 @@ spec: serviceAccount: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.6-11.rhel7 + image: redislabs/operator:6.0.6-23 securityContext: runAsUser: 1001 command: diff --git a/operator.yaml b/operator.yaml index bcd6a20..1f42020 100644 --- a/operator.yaml +++ b/operator.yaml @@ -15,7 +15,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.6-11 + image: redislabs/operator:6.0.6-23 command: - redis-enterprise-operator imagePullPolicy: Always diff --git a/redis_enterprise_cluster_api.md b/redis_enterprise_cluster_api.md index 9ee45f6..b1a0cc3 100644 --- a/redis_enterprise_cluster_api.md +++ b/redis_enterprise_cluster_api.md @@ -95,7 +95,7 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster | uiServiceType | Type of service used to expose Redis Enterprise UI (https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) | *v1.ServiceType | v1.ServiceTypeClusterIP | false | | uiAnnotations | Annotations for Redis Enterprise UI service | map[string]string | | false | | servicesRiggerSpec | Specification for service rigger | *[ServicesRiggerConfigurationSpec](#servicesriggerconfigurationspec) | | false | -| license | Redis Enterprise License | string | | false | +| license | Redis Enterprise License | string | Empty string which is a [Trial Mode licesne](https://docs.redislabs.com/latest/rs/administering/cluster-operations/settings/license-keys/#trial-mode) | false | | username | Username for the admin user of Redis Enterprise | string | demo@redislabs.com | false | | nodeSelector | Selector for nodes that could fit Redis Enterprise pod | *map[string]string | | false | | redisEnterpriseImageSpec | Specification for Redis Enterprise container image | *[ImageSpec](#imagespec) | the default Redis Enterprise image for this version | false | @@ -105,7 +105,7 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster | bootstrapperResources | Compute resource requirements for bootstrapper containers | *[v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#resourcerequirements-v1-core) | 0.1 CPUs and 128Mi memory | false | | redisEnterpriseServicesRiggerResources | Compute resource requirements for Services Rigger pod | *[v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#resourcerequirements-v1-core) | 0.5 CPU and 0.5GB memory | false | | pullSecrets | PullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | [][v1.LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#localobjectreference-v1-core) | empty | false | -| persistentSpec | Specification for Redis Enterprise Cluster persistence | [PersistentConfigurationSpec](#persistentconfigurationspec) | disabled | false | +| persistentSpec | Specification for Redis Enterprise Cluster persistence | [PersistentConfigurationSpec](#persistentconfigurationspec) | | false | | serviceBrokerSpec | Specification for Service Broker | [ServiceBrokerSpec](#servicebrokerspec) | disabled | false | | sideContainersSpec | Specification for a side container that will be added to each Redis Enterprise pod | []v1.Container | empty | false | | extraLabels | Labels that the user defines for their convenience | map[string]string | empty | false | @@ -177,8 +177,8 @@ Method of ingress from another cluster in Active-Active configuration | Value | Description | | ----- | ----------- | -| OpenShiftRoute | Routes are only usable in OpenShift | -| Ingress | See https://kubernetes.io/docs/concepts/services-networking/ingress/ | +| "openShiftRoute" | Routes are only usable in OpenShift | +| "ingress" | See https://kubernetes.io/docs/concepts/services-networking/ingress/ | [Back to Table of Contents](#table-of-contents) ### ClusterEventReason @@ -186,8 +186,8 @@ Reason for cluster event | Value | Description | | ----- | ----------- | -| InvalidConfiguration | Invalid Configuration | -| StatusChange | Status Change | +| "InvalidConfiguration" | Invalid Configuration | +| "StatusChange" | Status Change | [Back to Table of Contents](#table-of-contents) ### ClusterState @@ -195,16 +195,16 @@ State of the Redis Enterprise Cluster | Value | Description | | ----- | ----------- | -| ClusterPendingCreate | ClusterPendingCreate means cluster is not created yet | -| ClusterBootstrappingFirstPod | Bootstrapping first pod | -| ClusterInitializing | ClusterInitializing means the cluster was created and nodes are in the process of joining the cluster | -| ClusterRecoveryReset | ClusterRecoveryReset resets the cluster by deleting all pods | -| ClusterRecoveringFirstPod | ClusterRecoveringFirstPod means the cluster entered cluster recovery | -| ClusterRunning | ClusterRunning means the cluster's sub-resources have been created and are in running state | -| ClusterError | ClusterError means the there was an error when starting creating/updating the one or more of the cluster's resources | -| ClusterConfigurationInvalid | ClusterConfigurationInvalid means an invalid spec was applied | -| ClusterInvalidUpgrade | ClusterInvalidUpgrade means an upgrade is not possible at this time | -| ClusterUpgrade | ClusterUpgrade | +| "PendingCreation" | ClusterPendingCreate means cluster is not created yet | +| "BootstrappingFirstPod" | Bootstrapping first pod | +| "Initializing" | ClusterInitializing means the cluster was created and nodes are in the process of joining the cluster | +| "RecoveryReset" | ClusterRecoveryReset resets the cluster by deleting all pods | +| "RecoveringFirstPod" | ClusterRecoveringFirstPod means the cluster entered cluster recovery | +| "Running" | ClusterRunning means the cluster's sub-resources have been created and are in running state | +| "Error" | ClusterError means the there was an error when starting creating/updating the one or more of the cluster's resources | +| "Invalid" | ClusterConfigurationInvalid means an invalid spec was applied | +| "InvalidUpgrade" | ClusterInvalidUpgrade means an upgrade is not possible at this time | +| "Upgrade" | ClusterUpgrade | [Back to Table of Contents](#table-of-contents) ### SpecStatusName @@ -212,6 +212,6 @@ Whether the REC specification is valid (custom resource) | Value | Description | | ----- | ----------- | -| SpecStatusInvalid | Specification status invalid | -| SpecStatusValid | Specification status valid | +| "Invalid" | Specification status invalid | +| "Valid" | Specification status valid | [Back to Table of Contents](#table-of-contents) diff --git a/redis_enterprise_database_api.md b/redis_enterprise_database_api.md index 1d0512b..77c6b83 100644 --- a/redis_enterprise_database_api.md +++ b/redis_enterprise_database_api.md @@ -3,16 +3,120 @@ This document describes the parameters for the Redis Enterprise Database custom > Note this document is auto-generated from code comments. To contribute a change please change the code comments. ## Table of Contents * [Objects](#objects) + * [AzureBlobStorage](#azureblobstorage) + * [BackupSpec](#backupspec) + * [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) + * [DbAlertsSettings](#dbalertssettings) + * [FtpStorage](#ftpstorage) + * [GoogleStorage](#googlestorage) + * [InternalEndpoint](#internalendpoint) + * [MountPointStorage](#mountpointstorage) * [RedisEnterpriseConnection](#redisenterpriseconnection) * [RedisEnterpriseDatabase](#redisenterprisedatabase) * [RedisEnterpriseDatabaseList](#redisenterprisedatabaselist) * [RedisEnterpriseDatabaseSpec](#redisenterprisedatabasespec) * [RedisEnterpriseDatabaseStatus](#redisenterprisedatabasestatus) + * [ReplicaSource](#replicasource) + * [ReplicaSourceStatus](#replicasourcestatus) + * [S3Storage](#s3storage) + * [SftpStorage](#sftpstorage) + * [SwiftStorage](#swiftstorage) * [Enums](#enums) * [DatabasePersistence](#databasepersistence) * [DatabaseStatus](#databasestatus) + * [RepliceSourceType](#replicesourcetype) ## Objects +### AzureBlobStorage + + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| absSecretName | The name of the K8s secret that holds ABS credentials. The secret must contain the keys \"AccountName\" and \"AccountKey\", and these must hold the corresponding credentials | string | | true | +| container | Azure Blob Storage container name. | string | | true | +| subdir | Optional. Azure Blob Storage subdir under container. | string | empty | false | +[Back to Table of Contents](#table-of-contents) + +### BackupSpec +The various backup storage options are validated to be mutually exclusive, although for technical reasons, the relevant error is not very clear and indicates a conflict in the specified storage type. + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| interval | Backup Interval in seconds | int | 86400 | false | +| ftp | | *[FtpStorage](#ftpstorage) | | false | +| s3 | | *[S3Storage](#s3storage) | | false | +| abs | | *[AzureBlobStorage](#azureblobstorage) | | false | +| swift | | *[SwiftStorage](#swiftstorage) | | false | +| sftp | | *[SftpStorage](#sftpstorage) | | false | +| gcs | | *[GoogleStorage](#googlestorage) | | false | +| mount | | *[MountPointStorage](#mountpointstorage) | | false | +[Back to Table of Contents](#table-of-contents) + +### BdbAlertSettingsWithThreshold +Threshold for database alert + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| enabled | Alert enabled or disabled | bool | | true | +| threshold | Threshold for alert going on/off | string | | true | +[Back to Table of Contents](#table-of-contents) + +### DbAlertsSettings +DbAlertsSettings An API object that represents the database alerts configuration. + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| bdb_backup_delayed | Periodic backup has been delayed for longer than specified threshold value [minutes] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_crdt_src_high_syncer_lag | Active-active source - sync lag is higher than specified threshold value [seconds] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_crdt_src_syncer_connection_error | Active-active source - sync has connection error while trying to connect replica source | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_crdt_src_syncer_general_error | Active-active source - sync encountered in general error | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_high_latency | Latency is higher than specified threshold value [micro-sec] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_high_throughput | Throughput is higher than specified threshold value [requests / sec.] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_long_running_action | An alert for state-machines that are running for too long | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_low_throughput | Throughput is lower than specified threshold value [requests / sec.] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_ram_dataset_overhead | Dataset RAM overhead of a shard has reached the threshold value [% of its RAM limit] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_ram_values | Percent of values kept in a shard's RAM is lower than [% of its key count] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_replica_src_high_syncer_lag | Replica-of source - sync lag is higher than specified threshold value [seconds] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_replica_src_syncer_connection_error | Replica-of source - sync has connection error while trying to connect replica source | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_shard_num_ram_values | Number of values kept in a shard's RAM is lower than [values] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_size | Dataset size has reached the threshold value [% of the memory limit] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +[Back to Table of Contents](#table-of-contents) + +### FtpStorage + + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| url | a URI of the \"ftp[s]://[USER[:PASSWORD]@]HOST[:PORT]/PATH[/]\" format | string | | true | +[Back to Table of Contents](#table-of-contents) + +### GoogleStorage +GoogleStorage + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| gcsSecretName | The name of the K8s secret that holds the Google Cloud Storage credentials. The secret must contain the keys \"CLIENT_ID\", \"PRIVATE_KEY\", \"PRIVATE_KEY_ID\", \"CLIENT_EMAIL\" and these must hold the corresponding credentials. The keys should correspond to the values in the key JSON. | string | | true | +| bucketName | Google Storage bucket name. | string | | true | +| subdir | Optional. Google Storage subdir under bucket. | string | empty | false | +[Back to Table of Contents](#table-of-contents) + +### InternalEndpoint + + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| host | Hostname assigned to the database | string | | false | +| port | Database port name | int | | false | +[Back to Table of Contents](#table-of-contents) + +### MountPointStorage +MountPointStorage + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| path | Path to the local mount point. You must create the mount point on all nodes, and the redislabs:redislabs user must have read and write permissions on the local mount point. | string | | true | +[Back to Table of Contents](#table-of-contents) + ### RedisEnterpriseConnection Connection between a database, and Its Redis Enterprise Cluster @@ -54,7 +158,10 @@ RedisEnterpriseDatabaseSpec defines the desired state of RedisEnterpriseDatabase | databaseSecretName | The name of the K8s secret that holds the password to the database. | string | | false | | evictionPolicy | Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/ | string | volatile-lru | false | | tlsMode | Require SSL authenticated and encrypted connections to the database. enabled - all incoming connections to the Database must use SSL. disabled - no incoming connection to the Database should use SSL. replica_ssl - databases that replicate from this one need to use SSL. | string | disabled | false | -| enforceClientAuthentication | Require authentication of client certificates for SSL connections to the database. | *bool | true | false | +| clientAuthenticationCertificates | The Secrets containing TLS Client Certificate to use for Authentication | []string | | false | +| replicaSources | What databases to replicate from | [][ReplicaSource](#replicasource) | | false | +| alertSettings | Settings for database alerts | *[DbAlertsSettings](#dbalertssettings) | | false | +| backup | Target for automatic database backups. | *[BackupSpec](#backupspec) | | false | [Back to Table of Contents](#table-of-contents) ### RedisEnterpriseDatabaseStatus @@ -71,6 +178,65 @@ RedisEnterpriseDatabaseStatus defines the observed state of RedisEnterpriseDatab | lastActionUid | UID of the last action done by operator on this database | string | | false | | lastActionStatus | Status of the last action done by operator on this database | string | | false | | version | Database compatibility version | string | | false | +| replicaSourceStatuses | ReplicaSource statuses | [][ReplicaSourceStatus](#replicasourcestatus) | | false | +| internalEndpoints | Endpoints listed internally by the Redis Enterprise Cluster. Can be used to correlate a ReplicaSourceStatus entry. | [][InternalEndpoint](#internalendpoint) | | false | +[Back to Table of Contents](#table-of-contents) + +### ReplicaSource + + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| replicaSourceType | Determines what Kuberetes resource ReplicaSourceName refers to SECRET - Get URI from secret named in ReplicaSourceName. The secret will have a uri key that defines the complete, redis:// URI REDB - Determine URI from Kubernetes REDB resource named in ReplicaSourceName | [RepliceSourceType](#replicesourcetype) | | true | +| replicaSourceName | Kubernetes resource name of type ReplicaSourceType | string | | true | +| compression | GZIP Compression level (0-9) to use for replication | int | | false | +| clientKeySecret | Secret that defines what client key to use. The secret needs 2 keys in it's map, \"cert\" that is the PEM encoded certificate and \"key\" that is the PEM encoded private key | *string | | false | +| serverCertSecret | Secret that defines the Server's certificate. The secret needs 1 key in it's map, \"cert\" that is the PEM encoded certificate | *string | | false | +| tlsSniName | TLS SNI Name to use | *string | | false | +[Back to Table of Contents](#table-of-contents) + +### ReplicaSourceStatus + + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| lag | Lag in millisec between source and destination (while synced). | int | | false | +| lastError | Last error encountered when syncing from the source. | string | | false | +| lastUpdate | Time when we last receive an update from the source. | string | | false | +| rdbSize | The source’s RDB size to be transferred during the syncing phase. | int | | false | +| rdbTransferred | Number of bytes transferred from the source’s RDB during the syncing phase. | int | | false | +| status | Sync status of this source | string | | false | +| endpointHost | The internal host name of the replica source database. Can be used as an identifier. See the internalEndpoints list on the REDB status. | string | | true | +[Back to Table of Contents](#table-of-contents) + +### S3Storage + + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| awsSecretName | The name of the K8s secret that holds the AWS credentials. The secret must contain the keys \"AWS_ACCESS_KEY_ID\" and \"AWS_SECRET_ACCESS_KEY\", and these must hold the corresponding credentials. | string | | true | +| bucketName | Amazon S3 bucket name. | string | | true | +| subdir | Optional. Amazon S3 subdir under bucket. | string | empty | false | +[Back to Table of Contents](#table-of-contents) + +### SftpStorage + + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| sftpSecretName | The name of the K8s secret that holds SFTP credentials. The secret must contain the \"Key\" key, which is the SSH private key for connecting to the sftp server. | string | | true | +| sftp_url | SFTP url | string | | true | +[Back to Table of Contents](#table-of-contents) + +### SwiftStorage + + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| swiftSecretName | The name of the K8s secret that holds Swift credentials. The secret must contain the keys \"Key\" and \"User\", and these must hold the corresponding credentials: service access key and service user name (pattern for the latter does not allow special characters &,<,>,\") | string | | true | +| auth_url | Swift service authentication URL. | string | | true | +| container | Swift object store container for storing the backup files. | string | | true | +| prefix | Optional. Prefix (path) of backup files in the swift container. | string | empty | false | [Back to Table of Contents](#table-of-contents) ## Enums @@ -79,12 +245,12 @@ Database persistence policy. see https://docs.redislabs.com/latest/rs/concepts/d | Value | Description | | ----- | ----------- | -| DatabasePersistenceDisabled | Data is not persisted | -| DatabasePersistenceAofEverySecond | Data is synced to disk every second | -| DatabasePersistenceAofAlways | Data is synced to disk with every write. | -| DatabasePersistenceSnapshotEveryHour | A snapshot of the database is created every hour | -| DatabasePersistenceSnapshotEvery6Hour | A snapshot of the database is created every 6 hours. | -| DatabasePersistenceSnapshotEvery12Hour | A snapshot of the database is created every 12 hours. | +| "disabled" | Data is not persisted | +| "aofEverySecond" | Data is synced to disk every second | +| "aofAlways" | Data is synced to disk with every write. | +| "snapshotEvery1Hour" | A snapshot of the database is created every hour | +| "snapshotEvery6Hour" | A snapshot of the database is created every 6 hours. | +| "snapshotEvery12Hour" | A snapshot of the database is created every 12 hours. | [Back to Table of Contents](#table-of-contents) ### DatabaseStatus @@ -92,12 +258,20 @@ State of the Redis Enterprise Database | Value | Description | | ----- | ----------- | -| DatabaseStatusPending | Database is pending creation | -| DatabaseStatusActive | Database is ready to be used | -| DatabaseStatusActiveChangePending | Database is ready to be used, but a change is pending | -| DatabaseStatusDeletePending | Database will be deleted soon | -| DatabaseStatusImportPending | Database will be imported soon | -| DatabaseStatusCreationFailed | Database creation has failed | -| DatabaseStatusRecovery | Database creation has failed | -| DatabaseStatusUnknown | Database status unknown | +| "pending" | Database is pending creation | +| "active" | Database is ready to be used | +| "active-change-pending" | Database is ready to be used, but a change is pending | +| "delete-pending" | Database will be deleted soon | +| "import-pending" | Database will be imported soon | +| "creation-failed" | Database creation has failed | +| "recovery" | Database creation has failed | +| "" | Database status unknown | +[Back to Table of Contents](#table-of-contents) + +### RepliceSourceType + +| Value | Description | +| ----- | ----------- | +| "SECRET" | Information on DB to Replicate from stored in a secret | +| "REDB" | Replicate from a DB created via the RedisEnterpriseDatabase Controller | [Back to Table of Contents](#table-of-contents) diff --git a/release_info.yaml b/release_info.yaml index 5d0256d..30074d5 100644 --- a/release_info.yaml +++ b/release_info.yaml @@ -1,3 +1,3 @@ -operatorVersion: 6.0.6-11 +operatorVersion: 6.0.6-23 rsVersion: 6.0.6-39 serviceBrokerVersion: 78_4b9b17f \ No newline at end of file diff --git a/topics.md b/topics.md index 7769017..5f23b92 100644 --- a/topics.md +++ b/topics.md @@ -1,5 +1,5 @@ -# Additional Topics +# Advanced Configuration - [Guaranteed Quality of Service](#guaranteed-quality-of-service) - [Priority Class](#priority-class) @@ -8,12 +8,7 @@ - [Monitoring](#monitoring) - [Eviction Thresholds](#eviction-thresholds) - [Pod Security Policy (PSP)](#pod-security-policy-psp) -- [Service Broker](#service-broker) -- [Private Repositories](#private-repositories) -- [Pull Secrets](#pull-secrets) -- [IPV4 enforcement](#ipv4-enforcement) - [Side Cars](#side-cars) -- [Extra Labels](#extra-labels) - [Resource Limits and Quotas](#resource-limits-and-quotas) - [Custom Resource Deletion](#custom-resource-deletion) @@ -118,143 +113,6 @@ If you use this option, you should add the policy name to REC configuration, in podSecurityPolicyName: "redis-enterprise-psp" ``` ->see [RedisEnterpriseClusterSpec](operator.md#redisenterpriseclusterspec) for full reference - -## Service Broker - -If you're deploying a service broker, also apply the `sb_rbac.yaml` file during installation: - -```bash -oc apply -f sb_rbac.yaml -``` - -> You should receive the following response: - -`clusterrole "redis-enterprise-operator-sb" configured` - -Bind the Cluster Service Broker role to the operator service account (in the current namespace): - -```bash -oc adm policy add-cluster-role-to-user redis-enterprise-operator-sb --serviceaccount redis-enterprise-operator --rolebinding-name=redis-enterprise-operator-sb -``` - -> You should receive the following response: - -`cluster role "redis-enterprise-operator-sb" added: "redis-enterprise-operator"` - -Add the `serviceBrokerSpec` Service Broker in the RedisEntepteriseCluster Spec (only for supported clusters) - -```yaml - serviceBrokerSpec: - enabled: true - persistentSpec: - storageClassName: "gp2" -``` - ->see [ServiceBrokerSpec](operator.md#servicebrokerspec) for full reference - -## Private Repositories - -Whenever images are not pulled from DockerHub, the following configuration options must be specified: - -In *RedisEnterpriseClusterSpec* (redis_enterprise_cluster.yaml): - -- *redisEnterpriseImageSpec* -- *redisEnterpriseServicesRiggerImageSpec* -- *serviceBrokerSpec - imageSpec* (if deploying the Service Broker) -- *bootstrapperImageSpec* - -Image specifications in *RedisEnterpriseClusterSpec* follow the same schema: ->see [ImageSpec](operator.md#imagespec) for full reference - -For example: - -```yaml - redisEnterpriseImageSpec: - imagePullPolicy: IfNotPresent - repository: harbor.corp.local/redisenterprise/redis - versionTag: 6.0.6-39 -``` - -```yaml - redisEnterpriseServicesRiggerImageSpec: - imagePullPolicy: IfNotPresent - repository: harbor.corp.local/redisenterprise/k8s-controller - versionTag: 6.0.6-11 -``` - -```yaml - bootstrapperImageSpec: - imagePullPolicy: IfNotPresent - repository: harbor.corp.local/redisenterprise/operator - versionTag: 6.0.6-11 -``` - -In Operator Deployment spec (operator.yaml): - -For example: - -```yaml -spec: - template: - spec: - containers: - - name: redis-enterprise-operator - image: harbor.corp.local/redisenterprise/operator:6.0.6-11 -``` - -Image specification follow the [K8s Container schema](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#container-v1-core). - -## Pull secrets - -Private repositories which require login can be accessed by creating a pull secret and declaring it in both the *RedisEnterpriseClusterSpec* and in the Operator Deployment spec. - -[Create a pull secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line) by running: - -```shell -kubectl create secret docker-registry regcred --docker-server= --docker-username= --docker-password= --docker-email= -``` - -where: - -- `` is your Private Docker Registry FQDN. ([https://index.docker.io/v1/](https://index.docker.io/v1/) for DockerHub) -- `` is your Docker username. -- `` is your Docker password. -- `` is your Docker email. - -This creates a pull secret names `regcred` - -To use in the *RedisEnterpriseClusterSpec*: - -```yaml -spec: - pullSecrets: - - name: regcred -``` - -To use in the Operator Deployment: - -```yaml -spec: - template: - spec: - imagePullSecrets: - - name: regcred -``` - -## IPV4 enforcement - -You might not have IPV6 support in your K8S cluster. -In this case, you could enforce the use of IPV4, by adding the following attribute to the REC spec: - -```yaml - enforceIPv4: true -``` - -Note: Setting 'enforceIPv4' to 'true' is a requirement for running REC on PKS. - -[requirements]: https://redislabs.com/redis-enterprise-documentation/administering/designing-production/hardware-requirements/ -[service-catalog]: https://kubernetes.io/docs/concepts/extend-kubernetes/service-catalog/ ## Side Cars @@ -267,16 +125,6 @@ SideCar containers- images that will run along side the redis enterprise contain imagePullPolicy: IfNotPresent ``` -## Extra Labels - -additional labels to tag the k8s resources created during deployment - -```yaml - extraLabels: - example1: "some-value" - example2: "some-value" -``` - ## Resource Limits and Quotas All the pods created by the operator are set with a resources section to their spec, so it is possible to apply a ResourceQuota on the namespace of the Redis Enterprise Cluster. The operator itself is set with resources limits and requests. From c7d0c33bc799a1b064018a382991f308e3c0e6b9 Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Fri, 21 Aug 2020 07:07:38 +0300 Subject: [PATCH 2/4] Update admission.bundle.yaml Co-authored-by: Amiram Mizne --- admission.bundle.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/admission.bundle.yaml b/admission.bundle.yaml index c0bef91..3942830 100644 --- a/admission.bundle.yaml +++ b/admission.bundle.yaml @@ -79,7 +79,7 @@ spec: serviceAccountName: redis-enterprise-admission containers: - name: admin - image: redislabs/operator-internal:6.0.6-23 + image: redislabs/operator:6.0.6-23 command: - /usr/local/bin/admission args: From 0c6f067a648024b12dd3a6d868d313256e1edd2e Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Fri, 21 Aug 2020 07:07:52 +0300 Subject: [PATCH 3/4] Update README.md Co-authored-by: Amiram Mizne --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b6a8082..0e38740 100644 --- a/README.md +++ b/README.md @@ -91,7 +91,7 @@ This is the fastest way to get up and running with a new Redis Enterprise on Kub > Notes: > 1. The `redis-enterprise-cluster.yaml` file was renamed to `redisenterprisecluster_cr.yaml`, with the API version prepended to the filename. - > 2. The Operator can only manage one Redis Enterprise Cluster customer resource in a namespace. To deploy another Enterprise Clusters in the same Kubernetes cluster, deploy additional an Operator in an additional namespace for each additional Enterprise Cluster required. Note that each Enterprise Cluster can effectively host hundreds of Redis Database instances. Deploying multiple clusters is typically used for scenarios where complete operational isolation is required at the cluster level. + > 2. The Operator can only manage one Redis Enterprise Cluster custom resource in a namespace. To deploy another Enterprise Clusters in the same Kubernetes cluster, deploy an Operator in an additional namespace for each additional Enterprise Cluster required. Note that each Enterprise Cluster can effectively host hundreds of Redis Database instances. Deploying multiple clusters is typically used for scenarios where complete operational isolation is required at the cluster level. 5. Run ```kubectl get rec``` and verify creation was successful. `rec` is a shortcut for RedisEnterpriseCluster. A typical response may look like this: From 15d2682f51649f332405308c6e045998b8c48873 Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Fri, 21 Aug 2020 07:10:36 +0300 Subject: [PATCH 4/4] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0e38740..7d17fd8 100644 --- a/README.md +++ b/README.md @@ -402,7 +402,7 @@ Alternatively: Each release of the Redis Enterprise Operator deployment is thoroughly tested against a set of Kubernetes distributions. The table below lists these, along with the current release's support status. "Supported", as well as "deprecated" support status indicates the current release has been tested in this environment and supported by RedisLabs. "Deprecated" also indicates that support will be dropped in a coming future release. "No longer supported" indicates that support has been dropped for this distribution. Any distribution that isn't explicitly listed is not supported for production workloads by RedisLabs. | Distribution | Support Status | |-------------------|---------------------| -| Openshift 3.11 | deprecated | +| Openshift 3.11 | supported | | Openshift 4.1 | supported | | Openshift 4.2 | supported | | Openshift 4.3 | supported |