Merge pull request RedisLabs#154 from RedisLabs/6.0.12-5

promote 6.0.12-5
yuvallevy2 · Feb 11, 2021 · 118fc4c · 118fc4c
2 parents 0c5c1c1 + b2879e1
commit 118fc4c
Show file tree

Hide file tree

Showing 26 changed files with 369 additions and 120 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1 +1 @@
-.idea
+.idea
diff --git a/README.md b/README.md
diff --git a/admission.bundle.yaml b/admission.bundle.yaml
@@ -57,7 +57,7 @@ spec:
       serviceAccountName: redis-enterprise-admission
       containers:
       - name: admin
-        image: redislabs/operator:6.0.8-20
+        image: redislabs/operator:6.0.12-5
         command:
         - /usr/local/bin/admission
         imagePullPolicy: Always
@@ -86,7 +86,7 @@ spec:
             scheme: HTTPS
       initContainers:
       - name: admin-init
-        image: redislabs/operator:6.0.8-20
+        image: redislabs/operator:6.0.12-5
         command:
         - /usr/local/bin/admission
         args:

diff --git a/admission/GESHER.md b/admission/GESHER.md
@@ -86,7 +86,7 @@ This will deploy the admission proxy, and via an included **NamespacedValidating
 
 8. Deployment for the Gesher operator
 
-**Note:** if one is using openshift, one should replace `operator.yaml` with `operator.openshift.yaml`
+    **Note:** if one is using openshift, one should replace `operator.yaml` with `operator.openshift.yaml`
 
     ```shell script
     kubectl apply -f gesher/operator.yaml
@@ -239,12 +239,14 @@ $ kubectl apply -f - << EOF
 apiVersion: app.redislabs.com/v1alpha1
 kind: RedisEnterpriseDatabase
 metadata:
-  name: test-database-custom-resource
+  name: redis-enterprise-database
+spec:
+  evictionPolicy: illegal
 EOF
 ```
 
-This must fail with an error output by the admission webhook redb.admisison.redislabs that is being denied because it can't get the login credentials for the Redis Enterprise Cluster as none were specified.
+This must fail with an error output by the admission webhook proxy.webhook.gesher that is being denied because 'illegal' is not a valid eviction policy.
 
 ```shell script
-Error from server: error when creating "STDIN": admission webhook "proxy.webhook.gesher" denied the request: proxied webhook webhook denied the request: failed get RedisEnterpriseCluster client: custom resource (RedisEnterpriseCluster) not found: resource name may not be empty
-```
+Error from server: error when creating "STDIN": admission webhook "proxy.webhook.gesher" denied the request: proxied webhook webhook denied the request: eviction_policy: u'illegal' is not one of [u'volatile-lru', u'volatile-ttl', u'volatile-random', u'allkeys-lru', u'allkeys-random', u'noeviction', u'volatile-lfu', u'allkeys-lfu']
+```
diff --git a/admission/deployment.yaml b/admission/deployment.yaml
@@ -14,7 +14,7 @@ spec:
       serviceAccountName: redis-enterprise-admission
       containers:
       - name: admin
-        image: redislabs/operator:6.0.8-20
+        image: redislabs/operator:6.0.12-5
         command:
         - /usr/local/bin/admission
         imagePullPolicy: Always
@@ -43,7 +43,7 @@ spec:
             scheme: HTTPS
       initContainers:
       - name: admin-init
-        image: redislabs/operator:6.0.8-20
+        image: redislabs/operator:6.0.12-5
         command:
         - /usr/local/bin/admission
         args:

diff --git a/advanced/psp.yaml b/advanced/psp.yaml
@@ -1,4 +1,4 @@
-apiVersion: extensions/v1beta1
+apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
   name: redis-enterprise-psp

diff --git a/bundle.yaml b/bundle.yaml
@@ -23,7 +23,7 @@ rules:
     resources: ["events"]
     verbs: ["create"]
   - apiGroups: ["apps"]
-    resources: ["deployments", "statefulsets"]
+    resources: ["deployments", "statefulsets", "replicasets"]
     verbs: ["*"]
   - apiGroups: ["policy"]
     resources: ["poddisruptionbudgets"]
@@ -1772,7 +1772,7 @@ spec:
       serviceAccountName: redis-enterprise-operator
       containers:
         - name: redis-enterprise-operator
-          image: redislabs/operator:6.0.8-20
+          image: redislabs/operator:6.0.12-5
           command:
           - redis-enterprise-operator
           imagePullPolicy: Always
@@ -2123,6 +2123,9 @@ spec:
               description: The name of the K8s secret that holds the password to the
                 database.
               type: string
+            defaultUser:
+              description: Is connecting with a default user allowed?
+              type: boolean
             evictionPolicy:
               description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/
               type: string
@@ -2213,6 +2216,26 @@ spec:
               description: In-memory database replication. When enabled, database
                 will have replica shard for every master - leading to higher availability.
               type: boolean
+            rolesPermissions:
+              description: List of Redis Enteprise ACL and Role bindings to apply
+              items:
+                description: Redis Enterprise Role and ACL Binding
+                properties:
+                  acl:
+                    description: Acl Name of RolePermissionType
+                    type: string
+                  role:
+                    description: Role Name of RolePermissionType
+                    type: string
+                  type:
+                    description: Type of Redis Enterprise Database Role Permission
+                    type: string
+                required:
+                - acl
+                - role
+                - type
+                type: object
+              type: array
             shardCount:
               description: Number of database server-side shards
               type: integer

diff --git a/crds/app_v1_redisenterprisecluster_crd.yaml → crds/v1/rec_crd.yaml b/crds/app_v1_redisenterprisecluster_crd.yaml → crds/v1/rec_crd.yaml
diff --git a/..._v1alpha1_redisenterprisecluster_crd.yaml → crds/v1alpha1/rec_crd.yaml b/..._v1alpha1_redisenterprisecluster_crd.yaml → crds/v1alpha1/rec_crd.yaml
@@ -3,6 +3,31 @@ kind: CustomResourceDefinition
 metadata:
   name: redisenterpriseclusters.app.redislabs.com
 spec:
+  additionalPrinterColumns:
+    - JSONPath: .spec.nodes
+      name: Nodes
+      type: string
+    - JSONPath: .spec.redisEnterpriseImageSpec.versionTag
+      name: Version
+      type: string
+    - JSONPath: .status.state
+      name: State
+      type: string
+    - JSONPath: .status.specStatus
+      name: Spec Status
+      type: string
+    - JSONPath: .status.licenseStatus.licenseState
+      name: License State
+      type: string
+    - JSONPath: .status.licenseStatus.shardsLimit
+      name: Shards Limit
+      type: string
+    - JSONPath: .status.licenseStatus.expirationDate
+      name: License Expiration Date
+      type: string
+    - name: Age
+      type: date
+      JSONPath: .metadata.creationTimestamp
   group: app.redislabs.com
   names:
     kind: RedisEnterpriseCluster

diff --git a/...v1alpha1_redisenterprisedatabase_crd.yaml → crds/v1alpha1/redb_crd.yaml b/...v1alpha1_redisenterprisedatabase_crd.yaml → crds/v1alpha1/redb_crd.yaml
@@ -324,6 +324,9 @@ spec:
               description: The name of the K8s secret that holds the password to the
                 database.
               type: string
+            defaultUser:
+              description: Is connecting with a default user allowed?
+              type: boolean
             evictionPolicy:
               description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/
               type: string
@@ -414,6 +417,26 @@ spec:
               description: In-memory database replication. When enabled, database
                 will have replica shard for every master - leading to higher availability.
               type: boolean
+            rolesPermissions:
+              description: List of Redis Enteprise ACL and Role bindings to apply
+              items:
+                description: Redis Enterprise Role and ACL Binding
+                properties:
+                  acl:
+                    description: Acl Name of RolePermissionType
+                    type: string
+                  role:
+                    description: Role Name of RolePermissionType
+                    type: string
+                  type:
+                    description: Type of Redis Enterprise Database Role Permission
+                    type: string
+                required:
+                - acl
+                - role
+                - type
+                type: object
+              type: array
             shardCount:
               description: Number of database server-side shards
               type: integer

diff --git a/crds/app_v1_redisenterprisecluster_cr.yaml → examples/v1/rec.yaml b/crds/app_v1_redisenterprisecluster_cr.yaml → examples/v1/rec.yaml
@@ -1,7 +1,7 @@
 apiVersion: app.redislabs.com/v1
 kind: RedisEnterpriseCluster
 metadata:
-  name: "redis-enterprise"
+  name: rec
 spec:
   # Add fields here
   nodes: 3
diff --git a/...p_v1alpha1_redisenterprisecluster_cr.yaml → examples/v1alpha1/rec.yaml b/...p_v1alpha1_redisenterprisecluster_cr.yaml → examples/v1alpha1/rec.yaml
diff --git a/..._v1alpha1_redisenterprisedatabase_cr.yaml → examples/v1alpha1/redb.yaml b/..._v1alpha1_redisenterprisedatabase_cr.yaml → examples/v1alpha1/redb.yaml
diff --git a/log_collector/log_collector.py b/log_collector/log_collector.py
@@ -76,6 +76,23 @@ def make_dir(directory):
             sys.exit()
 
 
+def _filter_non_existing_namespaces(namespaces):
+    """
+        Filter non-existing namespaces from user's input
+    """
+    return_code, out = run_shell_command("kubectl get ns -o=custom-columns='DATA:metadata.name' --no-headers=true")
+    if return_code:
+        return []
+    res = []
+    existing_namespaces = set(out.split())
+    for ns in namespaces:
+        if ns in existing_namespaces:
+            res.append(ns)
+        else:
+            logger.warning("Namespace %s doesn't exist - Skipping", ns)
+    return res
+
+
 def _get_namespaces_to_run_on(namespace):
     def _get_namespace_from_config():
         config_namespace = get_namespace_from_config()
@@ -94,7 +111,12 @@ def _get_namespace_from_config():
         return out.split()
 
     # comma separated string
-    return namespace.split(',')
+    namespaces = namespace.split(',')
+    existing_namespaces = _filter_non_existing_namespaces(namespaces)
+    if not existing_namespaces:
+        logger.warning("Input doesn't contain an existing namespace - will use namespace from config")
+        return _get_namespace_from_config()
+    return existing_namespaces
 
 
 def collect_from_ns(namespace, output_dir):
@@ -168,11 +190,10 @@ def collect_pod_rs_logs(namespace, output_dir):
         get logs from rs pods that are not ready
     """
     rs_pod_logs_dir = os.path.join(output_dir, "rs_pod_logs")
-    non_ready_rs_pod_names = get_non_ready_rs_pod_names(namespace)
-    if not non_ready_rs_pod_names:
-        return
+    rs_pod_names = get_pod_names(namespace=namespace, selector='redis.io/role=node')
     make_dir(rs_pod_logs_dir)
-    for rs_pod_name in non_ready_rs_pod_names:
+    # TODO restore usage of get_non_ready_rs_pod_names once RS bug is resolved (RED-51857) # pylint: disable=W0511
+    for rs_pod_name in rs_pod_names:
         pod_log_dir = os.path.join(rs_pod_logs_dir, rs_pod_name)
         make_dir(pod_log_dir)
         cmd = "kubectl -n {} cp {}:{} {} -c {}".format(namespace,

diff --git a/multi-namespace-redb/README.md b/multi-namespace-redb/README.md
@@ -45,6 +45,9 @@ subjects:
 - kind: ServiceAccount
   name: redis-enterprise-operator
   namespace: NAMESPACE_OF_SERVICE_ACCOUNT
+- kind: ServiceAccount
+  name: redis-enterprise-admission
+  namespace: NAMESPACE_OF_SERVICE_ACCOUNT
 - kind: ServiceAccount
   name: NAME_OF_REC_SERVICE_ACCOUNT  # service account of the REC, usually the same as the name of the custom resource
   namespace: NAMESPACE_OF_SERVICE_ACCOUNT

diff --git a/multi-namespace-redb/operator.yaml b/multi-namespace-redb/operator.yaml
@@ -15,7 +15,7 @@ spec:
       serviceAccountName: redis-enterprise-operator
       containers:
         - name: redis-enterprise-operator
-          image: redislabs/operator-internal:6.0.8-20
+          image: redislabs/operator:6.0.12-5
           command:
           - redis-enterprise-operator
           imagePullPolicy: Always

diff --git a/openshift.bundle.yaml b/openshift.bundle.yaml
@@ -39,7 +39,7 @@ rules:
     resources: ["events"]
     verbs: ["create"]
   - apiGroups: ["apps"]
-    resources: ["deployments", "statefulsets"]
+    resources: ["deployments", "statefulsets", "replicasets"]
     verbs: ["*"]
   - apiGroups: ["policy"]
     resources: ["poddisruptionbudgets"]
@@ -1788,7 +1788,7 @@ spec:
       serviceAccount: redis-enterprise-operator
       containers:
         - name: redis-enterprise-operator
-          image: redislabs/operator:6.0.8-20
+          image: redislabs/operator:6.0.12-5
           securityContext:
             runAsUser: 1001
           command:
@@ -2139,6 +2139,9 @@ spec:
               description: The name of the K8s secret that holds the password to the
                 database.
               type: string
+            defaultUser:
+              description: Is connecting with a default user allowed?
+              type: boolean
             evictionPolicy:
               description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/
               type: string
@@ -2229,6 +2232,26 @@ spec:
               description: In-memory database replication. When enabled, database
                 will have replica shard for every master - leading to higher availability.
               type: boolean
+            rolesPermissions:
+              description: List of Redis Enteprise ACL and Role bindings to apply
+              items:
+                description: Redis Enterprise Role and ACL Binding
+                properties:
+                  acl:
+                    description: Acl Name of RolePermissionType
+                    type: string
+                  role:
+                    description: Role Name of RolePermissionType
+                    type: string
+                  type:
+                    description: Type of Redis Enterprise Database Role Permission
+                    type: string
+                required:
+                - acl
+                - role
+                - type
+                type: object
+              type: array
             shardCount:
               description: Number of database server-side shards
               type: integer

diff --git a/openshift/operator_rhel.yaml b/openshift/operator_rhel.yaml
@@ -15,7 +15,7 @@ spec:
       serviceAccount: redis-enterprise-operator
       containers:
         - name: redis-enterprise-operator
-          image: redislabs/operator:6.0.8-20
+          image: redislabs/operator:6.0.12-5
           securityContext:
             runAsUser: 1001
           command:

diff --git a/openshift/rec_rhel.yaml b/openshift/rec_rhel.yaml
@@ -0,0 +1,14 @@
+apiVersion: app.redislabs.com/v1
+kind: RedisEnterpriseCluster
+metadata:
+  name: rec
+spec:
+  # Add fields here
+  nodes: 3
+  redisEnterpriseImageSpec:
+    repository: registry.connect.redhat.com/redislabs/redis-enterprise
+    versionTag: 6.0.12-57.rhel7-openshift
+  redisEnterpriseServicesRiggerImageSpec:
+    repository: registry.connect.redhat.com/redislabs/services-manager
+  bootstrapperImageSpec:
+    repository: registry.connect.redhat.com/redislabs/redis-enterprise-operator
diff --git a/openshift/redis-enterprise-cluster_rhel.yaml b/openshift/redis-enterprise-cluster_rhel.yaml
diff --git a/openshift/role.yaml b/openshift/role.yaml
@@ -22,7 +22,7 @@ rules:
     resources: ["events"]
     verbs: ["create"]
   - apiGroups: ["apps"]
-    resources: ["deployments", "statefulsets"]
+    resources: ["deployments", "statefulsets", "replicasets"]
     verbs: ["*"]
   - apiGroups: ["policy"]
     resources: ["poddisruptionbudgets"]