From c7afebf15ddec7e01afc1a4cfc7bcc755f99e63f Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Tue, 4 Aug 2020 09:20:33 +0300 Subject: [PATCH 01/29] fix log collector - check if it has containerStatuses --- log_collector/log_collector.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/log_collector/log_collector.py b/log_collector/log_collector.py index 1b2fc57..e3b11ab 100755 --- a/log_collector/log_collector.py +++ b/log_collector/log_collector.py @@ -174,7 +174,8 @@ def get_redis_enterprise_debug_info(namespace, output_dir): pod_names = [] for pod in rs_pods: - if all(container_status['ready'] for container_status in pod['status']['containerStatuses']): + if 'containerStatuses' in pod['status'] and all( + container_status['ready'] for container_status in pod['status']['containerStatuses']): pod_names.append(pod['metadata']['name']) if not pod_names: logger.warning("Cannot find a ready redis enterprise pod, will use a non-ready pod") From edeedd6e25df7047081688d984d0803e351f644b Mon Sep 17 00:00:00 2001 From: Amiram Mizne Date: Tue, 4 Aug 2020 17:19:43 -0700 Subject: [PATCH 02/29] Fixed storage class reference for Openshift deploy --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6bdf3cd..ab7ff98 100644 --- a/README.md +++ b/README.md @@ -154,13 +154,13 @@ Other custom configurations are referenced in this repository. ``` 4. Deploy the OpenShift operator bundle: - > NOTE: Update the `storageClassName` setting in `openshift.bundle.yaml` (by default its set to `gp2`). ```bash oc apply -f openshift.bundle.yaml ``` 5. Redis Enterprise Cluster custom resource - `RedisEnterpriseCluster` +> NOTE: Update the `storageClassName` setting in `redis-enterprise-cluster_rhel.yaml` as required (it's set to `gp2` by default). Apply the `RedisEnterpriseCluster` resource with RHEL7 based images: From c0c8c4ba9e3f2deaa6c400730722f3ddcba87f0e Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 20 Aug 2020 17:17:39 +0000 Subject: [PATCH 03/29] promoting version 6.0.6-23 --- README.md | 48 +++++-- admission.bundle.yaml | 8 +- admission.openshift.bundle.yaml | 8 +- admission/README.md | 20 +-- admission/deployment.yaml | 5 +- admission/deployment_openshift.yaml | 5 +- admission/role.yaml | 4 + bundle.yaml | 2 +- log_collector/log_collector.py | 80 +++++++---- openshift.bundle.yaml | 2 +- openshift/operator_rhel.yaml | 2 +- operator.yaml | 2 +- redis_enterprise_cluster_api.md | 36 ++--- redis_enterprise_database_api.md | 204 ++++++++++++++++++++++++++-- release_info.yaml | 2 +- topics.md | 154 +-------------------- 16 files changed, 330 insertions(+), 252 deletions(-) diff --git a/README.md b/README.md index ab7ff98..b6a8082 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,7 @@ * [Pull Secrets](#pull-secrets) * [Advanced Configuration](#advanced-configuration) * [Upgrade](#upgrade) +* [Supported K8S Distributions](#supported-k8s-distributions) This page describe how to deploy Redis Enterprise on Kubernetes using the Redis Enterprise Operator. High level architecture and overview of the solution can be found [HERE](https://docs.redislabs.com/latest/platforms/kubernetes/). @@ -27,8 +28,8 @@ The following are the images and tags for this release: | Component | k8s | Openshift | | --- | --- | --- | | Redis Enterprise | `redislabs/redis:6.0.6-39` | `redislabs/redis:6.0.6-39.rhel7-openshift` | -| Operator | `redislabs/operator:6.0.6-11` | `redislabs/operator:6.0.6-11.rhel7` | -| Services Rigger | `redislabs/k8s-controller:6.0.6-11` | `redislabs/k8s-controller:6.0.6-11.rhel7` | +| Operator | `redislabs/operator:6.0.6-23` | `redislabs/operator:6.0.6-23` | +| Services Rigger | `redislabs/k8s-controller:6.0.6-23` | `redislabs/k8s-controller:6.0.6-23` | > * RedHat certified images are available on [Redhat Catalog](https://access.redhat.com/containers/#/product/71f6d1bb3408bd0d)
@@ -69,6 +70,7 @@ This is the fastest way to get up and running with a new Redis Enterprise on Kub > Note: The rbac.yaml file used in previous releases has been broken down into three distinct files: `role.yaml`, `role_binding.yaml` and `service_account.yaml`. The `crd.yaml` file was renamed to `redisenterprisecluster_crd.yaml`, with the API version prepended to the filename. + Apply the `crds/app_v1alpha1_redisenterprisedatabase_crd.yaml` if managing database instances through Kubernetes API and commands is desired. 3. Run `kubectl get deployment` and verify redis-enterprise-operator deployment is running. @@ -87,7 +89,9 @@ This is the fastest way to get up and running with a new Redis Enterprise on Kub kubectl apply -f crds/app_v1_redisenterprisecluster_cr.yaml ``` - > Note: The redis-enterprise-cluster.yaml file was renamed to redisenterprisecluster_cr.yaml, with the API version prepended to the filename. + > Notes: + > 1. The `redis-enterprise-cluster.yaml` file was renamed to `redisenterprisecluster_cr.yaml`, with the API version prepended to the filename. + > 2. The Operator can only manage one Redis Enterprise Cluster customer resource in a namespace. To deploy another Enterprise Clusters in the same Kubernetes cluster, deploy additional an Operator in an additional namespace for each additional Enterprise Cluster required. Note that each Enterprise Cluster can effectively host hundreds of Redis Database instances. Deploying multiple clusters is typically used for scenarios where complete operational isolation is required at the cluster level. 5. Run ```kubectl get rec``` and verify creation was successful. `rec` is a shortcut for RedisEnterpriseCluster. A typical response may look like this: @@ -154,18 +158,18 @@ Other custom configurations are referenced in this repository. ``` 4. Deploy the OpenShift operator bundle: + > NOTE: Update the `storageClassName` setting in `openshift.bundle.yaml` (by default its set to `gp2`). ```bash oc apply -f openshift.bundle.yaml ``` 5. Redis Enterprise Cluster custom resource - `RedisEnterpriseCluster` -> NOTE: Update the `storageClassName` setting in `redis-enterprise-cluster_rhel.yaml` as required (it's set to `gp2` by default). Apply the `RedisEnterpriseCluster` resource with RHEL7 based images: ```bash - kubectl apply -f openshift/redis-enterprise-cluster_rhel.yaml + oc apply -f openshift/redis-enterprise-cluster_rhel.yaml ``` 6. Redis Enterprise Database custom resource - `RedisEnterpriseDatabase` @@ -195,6 +199,9 @@ Other custom configurations are referenced in this repository. > When using the REDB Custom Resource Definition (Redis Enterprise Database) it is recommended to set up admission controller to improve input validation and catch configuration errors before they reach the cluster. The procedure is documented [here](admission/README.md). +### Installation on PKS + Instruction on how to deploy the Operator on PKS can be found on the [Redis Labs documentation Website](https://docs.redislabs.com/latest/platforms/pks/) + ## Configuration @@ -309,14 +316,14 @@ For example: redisEnterpriseServicesRiggerImageSpec: imagePullPolicy: IfNotPresent repository: harbor.corp.local/redisenterprise/k8s-controller - versionTag: 6.0.6-11 + versionTag: 6.0.6-23 ``` ```yaml bootstrapperImageSpec: imagePullPolicy: IfNotPresent repository: harbor.corp.local/redisenterprise/operator - versionTag: 6.0.6-11 + versionTag: 6.0.6-23 ``` In Operator Deployment spec (operator.yaml): @@ -328,7 +335,7 @@ spec: spec: containers: - name: redis-enterprise-operator - image: harbor.corp.local/redisenterprise/operator:6.0.6-11 + image: harbor.corp.local/redisenterprise/operator:6.0.6-23 ``` Image specification follow the [K8s Container schema](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#container-v1-core). @@ -342,6 +349,8 @@ Private repositories which require login can be accessed by creating a pull secr ```shell kubectl create secret docker-registry regcred --docker-server= --docker-username= --docker-password= --docker-email= ``` +> NOTE: Make sure to witch context to the REC namespace or add flag -n . + where: - `` is your Private repository FQDN. ([https://index.docker.io/v1/](https://index.docker.io/v1/) for DockerHub) @@ -377,7 +386,7 @@ spec: The Operator automates and simplifies the upgrade process. The Redis Enterprise Cluster Software, and the Redis Enterprise Operator for Kubernetes versions are tightly coupled and should be upgraded together. It is recommended to use the bundle.yaml to upgrade, as it loads all the relevant CRD documents for this version. If the updated CRDs are not loaded, the operator might fail. -There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within the Redis Enterprise Cluster Spec to instruct the operator to automatically upgrade to the compatible version, or specify the correct Redis Enterprise image manually using the versionTag attribute. The Redis Enterprise version compatible with this release is 6.0.6-39 +There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within the Redis Enterprise Cluster Spec to instruct the operator to automatically upgrade to the compatible version, or specify the correct Redis Enterprise image manually using the versionTag attribute. The Redis Enterprise Version compatible with this release is 6.0.6-39 ```yaml autoUpgradeRedisEnterprise: true @@ -388,3 +397,24 @@ Alternatively: RedisEnterpriseImageSpec: versionTag: redislabs/redis:6.0.6-39 ``` + +## Supported K8S Distributions +Each release of the Redis Enterprise Operator deployment is thoroughly tested against a set of Kubernetes distributions. The table below lists these, along with the current release's support status. "Supported", as well as "deprecated" support status indicates the current release has been tested in this environment and supported by RedisLabs. "Deprecated" also indicates that support will be dropped in a coming future release. "No longer supported" indicates that support has been dropped for this distribution. Any distribution that isn't explicitly listed is not supported for production workloads by RedisLabs. +| Distribution | Support Status | +|-------------------|---------------------| +| Openshift 3.11 | deprecated | +| Openshift 4.1 | supported | +| Openshift 4.2 | supported | +| Openshift 4.3 | supported | +| KOPS vanilla 1.9 | no longer supported | +| KOPS vanilla 1.10 | no longer supported | +| KOPS vanilla 1.11 | deprecated | +| KOPS vanilla 1.12 | supported | +| KOPS vanilla 1.13 | supported | +| KOPS vanilla 1.14 | supported | +| KOPS vanilla 1.15 | supported | +| KOPS vanilla 1.16 | supported | +| KOPS vanilla 1.17 | supported | +| GKE 1.14 | supported | +| GKE 1.15 | supported | +| GKE 1.16 | supported | diff --git a/admission.bundle.yaml b/admission.bundle.yaml index 74eeaac..c0bef91 100644 --- a/admission.bundle.yaml +++ b/admission.bundle.yaml @@ -21,6 +21,10 @@ rules: - apiGroups: [""] resources: ["secrets"] verbs: ["*"] + - apiGroups: ["app.redislabs.com"] + resources: ["*"] + verbs: ["*"] + --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -75,7 +79,7 @@ spec: serviceAccountName: redis-enterprise-admission containers: - name: admin - image: redislabs/operator:6.0.6-11 + image: redislabs/operator-internal:6.0.6-23 command: - /usr/local/bin/admission args: @@ -106,7 +110,7 @@ spec: scheme: HTTPS initContainers: - name: admin-init - image: redislabs/operator:6.0.6-11 + image: redislabs/operator-internal:6.0.6-23 command: - /usr/local/bin/admission args: diff --git a/admission.openshift.bundle.yaml b/admission.openshift.bundle.yaml index b55fa6b..a9534d7 100644 --- a/admission.openshift.bundle.yaml +++ b/admission.openshift.bundle.yaml @@ -21,6 +21,10 @@ rules: - apiGroups: [""] resources: ["secrets"] verbs: ["*"] + - apiGroups: ["app.redislabs.com"] + resources: ["*"] + verbs: ["*"] + --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 @@ -75,7 +79,7 @@ spec: serviceAccountName: redis-enterprise-admission containers: - name: admin - image: redislabs/operator:6.0.6-11.rhel7 + image: redislabs/operator:6.0.6-23 command: - /usr/local/bin/admission args: @@ -106,7 +110,7 @@ spec: scheme: HTTPS initContainers: - name: admin-init - image: redislabs/operator:6.0.6-11.rhel7 + image: redislabs/operator:6.0.6-23 command: - /usr/local/bin/admission args: diff --git a/admission/README.md b/admission/README.md index a7eec5f..e53d36c 100644 --- a/admission/README.md +++ b/admission/README.md @@ -16,29 +16,19 @@ sed 's/NAMESPACE_OF_SERVICE_ACCOUNT/REPLACE_WITH_NAMESPACE/g' admission.bundle.y If this is the first time one is deploying the admission controller, one has to approve the CSR and setup the webhook to enable resource validation. If one has already set these up, and one is just updating the admission controller, one skips steps 2 and 3 as they are already configured correctly -2. and waits for the CSR to ready and approves it - -wait for it to be ready to be approved +2. and waits for the secret to be created ```shell script -kubectl get csr admission-tls -``` - -and approve it once it's pending approval - -```shell script -kubectl certificate approve admission-tls -``` -or on openshift -```shell script -oc adm certificate approve admission-tls +kubectl get secret admission-tls +NAME TYPE DATA AGE +admission-tls Opaque 2 2m43s ``` 3. and modifies the webhook to use the certificate generated ```shell script # save cert -CERT=`kubectl get csr admission-tls -o jsonpath='{.status.certificate}'` +CERT=`kubectl get secret admission-tls -o jsonpath='{.data.cert}'` # create patch file cat > modified-webhook.yaml < 0: + time.sleep(1) + if debuginfo_attempt_on_pod(namespace, + output_dir, + pod_name, + attempt + 1): + logger.info("Collected Redis Enterprise cluster debug package") + return def collect_resources_list(namespace, output_dir): @@ -451,7 +473,7 @@ def get_process_children(parent): stdout=subprocess.PIPE, stderr=subprocess.PIPE) stdout, _ = piped_process.communicate() - return [int(piped_process) for proc in stdout.split()] + return [int(proc) for proc in stdout.split()] # no need for pass here: # https://github.com/PyCQA/pylint/issues/2616#issuecomment-442738701 diff --git a/openshift.bundle.yaml b/openshift.bundle.yaml index 7607380..ed34b7b 100644 --- a/openshift.bundle.yaml +++ b/openshift.bundle.yaml @@ -131,7 +131,7 @@ spec: serviceAccount: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.6-11.rhel7 + image: redislabs/operator:6.0.6-23 securityContext: runAsUser: 1001 command: diff --git a/openshift/operator_rhel.yaml b/openshift/operator_rhel.yaml index a8ac2d9..139256c 100644 --- a/openshift/operator_rhel.yaml +++ b/openshift/operator_rhel.yaml @@ -15,7 +15,7 @@ spec: serviceAccount: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.6-11.rhel7 + image: redislabs/operator:6.0.6-23 securityContext: runAsUser: 1001 command: diff --git a/operator.yaml b/operator.yaml index bcd6a20..1f42020 100644 --- a/operator.yaml +++ b/operator.yaml @@ -15,7 +15,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.6-11 + image: redislabs/operator:6.0.6-23 command: - redis-enterprise-operator imagePullPolicy: Always diff --git a/redis_enterprise_cluster_api.md b/redis_enterprise_cluster_api.md index 9ee45f6..b1a0cc3 100644 --- a/redis_enterprise_cluster_api.md +++ b/redis_enterprise_cluster_api.md @@ -95,7 +95,7 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster | uiServiceType | Type of service used to expose Redis Enterprise UI (https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) | *v1.ServiceType | v1.ServiceTypeClusterIP | false | | uiAnnotations | Annotations for Redis Enterprise UI service | map[string]string | | false | | servicesRiggerSpec | Specification for service rigger | *[ServicesRiggerConfigurationSpec](#servicesriggerconfigurationspec) | | false | -| license | Redis Enterprise License | string | | false | +| license | Redis Enterprise License | string | Empty string which is a [Trial Mode licesne](https://docs.redislabs.com/latest/rs/administering/cluster-operations/settings/license-keys/#trial-mode) | false | | username | Username for the admin user of Redis Enterprise | string | demo@redislabs.com | false | | nodeSelector | Selector for nodes that could fit Redis Enterprise pod | *map[string]string | | false | | redisEnterpriseImageSpec | Specification for Redis Enterprise container image | *[ImageSpec](#imagespec) | the default Redis Enterprise image for this version | false | @@ -105,7 +105,7 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster | bootstrapperResources | Compute resource requirements for bootstrapper containers | *[v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#resourcerequirements-v1-core) | 0.1 CPUs and 128Mi memory | false | | redisEnterpriseServicesRiggerResources | Compute resource requirements for Services Rigger pod | *[v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#resourcerequirements-v1-core) | 0.5 CPU and 0.5GB memory | false | | pullSecrets | PullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | [][v1.LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#localobjectreference-v1-core) | empty | false | -| persistentSpec | Specification for Redis Enterprise Cluster persistence | [PersistentConfigurationSpec](#persistentconfigurationspec) | disabled | false | +| persistentSpec | Specification for Redis Enterprise Cluster persistence | [PersistentConfigurationSpec](#persistentconfigurationspec) | | false | | serviceBrokerSpec | Specification for Service Broker | [ServiceBrokerSpec](#servicebrokerspec) | disabled | false | | sideContainersSpec | Specification for a side container that will be added to each Redis Enterprise pod | []v1.Container | empty | false | | extraLabels | Labels that the user defines for their convenience | map[string]string | empty | false | @@ -177,8 +177,8 @@ Method of ingress from another cluster in Active-Active configuration | Value | Description | | ----- | ----------- | -| OpenShiftRoute | Routes are only usable in OpenShift | -| Ingress | See https://kubernetes.io/docs/concepts/services-networking/ingress/ | +| "openShiftRoute" | Routes are only usable in OpenShift | +| "ingress" | See https://kubernetes.io/docs/concepts/services-networking/ingress/ | [Back to Table of Contents](#table-of-contents) ### ClusterEventReason @@ -186,8 +186,8 @@ Reason for cluster event | Value | Description | | ----- | ----------- | -| InvalidConfiguration | Invalid Configuration | -| StatusChange | Status Change | +| "InvalidConfiguration" | Invalid Configuration | +| "StatusChange" | Status Change | [Back to Table of Contents](#table-of-contents) ### ClusterState @@ -195,16 +195,16 @@ State of the Redis Enterprise Cluster | Value | Description | | ----- | ----------- | -| ClusterPendingCreate | ClusterPendingCreate means cluster is not created yet | -| ClusterBootstrappingFirstPod | Bootstrapping first pod | -| ClusterInitializing | ClusterInitializing means the cluster was created and nodes are in the process of joining the cluster | -| ClusterRecoveryReset | ClusterRecoveryReset resets the cluster by deleting all pods | -| ClusterRecoveringFirstPod | ClusterRecoveringFirstPod means the cluster entered cluster recovery | -| ClusterRunning | ClusterRunning means the cluster's sub-resources have been created and are in running state | -| ClusterError | ClusterError means the there was an error when starting creating/updating the one or more of the cluster's resources | -| ClusterConfigurationInvalid | ClusterConfigurationInvalid means an invalid spec was applied | -| ClusterInvalidUpgrade | ClusterInvalidUpgrade means an upgrade is not possible at this time | -| ClusterUpgrade | ClusterUpgrade | +| "PendingCreation" | ClusterPendingCreate means cluster is not created yet | +| "BootstrappingFirstPod" | Bootstrapping first pod | +| "Initializing" | ClusterInitializing means the cluster was created and nodes are in the process of joining the cluster | +| "RecoveryReset" | ClusterRecoveryReset resets the cluster by deleting all pods | +| "RecoveringFirstPod" | ClusterRecoveringFirstPod means the cluster entered cluster recovery | +| "Running" | ClusterRunning means the cluster's sub-resources have been created and are in running state | +| "Error" | ClusterError means the there was an error when starting creating/updating the one or more of the cluster's resources | +| "Invalid" | ClusterConfigurationInvalid means an invalid spec was applied | +| "InvalidUpgrade" | ClusterInvalidUpgrade means an upgrade is not possible at this time | +| "Upgrade" | ClusterUpgrade | [Back to Table of Contents](#table-of-contents) ### SpecStatusName @@ -212,6 +212,6 @@ Whether the REC specification is valid (custom resource) | Value | Description | | ----- | ----------- | -| SpecStatusInvalid | Specification status invalid | -| SpecStatusValid | Specification status valid | +| "Invalid" | Specification status invalid | +| "Valid" | Specification status valid | [Back to Table of Contents](#table-of-contents) diff --git a/redis_enterprise_database_api.md b/redis_enterprise_database_api.md index 1d0512b..77c6b83 100644 --- a/redis_enterprise_database_api.md +++ b/redis_enterprise_database_api.md @@ -3,16 +3,120 @@ This document describes the parameters for the Redis Enterprise Database custom > Note this document is auto-generated from code comments. To contribute a change please change the code comments. ## Table of Contents * [Objects](#objects) + * [AzureBlobStorage](#azureblobstorage) + * [BackupSpec](#backupspec) + * [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) + * [DbAlertsSettings](#dbalertssettings) + * [FtpStorage](#ftpstorage) + * [GoogleStorage](#googlestorage) + * [InternalEndpoint](#internalendpoint) + * [MountPointStorage](#mountpointstorage) * [RedisEnterpriseConnection](#redisenterpriseconnection) * [RedisEnterpriseDatabase](#redisenterprisedatabase) * [RedisEnterpriseDatabaseList](#redisenterprisedatabaselist) * [RedisEnterpriseDatabaseSpec](#redisenterprisedatabasespec) * [RedisEnterpriseDatabaseStatus](#redisenterprisedatabasestatus) + * [ReplicaSource](#replicasource) + * [ReplicaSourceStatus](#replicasourcestatus) + * [S3Storage](#s3storage) + * [SftpStorage](#sftpstorage) + * [SwiftStorage](#swiftstorage) * [Enums](#enums) * [DatabasePersistence](#databasepersistence) * [DatabaseStatus](#databasestatus) + * [RepliceSourceType](#replicesourcetype) ## Objects +### AzureBlobStorage + + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| absSecretName | The name of the K8s secret that holds ABS credentials. The secret must contain the keys \"AccountName\" and \"AccountKey\", and these must hold the corresponding credentials | string | | true | +| container | Azure Blob Storage container name. | string | | true | +| subdir | Optional. Azure Blob Storage subdir under container. | string | empty | false | +[Back to Table of Contents](#table-of-contents) + +### BackupSpec +The various backup storage options are validated to be mutually exclusive, although for technical reasons, the relevant error is not very clear and indicates a conflict in the specified storage type. + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| interval | Backup Interval in seconds | int | 86400 | false | +| ftp | | *[FtpStorage](#ftpstorage) | | false | +| s3 | | *[S3Storage](#s3storage) | | false | +| abs | | *[AzureBlobStorage](#azureblobstorage) | | false | +| swift | | *[SwiftStorage](#swiftstorage) | | false | +| sftp | | *[SftpStorage](#sftpstorage) | | false | +| gcs | | *[GoogleStorage](#googlestorage) | | false | +| mount | | *[MountPointStorage](#mountpointstorage) | | false | +[Back to Table of Contents](#table-of-contents) + +### BdbAlertSettingsWithThreshold +Threshold for database alert + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| enabled | Alert enabled or disabled | bool | | true | +| threshold | Threshold for alert going on/off | string | | true | +[Back to Table of Contents](#table-of-contents) + +### DbAlertsSettings +DbAlertsSettings An API object that represents the database alerts configuration. + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| bdb_backup_delayed | Periodic backup has been delayed for longer than specified threshold value [minutes] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_crdt_src_high_syncer_lag | Active-active source - sync lag is higher than specified threshold value [seconds] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_crdt_src_syncer_connection_error | Active-active source - sync has connection error while trying to connect replica source | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_crdt_src_syncer_general_error | Active-active source - sync encountered in general error | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_high_latency | Latency is higher than specified threshold value [micro-sec] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_high_throughput | Throughput is higher than specified threshold value [requests / sec.] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_long_running_action | An alert for state-machines that are running for too long | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_low_throughput | Throughput is lower than specified threshold value [requests / sec.] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_ram_dataset_overhead | Dataset RAM overhead of a shard has reached the threshold value [% of its RAM limit] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_ram_values | Percent of values kept in a shard's RAM is lower than [% of its key count] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_replica_src_high_syncer_lag | Replica-of source - sync lag is higher than specified threshold value [seconds] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_replica_src_syncer_connection_error | Replica-of source - sync has connection error while trying to connect replica source | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_shard_num_ram_values | Number of values kept in a shard's RAM is lower than [values] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_size | Dataset size has reached the threshold value [% of the memory limit] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +[Back to Table of Contents](#table-of-contents) + +### FtpStorage + + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| url | a URI of the \"ftp[s]://[USER[:PASSWORD]@]HOST[:PORT]/PATH[/]\" format | string | | true | +[Back to Table of Contents](#table-of-contents) + +### GoogleStorage +GoogleStorage + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| gcsSecretName | The name of the K8s secret that holds the Google Cloud Storage credentials. The secret must contain the keys \"CLIENT_ID\", \"PRIVATE_KEY\", \"PRIVATE_KEY_ID\", \"CLIENT_EMAIL\" and these must hold the corresponding credentials. The keys should correspond to the values in the key JSON. | string | | true | +| bucketName | Google Storage bucket name. | string | | true | +| subdir | Optional. Google Storage subdir under bucket. | string | empty | false | +[Back to Table of Contents](#table-of-contents) + +### InternalEndpoint + + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| host | Hostname assigned to the database | string | | false | +| port | Database port name | int | | false | +[Back to Table of Contents](#table-of-contents) + +### MountPointStorage +MountPointStorage + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| path | Path to the local mount point. You must create the mount point on all nodes, and the redislabs:redislabs user must have read and write permissions on the local mount point. | string | | true | +[Back to Table of Contents](#table-of-contents) + ### RedisEnterpriseConnection Connection between a database, and Its Redis Enterprise Cluster @@ -54,7 +158,10 @@ RedisEnterpriseDatabaseSpec defines the desired state of RedisEnterpriseDatabase | databaseSecretName | The name of the K8s secret that holds the password to the database. | string | | false | | evictionPolicy | Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/ | string | volatile-lru | false | | tlsMode | Require SSL authenticated and encrypted connections to the database. enabled - all incoming connections to the Database must use SSL. disabled - no incoming connection to the Database should use SSL. replica_ssl - databases that replicate from this one need to use SSL. | string | disabled | false | -| enforceClientAuthentication | Require authentication of client certificates for SSL connections to the database. | *bool | true | false | +| clientAuthenticationCertificates | The Secrets containing TLS Client Certificate to use for Authentication | []string | | false | +| replicaSources | What databases to replicate from | [][ReplicaSource](#replicasource) | | false | +| alertSettings | Settings for database alerts | *[DbAlertsSettings](#dbalertssettings) | | false | +| backup | Target for automatic database backups. | *[BackupSpec](#backupspec) | | false | [Back to Table of Contents](#table-of-contents) ### RedisEnterpriseDatabaseStatus @@ -71,6 +178,65 @@ RedisEnterpriseDatabaseStatus defines the observed state of RedisEnterpriseDatab | lastActionUid | UID of the last action done by operator on this database | string | | false | | lastActionStatus | Status of the last action done by operator on this database | string | | false | | version | Database compatibility version | string | | false | +| replicaSourceStatuses | ReplicaSource statuses | [][ReplicaSourceStatus](#replicasourcestatus) | | false | +| internalEndpoints | Endpoints listed internally by the Redis Enterprise Cluster. Can be used to correlate a ReplicaSourceStatus entry. | [][InternalEndpoint](#internalendpoint) | | false | +[Back to Table of Contents](#table-of-contents) + +### ReplicaSource + + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| replicaSourceType | Determines what Kuberetes resource ReplicaSourceName refers to SECRET - Get URI from secret named in ReplicaSourceName. The secret will have a uri key that defines the complete, redis:// URI REDB - Determine URI from Kubernetes REDB resource named in ReplicaSourceName | [RepliceSourceType](#replicesourcetype) | | true | +| replicaSourceName | Kubernetes resource name of type ReplicaSourceType | string | | true | +| compression | GZIP Compression level (0-9) to use for replication | int | | false | +| clientKeySecret | Secret that defines what client key to use. The secret needs 2 keys in it's map, \"cert\" that is the PEM encoded certificate and \"key\" that is the PEM encoded private key | *string | | false | +| serverCertSecret | Secret that defines the Server's certificate. The secret needs 1 key in it's map, \"cert\" that is the PEM encoded certificate | *string | | false | +| tlsSniName | TLS SNI Name to use | *string | | false | +[Back to Table of Contents](#table-of-contents) + +### ReplicaSourceStatus + + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| lag | Lag in millisec between source and destination (while synced). | int | | false | +| lastError | Last error encountered when syncing from the source. | string | | false | +| lastUpdate | Time when we last receive an update from the source. | string | | false | +| rdbSize | The source’s RDB size to be transferred during the syncing phase. | int | | false | +| rdbTransferred | Number of bytes transferred from the source’s RDB during the syncing phase. | int | | false | +| status | Sync status of this source | string | | false | +| endpointHost | The internal host name of the replica source database. Can be used as an identifier. See the internalEndpoints list on the REDB status. | string | | true | +[Back to Table of Contents](#table-of-contents) + +### S3Storage + + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| awsSecretName | The name of the K8s secret that holds the AWS credentials. The secret must contain the keys \"AWS_ACCESS_KEY_ID\" and \"AWS_SECRET_ACCESS_KEY\", and these must hold the corresponding credentials. | string | | true | +| bucketName | Amazon S3 bucket name. | string | | true | +| subdir | Optional. Amazon S3 subdir under bucket. | string | empty | false | +[Back to Table of Contents](#table-of-contents) + +### SftpStorage + + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| sftpSecretName | The name of the K8s secret that holds SFTP credentials. The secret must contain the \"Key\" key, which is the SSH private key for connecting to the sftp server. | string | | true | +| sftp_url | SFTP url | string | | true | +[Back to Table of Contents](#table-of-contents) + +### SwiftStorage + + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| swiftSecretName | The name of the K8s secret that holds Swift credentials. The secret must contain the keys \"Key\" and \"User\", and these must hold the corresponding credentials: service access key and service user name (pattern for the latter does not allow special characters &,<,>,\") | string | | true | +| auth_url | Swift service authentication URL. | string | | true | +| container | Swift object store container for storing the backup files. | string | | true | +| prefix | Optional. Prefix (path) of backup files in the swift container. | string | empty | false | [Back to Table of Contents](#table-of-contents) ## Enums @@ -79,12 +245,12 @@ Database persistence policy. see https://docs.redislabs.com/latest/rs/concepts/d | Value | Description | | ----- | ----------- | -| DatabasePersistenceDisabled | Data is not persisted | -| DatabasePersistenceAofEverySecond | Data is synced to disk every second | -| DatabasePersistenceAofAlways | Data is synced to disk with every write. | -| DatabasePersistenceSnapshotEveryHour | A snapshot of the database is created every hour | -| DatabasePersistenceSnapshotEvery6Hour | A snapshot of the database is created every 6 hours. | -| DatabasePersistenceSnapshotEvery12Hour | A snapshot of the database is created every 12 hours. | +| "disabled" | Data is not persisted | +| "aofEverySecond" | Data is synced to disk every second | +| "aofAlways" | Data is synced to disk with every write. | +| "snapshotEvery1Hour" | A snapshot of the database is created every hour | +| "snapshotEvery6Hour" | A snapshot of the database is created every 6 hours. | +| "snapshotEvery12Hour" | A snapshot of the database is created every 12 hours. | [Back to Table of Contents](#table-of-contents) ### DatabaseStatus @@ -92,12 +258,20 @@ State of the Redis Enterprise Database | Value | Description | | ----- | ----------- | -| DatabaseStatusPending | Database is pending creation | -| DatabaseStatusActive | Database is ready to be used | -| DatabaseStatusActiveChangePending | Database is ready to be used, but a change is pending | -| DatabaseStatusDeletePending | Database will be deleted soon | -| DatabaseStatusImportPending | Database will be imported soon | -| DatabaseStatusCreationFailed | Database creation has failed | -| DatabaseStatusRecovery | Database creation has failed | -| DatabaseStatusUnknown | Database status unknown | +| "pending" | Database is pending creation | +| "active" | Database is ready to be used | +| "active-change-pending" | Database is ready to be used, but a change is pending | +| "delete-pending" | Database will be deleted soon | +| "import-pending" | Database will be imported soon | +| "creation-failed" | Database creation has failed | +| "recovery" | Database creation has failed | +| "" | Database status unknown | +[Back to Table of Contents](#table-of-contents) + +### RepliceSourceType + +| Value | Description | +| ----- | ----------- | +| "SECRET" | Information on DB to Replicate from stored in a secret | +| "REDB" | Replicate from a DB created via the RedisEnterpriseDatabase Controller | [Back to Table of Contents](#table-of-contents) diff --git a/release_info.yaml b/release_info.yaml index 5d0256d..30074d5 100644 --- a/release_info.yaml +++ b/release_info.yaml @@ -1,3 +1,3 @@ -operatorVersion: 6.0.6-11 +operatorVersion: 6.0.6-23 rsVersion: 6.0.6-39 serviceBrokerVersion: 78_4b9b17f \ No newline at end of file diff --git a/topics.md b/topics.md index 7769017..5f23b92 100644 --- a/topics.md +++ b/topics.md @@ -1,5 +1,5 @@ -# Additional Topics +# Advanced Configuration - [Guaranteed Quality of Service](#guaranteed-quality-of-service) - [Priority Class](#priority-class) @@ -8,12 +8,7 @@ - [Monitoring](#monitoring) - [Eviction Thresholds](#eviction-thresholds) - [Pod Security Policy (PSP)](#pod-security-policy-psp) -- [Service Broker](#service-broker) -- [Private Repositories](#private-repositories) -- [Pull Secrets](#pull-secrets) -- [IPV4 enforcement](#ipv4-enforcement) - [Side Cars](#side-cars) -- [Extra Labels](#extra-labels) - [Resource Limits and Quotas](#resource-limits-and-quotas) - [Custom Resource Deletion](#custom-resource-deletion) @@ -118,143 +113,6 @@ If you use this option, you should add the policy name to REC configuration, in podSecurityPolicyName: "redis-enterprise-psp" ``` ->see [RedisEnterpriseClusterSpec](operator.md#redisenterpriseclusterspec) for full reference - -## Service Broker - -If you're deploying a service broker, also apply the `sb_rbac.yaml` file during installation: - -```bash -oc apply -f sb_rbac.yaml -``` - -> You should receive the following response: - -`clusterrole "redis-enterprise-operator-sb" configured` - -Bind the Cluster Service Broker role to the operator service account (in the current namespace): - -```bash -oc adm policy add-cluster-role-to-user redis-enterprise-operator-sb --serviceaccount redis-enterprise-operator --rolebinding-name=redis-enterprise-operator-sb -``` - -> You should receive the following response: - -`cluster role "redis-enterprise-operator-sb" added: "redis-enterprise-operator"` - -Add the `serviceBrokerSpec` Service Broker in the RedisEntepteriseCluster Spec (only for supported clusters) - -```yaml - serviceBrokerSpec: - enabled: true - persistentSpec: - storageClassName: "gp2" -``` - ->see [ServiceBrokerSpec](operator.md#servicebrokerspec) for full reference - -## Private Repositories - -Whenever images are not pulled from DockerHub, the following configuration options must be specified: - -In *RedisEnterpriseClusterSpec* (redis_enterprise_cluster.yaml): - -- *redisEnterpriseImageSpec* -- *redisEnterpriseServicesRiggerImageSpec* -- *serviceBrokerSpec - imageSpec* (if deploying the Service Broker) -- *bootstrapperImageSpec* - -Image specifications in *RedisEnterpriseClusterSpec* follow the same schema: ->see [ImageSpec](operator.md#imagespec) for full reference - -For example: - -```yaml - redisEnterpriseImageSpec: - imagePullPolicy: IfNotPresent - repository: harbor.corp.local/redisenterprise/redis - versionTag: 6.0.6-39 -``` - -```yaml - redisEnterpriseServicesRiggerImageSpec: - imagePullPolicy: IfNotPresent - repository: harbor.corp.local/redisenterprise/k8s-controller - versionTag: 6.0.6-11 -``` - -```yaml - bootstrapperImageSpec: - imagePullPolicy: IfNotPresent - repository: harbor.corp.local/redisenterprise/operator - versionTag: 6.0.6-11 -``` - -In Operator Deployment spec (operator.yaml): - -For example: - -```yaml -spec: - template: - spec: - containers: - - name: redis-enterprise-operator - image: harbor.corp.local/redisenterprise/operator:6.0.6-11 -``` - -Image specification follow the [K8s Container schema](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#container-v1-core). - -## Pull secrets - -Private repositories which require login can be accessed by creating a pull secret and declaring it in both the *RedisEnterpriseClusterSpec* and in the Operator Deployment spec. - -[Create a pull secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line) by running: - -```shell -kubectl create secret docker-registry regcred --docker-server= --docker-username= --docker-password= --docker-email= -``` - -where: - -- `` is your Private Docker Registry FQDN. ([https://index.docker.io/v1/](https://index.docker.io/v1/) for DockerHub) -- `` is your Docker username. -- `` is your Docker password. -- `` is your Docker email. - -This creates a pull secret names `regcred` - -To use in the *RedisEnterpriseClusterSpec*: - -```yaml -spec: - pullSecrets: - - name: regcred -``` - -To use in the Operator Deployment: - -```yaml -spec: - template: - spec: - imagePullSecrets: - - name: regcred -``` - -## IPV4 enforcement - -You might not have IPV6 support in your K8S cluster. -In this case, you could enforce the use of IPV4, by adding the following attribute to the REC spec: - -```yaml - enforceIPv4: true -``` - -Note: Setting 'enforceIPv4' to 'true' is a requirement for running REC on PKS. - -[requirements]: https://redislabs.com/redis-enterprise-documentation/administering/designing-production/hardware-requirements/ -[service-catalog]: https://kubernetes.io/docs/concepts/extend-kubernetes/service-catalog/ ## Side Cars @@ -267,16 +125,6 @@ SideCar containers- images that will run along side the redis enterprise contain imagePullPolicy: IfNotPresent ``` -## Extra Labels - -additional labels to tag the k8s resources created during deployment - -```yaml - extraLabels: - example1: "some-value" - example2: "some-value" -``` - ## Resource Limits and Quotas All the pods created by the operator are set with a resources section to their spec, so it is possible to apply a ResourceQuota on the namespace of the Redis Enterprise Cluster. The operator itself is set with resources limits and requests. From c7d0c33bc799a1b064018a382991f308e3c0e6b9 Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Fri, 21 Aug 2020 07:07:38 +0300 Subject: [PATCH 04/29] Update admission.bundle.yaml Co-authored-by: Amiram Mizne --- admission.bundle.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/admission.bundle.yaml b/admission.bundle.yaml index c0bef91..3942830 100644 --- a/admission.bundle.yaml +++ b/admission.bundle.yaml @@ -79,7 +79,7 @@ spec: serviceAccountName: redis-enterprise-admission containers: - name: admin - image: redislabs/operator-internal:6.0.6-23 + image: redislabs/operator:6.0.6-23 command: - /usr/local/bin/admission args: From 0c6f067a648024b12dd3a6d868d313256e1edd2e Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Fri, 21 Aug 2020 07:07:52 +0300 Subject: [PATCH 05/29] Update README.md Co-authored-by: Amiram Mizne --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b6a8082..0e38740 100644 --- a/README.md +++ b/README.md @@ -91,7 +91,7 @@ This is the fastest way to get up and running with a new Redis Enterprise on Kub > Notes: > 1. The `redis-enterprise-cluster.yaml` file was renamed to `redisenterprisecluster_cr.yaml`, with the API version prepended to the filename. - > 2. The Operator can only manage one Redis Enterprise Cluster customer resource in a namespace. To deploy another Enterprise Clusters in the same Kubernetes cluster, deploy additional an Operator in an additional namespace for each additional Enterprise Cluster required. Note that each Enterprise Cluster can effectively host hundreds of Redis Database instances. Deploying multiple clusters is typically used for scenarios where complete operational isolation is required at the cluster level. + > 2. The Operator can only manage one Redis Enterprise Cluster custom resource in a namespace. To deploy another Enterprise Clusters in the same Kubernetes cluster, deploy an Operator in an additional namespace for each additional Enterprise Cluster required. Note that each Enterprise Cluster can effectively host hundreds of Redis Database instances. Deploying multiple clusters is typically used for scenarios where complete operational isolation is required at the cluster level. 5. Run ```kubectl get rec``` and verify creation was successful. `rec` is a shortcut for RedisEnterpriseCluster. A typical response may look like this: From 15d2682f51649f332405308c6e045998b8c48873 Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Fri, 21 Aug 2020 07:10:36 +0300 Subject: [PATCH 06/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0e38740..7d17fd8 100644 --- a/README.md +++ b/README.md @@ -402,7 +402,7 @@ Alternatively: Each release of the Redis Enterprise Operator deployment is thoroughly tested against a set of Kubernetes distributions. The table below lists these, along with the current release's support status. "Supported", as well as "deprecated" support status indicates the current release has been tested in this environment and supported by RedisLabs. "Deprecated" also indicates that support will be dropped in a coming future release. "No longer supported" indicates that support has been dropped for this distribution. Any distribution that isn't explicitly listed is not supported for production workloads by RedisLabs. | Distribution | Support Status | |-------------------|---------------------| -| Openshift 3.11 | deprecated | +| Openshift 3.11 | supported | | Openshift 4.1 | supported | | Openshift 4.2 | supported | | Openshift 4.3 | supported | From be3bae1646e50787ad981603ec1840063596604f Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Sun, 30 Aug 2020 09:14:29 +0000 Subject: [PATCH 07/29] promoting version 6.0.6-24 --- README.md | 14 +++++++------- admission.bundle.yaml | 4 ++-- admission.openshift.bundle.yaml | 4 ++-- admission/deployment.yaml | 4 ++-- admission/deployment_openshift.yaml | 4 ++-- bundle.yaml | 2 +- openshift.bundle.yaml | 2 +- openshift/operator_rhel.yaml | 2 +- operator.yaml | 2 +- release_info.yaml | 2 +- 10 files changed, 20 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 7d17fd8..09624b3 100644 --- a/README.md +++ b/README.md @@ -28,8 +28,8 @@ The following are the images and tags for this release: | Component | k8s | Openshift | | --- | --- | --- | | Redis Enterprise | `redislabs/redis:6.0.6-39` | `redislabs/redis:6.0.6-39.rhel7-openshift` | -| Operator | `redislabs/operator:6.0.6-23` | `redislabs/operator:6.0.6-23` | -| Services Rigger | `redislabs/k8s-controller:6.0.6-23` | `redislabs/k8s-controller:6.0.6-23` | +| Operator | `redislabs/operator:6.0.6-24` | `redislabs/operator:6.0.6-24` | +| Services Rigger | `redislabs/k8s-controller:6.0.6-24` | `redislabs/k8s-controller:6.0.6-24` | > * RedHat certified images are available on [Redhat Catalog](https://access.redhat.com/containers/#/product/71f6d1bb3408bd0d)
@@ -91,7 +91,7 @@ This is the fastest way to get up and running with a new Redis Enterprise on Kub > Notes: > 1. The `redis-enterprise-cluster.yaml` file was renamed to `redisenterprisecluster_cr.yaml`, with the API version prepended to the filename. - > 2. The Operator can only manage one Redis Enterprise Cluster custom resource in a namespace. To deploy another Enterprise Clusters in the same Kubernetes cluster, deploy an Operator in an additional namespace for each additional Enterprise Cluster required. Note that each Enterprise Cluster can effectively host hundreds of Redis Database instances. Deploying multiple clusters is typically used for scenarios where complete operational isolation is required at the cluster level. + > 2. The Operator can only manage one Redis Enterprise Cluster customer resource in a namespace. To deploy another Enterprise Clusters in the same Kubernetes cluster, deploy additional an Operator in an additional namespace for each additional Enterprise Cluster required. Note that each Enterprise Cluster can effectively host hundreds of Redis Database instances. Deploying multiple clusters is typically used for scenarios where complete operational isolation is required at the cluster level. 5. Run ```kubectl get rec``` and verify creation was successful. `rec` is a shortcut for RedisEnterpriseCluster. A typical response may look like this: @@ -316,14 +316,14 @@ For example: redisEnterpriseServicesRiggerImageSpec: imagePullPolicy: IfNotPresent repository: harbor.corp.local/redisenterprise/k8s-controller - versionTag: 6.0.6-23 + versionTag: 6.0.6-24 ``` ```yaml bootstrapperImageSpec: imagePullPolicy: IfNotPresent repository: harbor.corp.local/redisenterprise/operator - versionTag: 6.0.6-23 + versionTag: 6.0.6-24 ``` In Operator Deployment spec (operator.yaml): @@ -335,7 +335,7 @@ spec: spec: containers: - name: redis-enterprise-operator - image: harbor.corp.local/redisenterprise/operator:6.0.6-23 + image: harbor.corp.local/redisenterprise/operator:6.0.6-24 ``` Image specification follow the [K8s Container schema](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#container-v1-core). @@ -402,7 +402,7 @@ Alternatively: Each release of the Redis Enterprise Operator deployment is thoroughly tested against a set of Kubernetes distributions. The table below lists these, along with the current release's support status. "Supported", as well as "deprecated" support status indicates the current release has been tested in this environment and supported by RedisLabs. "Deprecated" also indicates that support will be dropped in a coming future release. "No longer supported" indicates that support has been dropped for this distribution. Any distribution that isn't explicitly listed is not supported for production workloads by RedisLabs. | Distribution | Support Status | |-------------------|---------------------| -| Openshift 3.11 | supported | +| Openshift 3.11 | deprecated | | Openshift 4.1 | supported | | Openshift 4.2 | supported | | Openshift 4.3 | supported | diff --git a/admission.bundle.yaml b/admission.bundle.yaml index 3942830..07525e6 100644 --- a/admission.bundle.yaml +++ b/admission.bundle.yaml @@ -79,7 +79,7 @@ spec: serviceAccountName: redis-enterprise-admission containers: - name: admin - image: redislabs/operator:6.0.6-23 + image: redislabs/operator:6.0.6-24 command: - /usr/local/bin/admission args: @@ -110,7 +110,7 @@ spec: scheme: HTTPS initContainers: - name: admin-init - image: redislabs/operator-internal:6.0.6-23 + image: redislabs/operator:6.0.6-24 command: - /usr/local/bin/admission args: diff --git a/admission.openshift.bundle.yaml b/admission.openshift.bundle.yaml index a9534d7..07525e6 100644 --- a/admission.openshift.bundle.yaml +++ b/admission.openshift.bundle.yaml @@ -79,7 +79,7 @@ spec: serviceAccountName: redis-enterprise-admission containers: - name: admin - image: redislabs/operator:6.0.6-23 + image: redislabs/operator:6.0.6-24 command: - /usr/local/bin/admission args: @@ -110,7 +110,7 @@ spec: scheme: HTTPS initContainers: - name: admin-init - image: redislabs/operator:6.0.6-23 + image: redislabs/operator:6.0.6-24 command: - /usr/local/bin/admission args: diff --git a/admission/deployment.yaml b/admission/deployment.yaml index 96fd8c0..328414e 100644 --- a/admission/deployment.yaml +++ b/admission/deployment.yaml @@ -14,7 +14,7 @@ spec: serviceAccountName: redis-enterprise-admission containers: - name: admin - image: redislabs/operator:6.0.6-23 + image: redislabs/operator:6.0.6-24 command: - /usr/local/bin/admission args: @@ -45,7 +45,7 @@ spec: scheme: HTTPS initContainers: - name: admin-init - image: redislabs/operator:6.0.6-23 + image: redislabs/operator:6.0.6-24 command: - /usr/local/bin/admission args: diff --git a/admission/deployment_openshift.yaml b/admission/deployment_openshift.yaml index 96fd8c0..328414e 100644 --- a/admission/deployment_openshift.yaml +++ b/admission/deployment_openshift.yaml @@ -14,7 +14,7 @@ spec: serviceAccountName: redis-enterprise-admission containers: - name: admin - image: redislabs/operator:6.0.6-23 + image: redislabs/operator:6.0.6-24 command: - /usr/local/bin/admission args: @@ -45,7 +45,7 @@ spec: scheme: HTTPS initContainers: - name: admin-init - image: redislabs/operator:6.0.6-23 + image: redislabs/operator:6.0.6-24 command: - /usr/local/bin/admission args: diff --git a/bundle.yaml b/bundle.yaml index efcfd35..a24a40c 100644 --- a/bundle.yaml +++ b/bundle.yaml @@ -115,7 +115,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.6-23 + image: redislabs/operator:6.0.6-24 command: - redis-enterprise-operator imagePullPolicy: Always diff --git a/openshift.bundle.yaml b/openshift.bundle.yaml index ed34b7b..ff49233 100644 --- a/openshift.bundle.yaml +++ b/openshift.bundle.yaml @@ -131,7 +131,7 @@ spec: serviceAccount: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.6-23 + image: redislabs/operator:6.0.6-24 securityContext: runAsUser: 1001 command: diff --git a/openshift/operator_rhel.yaml b/openshift/operator_rhel.yaml index 139256c..0868ecc 100644 --- a/openshift/operator_rhel.yaml +++ b/openshift/operator_rhel.yaml @@ -15,7 +15,7 @@ spec: serviceAccount: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.6-23 + image: redislabs/operator:6.0.6-24 securityContext: runAsUser: 1001 command: diff --git a/operator.yaml b/operator.yaml index 1f42020..eb41365 100644 --- a/operator.yaml +++ b/operator.yaml @@ -15,7 +15,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.6-23 + image: redislabs/operator:6.0.6-24 command: - redis-enterprise-operator imagePullPolicy: Always diff --git a/release_info.yaml b/release_info.yaml index 30074d5..44c2624 100644 --- a/release_info.yaml +++ b/release_info.yaml @@ -1,3 +1,3 @@ -operatorVersion: 6.0.6-23 +operatorVersion: 6.0.6-24 rsVersion: 6.0.6-39 serviceBrokerVersion: 78_4b9b17f \ No newline at end of file From f188be9ab6608496fbca8d4dff43433d39d2fdfe Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Sun, 30 Aug 2020 12:21:11 +0300 Subject: [PATCH 08/29] Update README.md --- README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 09624b3..efcfb35 100644 --- a/README.md +++ b/README.md @@ -91,7 +91,7 @@ This is the fastest way to get up and running with a new Redis Enterprise on Kub > Notes: > 1. The `redis-enterprise-cluster.yaml` file was renamed to `redisenterprisecluster_cr.yaml`, with the API version prepended to the filename. - > 2. The Operator can only manage one Redis Enterprise Cluster customer resource in a namespace. To deploy another Enterprise Clusters in the same Kubernetes cluster, deploy additional an Operator in an additional namespace for each additional Enterprise Cluster required. Note that each Enterprise Cluster can effectively host hundreds of Redis Database instances. Deploying multiple clusters is typically used for scenarios where complete operational isolation is required at the cluster level. + > 2. The Operator can only manage one Redis Enterprise Cluster custom resource in a namespace. To deploy another Enterprise Clusters in the same Kubernetes cluster, deploy additional an Operator in an additional namespace for each additional Enterprise Cluster required. Note that each Enterprise Cluster can effectively host hundreds of Redis Database instances. Deploying multiple clusters is typically used for scenarios where complete operational isolation is required at the cluster level. 5. Run ```kubectl get rec``` and verify creation was successful. `rec` is a shortcut for RedisEnterpriseCluster. A typical response may look like this: @@ -402,10 +402,11 @@ Alternatively: Each release of the Redis Enterprise Operator deployment is thoroughly tested against a set of Kubernetes distributions. The table below lists these, along with the current release's support status. "Supported", as well as "deprecated" support status indicates the current release has been tested in this environment and supported by RedisLabs. "Deprecated" also indicates that support will be dropped in a coming future release. "No longer supported" indicates that support has been dropped for this distribution. Any distribution that isn't explicitly listed is not supported for production workloads by RedisLabs. | Distribution | Support Status | |-------------------|---------------------| -| Openshift 3.11 | deprecated | +| Openshift 3.11 | supported | | Openshift 4.1 | supported | | Openshift 4.2 | supported | | Openshift 4.3 | supported | +| Openshift 4.4 | supported | | KOPS vanilla 1.9 | no longer supported | | KOPS vanilla 1.10 | no longer supported | | KOPS vanilla 1.11 | deprecated | @@ -418,3 +419,5 @@ Each release of the Redis Enterprise Operator deployment is thoroughly tested ag | GKE 1.14 | supported | | GKE 1.15 | supported | | GKE 1.16 | supported | +| Rancher 2.4.5 | supported | + From b0e1056b5f29bfc2ee20ef943592fb2c523c4790 Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Sun, 30 Aug 2020 12:22:46 +0300 Subject: [PATCH 09/29] Update operator_rhel.yaml --- openshift/operator_rhel.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openshift/operator_rhel.yaml b/openshift/operator_rhel.yaml index 0868ecc..de6cc60 100644 --- a/openshift/operator_rhel.yaml +++ b/openshift/operator_rhel.yaml @@ -1,4 +1,4 @@ -apiVersion: apps/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: redis-enterprise-operator From e0259a1f95621be778dd844a124e8bad6a563d88 Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Sun, 30 Aug 2020 12:24:23 +0300 Subject: [PATCH 10/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index efcfb35..0ba8c6e 100644 --- a/README.md +++ b/README.md @@ -91,7 +91,7 @@ This is the fastest way to get up and running with a new Redis Enterprise on Kub > Notes: > 1. The `redis-enterprise-cluster.yaml` file was renamed to `redisenterprisecluster_cr.yaml`, with the API version prepended to the filename. - > 2. The Operator can only manage one Redis Enterprise Cluster custom resource in a namespace. To deploy another Enterprise Clusters in the same Kubernetes cluster, deploy additional an Operator in an additional namespace for each additional Enterprise Cluster required. Note that each Enterprise Cluster can effectively host hundreds of Redis Database instances. Deploying multiple clusters is typically used for scenarios where complete operational isolation is required at the cluster level. + > 2. The Operator can only manage one Redis Enterprise Cluster custom resource in a namespace. To deploy another Enterprise Clusters in the same Kubernetes cluster, deploy an Operator in an additional namespace for each additional Enterprise Cluster required. Note that each Enterprise Cluster can effectively host hundreds of Redis Database instances. Deploying multiple clusters is typically used for scenarios where complete operational isolation is required at the cluster level. 5. Run ```kubectl get rec``` and verify creation was successful. `rec` is a shortcut for RedisEnterpriseCluster. A typical response may look like this: From 1ade2f477635ed17b1e3e0d4ff861ef3fa7caded Mon Sep 17 00:00:00 2001 From: Nick Terner Date: Wed, 19 Aug 2020 23:28:05 +0300 Subject: [PATCH 11/29] make log_collector - esp. on windows - more tolerant of errors --- log_collector/log_collector.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/log_collector/log_collector.py b/log_collector/log_collector.py index f210549..eec8f2e 100755 --- a/log_collector/log_collector.py +++ b/log_collector/log_collector.py @@ -456,7 +456,7 @@ def run_shell_command_regular(args): except subprocess.CalledProcessError as ex: logger.warning("Failed in shell command: %s, output: %s", args, ex.output) - return ex.returncode, ex.output + return ex.returncode, native_string(ex.output) return 0, native_string(output) From 9a40e540df9ea2cd67f2978e5017897a1928d248 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 15 Oct 2020 13:08:27 +0000 Subject: [PATCH 12/29] promoting version 6.0.8-1 --- README.md | 31 ++- admission.bundle.yaml | 49 +--- admission.openshift.bundle.yaml | 161 ----------- admission/GESHER.md | 250 ++++++++++++++++++ admission/README.md | 154 ++++------- admission/cluster_role.yaml | 8 - admission/deployment.yaml | 7 +- admission/deployment_openshift.yaml | 75 ------ admission/gesher/cluster_role.yaml | 25 ++ .../{ => gesher}/cluster_role_binding.yaml | 6 +- ...labs.com_namespacedvalidatingrule_crd.yaml | 18 ++ ...labs.com_namespacedvalidatingtype_crd.yaml | 18 ++ admission/gesher/operator.openshift.yaml | 52 ++++ admission/gesher/operator.yaml | 56 ++++ admission/gesher/role.yaml | 61 +++++ admission/gesher/role_binding.yaml | 11 + admission/gesher/rule.yaml | 21 ++ admission/gesher/service.yaml | 11 + admission/gesher/service_account.yaml | 4 + admission/gesher/type.yaml | 10 + bundle.yaml | 2 +- gesher.bundle.yaml | 237 +++++++++++++++++ gesher.openshift.bundle.yaml | 233 ++++++++++++++++ log_collector/log_collector.py | 7 +- openshift.bundle.yaml | 4 +- openshift/operator_rhel.yaml | 2 +- openshift/redis-enterprise-cluster_rhel.yaml | 2 +- openshift/sb_cluster_role.yaml | 8 - openshift/sb_cluster_role_binding.yaml | 12 - openshift/with_service_broker_rhel.yaml | 14 - operator.yaml | 2 +- redis_enterprise_cluster_api.md | 26 +- redis_enterprise_database_api.md | 42 ++- release_info.yaml | 5 +- 34 files changed, 1143 insertions(+), 481 deletions(-) delete mode 100644 admission.openshift.bundle.yaml create mode 100644 admission/GESHER.md delete mode 100644 admission/cluster_role.yaml delete mode 100644 admission/deployment_openshift.yaml create mode 100644 admission/gesher/cluster_role.yaml rename admission/{ => gesher}/cluster_role_binding.yaml (67%) create mode 100644 admission/gesher/crds/app.redislabs.com_namespacedvalidatingrule_crd.yaml create mode 100644 admission/gesher/crds/app.redislabs.com_namespacedvalidatingtype_crd.yaml create mode 100644 admission/gesher/operator.openshift.yaml create mode 100644 admission/gesher/operator.yaml create mode 100644 admission/gesher/role.yaml create mode 100644 admission/gesher/role_binding.yaml create mode 100644 admission/gesher/rule.yaml create mode 100644 admission/gesher/service.yaml create mode 100644 admission/gesher/service_account.yaml create mode 100644 admission/gesher/type.yaml create mode 100644 gesher.bundle.yaml create mode 100644 gesher.openshift.bundle.yaml delete mode 100644 openshift/sb_cluster_role.yaml delete mode 100644 openshift/sb_cluster_role_binding.yaml delete mode 100644 openshift/with_service_broker_rhel.yaml diff --git a/README.md b/README.md index 0ba8c6e..8471fc2 100644 --- a/README.md +++ b/README.md @@ -27,9 +27,9 @@ This page describe how to deploy Redis Enterprise on Kubernetes using the Redis The following are the images and tags for this release: | Component | k8s | Openshift | | --- | --- | --- | -| Redis Enterprise | `redislabs/redis:6.0.6-39` | `redislabs/redis:6.0.6-39.rhel7-openshift` | -| Operator | `redislabs/operator:6.0.6-24` | `redislabs/operator:6.0.6-24` | -| Services Rigger | `redislabs/k8s-controller:6.0.6-24` | `redislabs/k8s-controller:6.0.6-24` | +| Redis Enterprise | `redislabs/redis:6.0.8-28` | `redislabs/redis:6.0.8-28.rhel7-openshift` | +| Operator | `redislabs/operator:6.0.8-1` | `redislabs/operator:6.0.8-1` | +| Services Rigger | `redislabs/k8s-controller:6.0.8-1` | `redislabs/k8s-controller:6.0.8-1` | > * RedHat certified images are available on [Redhat Catalog](https://access.redhat.com/containers/#/product/71f6d1bb3408bd0d)
@@ -213,7 +213,7 @@ The operator deploys a `RedisEnterpriseCluster` with default configurations valu redisEnterpriseImageSpec: imagePullPolicy: IfNotPresent repository: redislabs/redis - versionTag: 6.0.6-39 + versionTag: 6.0.8-28 ``` * Persistence @@ -252,6 +252,12 @@ The operator deploys a `RedisEnterpriseCluster` with default configurations valu uiServiceType: LoadBalancer ``` +* Database service type: Service types for access to databases. should be a comma separated list. The possible values are cluster_ip, headless and load_balancer. Default value is `cluster_ip,headless`. + ```yaml + servicesRiggerSpec: + databaseServiceType: load_balancer + ``` + * UI annotations: Add custom annotation to the UI service ```yaml uiAnnotations: @@ -309,21 +315,21 @@ For example: redisEnterpriseImageSpec: imagePullPolicy: IfNotPresent repository: harbor.corp.local/redisenterprise/redis - versionTag: 6.0.6-39 + versionTag: 6.0.8-28 ``` ```yaml redisEnterpriseServicesRiggerImageSpec: imagePullPolicy: IfNotPresent repository: harbor.corp.local/redisenterprise/k8s-controller - versionTag: 6.0.6-24 + versionTag: 6.0.8-1 ``` ```yaml bootstrapperImageSpec: imagePullPolicy: IfNotPresent repository: harbor.corp.local/redisenterprise/operator - versionTag: 6.0.6-24 + versionTag: 6.0.8-1 ``` In Operator Deployment spec (operator.yaml): @@ -335,7 +341,7 @@ spec: spec: containers: - name: redis-enterprise-operator - image: harbor.corp.local/redisenterprise/operator:6.0.6-24 + image: harbor.corp.local/redisenterprise/operator:6.0.8-1 ``` Image specification follow the [K8s Container schema](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#container-v1-core). @@ -386,7 +392,7 @@ spec: The Operator automates and simplifies the upgrade process. The Redis Enterprise Cluster Software, and the Redis Enterprise Operator for Kubernetes versions are tightly coupled and should be upgraded together. It is recommended to use the bundle.yaml to upgrade, as it loads all the relevant CRD documents for this version. If the updated CRDs are not loaded, the operator might fail. -There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within the Redis Enterprise Cluster Spec to instruct the operator to automatically upgrade to the compatible version, or specify the correct Redis Enterprise image manually using the versionTag attribute. The Redis Enterprise Version compatible with this release is 6.0.6-39 +There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within the Redis Enterprise Cluster Spec to instruct the operator to automatically upgrade to the compatible version, or specify the correct Redis Enterprise image manually using the versionTag attribute. The Redis Enterprise Version compatible with this release is 6.0.8-28 ```yaml autoUpgradeRedisEnterprise: true @@ -395,14 +401,14 @@ There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within t Alternatively: ```yaml RedisEnterpriseImageSpec: - versionTag: redislabs/redis:6.0.6-39 + versionTag: redislabs/redis:6.0.8-28 ``` ## Supported K8S Distributions Each release of the Redis Enterprise Operator deployment is thoroughly tested against a set of Kubernetes distributions. The table below lists these, along with the current release's support status. "Supported", as well as "deprecated" support status indicates the current release has been tested in this environment and supported by RedisLabs. "Deprecated" also indicates that support will be dropped in a coming future release. "No longer supported" indicates that support has been dropped for this distribution. Any distribution that isn't explicitly listed is not supported for production workloads by RedisLabs. | Distribution | Support Status | |-------------------|---------------------| -| Openshift 3.11 | supported | +| Openshift 3.11 | supported | | Openshift 4.1 | supported | | Openshift 4.2 | supported | | Openshift 4.3 | supported | @@ -419,5 +425,4 @@ Each release of the Redis Enterprise Operator deployment is thoroughly tested ag | GKE 1.14 | supported | | GKE 1.15 | supported | | GKE 1.16 | supported | -| Rancher 2.4.5 | supported | - +| Rancher 2.4 | supported | diff --git a/admission.bundle.yaml b/admission.bundle.yaml index 07525e6..6fdb982 100644 --- a/admission.bundle.yaml +++ b/admission.bundle.yaml @@ -4,15 +4,6 @@ kind: ServiceAccount metadata: name: redis-enterprise-admission --- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: redis-enterprise-admission -rules: - - apiGroups: ["certificates.k8s.io"] - resources: ["certificatesigningrequests"] - verbs: ["create", "watch"] ---- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -38,19 +29,6 @@ roleRef: name: redis-enterprise-admission apiGroup: rbac.authorization.k8s.io --- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: redis-enterprise-admission -subjects: -- kind: ServiceAccount - namespace: NAMESPACE_OF_SERVICE_ACCOUNT - name: redis-enterprise-admission -roleRef: - kind: ClusterRole - name: redis-enterprise-admission - apiGroup: rbac.authorization.k8s.io ---- apiVersion: v1 kind: Service metadata: @@ -79,11 +57,9 @@ spec: serviceAccountName: redis-enterprise-admission containers: - name: admin - image: redislabs/operator:6.0.6-24 + image: redislabs/operator:6.0.8-1 command: - /usr/local/bin/admission - args: - - '-v=0' imagePullPolicy: Always ports: - containerPort: 443 @@ -110,12 +86,11 @@ spec: scheme: HTTPS initContainers: - name: admin-init - image: redislabs/operator:6.0.6-24 + image: redislabs/operator:6.0.8-1 command: - /usr/local/bin/admission args: - '-generate-tls' - - '-v=1' imagePullPolicy: Always env: - name: POD_NAME @@ -139,23 +114,3 @@ spec: memory: 256Mi --- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: redb-admission -webhooks: -- name: redb.admission.redislabs - failurePolicy: Fail - rules: - - apiGroups: ["app.redislabs.com"] - apiVersions: ["v1alpha1"] - operations: ["*"] - resources: ["redisenterprisedatabases"] - clientConfig: - service: - namespace: NAMESPACE_OF_SERVICE_ACCOUNT - name: admission - path: /admission - caBundle: "" # Fill in with BASE64 encoded signed cert - admissionReviewVersions: ["v1beta1"] ---- diff --git a/admission.openshift.bundle.yaml b/admission.openshift.bundle.yaml deleted file mode 100644 index 07525e6..0000000 --- a/admission.openshift.bundle.yaml +++ /dev/null @@ -1,161 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: redis-enterprise-admission ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: redis-enterprise-admission -rules: - - apiGroups: ["certificates.k8s.io"] - resources: ["certificatesigningrequests"] - verbs: ["create", "watch"] ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: redis-enterprise-admission -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["*"] - - apiGroups: ["app.redislabs.com"] - resources: ["*"] - verbs: ["*"] - ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: redis-enterprise-admission -subjects: -- kind: ServiceAccount - name: redis-enterprise-admission -roleRef: - kind: Role - name: redis-enterprise-admission - apiGroup: rbac.authorization.k8s.io ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: redis-enterprise-admission -subjects: -- kind: ServiceAccount - namespace: NAMESPACE_OF_SERVICE_ACCOUNT - name: redis-enterprise-admission -roleRef: - kind: ClusterRole - name: redis-enterprise-admission - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: v1 -kind: Service -metadata: - name: admission -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 8443 - selector: - app: redb-admission ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: admission-deploy -spec: - selector: - matchLabels: - app: redb-admission - template: - metadata: - labels: - app: redb-admission - spec: - serviceAccountName: redis-enterprise-admission - containers: - - name: admin - image: redislabs/operator:6.0.6-24 - command: - - /usr/local/bin/admission - args: - - '-v=0' - imagePullPolicy: Always - ports: - - containerPort: 443 - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 25m - memory: 256Mi - readinessProbe: - failureThreshold: 3 - successThreshold: 1 - periodSeconds: 30 - timeoutSeconds: 10 - httpGet: - path: /healthz - port: 8443 - scheme: HTTPS - initContainers: - - name: admin-init - image: redislabs/operator:6.0.6-24 - command: - - /usr/local/bin/admission - args: - - '-generate-tls' - - '-v=1' - imagePullPolicy: Always - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - resources: - limits: - cpu: 2000m - memory: 256Mi - requests: - cpu: 100m - memory: 256Mi - ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: redb-admission -webhooks: -- name: redb.admission.redislabs - failurePolicy: Fail - rules: - - apiGroups: ["app.redislabs.com"] - apiVersions: ["v1alpha1"] - operations: ["*"] - resources: ["redisenterprisedatabases"] - clientConfig: - service: - namespace: NAMESPACE_OF_SERVICE_ACCOUNT - name: admission - path: /admission - caBundle: "" # Fill in with BASE64 encoded signed cert - admissionReviewVersions: ["v1beta1"] ---- diff --git a/admission/GESHER.md b/admission/GESHER.md new file mode 100644 index 0000000..ec275cc --- /dev/null +++ b/admission/GESHER.md @@ -0,0 +1,250 @@ +# Admission Conrol with Gesher Installation for Redis Enterprise Operator + +## Gesher Background + +Gesher is an operator that enables Kubernetes administrator to delegate the ability to setup webhook validating admisison controllers to users for running within their own namespace. + +Gesher is configured by two custom resources. + +1) A cluster-scoped **NamespacedValidatingType** that defines what Kubernetes resources and operations Gesher is allowed to Proxy +2) A namespace-scoped **NamespacedValidatingRule** that is a namespaced equivalent to Kubernetes **ValidatingWebhookConfiguration** but only effects resources within its same namespace. + +### Choosing Traditional Cluster or Gesher's Delegated installation methods. + +Redis Labs provides two methods for integrating admission control into one's system, what we refer to as *cluster* and *delegated* configurations. + +*Cluster* configuration integrates admission via the standard Kubernetes **ValidatingWebhookConfiguration** resource. This is a cluster-scoped kubernetes resource that can only be configured by a cluster administrator. + +*Delegated* configuration integrates admission via the open source [Gesher admission proxy operator](https://github.com/redislabs/gesher). Gesher enables an administrator to setup an operator that delegates the ability to setup admission control on namespaced objects to users with the appropriate RBAC permissions within the same namespace as the object. Instead of requiring a cluster-scoped resource that can impact all resources on a machine, Gesher's namespaced-scoped custom resources only impact resources within the same namespace. This avoids the needs for administrator intervention for every namespaced operator that will be deployed. + +We recommend using *Cluster* configuration when the cluster administrator is the one installing and managing the operator, as well as in clusters where one only expects a single operator to be used. + +*Delegated* configuration is meant for cases where the cluster administrator expects multiple namespaced operators to be used without their direct knowledge or intervention. + +If the cluster administrator involvement will always be required, using Gesher just adds complexity without any significant gain. + +## Installing Gesher + +## Gesher Bundle Installation + +Install the Gesher bundle into its own namespace: + +This must be done by the Kubernetes cluster administrator. + +**NOTE**: One must replace REPLACE_WITH_GESHER_NAMESPACE in the following command with the proper namespace +**NOTE**: If one is using openshift, one should replace `gesher.bundle.yaml` with `gesher.openshift.bundle.yaml` + +```shell script +sed 's/NAMESPACE_OF_SERVICE_ACCOUNT/REPLACE_WITH_GESHER_NAMESPACE/g' gesher.bundle.yaml | kubectl create -f - +``` + +This will deploy the admission proxy, and via an included **NamespacedValidatingType** custom resource, allow forwarding of REDB admission requests. However, until a **NamespacedValidatingRule** is installed into a namespace, admission is not setup. + +## Individual Yaml Installation + +1. Create, and switch to, a dedicated namespace for the Gesher Admission proxy + + If installing using Cluster Admission Controller method, skip this, and other steps related to Gesher, to step 11. + + ```shell script + kubectl create namespace gesher + kubectl config set-context --current --namespace=gesher + ``` + +2. ServiceAccount for the Gesher Admission proxy to run as + + ```shell script + kubectl apply -f gesher/service_account.yaml + ``` + +3. namespaced Role that allows the Gesher Admission proxy to function as an operator in its namespace. + + ```shell script + kubectl apply -f gesher/role.yaml + ``` + +4. Cluster Role that allows controlling the Kubernetes cluster's Admission webhook configuration, and the CRDs of the Gesher operator + + ```shell script + kubectl apply -f gesher/cluster_role.yaml + ``` + +5. Binding namespaced Role, and the Cluster Role to the service account of the Gesher Admission proxy + + NOTE: One must replace REPLACE_WITH_NAMESPACE in the following command with the namespace Gesher is being installed to, from above. + + ```shell script + kubectl apply -f gesher/role_binding.yaml + kubectl apply -f gesher/cluster_role_binding.yaml + ``` + +6. Kubernetes Service that is used to access the Gesher Admission Control HTTP proxy + + ```shell script + kubectl apply -f gesher/service.yaml + ``` + +8. Deployment for the Gesher operator + +**Note:** if one is using openshift, one should replace `operator.yaml` with `operator.openshift.yaml` + + ```shell script + kubectl apply -f gesher/operator.yaml + ``` + +9. NamespacedValidatingType and NamespacedValidatingRule CRDs + + **NamespacedValidatingTypes** and **NamespacedValidatingRules** are Custom Resource Definition that allow creating resources of the corresponding type. + + **NamespacedValidatingTypes** resources allow the Kubernetes cluster administrator to specify which resources _can_ be proxied by the Gesher Admission Controller proxy. Having a resource of this type is required - but not sufficient - to forward Admission requests to a namespaced Admission Controller. + A resource of this type will be created in the next step, to allow Admission Control of Redis Enterprise Database resources. + + **NamespacedValidatingRules** functions as the 'implementation' to **NamespacedValidatingTypes** 'interface'. A resource of this type represents a namespaced Admission Controller, and will usually be created in the same namespace as the Admission Controller, and possibly, the operator for the CRDs being admission controlled. + A resource of this type, that will register the Admission Controller for Redis Enterprise Database resources, will be created in the last step. + + ```shell script + kubectl apply -f gesher/crds/app.redislabs.com_namespacedvalidatingtype_crd.yaml + kubectl apply -f gesher/crds/app.redislabs.com_namespacedvalidatingrule_crd.yaml + ``` + +10. **NamespacedValidatingType** Custom Resource + + This is the Custom resource, mentioned in the previous step, that allows forwarding of Admission Control requests for Redis Enterprise Database resources. + + ```shell script + kubectl apply -f gesher/type.yaml + ``` + +## Verifying Gesher installation + +One can verify that gesher is running correctly by verifying that the **ValidatingWebhookConfiguration** it creates to point at itself has been created and has the appropriate data corresponding to the **NamespacedValidatingType** that was loaded + +```shell script +$ kubectl get ValidatingWebhookConfiguration +NAME CREATED AT +proxy.webhook.gesher 2020-10-05T16:18:21Z +``` + +and + +```shell script +$ kubectl get -o yaml ValidatingWebhookConfiguration proxy.webhook.gesher +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + name: proxy.webhook.gesher + +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: + service: + name: gesher + namespace: automation-1 + path: /proxy + port: 443 + failurePolicy: Fail + matchPolicy: Exact + name: proxy.webhook.gesher + namespaceSelector: {} + objectSelector: {} + rules: + - apiGroups: + - app.redislabs.com + apiVersions: + - v1alpha1 + operations: + - '*' + resources: + - redisenterprisedatabases + scope: Namespaced + sideEffects: Unknown + timeoutSeconds: 30 +``` + +## Installing Admission Controller + +Installing the admission controller with gesher is similiar to the traditional installation. It is a 2 step process + +1. Installing the admission controller via a single bundle or individual yaml files +2. Hooking up the admission webhook via gesher + +## Admission Control via Bundle Installation + +1. Install the Admission Controller via a bundle into the same namespace the REC was installed into. + +```shell script +kubectl create -f admission.bundle.yaml +``` + +## Individual Yaml Installation + +1. namespaced Role that allows creation and reading of Secrets + + ```shell script + kubectl apply -f role.yaml + ``` + +2. ServiceAccount for admission controller to run as + + ```shell script + kubectl apply -f service_account.yaml + ``` + +3. Binding namespaced Role to the service account + + ```shell script + kubectl apply -f role_binding.yaml + ``` + +4. Kubernetes Service that is used to access the Admission Control HTTP Server + + ```shell script + kubectl apply -f service.yaml + ``` + +5. TLS Key generator + Admission Controller HTTP Server + + ```shell script + kubectl apply -f deployment.yaml + ``` + +## Hooking up the Admission controller with Gesher + +**NOTE**: This only has to be done the first time setting up the admission controller, it can be skipped on update + +1. Wait for the secret to be created + + ```shell script + kubectl get secret admission-tls + NAME TYPE DATA AGE + admission-tls Opaque 2 2m43s + ``` + +2. Enable the gesher rule using the generated certificate + + ```shell script + # save cert + CERT=`kubectl get secret admission-tls -o jsonpath='{.data.cert}'` + sed -e "s#CERTIFICATE_PLACEHOLDER#${CERT}#g" gesher/rule.yaml | kubectl create -f - + ``` + +## Verifying Installation + +In order to verify that the all the components of the Admission Controller are installed correctly, we will try to apply an invalid resource that should force the admission controller to reject it. If it applies succesfully, it means the admission controller has not been hooked up correctly. + +```shell script +$ kubectl apply -f - << EOF +apiVersion: app.redislabs.com/v1alpha1 +kind: RedisEnterpriseDatabase +metadata: + name: test-database-custom-resource +EOF +``` + +This must fail with an error output by the admission webhook redb.admisison.redislabs that is being denied because it can't get the login credentials for the Redis Enterprise Cluster as none were specified. + +```shell script +Error from server: error when creating "STDIN": admission webhook "proxy.webhook.gesher" denied the request: proxied webhook webhook denied the request: failed get RedisEnterpriseCluster client: custom resource (RedisEnterpriseCluster) not found: resource name may not be empty +``` \ No newline at end of file diff --git a/admission/README.md b/admission/README.md index e53d36c..3557f04 100644 --- a/admission/README.md +++ b/admission/README.md @@ -1,126 +1,88 @@ -## REDB Admission Controller Setup -In order to enable the REDB admission controller one has to deploy multiple Kubernetes resource. -One can either install them via the provided yaml bundle, or individually. +# REDB Admission Controller -##### Bundle Installation +Redis Labs' Redis Enterprise Operator provides an installable admission control that can be used to verify RedisEnterpriseDatabase resources on creation and modification for correctness. This prevents end users from creating syntatically valid but functionally invalid database configurations. The admission control leverages Kubernetes' built in [Dynamic Admission Control](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/). -1. one installs them via a bundle after editing it to use the correct namespace. +**Note:** Redis Labs' Redis Enterprise Operator can also be installed through the [Gesher Admission Proxy](GESHER.md) -**NOTE**: One must replace REPLACE_WITH_NAMESPACE in the following command with the proper namespace +## Admission Control via Bundle Installation -```shell script -sed 's/NAMESPACE_OF_SERVICE_ACCOUNT/REPLACE_WITH_NAMESPACE/g' admission.bundle.yaml | kubectl create -f - -``` - -If this is the first time one is deploying the admission controller, one has to approve the CSR and setup the webhook to enable resource validation. If one has already set these up, and one is just updating the admission controller, one skips steps 2 and 3 as they are already configured correctly - -2. and waits for the secret to be created +1. Install the Admission Controller via a bundle into the same namespace the REC was installed into. ```shell script -kubectl get secret admission-tls -NAME TYPE DATA AGE -admission-tls Opaque 2 2m43s +kubectl create -f admission.bundle.yaml ``` -3. and modifies the webhook to use the certificate generated +## Individual Yaml Installation -```shell script -# save cert -CERT=`kubectl get secret admission-tls -o jsonpath='{.data.cert}'` -# create patch file -cat > modified-webhook.yaml < modified-webhook.yaml < modified-webhook.yaml < Creates a host name so it should be unique if more than one db is created on the cluster with the same name | string | | true | | ingressAnnotations | Used for ingress controllers such as ha-proxy or nginx in GKE | map[string]string | | false | -| peerClusters | List of peer clusters to be used by the service broker | [][PeerCluster](#peercluster) | | false | [Back to Table of Contents](#table-of-contents) ### ImageSpec @@ -44,6 +43,16 @@ Image specification | imagePullPolicy | | v1.PullPolicy | | true | [Back to Table of Contents](#table-of-contents) +### Module + + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| name | | string | | true | +| displayName | | string | | true | +| versions | | []string | | true | +[Back to Table of Contents](#table-of-contents) + ### PeerCluster Active Active peer cluster @@ -106,7 +115,6 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster | redisEnterpriseServicesRiggerResources | Compute resource requirements for Services Rigger pod | *[v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#resourcerequirements-v1-core) | 0.5 CPU and 0.5GB memory | false | | pullSecrets | PullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ | [][v1.LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#localobjectreference-v1-core) | empty | false | | persistentSpec | Specification for Redis Enterprise Cluster persistence | [PersistentConfigurationSpec](#persistentconfigurationspec) | | false | -| serviceBrokerSpec | Specification for Service Broker | [ServiceBrokerSpec](#servicebrokerspec) | disabled | false | | sideContainersSpec | Specification for a side container that will be added to each Redis Enterprise pod | []v1.Container | empty | false | | extraLabels | Labels that the user defines for their convenience | map[string]string | empty | false | | podAntiAffinity | Override for the default anti-affinity rules of the Redis Enterprise pods | *v1.PodAntiAffinity | | false | @@ -132,17 +140,7 @@ RedisEnterpriseClusterStatus defines the observed state of RedisEnterpriseCluste | ----- | ----------- | ------ | -------- | -------- | | state | State of Redis Enterprise Cluster | [ClusterState](#clusterstate) | | true | | specStatus | Validity of Redis Enterprise Cluster specification | [SpecStatusName](#specstatusname) | | true | -[Back to Table of Contents](#table-of-contents) - -### ServiceBrokerSpec -Specification for Service Broker - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| enabled | Whether to deploy Service Broker | bool | | true | -| persistentSpec | Persistence specification for Service Broker | [PersistentConfigurationSpec](#persistentconfigurationspec) | | false | -| imageSpec | Image specification for Service Broker | *[ImageSpec](#imagespec) | | false | -| resources | Compute resource requirements for Service Broker | *[v1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#resourcerequirements-v1-core) | | false | +| modules | Modules Available in Cluster | [][Module](#module) | | false | [Back to Table of Contents](#table-of-contents) ### ServicesRiggerConfigurationSpec diff --git a/redis_enterprise_database_api.md b/redis_enterprise_database_api.md index 77c6b83..b448145 100644 --- a/redis_enterprise_database_api.md +++ b/redis_enterprise_database_api.md @@ -7,6 +7,7 @@ This document describes the parameters for the Redis Enterprise Database custom * [BackupSpec](#backupspec) * [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) * [DbAlertsSettings](#dbalertssettings) + * [DbModule](#dbmodule) * [FtpStorage](#ftpstorage) * [GoogleStorage](#googlestorage) * [InternalEndpoint](#internalendpoint) @@ -66,20 +67,31 @@ DbAlertsSettings An API object that represents the database alerts configuration | Field | Description | Scheme | Default Value | Required | | ----- | ----------- | ------ | -------- | -------- | -| bdb_backup_delayed | Periodic backup has been delayed for longer than specified threshold value [minutes] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_crdt_src_high_syncer_lag | Active-active source - sync lag is higher than specified threshold value [seconds] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_crdt_src_syncer_connection_error | Active-active source - sync has connection error while trying to connect replica source | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_crdt_src_syncer_general_error | Active-active source - sync encountered in general error | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_high_latency | Latency is higher than specified threshold value [micro-sec] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_high_throughput | Throughput is higher than specified threshold value [requests / sec.] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_long_running_action | An alert for state-machines that are running for too long | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_low_throughput | Throughput is lower than specified threshold value [requests / sec.] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_ram_dataset_overhead | Dataset RAM overhead of a shard has reached the threshold value [% of its RAM limit] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_ram_values | Percent of values kept in a shard's RAM is lower than [% of its key count] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_replica_src_high_syncer_lag | Replica-of source - sync lag is higher than specified threshold value [seconds] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_replica_src_syncer_connection_error | Replica-of source - sync has connection error while trying to connect replica source | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_shard_num_ram_values | Number of values kept in a shard's RAM is lower than [values] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | -| bdb_size | Dataset size has reached the threshold value [% of the memory limit] | [BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_backup_delayed | Periodic backup has been delayed for longer than specified threshold value [minutes] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_crdt_src_high_syncer_lag | Active-active source - sync lag is higher than specified threshold value [seconds] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_crdt_src_syncer_connection_error | Active-active source - sync has connection error while trying to connect replica source | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_crdt_src_syncer_general_error | Active-active source - sync encountered in general error | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_high_latency | Latency is higher than specified threshold value [micro-sec] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_high_throughput | Throughput is higher than specified threshold value [requests / sec.] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_long_running_action | An alert for state-machines that are running for too long | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_low_throughput | Throughput is lower than specified threshold value [requests / sec.] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_ram_dataset_overhead | Dataset RAM overhead of a shard has reached the threshold value [% of its RAM limit] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_ram_values | Percent of values kept in a shard's RAM is lower than [% of its key count] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_replica_src_high_syncer_lag | Replica-of source - sync lag is higher than specified threshold value [seconds] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_replica_src_syncer_connection_error | Replica-of source - sync has connection error while trying to connect replica source | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_shard_num_ram_values | Number of values kept in a shard's RAM is lower than [values] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +| bdb_size | Dataset size has reached the threshold value [% of the memory limit] | *[BdbAlertSettingsWithThreshold](#bdbalertsettingswiththreshold) | | false | +[Back to Table of Contents](#table-of-contents) + +### DbModule +Redis Enterprise Module: https://redislabs.com/redis-enterprise/modules/ + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| name | The module's name e.g \"ft\" for redissearch | string | | true | +| version | Module's semantic version e.g \"1.6.12\" | string | | true | +| config | Module command line arguments e.g. VKEY_MAX_ENTITY_COUNT 30 | string | | false | +| uid | Module's uid - do not set, for system use only | string | | false | [Back to Table of Contents](#table-of-contents) ### FtpStorage @@ -162,6 +174,7 @@ RedisEnterpriseDatabaseSpec defines the desired state of RedisEnterpriseDatabase | replicaSources | What databases to replicate from | [][ReplicaSource](#replicasource) | | false | | alertSettings | Settings for database alerts | *[DbAlertsSettings](#dbalertssettings) | | false | | backup | Target for automatic database backups. | *[BackupSpec](#backupspec) | | false | +| modulesList | List of modules associated with database | *[][DbModule](#dbmodule) | | false | [Back to Table of Contents](#table-of-contents) ### RedisEnterpriseDatabaseStatus @@ -180,6 +193,7 @@ RedisEnterpriseDatabaseStatus defines the observed state of RedisEnterpriseDatab | version | Database compatibility version | string | | false | | replicaSourceStatuses | ReplicaSource statuses | [][ReplicaSourceStatus](#replicasourcestatus) | | false | | internalEndpoints | Endpoints listed internally by the Redis Enterprise Cluster. Can be used to correlate a ReplicaSourceStatus entry. | [][InternalEndpoint](#internalendpoint) | | false | +| observedGeneration | The generation (built in update counter of K8s) of the REDB resource that was fully acted upon, meaning that all changes were handled and sent as an API call to the Redis Enterprise Cluster (REC). This field value should equal the current generation when the resource changes were handled. Note: the lastActionStatus field tracks actions handled asynchronously by the Redis Enterprise Cluster. | int64 | | false | [Back to Table of Contents](#table-of-contents) ### ReplicaSource diff --git a/release_info.yaml b/release_info.yaml index 44c2624..48c07fd 100644 --- a/release_info.yaml +++ b/release_info.yaml @@ -1,3 +1,2 @@ -operatorVersion: 6.0.6-24 -rsVersion: 6.0.6-39 -serviceBrokerVersion: 78_4b9b17f \ No newline at end of file +operatorVersion: 6.0.8-1 +rsVersion: 6.0.8-28 From 89cf26e7857248da9ca18581f6c4ac7bd0c0eb2e Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Thu, 15 Oct 2020 16:19:11 +0300 Subject: [PATCH 13/29] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8471fc2..0cefc71 100644 --- a/README.md +++ b/README.md @@ -415,8 +415,8 @@ Each release of the Redis Enterprise Operator deployment is thoroughly tested ag | Openshift 4.4 | supported | | KOPS vanilla 1.9 | no longer supported | | KOPS vanilla 1.10 | no longer supported | -| KOPS vanilla 1.11 | deprecated | -| KOPS vanilla 1.12 | supported | +| KOPS vanilla 1.11 | no longer supported | +| KOPS vanilla 1.12 | no longer supported | | KOPS vanilla 1.13 | supported | | KOPS vanilla 1.14 | supported | | KOPS vanilla 1.15 | supported | From fdcf1f9770bdfb26848cd3e237e66b6972d72b14 Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Thu, 15 Oct 2020 22:11:48 +0300 Subject: [PATCH 14/29] Update README.md Co-authored-by: Amiram Mizne --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0cefc71..236e9e5 100644 --- a/README.md +++ b/README.md @@ -252,7 +252,7 @@ The operator deploys a `RedisEnterpriseCluster` with default configurations valu uiServiceType: LoadBalancer ``` -* Database service type: Service types for access to databases. should be a comma separated list. The possible values are cluster_ip, headless and load_balancer. Default value is `cluster_ip,headless`. +* Database service type (optional): Service types for access to databases. Should be a comma separated list. The possible values are cluster_ip, headless, and load_balancer. Default value is `cluster_ip,headless`. For example, to create on load_balancer type database services, explicitly add the following declaration to the Redis Enterprise Cluster spec: ```yaml servicesRiggerSpec: databaseServiceType: load_balancer From ab391e3022d87ca3188a888fb1c95e4506a30bb0 Mon Sep 17 00:00:00 2001 From: Amiram Mizne Date: Wed, 21 Oct 2020 05:04:10 -0700 Subject: [PATCH 15/29] Add Openshift 4.5 to support list --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 236e9e5..d4163f2 100644 --- a/README.md +++ b/README.md @@ -413,6 +413,7 @@ Each release of the Redis Enterprise Operator deployment is thoroughly tested ag | Openshift 4.2 | supported | | Openshift 4.3 | supported | | Openshift 4.4 | supported | +| OpenShift 4.5 | supported | | KOPS vanilla 1.9 | no longer supported | | KOPS vanilla 1.10 | no longer supported | | KOPS vanilla 1.11 | no longer supported | From d65ec8547eb4bfd6818bc2a84ed558669a6e44ae Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 10 Dec 2020 13:45:41 +0000 Subject: [PATCH 16/29] promoting version 6.0.8-20 --- README.md | 28 +- admission.bundle.yaml | 8 +- admission/README.md | 4 +- admission/deployment.yaml | 8 +- bundle.yaml | 2167 ++++++++++++++++- crds/README.md | 30 + crds/app_v1_redisenterprisecluster_crd.yaml | 1659 ++++++++++++- ...p_v1alpha1_redisenterprisecluster_crd.yaml | 1666 ++++++++++++- ..._v1alpha1_redisenterprisedatabase_crd.yaml | 506 ++++ log_collector/log_collector.py | 125 +- multi-namespace-redb/README.md | 79 + multi-namespace-redb/operator.yaml | 43 + multi-namespace-redb/role.yaml | 23 + multi-namespace-redb/role_binding.yaml | 15 + openshift.bundle.yaml | 2167 ++++++++++++++++- openshift/operator_rhel.yaml | 2 +- openshift/redis-enterprise-cluster_rhel.yaml | 2 +- operator.yaml | 2 +- redis_enterprise_cluster_api.md | 16 +- redis_enterprise_database_api.md | 11 +- release_info.yaml | 4 +- 21 files changed, 8467 insertions(+), 98 deletions(-) create mode 100644 crds/README.md create mode 100644 multi-namespace-redb/README.md create mode 100644 multi-namespace-redb/operator.yaml create mode 100644 multi-namespace-redb/role.yaml create mode 100644 multi-namespace-redb/role_binding.yaml diff --git a/README.md b/README.md index d4163f2..e5f4b94 100644 --- a/README.md +++ b/README.md @@ -27,9 +27,9 @@ This page describe how to deploy Redis Enterprise on Kubernetes using the Redis The following are the images and tags for this release: | Component | k8s | Openshift | | --- | --- | --- | -| Redis Enterprise | `redislabs/redis:6.0.8-28` | `redislabs/redis:6.0.8-28.rhel7-openshift` | -| Operator | `redislabs/operator:6.0.8-1` | `redislabs/operator:6.0.8-1` | -| Services Rigger | `redislabs/k8s-controller:6.0.8-1` | `redislabs/k8s-controller:6.0.8-1` | +| Redis Enterprise | `redislabs/redis:6.0.8-30` | `redislabs/redis:6.0.8-30.rhel7-openshift` | +| Operator | `redislabs/operator:6.0.8-20` | `redislabs/operator:6.0.8-20` | +| Services Rigger | `redislabs/k8s-controller:6.0.8-20` | `redislabs/k8s-controller:6.0.8-20` | > * RedHat certified images are available on [Redhat Catalog](https://access.redhat.com/containers/#/product/71f6d1bb3408bd0d)
@@ -213,7 +213,7 @@ The operator deploys a `RedisEnterpriseCluster` with default configurations valu redisEnterpriseImageSpec: imagePullPolicy: IfNotPresent repository: redislabs/redis - versionTag: 6.0.8-28 + versionTag: 6.0.8-30 ``` * Persistence @@ -252,7 +252,7 @@ The operator deploys a `RedisEnterpriseCluster` with default configurations valu uiServiceType: LoadBalancer ``` -* Database service type (optional): Service types for access to databases. Should be a comma separated list. The possible values are cluster_ip, headless, and load_balancer. Default value is `cluster_ip,headless`. For example, to create on load_balancer type database services, explicitly add the following declaration to the Redis Enterprise Cluster spec: +* Database service type (optional): Service types for access to databases. Should be a comma separated list. The possible values are cluster_ip, headless, and load_balancer. Default value is `cluster_ip,headless`. For example, to create a load_balancer type database service, explicitly add the following declaration to the Redis Enterprise Cluster spec: ```yaml servicesRiggerSpec: databaseServiceType: load_balancer @@ -315,21 +315,21 @@ For example: redisEnterpriseImageSpec: imagePullPolicy: IfNotPresent repository: harbor.corp.local/redisenterprise/redis - versionTag: 6.0.8-28 + versionTag: 6.0.8-30 ``` ```yaml redisEnterpriseServicesRiggerImageSpec: imagePullPolicy: IfNotPresent repository: harbor.corp.local/redisenterprise/k8s-controller - versionTag: 6.0.8-1 + versionTag: 6.0.8-20 ``` ```yaml bootstrapperImageSpec: imagePullPolicy: IfNotPresent repository: harbor.corp.local/redisenterprise/operator - versionTag: 6.0.8-1 + versionTag: 6.0.8-20 ``` In Operator Deployment spec (operator.yaml): @@ -341,7 +341,7 @@ spec: spec: containers: - name: redis-enterprise-operator - image: harbor.corp.local/redisenterprise/operator:6.0.8-1 + image: harbor.corp.local/redisenterprise/operator:6.0.8-20 ``` Image specification follow the [K8s Container schema](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#container-v1-core). @@ -392,7 +392,7 @@ spec: The Operator automates and simplifies the upgrade process. The Redis Enterprise Cluster Software, and the Redis Enterprise Operator for Kubernetes versions are tightly coupled and should be upgraded together. It is recommended to use the bundle.yaml to upgrade, as it loads all the relevant CRD documents for this version. If the updated CRDs are not loaded, the operator might fail. -There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within the Redis Enterprise Cluster Spec to instruct the operator to automatically upgrade to the compatible version, or specify the correct Redis Enterprise image manually using the versionTag attribute. The Redis Enterprise Version compatible with this release is 6.0.8-28 +There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within the Redis Enterprise Cluster Spec to instruct the operator to automatically upgrade to the compatible version, or specify the correct Redis Enterprise image manually using the versionTag attribute. The Redis Enterprise Version compatible with this release is 6.0.8-30 ```yaml autoUpgradeRedisEnterprise: true @@ -401,14 +401,14 @@ There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within t Alternatively: ```yaml RedisEnterpriseImageSpec: - versionTag: redislabs/redis:6.0.8-28 + versionTag: redislabs/redis:6.0.8-30 ``` ## Supported K8S Distributions Each release of the Redis Enterprise Operator deployment is thoroughly tested against a set of Kubernetes distributions. The table below lists these, along with the current release's support status. "Supported", as well as "deprecated" support status indicates the current release has been tested in this environment and supported by RedisLabs. "Deprecated" also indicates that support will be dropped in a coming future release. "No longer supported" indicates that support has been dropped for this distribution. Any distribution that isn't explicitly listed is not supported for production workloads by RedisLabs. | Distribution | Support Status | |-------------------|---------------------| -| Openshift 3.11 | supported | +| Openshift 3.11 | supported | | Openshift 4.1 | supported | | Openshift 4.2 | supported | | Openshift 4.3 | supported | @@ -416,8 +416,8 @@ Each release of the Redis Enterprise Operator deployment is thoroughly tested ag | OpenShift 4.5 | supported | | KOPS vanilla 1.9 | no longer supported | | KOPS vanilla 1.10 | no longer supported | -| KOPS vanilla 1.11 | no longer supported | -| KOPS vanilla 1.12 | no longer supported | +| KOPS vanilla 1.11 | no longer supported | +| KOPS vanilla 1.12 | no longer supported | | KOPS vanilla 1.13 | supported | | KOPS vanilla 1.14 | supported | | KOPS vanilla 1.15 | supported | diff --git a/admission.bundle.yaml b/admission.bundle.yaml index 6fdb982..67ffe6b 100644 --- a/admission.bundle.yaml +++ b/admission.bundle.yaml @@ -57,7 +57,7 @@ spec: serviceAccountName: redis-enterprise-admission containers: - name: admin - image: redislabs/operator:6.0.8-1 + image: redislabs/operator:6.0.8-20 command: - /usr/local/bin/admission imagePullPolicy: Always @@ -70,10 +70,10 @@ spec: fieldPath: metadata.namespace resources: limits: - cpu: 100m + cpu: 1000m memory: 512Mi requests: - cpu: 25m + cpu: 250m memory: 256Mi readinessProbe: failureThreshold: 3 @@ -86,7 +86,7 @@ spec: scheme: HTTPS initContainers: - name: admin-init - image: redislabs/operator:6.0.8-1 + image: redislabs/operator:6.0.8-20 command: - /usr/local/bin/admission args: diff --git a/admission/README.md b/admission/README.md index 3557f04..fa8e72a 100644 --- a/admission/README.md +++ b/admission/README.md @@ -89,7 +89,9 @@ $ kubectl apply -f - << EOF apiVersion: app.redislabs.com/v1alpha1 kind: RedisEnterpriseDatabase metadata: - name: test-database-custom-resource + name: redis-enterprise-database +spec: + evictionPolicy: illegal EOF ``` diff --git a/admission/deployment.yaml b/admission/deployment.yaml index 584811d..b062850 100644 --- a/admission/deployment.yaml +++ b/admission/deployment.yaml @@ -14,7 +14,7 @@ spec: serviceAccountName: redis-enterprise-admission containers: - name: admin - image: redislabs/operator:6.0.8-1 + image: redislabs/operator:6.0.8-20 command: - /usr/local/bin/admission imagePullPolicy: Always @@ -27,10 +27,10 @@ spec: fieldPath: metadata.namespace resources: limits: - cpu: 100m + cpu: 1000m memory: 512Mi requests: - cpu: 25m + cpu: 250m memory: 256Mi readinessProbe: failureThreshold: 3 @@ -43,7 +43,7 @@ spec: scheme: HTTPS initContainers: - name: admin-init - image: redislabs/operator:6.0.8-1 + image: redislabs/operator:6.0.8-20 command: - /usr/local/bin/admission args: diff --git a/bundle.yaml b/bundle.yaml index 1c28781..7f3fe63 100644 --- a/bundle.yaml +++ b/bundle.yaml @@ -86,9 +86,9 @@ spec: singular: redisenterprisecluster shortNames: - rec + scope: Namespaced subresources: status: {} - scope: Namespaced version: v1 versions: - name: v1 @@ -97,6 +97,1663 @@ spec: - name: v1alpha1 served: true storage: true + validation: + openAPIV3Schema: + description: RedisEnterpriseCluster is the Schema for the redisenterpriseclusters + API + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + description: RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster + properties: + activeActive: + description: Specification for ActiveActive setup + properties: + apiIngressUrl: + description: RS API URL + type: string + dbIngressSuffix: + description: DB ENDPOINT SUFFIX - will be used to set the db host. + ingress Creates a host name so it + should be unique if more than one db is created on the cluster + with the same name + type: string + ingressAnnotations: + additionalProperties: + type: string + description: Used for ingress controllers such as ha-proxy or nginx + in GKE + type: object + method: + description: Used to distinguish between different platforms implementation + enum: + - openShiftRoute + - ingress + type: string + required: + - apiIngressUrl + - dbIngressSuffix + - method + type: object + antiAffinityAdditionalTopologyKeys: + description: Additional antiAffinity terms in order to support installation + on different zones/vcenters + items: + type: string + type: array + bootstrapperImageSpec: + description: Specification for Bootstrapper container image + properties: + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + repository: + description: Repository + type: string + versionTag: + type: string + type: object + bootstrapperResources: + description: Compute resource requirements for bootstrapper containers + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + clusterRecovery: + description: ClusterRecovery initiates cluster recovery when set to + true. Note that this field is cleared automatically after the cluster + is recovered + type: boolean + createServiceAccount: + description: Whether to create service account + type: boolean + enforceIPv4: + description: Sets ENFORCE_IPV4 environment variable + type: boolean + extraLabels: + additionalProperties: + type: string + description: Labels that the user defines for their convenience + type: object + hostAliases: + items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + license: + description: Redis Enterprise License + type: string + nodeSelector: + additionalProperties: + type: string + description: Selector for nodes that could fit Redis Enterprise pod + type: object + nodes: + description: Number of Redis Enterprise nodes (pods) + format: int32 + type: integer + persistentSpec: + description: Specification for Redis Enterprise Cluster persistence + properties: + enabled: + description: Whether to add persistent volume to Redis Enterprise + pods + type: boolean + storageClassName: + description: Storage class for persistent volume in Redis Enterprise + pods Leave empty to use the default + type: string + volumeSize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + podAnnotations: + additionalProperties: + type: string + description: pod annotations + type: object + podAntiAffinity: + description: 'Override for the default anti-affinity rules of the Redis + Enterprise pods. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#an-example-of-a-pod-that-uses-pod-affinity' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podSecurityPolicyName: + description: Name of pod security policy to use on pods See https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + type: string + podTolerations: + description: 'Tolerations that are added to all managed pods. More + information: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/' + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + priorityClassName: + description: Adds the priority class to pods managed by the operator + type: string + pullSecrets: + description: 'PullSecrets is an optional list of references to secrets + in the same namespace to use for pulling any of the images. If specified, + these secrets will be passed to individual puller implementations + for them to use. More info: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/' + items: + properties: + name: + description: 'Secret name' + type: string + type: object + type: array + rackAwarenessNodeLabel: + description: Node label that specifies rack ID - if specified, will + create rack aware cluster. Rack awareness requires node label must + exist on all nodes. Additionally, operator needs a special cluster + role with permission to list nodes. + type: string + redisEnterpriseImageSpec: + description: Specification for Redis Enterprise container image + properties: + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + repository: + description: Repository + type: string + versionTag: + type: string + type: object + redisEnterpriseNodeResources: + description: Compute resource requirements for Redis Enterprise containers + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + redisEnterpriseServicesRiggerImageSpec: + description: Specification for Services Rigger container image + properties: + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + repository: + description: Repository + type: string + versionTag: + type: string + type: object + redisEnterpriseServicesRiggerResources: + description: Compute resource requirements for Services Rigger pod + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + redisEnterpriseVolumeMounts: + description: 'additional volume mounts within the redis enterprise containers. + More info: https://kubernetes.io/docs/concepts/storage/volumes/' + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + serviceAccountName: + description: Name of the service account to use + type: string + servicesRiggerSpec: + description: Specification for service rigger + properties: + databaseServiceType: + description: Service types for access to databases. should be a + comma separated list. The possible values are cluster_ip, headless + and load_balancer. + type: string + extraEnvVars: + items: + description: 'EnvVar represents an environment variable present + in a Container. + More info: https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/' + properties: + name: + description: Name of the environment variable. + type: string + value: + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the referent + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: Selects a field of the pod + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: Name of the referent + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + serviceNaming: + enum: + - bdb_name + - redis-port + type: string + type: object + sideContainersSpec: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + slaveHA: + description: Slave high availability mechanism configuration. + properties: + slaveHAGracePeriod: + description: Time in seconds between when a node fails, and when + slave high availability mechanism starts relocating shards. If + set to 0, will not affect cluster configuration. + format: int32 + type: integer + type: object + uiAnnotations: + additionalProperties: + type: string + description: Annotations for Redis Enterprise UI service + type: object + uiServiceType: + description: Type of service used to expose Redis Enterprise UI (https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) + enum: + - ClusterIP + - NodePort + - LoadBalancer + - ExternalName + type: string + upgradeSpec: + description: Specification for upgrades of Redis Enterprise + properties: + autoUpgradeRedisEnterprise: + description: Whether to upgrade Redis Enterprise automatically when + operator is upgraded + type: boolean + required: + - autoUpgradeRedisEnterprise + type: object + username: + description: Username for the admin user of Redis Enterprise + type: string + volumes: + description: additional volumes + items: + description: 'Volume represents a named volume in a pod that may be + accessed by any container in the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes' + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + type: object + --- apiVersion: apps/v1 kind: Deployment @@ -115,7 +1772,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.8-1 + image: redislabs/operator:6.0.8-20 command: - redis-enterprise-operator imagePullPolicy: Always @@ -161,4 +1818,510 @@ spec: - name: v1alpha1 served: true storage: true + validation: + openAPIV3Schema: + description: RedisEnterpriseDatabase is the Schema for the redisenterprisedatabases + API + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + description: RedisEnterpriseDatabaseSpec defines the desired state of RedisEnterpriseDatabase + properties: + alertSettings: + description: Settings for database alerts + properties: + bdb_backup_delayed: + description: "Periodic backup has been delayed for longer than specified threshold value [minutes]. + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_crdt_src_high_syncer_lag: + description: "Active-active source - sync lag is higher than specified threshold value [seconds] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_crdt_src_syncer_connection_error: + description: "Active-active source - sync has connection error while trying to connect replica source + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_crdt_src_syncer_general_error: + description: "Active-active source - sync encountered in general error + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_high_latency: + description: "Latency is higher than specified threshold value [micro-sec] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_high_throughput: + description: "Throughput is higher than specified threshold value [requests / sec.] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_long_running_action: + description: "An alert for state-machines that are running for too long + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_low_throughput: + description: "Throughput is lower than specified threshold value [requests / sec.] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_ram_dataset_overhead: + description: "Dataset RAM overhead of a shard has reached the threshold value [% of its RAM limit] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_ram_values: + description: "Percent of values kept in a shard's RAM is lower than [% of its key count] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_replica_src_high_syncer_lag: + description: "Replica-of source - sync lag is higher than specified threshold value [seconds] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_replica_src_syncer_connection_error: + description: "Replica-of source - sync has connection error while trying to connect replica source + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_shard_num_ram_values: + description: "Number of values kept in a shard's RAM is lower than [values] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_size: + description: "Dataset size has reached the threshold value [% of the memory limit] expected fields: + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + type: object + backup: + description: Target for automatic database backups. + properties: + abs: + properties: + absSecretName: + description: The name of the K8s secret that holds ABS credentials. + The secret must contain the keys "AccountName" and "AccountKey", + and these must hold the corresponding credentials + type: string + container: + description: Azure Blob Storage container name. + type: string + subdir: + description: Optional. Azure Blob Storage subdir under container. + type: string + required: + - absSecretName + - container + type: object + ftp: + properties: + url: + description: "a URI of the ftps://[USER[:PASSWORD]@]HOST[:PORT]/PATH[/]" + type: string + pattern: ftps?://(([^@]+)@)?([^@/:]+)(:(\d+))?([/\.]/?[^@/\.]+)*?/?$ + required: + - url + type: object + gcs: + description: GoogleStorage + properties: + bucketName: + description: Google Storage bucket name. + type: string + gcsSecretName: + description: The name of the K8s secret that holds the Google + Cloud Storage credentials. The secret must contain the keys + "CLIENT_ID", "PRIVATE_KEY", "PRIVATE_KEY_ID", "CLIENT_EMAIL" + and these must hold the corresponding credentials. The keys + should correspond to the values in the key JSON. + type: string + subdir: + description: Optional. Google Storage subdir under bucket. + type: string + required: + - bucketName + - gcsSecretName + type: object + interval: + description: Backup Interval in seconds + type: integer + mount: + description: MountPointStorage + properties: + path: + description: Path to the local mount point. You must create + the mount point on all nodes, and the redislabs:redislabs + user must have read and write permissions on the local mount + point. + type: string + required: + - path + type: object + s3: + properties: + awsSecretName: + description: The name of the K8s secret that holds the AWS credentials. + The secret must contain the keys "AWS_ACCESS_KEY_ID" and "AWS_SECRET_ACCESS_KEY", + and these must hold the corresponding credentials. + type: string + bucketName: + description: Amazon S3 bucket name. + type: string + subdir: + description: Optional. Amazon S3 subdir under bucket. + type: string + required: + - awsSecretName + - bucketName + type: object + sftp: + properties: + sftp_url: + description: SFTP url + type: string + pattern: ^sftp://(([^@]+)@)?([^@/:]+)(:(\d+))?(/([^@/\.]+[/\.]?)*)?$ + sftpSecretName: + description: The name of the K8s secret that holds SFTP credentials. + The secret must contain the "Key" key, which is the SSH private + key for connecting to the sftp server. + type: string + required: + - sftpSecretName + - sftp_url + type: object + swift: + properties: + auth_url: + description: Swift service authentication URL. + type: string + pattern: ^https?://(([^@]+)@)?([^@/:]+)(:(\d+))?([/\.]([^@/\.]+))*?/?$ + container: + description: Swift object store container for storing the backup + files. + type: string + prefix: + description: Optional. Prefix (path) of backup files in the + swift container. + type: string + swiftSecretName: + description: 'The name of the K8s secret that holds Swift credentials. + The secret must contain the keys "Key" and "User", and these + must hold the corresponding credentials: service access key + and service user name (pattern for the latter does not allow + special characters &,<,>,")' + type: string + required: + - auth_url + - container + - swiftSecretName + type: object + type: object + clientAuthenticationCertificates: + description: The Secrets containing TLS Client Certificate to use for + Authentication + items: + type: string + type: array + databaseSecretName: + description: The name of the K8s secret that holds the password to the + database. + type: string + evictionPolicy: + description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/ + type: string + memorySize: + description: memory size of database. use formats like 100MB, 0.1GB. + minimum value in 100MB. + type: string + modulesList: + description: List of modules associated with database + items: + description: 'Redis Enterprise Module: https://redislabs.com/redis-enterprise/modules/' + properties: + config: + description: Module command line arguments e.g. VKEY_MAX_ENTITY_COUNT + 30 + type: string + name: + description: The module's name e.g "ft" for redissearch + type: string + version: + description: Module's semantic version e.g "1.6.12" + type: string + required: + - name + - version + type: object + type: array + persistence: + description: Database on-disk persistence policy + enum: + - disabled + - aofEverySecond + - aofAlways + - snapshotEvery1Hour + - snapshotEvery6Hour + - snapshotEvery12Hour + type: string + rackAware: + description: 'Whether database should be rack aware. This improves availability + - more information: https://docs.redislabs.com/latest/rs/concepts/high-availability/rack-zone-awareness/' + type: boolean + redisEnterpriseCluster: + description: Connection to Redis Enterprise Cluster + properties: + name: + description: The name of the Redis Enterprise Cluster where the + database should be stored. + type: string + required: + - name + type: object + replicaSources: + description: What databases to replicate from + items: + properties: + clientKeySecret: + description: Secret that defines what client key to use. The + secret needs 2 keys in it's map, "cert" that is the PEM encoded + certificate and "key" that is the PEM encoded private key + type: string + compression: + description: GZIP Compression level (0-9) to use for replication + type: integer + replicaSourceName: + description: Kubernetes resource name of type ReplicaSourceType + type: string + replicaSourceType: + description: Determines what Kuberetes resource ReplicaSourceName + refers to SECRET - Get URI from secret named in ReplicaSourceName. The + secret will have a uri key that defines the complete, redis:// + URI REDB - Determine URI from Kubernetes REDB resource named + in ReplicaSourceName + type: string + serverCertSecret: + description: Secret that defines the Server's certificate. The + secret needs 1 key in it's map, "cert" that is the PEM encoded + certificate + type: string + tlsSniName: + description: TLS SNI Name to use + type: string + required: + - replicaSourceName + - replicaSourceType + type: object + type: array + replication: + description: In-memory database replication. When enabled, database + will have replica shard for every master - leading to higher availability. + type: boolean + shardCount: + description: Number of database server-side shards + type: integer + tlsMode: + description: Require SSL authenticated and encrypted connections to + the database. enabled - all incoming connections to the Database must + use SSL. disabled - no incoming connection to the Database should + use SSL. replica_ssl - databases that replicate from this one need + to use SSL. + enum: + - disabled + - enabled + - replica_ssl + type: string + type: object + status: + description: RedisEnterpriseDatabaseStatus defines the observed state of + RedisEnterpriseDatabase + properties: + createdTime: + description: Time when the database was created + type: string + databaseUID: + description: Database UID provided by redis enterprise + type: string + internalEndpoints: + description: Endpoints listed internally by the Redis Enterprise Cluster. + Can be used to correlate a ReplicaSourceStatus entry. + items: + properties: + host: + description: Hostname assigned to the database + type: string + port: + description: Database port name + type: integer + type: object + type: array + lastActionStatus: + description: Status of the last action done by operator on this database + type: string + lastActionUid: + description: UID of the last action done by operator on this database + type: string + lastUpdated: + description: Time when the database was last updated + type: string + observedGeneration: + description: 'The generation (built in update counter of K8s) of the + REDB resource that was fully acted upon, meaning that all changes + were handled and sent as an API call to the Redis Enterprise Cluster + (REC). This field value should equal the current generation when the + resource changes were handled. Note: the lastActionStatus field tracks + actions handled asynchronously by the Redis Enterprise Cluster.' + format: int64 + type: integer + redisEnterpriseCluster: + description: The Redis Enterprise Cluster Object this Resource is associated + with + type: string + replicaSourceStatuses: + description: ReplicaSource statuses + items: + properties: + endpointHost: + description: The internal host name of the replica source database. + Can be used as an identifier. See the internalEndpoints list + on the REDB status. + type: string + lag: + description: Lag in millisec between source and destination (while + synced). + type: integer + lastError: + description: Last error encountered when syncing from the source. + type: string + lastUpdate: + description: Time when we last receive an update from the source. + type: string + rdbSize: + description: The source’s RDB size to be transferred during the + syncing phase. + type: integer + rdbTransferred: + description: Number of bytes transferred from the source’s RDB + during the syncing phase. + type: integer + status: + description: Sync status of this source + type: string + required: + - endpointHost + type: object + type: array + shardStatuses: + additionalProperties: + type: integer + description: Aggregated statuses of shards + type: object + specStatus: + description: Whether the desired specification is valid + type: string + status: + description: The status of the database + type: string + version: + description: Database compatibility version + type: string + type: object + type: object + --- diff --git a/crds/README.md b/crds/README.md new file mode 100644 index 0000000..542f90e --- /dev/null +++ b/crds/README.md @@ -0,0 +1,30 @@ +## CRD's Schema
+ + +Purpose: +The schema is meant to ease the use of CRDs by restricting the fields to defined types and providing relevant description. + + +### Work Flow - How add a new field: +* Not all steps are always required + +#### 1. Update Tags: +In the files ++ `pkg/apis/app/v1alpha1/redisenterprisedatabase_types.go`
++ `pkg/apis/app/v1alpha1/redisenterprisecluster_types.go`
+add tags on top of variables to mark allowed types (Enum)
+(see: https://book.kubebuilder.io/reference/markers/crd-validation.html).
+They will be used by the operator sdk when creating the scheme.
+**Default values** do not appear in the schema since the operator has its own default mechanism. + + +#### 2 .Create the schema: +1) Install operator-sdk version 0.17.2.
+See: https://sdk.operatorframework.io/docs/installation/install-operator-sdk/#install-from-github-release +2) Run `operator-sdk generate crds` + +#### 3. Update the schema: +- Edit the current schema in all of the relevant CRD yamls with the new section that was generated
+- Note that fields which are k8s objects might be very long - e.g. `SideContainersSpec` +in this case -
it appears in the schema but with no description in the fields since it extends the schema and is not unique for Redis Enterprise. + diff --git a/crds/app_v1_redisenterprisecluster_crd.yaml b/crds/app_v1_redisenterprisecluster_crd.yaml index 8d89180..b2de1d3 100644 --- a/crds/app_v1_redisenterprisecluster_crd.yaml +++ b/crds/app_v1_redisenterprisecluster_crd.yaml @@ -11,9 +11,9 @@ spec: singular: redisenterprisecluster shortNames: - rec + scope: Namespaced subresources: status: {} - scope: Namespaced version: v1 versions: - name: v1 @@ -22,3 +22,1660 @@ spec: - name: v1alpha1 served: true storage: true + validation: + openAPIV3Schema: + description: RedisEnterpriseCluster is the Schema for the redisenterpriseclusters + API + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + description: RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster + properties: + activeActive: + description: Specification for ActiveActive setup + properties: + apiIngressUrl: + description: RS API URL + type: string + dbIngressSuffix: + description: DB ENDPOINT SUFFIX - will be used to set the db host. + ingress Creates a host name so it + should be unique if more than one db is created on the cluster + with the same name + type: string + ingressAnnotations: + additionalProperties: + type: string + description: Used for ingress controllers such as ha-proxy or nginx + in GKE + type: object + method: + description: Used to distinguish between different platforms implementation + enum: + - openShiftRoute + - ingress + type: string + required: + - apiIngressUrl + - dbIngressSuffix + - method + type: object + antiAffinityAdditionalTopologyKeys: + description: Additional antiAffinity terms in order to support installation + on different zones/vcenters + items: + type: string + type: array + bootstrapperImageSpec: + description: Specification for Bootstrapper container image + properties: + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + repository: + description: Repository + type: string + versionTag: + type: string + type: object + bootstrapperResources: + description: Compute resource requirements for bootstrapper containers + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + clusterRecovery: + description: ClusterRecovery initiates cluster recovery when set to + true. Note that this field is cleared automatically after the cluster + is recovered + type: boolean + createServiceAccount: + description: Whether to create service account + type: boolean + enforceIPv4: + description: Sets ENFORCE_IPV4 environment variable + type: boolean + extraLabels: + additionalProperties: + type: string + description: Labels that the user defines for their convenience + type: object + hostAliases: + items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + license: + description: Redis Enterprise License + type: string + nodeSelector: + additionalProperties: + type: string + description: Selector for nodes that could fit Redis Enterprise pod + type: object + nodes: + description: Number of Redis Enterprise nodes (pods) + format: int32 + type: integer + persistentSpec: + description: Specification for Redis Enterprise Cluster persistence + properties: + enabled: + description: Whether to add persistent volume to Redis Enterprise + pods + type: boolean + storageClassName: + description: Storage class for persistent volume in Redis Enterprise + pods Leave empty to use the default + type: string + volumeSize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + podAnnotations: + additionalProperties: + type: string + description: pod annotations + type: object + podAntiAffinity: + description: 'Override for the default anti-affinity rules of the Redis + Enterprise pods. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#an-example-of-a-pod-that-uses-pod-affinity' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podSecurityPolicyName: + description: Name of pod security policy to use on pods See https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + type: string + podTolerations: + description: 'Tolerations that are added to all managed pods. More + information: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/' + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + priorityClassName: + description: Adds the priority class to pods managed by the operator + type: string + pullSecrets: + description: 'PullSecrets is an optional list of references to secrets + in the same namespace to use for pulling any of the images. If specified, + these secrets will be passed to individual puller implementations + for them to use. More info: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/' + items: + properties: + name: + description: 'Secret name' + type: string + type: object + type: array + rackAwarenessNodeLabel: + description: Node label that specifies rack ID - if specified, will + create rack aware cluster. Rack awareness requires node label must + exist on all nodes. Additionally, operator needs a special cluster + role with permission to list nodes. + type: string + redisEnterpriseImageSpec: + description: Specification for Redis Enterprise container image + properties: + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + repository: + description: Repository + type: string + versionTag: + type: string + type: object + redisEnterpriseNodeResources: + description: Compute resource requirements for Redis Enterprise containers + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + redisEnterpriseServicesRiggerImageSpec: + description: Specification for Services Rigger container image + properties: + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + repository: + description: Repository + type: string + versionTag: + type: string + type: object + redisEnterpriseServicesRiggerResources: + description: Compute resource requirements for Services Rigger pod + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + redisEnterpriseVolumeMounts: + description: 'additional volume mounts within the redis enterprise containers. + More info: https://kubernetes.io/docs/concepts/storage/volumes/' + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + serviceAccountName: + description: Name of the service account to use + type: string + servicesRiggerSpec: + description: Specification for service rigger + properties: + databaseServiceType: + description: Service types for access to databases. should be a + comma separated list. The possible values are cluster_ip, headless + and load_balancer. + type: string + extraEnvVars: + items: + description: 'EnvVar represents an environment variable present + in a Container. + More info: https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/' + properties: + name: + description: Name of the environment variable. + type: string + value: + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the referent + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: Selects a field of the pod + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: Name of the referent + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + serviceNaming: + enum: + - bdb_name + - redis-port + type: string + type: object + sideContainersSpec: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + slaveHA: + description: Slave high availability mechanism configuration. + properties: + slaveHAGracePeriod: + description: Time in seconds between when a node fails, and when + slave high availability mechanism starts relocating shards. If + set to 0, will not affect cluster configuration. + format: int32 + type: integer + type: object + uiAnnotations: + additionalProperties: + type: string + description: Annotations for Redis Enterprise UI service + type: object + uiServiceType: + description: Type of service used to expose Redis Enterprise UI (https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) + enum: + - ClusterIP + - NodePort + - LoadBalancer + - ExternalName + type: string + upgradeSpec: + description: Specification for upgrades of Redis Enterprise + properties: + autoUpgradeRedisEnterprise: + description: Whether to upgrade Redis Enterprise automatically when + operator is upgraded + type: boolean + required: + - autoUpgradeRedisEnterprise + type: object + username: + description: Username for the admin user of Redis Enterprise + type: string + volumes: + description: additional volumes + items: + description: 'Volume represents a named volume in a pod that may be + accessed by any container in the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes' + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + type: object + diff --git a/crds/app_v1alpha1_redisenterprisecluster_crd.yaml b/crds/app_v1alpha1_redisenterprisecluster_crd.yaml index 6d6496a..7f7f2c7 100644 --- a/crds/app_v1alpha1_redisenterprisecluster_crd.yaml +++ b/crds/app_v1alpha1_redisenterprisecluster_crd.yaml @@ -11,7 +11,1671 @@ spec: singular: redisenterprisecluster shortNames: - rec + scope: Namespaced subresources: status: {} - scope: Namespaced version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true + - name: v1 + served: true + storage: false + validation: + openAPIV3Schema: + description: RedisEnterpriseCluster is the Schema for the redisenterpriseclusters + API + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + description: RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster + properties: + activeActive: + description: Specification for ActiveActive setup + properties: + apiIngressUrl: + description: RS API URL + type: string + dbIngressSuffix: + description: DB ENDPOINT SUFFIX - will be used to set the db host. + ingress Creates a host name so it + should be unique if more than one db is created on the cluster + with the same name + type: string + ingressAnnotations: + additionalProperties: + type: string + description: Used for ingress controllers such as ha-proxy or nginx + in GKE + type: object + method: + description: Used to distinguish between different platforms implementation + enum: + - openShiftRoute + - ingress + type: string + required: + - apiIngressUrl + - dbIngressSuffix + - method + type: object + antiAffinityAdditionalTopologyKeys: + description: Additional antiAffinity terms in order to support installation + on different zones/vcenters + items: + type: string + type: array + bootstrapperImageSpec: + description: Specification for Bootstrapper container image + properties: + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + repository: + description: Repository + type: string + versionTag: + type: string + type: object + bootstrapperResources: + description: Compute resource requirements for bootstrapper containers + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + clusterRecovery: + description: ClusterRecovery initiates cluster recovery when set to + true. Note that this field is cleared automatically after the cluster + is recovered + type: boolean + createServiceAccount: + description: Whether to create service account + type: boolean + enforceIPv4: + description: Sets ENFORCE_IPV4 environment variable + type: boolean + extraLabels: + additionalProperties: + type: string + description: Labels that the user defines for their convenience + type: object + hostAliases: + items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + license: + description: Redis Enterprise License + type: string + nodeSelector: + additionalProperties: + type: string + description: Selector for nodes that could fit Redis Enterprise pod + type: object + nodes: + description: Number of Redis Enterprise nodes (pods) + format: int32 + type: integer + persistentSpec: + description: Specification for Redis Enterprise Cluster persistence + properties: + enabled: + description: Whether to add persistent volume to Redis Enterprise + pods + type: boolean + storageClassName: + description: Storage class for persistent volume in Redis Enterprise + pods Leave empty to use the default + type: string + volumeSize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + podAnnotations: + additionalProperties: + type: string + description: pod annotations + type: object + podAntiAffinity: + description: 'Override for the default anti-affinity rules of the Redis + Enterprise pods. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#an-example-of-a-pod-that-uses-pod-affinity' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podSecurityPolicyName: + description: Name of pod security policy to use on pods See https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + type: string + podTolerations: + description: 'Tolerations that are added to all managed pods. More + information: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/' + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + priorityClassName: + description: Adds the priority class to pods managed by the operator + type: string + pullSecrets: + description: 'PullSecrets is an optional list of references to secrets + in the same namespace to use for pulling any of the images. If specified, + these secrets will be passed to individual puller implementations + for them to use. More info: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/' + items: + properties: + name: + description: 'Secret name' + type: string + type: object + type: array + rackAwarenessNodeLabel: + description: Node label that specifies rack ID - if specified, will + create rack aware cluster. Rack awareness requires node label must + exist on all nodes. Additionally, operator needs a special cluster + role with permission to list nodes. + type: string + redisEnterpriseImageSpec: + description: Specification for Redis Enterprise container image + properties: + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + repository: + description: Repository + type: string + versionTag: + type: string + type: object + redisEnterpriseNodeResources: + description: Compute resource requirements for Redis Enterprise containers + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + redisEnterpriseServicesRiggerImageSpec: + description: Specification for Services Rigger container image + properties: + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + repository: + description: Repository + type: string + versionTag: + type: string + type: object + redisEnterpriseServicesRiggerResources: + description: Compute resource requirements for Services Rigger pod + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + redisEnterpriseVolumeMounts: + description: 'additional volume mounts within the redis enterprise containers. + More info: https://kubernetes.io/docs/concepts/storage/volumes/' + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + serviceAccountName: + description: Name of the service account to use + type: string + servicesRiggerSpec: + description: Specification for service rigger + properties: + databaseServiceType: + description: Service types for access to databases. should be a + comma separated list. The possible values are cluster_ip, headless + and load_balancer. + type: string + extraEnvVars: + items: + description: 'EnvVar represents an environment variable present + in a Container. + More info: https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/' + properties: + name: + description: Name of the environment variable. + type: string + value: + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the referent + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: Selects a field of the pod + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: Name of the referent + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + serviceNaming: + enum: + - bdb_name + - redis-port + type: string + type: object + sideContainersSpec: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + slaveHA: + description: Slave high availability mechanism configuration. + properties: + slaveHAGracePeriod: + description: Time in seconds between when a node fails, and when + slave high availability mechanism starts relocating shards. If + set to 0, will not affect cluster configuration. + format: int32 + type: integer + type: object + uiAnnotations: + additionalProperties: + type: string + description: Annotations for Redis Enterprise UI service + type: object + uiServiceType: + description: Type of service used to expose Redis Enterprise UI (https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) + enum: + - ClusterIP + - NodePort + - LoadBalancer + - ExternalName + type: string + upgradeSpec: + description: Specification for upgrades of Redis Enterprise + properties: + autoUpgradeRedisEnterprise: + description: Whether to upgrade Redis Enterprise automatically when + operator is upgraded + type: boolean + required: + - autoUpgradeRedisEnterprise + type: object + username: + description: Username for the admin user of Redis Enterprise + type: string + volumes: + description: additional volumes + items: + description: 'Volume represents a named volume in a pod that may be + accessed by any container in the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes' + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + type: object + diff --git a/crds/app_v1alpha1_redisenterprisedatabase_crd.yaml b/crds/app_v1alpha1_redisenterprisedatabase_crd.yaml index e0677e0..e73b213 100644 --- a/crds/app_v1alpha1_redisenterprisedatabase_crd.yaml +++ b/crds/app_v1alpha1_redisenterprisedatabase_crd.yaml @@ -19,3 +19,509 @@ spec: - name: v1alpha1 served: true storage: true + validation: + openAPIV3Schema: + description: RedisEnterpriseDatabase is the Schema for the redisenterprisedatabases + API + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + description: RedisEnterpriseDatabaseSpec defines the desired state of RedisEnterpriseDatabase + properties: + alertSettings: + description: Settings for database alerts + properties: + bdb_backup_delayed: + description: "Periodic backup has been delayed for longer than specified threshold value [minutes]. + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_crdt_src_high_syncer_lag: + description: "Active-active source - sync lag is higher than specified threshold value [seconds] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_crdt_src_syncer_connection_error: + description: "Active-active source - sync has connection error while trying to connect replica source + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_crdt_src_syncer_general_error: + description: "Active-active source - sync encountered in general error + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_high_latency: + description: "Latency is higher than specified threshold value [micro-sec] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_high_throughput: + description: "Throughput is higher than specified threshold value [requests / sec.] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_long_running_action: + description: "An alert for state-machines that are running for too long + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_low_throughput: + description: "Throughput is lower than specified threshold value [requests / sec.] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_ram_dataset_overhead: + description: "Dataset RAM overhead of a shard has reached the threshold value [% of its RAM limit] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_ram_values: + description: "Percent of values kept in a shard's RAM is lower than [% of its key count] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_replica_src_high_syncer_lag: + description: "Replica-of source - sync lag is higher than specified threshold value [seconds] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_replica_src_syncer_connection_error: + description: "Replica-of source - sync has connection error while trying to connect replica source + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_shard_num_ram_values: + description: "Number of values kept in a shard's RAM is lower than [values] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_size: + description: "Dataset size has reached the threshold value [% of the memory limit] expected fields: + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + type: object + backup: + description: Target for automatic database backups. + properties: + abs: + properties: + absSecretName: + description: The name of the K8s secret that holds ABS credentials. + The secret must contain the keys "AccountName" and "AccountKey", + and these must hold the corresponding credentials + type: string + container: + description: Azure Blob Storage container name. + type: string + subdir: + description: Optional. Azure Blob Storage subdir under container. + type: string + required: + - absSecretName + - container + type: object + ftp: + properties: + url: + description: "a URI of the ftps://[USER[:PASSWORD]@]HOST[:PORT]/PATH[/]" + type: string + pattern: ftps?://(([^@]+)@)?([^@/:]+)(:(\d+))?([/\.]/?[^@/\.]+)*?/?$ + required: + - url + type: object + gcs: + description: GoogleStorage + properties: + bucketName: + description: Google Storage bucket name. + type: string + gcsSecretName: + description: The name of the K8s secret that holds the Google + Cloud Storage credentials. The secret must contain the keys + "CLIENT_ID", "PRIVATE_KEY", "PRIVATE_KEY_ID", "CLIENT_EMAIL" + and these must hold the corresponding credentials. The keys + should correspond to the values in the key JSON. + type: string + subdir: + description: Optional. Google Storage subdir under bucket. + type: string + required: + - bucketName + - gcsSecretName + type: object + interval: + description: Backup Interval in seconds + type: integer + mount: + description: MountPointStorage + properties: + path: + description: Path to the local mount point. You must create + the mount point on all nodes, and the redislabs:redislabs + user must have read and write permissions on the local mount + point. + type: string + required: + - path + type: object + s3: + properties: + awsSecretName: + description: The name of the K8s secret that holds the AWS credentials. + The secret must contain the keys "AWS_ACCESS_KEY_ID" and "AWS_SECRET_ACCESS_KEY", + and these must hold the corresponding credentials. + type: string + bucketName: + description: Amazon S3 bucket name. + type: string + subdir: + description: Optional. Amazon S3 subdir under bucket. + type: string + required: + - awsSecretName + - bucketName + type: object + sftp: + properties: + sftp_url: + description: SFTP url + type: string + pattern: ^sftp://(([^@]+)@)?([^@/:]+)(:(\d+))?(/([^@/\.]+[/\.]?)*)?$ + sftpSecretName: + description: The name of the K8s secret that holds SFTP credentials. + The secret must contain the "Key" key, which is the SSH private + key for connecting to the sftp server. + type: string + required: + - sftpSecretName + - sftp_url + type: object + swift: + properties: + auth_url: + description: Swift service authentication URL. + type: string + pattern: ^https?://(([^@]+)@)?([^@/:]+)(:(\d+))?([/\.]([^@/\.]+))*?/?$ + container: + description: Swift object store container for storing the backup + files. + type: string + prefix: + description: Optional. Prefix (path) of backup files in the + swift container. + type: string + swiftSecretName: + description: 'The name of the K8s secret that holds Swift credentials. + The secret must contain the keys "Key" and "User", and these + must hold the corresponding credentials: service access key + and service user name (pattern for the latter does not allow + special characters &,<,>,")' + type: string + required: + - auth_url + - container + - swiftSecretName + type: object + type: object + clientAuthenticationCertificates: + description: The Secrets containing TLS Client Certificate to use for + Authentication + items: + type: string + type: array + databaseSecretName: + description: The name of the K8s secret that holds the password to the + database. + type: string + evictionPolicy: + description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/ + type: string + memorySize: + description: memory size of database. use formats like 100MB, 0.1GB. + minimum value in 100MB. + type: string + modulesList: + description: List of modules associated with database + items: + description: 'Redis Enterprise Module: https://redislabs.com/redis-enterprise/modules/' + properties: + config: + description: Module command line arguments e.g. VKEY_MAX_ENTITY_COUNT + 30 + type: string + name: + description: The module's name e.g "ft" for redissearch + type: string + version: + description: Module's semantic version e.g "1.6.12" + type: string + required: + - name + - version + type: object + type: array + persistence: + description: Database on-disk persistence policy + enum: + - disabled + - aofEverySecond + - aofAlways + - snapshotEvery1Hour + - snapshotEvery6Hour + - snapshotEvery12Hour + type: string + rackAware: + description: 'Whether database should be rack aware. This improves availability + - more information: https://docs.redislabs.com/latest/rs/concepts/high-availability/rack-zone-awareness/' + type: boolean + redisEnterpriseCluster: + description: Connection to Redis Enterprise Cluster + properties: + name: + description: The name of the Redis Enterprise Cluster where the + database should be stored. + type: string + required: + - name + type: object + replicaSources: + description: What databases to replicate from + items: + properties: + clientKeySecret: + description: Secret that defines what client key to use. The + secret needs 2 keys in it's map, "cert" that is the PEM encoded + certificate and "key" that is the PEM encoded private key + type: string + compression: + description: GZIP Compression level (0-9) to use for replication + type: integer + replicaSourceName: + description: Kubernetes resource name of type ReplicaSourceType + type: string + replicaSourceType: + description: Determines what Kuberetes resource ReplicaSourceName + refers to SECRET - Get URI from secret named in ReplicaSourceName. The + secret will have a uri key that defines the complete, redis:// + URI REDB - Determine URI from Kubernetes REDB resource named + in ReplicaSourceName + type: string + serverCertSecret: + description: Secret that defines the Server's certificate. The + secret needs 1 key in it's map, "cert" that is the PEM encoded + certificate + type: string + tlsSniName: + description: TLS SNI Name to use + type: string + required: + - replicaSourceName + - replicaSourceType + type: object + type: array + replication: + description: In-memory database replication. When enabled, database + will have replica shard for every master - leading to higher availability. + type: boolean + shardCount: + description: Number of database server-side shards + type: integer + tlsMode: + description: Require SSL authenticated and encrypted connections to + the database. enabled - all incoming connections to the Database must + use SSL. disabled - no incoming connection to the Database should + use SSL. replica_ssl - databases that replicate from this one need + to use SSL. + enum: + - disabled + - enabled + - replica_ssl + type: string + type: object + status: + description: RedisEnterpriseDatabaseStatus defines the observed state of + RedisEnterpriseDatabase + properties: + createdTime: + description: Time when the database was created + type: string + databaseUID: + description: Database UID provided by redis enterprise + type: string + internalEndpoints: + description: Endpoints listed internally by the Redis Enterprise Cluster. + Can be used to correlate a ReplicaSourceStatus entry. + items: + properties: + host: + description: Hostname assigned to the database + type: string + port: + description: Database port name + type: integer + type: object + type: array + lastActionStatus: + description: Status of the last action done by operator on this database + type: string + lastActionUid: + description: UID of the last action done by operator on this database + type: string + lastUpdated: + description: Time when the database was last updated + type: string + observedGeneration: + description: 'The generation (built in update counter of K8s) of the + REDB resource that was fully acted upon, meaning that all changes + were handled and sent as an API call to the Redis Enterprise Cluster + (REC). This field value should equal the current generation when the + resource changes were handled. Note: the lastActionStatus field tracks + actions handled asynchronously by the Redis Enterprise Cluster.' + format: int64 + type: integer + redisEnterpriseCluster: + description: The Redis Enterprise Cluster Object this Resource is associated + with + type: string + replicaSourceStatuses: + description: ReplicaSource statuses + items: + properties: + endpointHost: + description: The internal host name of the replica source database. + Can be used as an identifier. See the internalEndpoints list + on the REDB status. + type: string + lag: + description: Lag in millisec between source and destination (while + synced). + type: integer + lastError: + description: Last error encountered when syncing from the source. + type: string + lastUpdate: + description: Time when we last receive an update from the source. + type: string + rdbSize: + description: The source’s RDB size to be transferred during the + syncing phase. + type: integer + rdbTransferred: + description: Number of bytes transferred from the source’s RDB + during the syncing phase. + type: integer + status: + description: Sync status of this source + type: string + required: + - endpointHost + type: object + type: array + shardStatuses: + additionalProperties: + type: integer + description: Aggregated statuses of shards + type: object + specStatus: + description: Whether the desired specification is valid + type: string + status: + description: The status of the database + type: string + version: + description: Database compatibility version + type: string + type: object + type: object + diff --git a/log_collector/log_collector.py b/log_collector/log_collector.py index 8815def..34fce92 100755 --- a/log_collector/log_collector.py +++ b/log_collector/log_collector.py @@ -7,17 +7,18 @@ """ import argparse +import json import logging import os import re +import shutil +import signal import subprocess import sys import tarfile import time from collections import OrderedDict -import shutil -import json -import signal +from multiprocessing import Process RLEC_CONTAINER_NAME = "redis-enterprise-node" @@ -73,36 +74,68 @@ def make_dir(directory): sys.exit() -def run(namespace, output_dir): +def _get_namespaces_to_run_on(namespace): + + def _get_namespace_from_config(): + config_namespace = get_namespace_from_config() + if not config_namespace: + return ["default"] + return [config_namespace] + + if not namespace: + return _get_namespace_from_config() + + if namespace == 'all': + return_code, out = run_shell_command("kubectl get ns -o=custom-columns='DATA:metadata.name' --no-headers=true") + if return_code: + logger.warning("Failed to parse namespace list - will use namespace from config: %s", out) + return _get_namespace_from_config() + return out.split() + + # comma separated string + return namespace.split(',') + + +def run(namespace_input, output_dir): """ Collect logs """ - if not namespace: - namespace = get_namespace_from_config() - if not namespace: - namespace = "default" + start_time = time.time() + namespaces = _get_namespaces_to_run_on(namespace_input) output_file_name = "redis_enterprise_k8s_debug_info_{}".format(TIME_FORMAT) - if not output_dir: # if not specified, use cwd output_dir = os.getcwd() - output_dir = os.path.join(output_dir, output_file_name) make_dir(output_dir) - - get_redis_enterprise_debug_info(namespace, output_dir) - collect_pod_rs_logs(namespace, output_dir) collect_cluster_info(output_dir) - collect_resources_list(namespace, output_dir) - collect_events(namespace, output_dir) - collect_api_resources(namespace, output_dir) - collect_api_resources_description(namespace, output_dir) - collect_pods_logs(namespace, output_dir) - archive_files(output_dir, output_file_name) + def collect_from_ns(namespace): + logger.info("Started collecting from namespace '%s'", namespace) + ns_output_dir = output_dir + ("/" + namespace if output_dir[-1] != '/' else namespace) + make_dir(ns_output_dir) + + get_redis_enterprise_debug_info(namespace, ns_output_dir) + collect_pod_rs_logs(namespace, ns_output_dir) + collect_resources_list(namespace, ns_output_dir) + collect_events(namespace, ns_output_dir) + collect_api_resources(namespace, ns_output_dir) + collect_api_resources_description(namespace, ns_output_dir) + collect_pods_logs(namespace, ns_output_dir) + + processes = [] + for namespace in namespaces: + p = Process(target=collect_from_ns, args=[namespace]) + p.start() + processes.append(p) + for p in processes: + p.join() + + archive_files(output_dir, output_file_name) logger.info("Finished Redis Enterprise log collector") + logger.info("--- Run time: %d minutes ---", round(((time.time() - start_time)/60), 3)) def get_non_ready_rs_pod_names(namespace): @@ -112,7 +145,7 @@ def get_non_ready_rs_pod_names(namespace): pod_names = [] rs_pods = get_pods(namespace, selector='redis.io/role=node') if not rs_pods: - logger.warning("Cannot find redis enterprise pods") + logger.info("Namespace '%s': cannot find redis enterprise pods", namespace) return [] for rs_pod in rs_pods: @@ -132,10 +165,10 @@ def collect_pod_rs_logs(namespace, output_dir): get logs from rs pods that are not ready """ rs_pod_logs_dir = os.path.join(output_dir, "rs_pod_logs") - make_dir(rs_pod_logs_dir) non_ready_rs_pod_names = get_non_ready_rs_pod_names(namespace) if not non_ready_rs_pod_names: return + make_dir(rs_pod_logs_dir) for rs_pod_name in non_ready_rs_pod_names: pod_log_dir = os.path.join(rs_pod_logs_dir, rs_pod_name) make_dir(pod_log_dir) @@ -150,7 +183,8 @@ def collect_pod_rs_logs(namespace, output_dir): "to output directory, output:%s", out) else: - logger.info("Collected rs logs from pod marked as not ready, pod name: %s", rs_pod_name) + logger.info("Namespace '%s': " + "Collected rs logs from pod marked as not ready, pod name: %s", namespace, rs_pod_name) pod_config_dir = os.path.join(pod_log_dir, "config") make_dir(pod_config_dir) @@ -187,8 +221,8 @@ def debuginfo_attempt_on_pod(namespace, output_dir, pod_name, attempt): if match: debug_file_path = match.group(1) debug_file_name = match.group(2) - logger.info("debug info created on pod %s in path %s", - pod_name, debug_file_path) + logger.info("Namespace '%s': debug info created on pod %s in path %s", + namespace, pod_name, debug_file_path) else: logger.warning( "Failed to extract debug info name from output (attempt %d for pod %s) - (%s)", @@ -219,7 +253,7 @@ def get_redis_enterprise_debug_info(namespace, output_dir): """ rs_pods = get_pods(namespace, selector='redis.io/role=node') if not rs_pods: - logger.warning("Cannot find redis enterprise pod") + logger.info("Namespace '%s': Cannot find redis enterprise pod", namespace) return pod_names = [] @@ -240,7 +274,7 @@ def get_redis_enterprise_debug_info(namespace, output_dir): output_dir, pod_name, attempt + 1): - logger.info("Collected Redis Enterprise cluster debug package") + logger.info("Namespace '%s': Collected Redis Enterprise cluster debug package", namespace) return @@ -251,7 +285,8 @@ def collect_resources_list(namespace, output_dir): collect_helper(output_dir, cmd="kubectl get all -o wide -n {}".format(namespace), file_name="resources_list", - resource_name="resources list") + resource_name="resources list", + namespace=namespace) def collect_cluster_info(output_dir): @@ -273,7 +308,7 @@ def collect_events(namespace, output_dir): return cmd = "kubectl get events -n {} -o wide".format(namespace) collect_helper(output_dir, cmd=cmd, - file_name="events", resource_name="events") + file_name="events", resource_name="events", namespace=namespace) def collect_api_resources(namespace, output_dir): @@ -281,14 +316,13 @@ def collect_api_resources(namespace, output_dir): Creates file for each of the API resources with the output of kubectl get -o yaml """ - logger.info("Collecting API resources:") + logger.info("Namespace '%s': Collecting API resources", namespace) resources_out = OrderedDict() for resource in API_RESOURCES: output = run_kubectl_get_yaml(namespace, resource) if output: resources_out[resource] = output - logger.info(" + %s", resource) - + logger.info("Namespace '%s': + Collected %s", namespace, resource) for entry, out in resources_out.items(): with open(os.path.join(output_dir, "{}.yaml".format(entry)), "w+") as file_handle: @@ -300,13 +334,13 @@ def collect_api_resources_description(namespace, output_dir): Creates file for each of the API resources with the output of kubectl describe """ - logger.info("Collecting API resources description:") + logger.info("Namespace '%s': Collecting API resources description", namespace) resources_out = OrderedDict() for resource in API_RESOURCES: output = run_kubectl_describe(namespace, resource) if output: resources_out[resource] = output - logger.info(" + %s", resource) + logger.info("Namespace: '%s' + Collected %s", namespace, resource) for entry, out in resources_out.items(): with open(os.path.join(output_dir, @@ -318,25 +352,25 @@ def collect_pods_logs(namespace, output_dir): """ Collects all the pods logs from given namespace """ - logger.info("Collecting pods' logs:") + logger.info("Namespace '%s': Collecting pods' logs:", namespace) logs_dir = os.path.join(output_dir, "pods") - make_dir(logs_dir) pods = get_pod_names(namespace) if not pods: - logger.warning("Could not get pods list - " - "skipping pods logs collection") + logger.warning("Namespace '%s' Could not get pods list - " + "skipping pods logs collection", namespace) return + make_dir(logs_dir) for pod in pods: - cmd = "kubectl logs --all-containers=true -n {} {}"\ + cmd = "kubectl logs --all-containers=true -n {} {}" \ .format(namespace, pod) with open(os.path.join(logs_dir, "{}.log".format(pod)), "w+") as file_handle: _, output = run_shell_command(cmd) file_handle.write(output) - logger.info(" + %s", pod) + logger.info("Namespace '%s': + %s", namespace, pod) def archive_files(output_dir, output_dir_name): @@ -399,7 +433,7 @@ def get_namespace_from_config(): return None -def collect_helper(output_dir, cmd, file_name, resource_name): +def collect_helper(output_dir, cmd, file_name, resource_name, namespace=None): """ Runs command, write output to file_name, logs the resource_name """ @@ -410,7 +444,7 @@ def collect_helper(output_dir, cmd, file_name, resource_name): path = os.path.join(output_dir, file_name) with open(path, "w+") as file_handle: file_handle.write(out) - logger.info("Collected %s", resource_name) + logger.info("Namespace '%s': Collected %s", namespace, resource_name) def native_string(input_var): @@ -431,8 +465,7 @@ def run_kubectl_get_yaml(namespace, resource_type): return_code, out = run_shell_command(cmd) if return_code == 0: return out - logger.warning("Failed to get %s resource: %s", - resource_type, out.rstrip()) + logger.warning("Namespace '%s': Failed to get %s resource %s.", namespace, resource_type, out.rstrip()) return None @@ -526,7 +559,7 @@ def run_kubectl_describe(namespace, resource_type): return_code, out = run_shell_command(cmd) if return_code == 0: return out - logger.warning("Failed to describe %s resource: %s", resource_type, out) + logger.warning("Namespace: '%s': Failed to describe %s resource: %s", namespace, resource_type, out) return None @@ -538,7 +571,9 @@ def run_kubectl_describe(namespace, resource_type): parser = argparse.ArgumentParser(description='Redis Enterprise' ' K8s log collector') - parser.add_argument('-n', '--namespace', action="store", type=str) + parser.add_argument('-n', '--namespace', action="store", type=str, + help="pass namespace name or comma separated list or 'all' " + "when left empty will use namespace from kube config") parser.add_argument('-o', '--output_dir', action="store", type=str) parser.add_argument('-t', '--timeout', action="store", type=int, default=180, diff --git a/multi-namespace-redb/README.md b/multi-namespace-redb/README.md new file mode 100644 index 0000000..34cc01e --- /dev/null +++ b/multi-namespace-redb/README.md @@ -0,0 +1,79 @@ +# Multi-Namespaced REDB + +The Redis Enterprise Operator provides a method for a single deployed operator/cluster combination to listen for REDB objects in multiple specified individual namespaces. + +In order to do this, there are a few changes from a traditional operator and RedisEnterpriseCluster deployment + +## Deployment steps +### 1. Redis Enterprise Cluster Deployment +Deploy a Redis Enterprise Cluster, see [README](../README.md) +### 2. Adjusting role/role_bindings in watched namespaces + +Both the operator's and the RedisEnterpriseCluster custom resource's (same name as the REC, unless manually overridden) service accounts have to be given access via a namespaced role and role_binding in each individual namespace that the operator is expected to watch. Apply those documents within the watched namespaces: + +```yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: redb-role +rules: + - apiGroups: + - app.redislabs.com + resources: + - "*" + verbs: + - "*" + - apiGroups: [""] + resources: ["secrets"] + verbs: ["*"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create"] + - apiGroups: [""] + resources: ["services"] + verbs: ["get", "watch", "list", "update", "patch", "create", "delete"] + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: redb-role +subjects: +- kind: ServiceAccount + name: redis-enterprise-operator + namespace: NAMESPACE_OF_SERVICE_ACCOUNT +- kind: ServiceAccount + name: NAME_OF_REC_SERVICE_ACCOUNT # service account of the REC, usually the same as the name of the custom resource + namespace: NAMESPACE_OF_SERVICE_ACCOUNT +roleRef: + kind: Role + name: redb-role + apiGroup: rbac.authorization.k8s.io + +``` + +### 3. Updating the operator deployment + +The operator has to be deployed with a comma seperated list of namespaces it will watch for REDB objects. + +Specifically, a new environment variable is added to the operator's container (edit the redis-enterprise-deployment deployment within the operator namespace): + +```yaml +env: +... +- name: REDB_NAMESPACES +value: "comma,delimited,list,of,namespaces,to,watch" +... +``` +### 4. Updating the admission control deployment +Admission control for REDB is recommended. If that is used, repeat step 3 to update the admission-deploy deployment (same environment variable). + +After these steps have been done, users within the specified namespaces that have permission to create REDB objects will be able to create them. The database will be created within the centrally managed redis enterprise cluster and services corresponding to the databases will be visible within the namespace. + +## Additional areas for consideration +* When deploying multiple Redis Enterprise Operators within the same K8s cluster, do not configure more than one of the operators to watch the same namespace. +* Only configure the operator to watch a namespace once the namespace is created and configured with the role/role_binding as explained above. If configured to watch a namespace without setting those permissions or a namespace that is not created yet, the operator will fail and not perform normal operations. +* The Redis Enterprise Operator creates a service named after the REDB within the REDB namespace. The service is of type "External Name". This service can only be accessed from within the K8s cluster. Configuring Load Balancer/Node Port services automatically is not supported at this time. The service type configuration within the Redis Enterprise Cluster custom resource will be ignored. The External Name service will point to another ClusterIP service created within the operator namespace, exposing the actual Redis endpoint. diff --git a/multi-namespace-redb/operator.yaml b/multi-namespace-redb/operator.yaml new file mode 100644 index 0000000..d35005b --- /dev/null +++ b/multi-namespace-redb/operator.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis-enterprise-operator +spec: + replicas: 1 + selector: + matchLabels: + name: redis-enterprise-operator + template: + metadata: + labels: + name: redis-enterprise-operator + spec: + serviceAccountName: redis-enterprise-operator + containers: + - name: redis-enterprise-operator + image: redislabs/operator-internal:6.0.8-20 + command: + - redis-enterprise-operator + imagePullPolicy: Always + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: "redis-enterprise-operator" + - name: DATABASE_CONTROLLER_ENABLED + value: "true" + - name: REDB_NAMESPACES + value: "COMMA,DELIMITED,CONSUMER_NAMESPACE_LIST_TO_WATCH" + resources: + limits: + cpu: 4000m + memory: 512Mi + requests: + cpu: 500m + memory: 256Mi diff --git a/multi-namespace-redb/role.yaml b/multi-namespace-redb/role.yaml new file mode 100644 index 0000000..6271953 --- /dev/null +++ b/multi-namespace-redb/role.yaml @@ -0,0 +1,23 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: redb-role +rules: + - apiGroups: + - app.redislabs.com + resources: + - "*" + verbs: + - "*" + - apiGroups: [""] + resources: ["secrets"] + verbs: ["*"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create"] + - apiGroups: [""] + resources: ["services"] + verbs: ["get", "watch", "list", "update", "patch", "create", "delete"] diff --git a/multi-namespace-redb/role_binding.yaml b/multi-namespace-redb/role_binding.yaml new file mode 100644 index 0000000..e756453 --- /dev/null +++ b/multi-namespace-redb/role_binding.yaml @@ -0,0 +1,15 @@ +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: redb-role +subjects: +- kind: ServiceAccount + name: redis-enterprise-operator + namespace: NAMESPACE_OF_SERVICE_ACCOUNT +- kind: ServiceAccount + name: NAME_OF_REC_SERVICE_ACCOUNT # service account of the REC, usually the same as the name of the custom resource + namespace: NAMESPACE_OF_SERVICE_ACCOUNT +roleRef: + kind: Role + name: redb-role + apiGroup: rbac.authorization.k8s.io diff --git a/openshift.bundle.yaml b/openshift.bundle.yaml index 2683713..b23269c 100644 --- a/openshift.bundle.yaml +++ b/openshift.bundle.yaml @@ -102,9 +102,9 @@ spec: singular: redisenterprisecluster shortNames: - rec + scope: Namespaced subresources: status: {} - scope: Namespaced version: v1 versions: - name: v1 @@ -113,6 +113,1663 @@ spec: - name: v1alpha1 served: true storage: true + validation: + openAPIV3Schema: + description: RedisEnterpriseCluster is the Schema for the redisenterpriseclusters + API + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + description: RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster + properties: + activeActive: + description: Specification for ActiveActive setup + properties: + apiIngressUrl: + description: RS API URL + type: string + dbIngressSuffix: + description: DB ENDPOINT SUFFIX - will be used to set the db host. + ingress Creates a host name so it + should be unique if more than one db is created on the cluster + with the same name + type: string + ingressAnnotations: + additionalProperties: + type: string + description: Used for ingress controllers such as ha-proxy or nginx + in GKE + type: object + method: + description: Used to distinguish between different platforms implementation + enum: + - openShiftRoute + - ingress + type: string + required: + - apiIngressUrl + - dbIngressSuffix + - method + type: object + antiAffinityAdditionalTopologyKeys: + description: Additional antiAffinity terms in order to support installation + on different zones/vcenters + items: + type: string + type: array + bootstrapperImageSpec: + description: Specification for Bootstrapper container image + properties: + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + repository: + description: Repository + type: string + versionTag: + type: string + type: object + bootstrapperResources: + description: Compute resource requirements for bootstrapper containers + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + clusterRecovery: + description: ClusterRecovery initiates cluster recovery when set to + true. Note that this field is cleared automatically after the cluster + is recovered + type: boolean + createServiceAccount: + description: Whether to create service account + type: boolean + enforceIPv4: + description: Sets ENFORCE_IPV4 environment variable + type: boolean + extraLabels: + additionalProperties: + type: string + description: Labels that the user defines for their convenience + type: object + hostAliases: + items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + license: + description: Redis Enterprise License + type: string + nodeSelector: + additionalProperties: + type: string + description: Selector for nodes that could fit Redis Enterprise pod + type: object + nodes: + description: Number of Redis Enterprise nodes (pods) + format: int32 + type: integer + persistentSpec: + description: Specification for Redis Enterprise Cluster persistence + properties: + enabled: + description: Whether to add persistent volume to Redis Enterprise + pods + type: boolean + storageClassName: + description: Storage class for persistent volume in Redis Enterprise + pods Leave empty to use the default + type: string + volumeSize: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + podAnnotations: + additionalProperties: + type: string + description: pod annotations + type: object + podAntiAffinity: + description: 'Override for the default anti-affinity rules of the Redis + Enterprise pods. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#an-example-of-a-pod-that-uses-pod-affinity' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podSecurityPolicyName: + description: Name of pod security policy to use on pods See https://kubernetes.io/docs/concepts/policy/pod-security-policy/ + type: string + podTolerations: + description: 'Tolerations that are added to all managed pods. More + information: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/' + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + priorityClassName: + description: Adds the priority class to pods managed by the operator + type: string + pullSecrets: + description: 'PullSecrets is an optional list of references to secrets + in the same namespace to use for pulling any of the images. If specified, + these secrets will be passed to individual puller implementations + for them to use. More info: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/' + items: + properties: + name: + description: 'Secret name' + type: string + type: object + type: array + rackAwarenessNodeLabel: + description: Node label that specifies rack ID - if specified, will + create rack aware cluster. Rack awareness requires node label must + exist on all nodes. Additionally, operator needs a special cluster + role with permission to list nodes. + type: string + redisEnterpriseImageSpec: + description: Specification for Redis Enterprise container image + properties: + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + repository: + description: Repository + type: string + versionTag: + type: string + type: object + redisEnterpriseNodeResources: + description: Compute resource requirements for Redis Enterprise containers + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + redisEnterpriseServicesRiggerImageSpec: + description: Specification for Services Rigger container image + properties: + imagePullPolicy: + description: PullPolicy describes a policy for if/when to pull a + container image + type: string + repository: + description: Repository + type: string + versionTag: + type: string + type: object + redisEnterpriseServicesRiggerResources: + description: Compute resource requirements for Services Rigger pod + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources + required. If Requests is omitted for a container, it defaults + to Limits if that is explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + redisEnterpriseVolumeMounts: + description: 'additional volume mounts within the redis enterprise containers. + More info: https://kubernetes.io/docs/concepts/storage/volumes/' + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + serviceAccountName: + description: Name of the service account to use + type: string + servicesRiggerSpec: + description: Specification for service rigger + properties: + databaseServiceType: + description: Service types for access to databases. should be a + comma separated list. The possible values are cluster_ip, headless + and load_balancer. + type: string + extraEnvVars: + items: + description: 'EnvVar represents an environment variable present + in a Container. + More info: https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/' + properties: + name: + description: Name of the environment variable. + type: string + value: + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: Name of the referent + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: Selects a field of the pod + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: Name of the referent + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + serviceNaming: + enum: + - bdb_name + - redis-port + type: string + type: object + sideContainersSpec: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + slaveHA: + description: Slave high availability mechanism configuration. + properties: + slaveHAGracePeriod: + description: Time in seconds between when a node fails, and when + slave high availability mechanism starts relocating shards. If + set to 0, will not affect cluster configuration. + format: int32 + type: integer + type: object + uiAnnotations: + additionalProperties: + type: string + description: Annotations for Redis Enterprise UI service + type: object + uiServiceType: + description: Type of service used to expose Redis Enterprise UI (https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) + enum: + - ClusterIP + - NodePort + - LoadBalancer + - ExternalName + type: string + upgradeSpec: + description: Specification for upgrades of Redis Enterprise + properties: + autoUpgradeRedisEnterprise: + description: Whether to upgrade Redis Enterprise automatically when + operator is upgraded + type: boolean + required: + - autoUpgradeRedisEnterprise + type: object + username: + description: Username for the admin user of Redis Enterprise + type: string + volumes: + description: additional volumes + items: + description: 'Volume represents a named volume in a pod that may be + accessed by any container in the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes' + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + type: object + --- apiVersion: apps/v1 kind: Deployment @@ -131,7 +1788,7 @@ spec: serviceAccount: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.8-1 + image: redislabs/operator:6.0.8-20 securityContext: runAsUser: 1001 command: @@ -177,4 +1834,510 @@ spec: - name: v1alpha1 served: true storage: true + validation: + openAPIV3Schema: + description: RedisEnterpriseDatabase is the Schema for the redisenterprisedatabases + API + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + description: RedisEnterpriseDatabaseSpec defines the desired state of RedisEnterpriseDatabase + properties: + alertSettings: + description: Settings for database alerts + properties: + bdb_backup_delayed: + description: "Periodic backup has been delayed for longer than specified threshold value [minutes]. + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_crdt_src_high_syncer_lag: + description: "Active-active source - sync lag is higher than specified threshold value [seconds] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_crdt_src_syncer_connection_error: + description: "Active-active source - sync has connection error while trying to connect replica source + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_crdt_src_syncer_general_error: + description: "Active-active source - sync encountered in general error + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_high_latency: + description: "Latency is higher than specified threshold value [micro-sec] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_high_throughput: + description: "Throughput is higher than specified threshold value [requests / sec.] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_long_running_action: + description: "An alert for state-machines that are running for too long + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_low_throughput: + description: "Throughput is lower than specified threshold value [requests / sec.] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_ram_dataset_overhead: + description: "Dataset RAM overhead of a shard has reached the threshold value [% of its RAM limit] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_ram_values: + description: "Percent of values kept in a shard's RAM is lower than [% of its key count] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_replica_src_high_syncer_lag: + description: "Replica-of source - sync lag is higher than specified threshold value [seconds] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_replica_src_syncer_connection_error: + description: "Replica-of source - sync has connection error while trying to connect replica source + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_shard_num_ram_values: + description: "Number of values kept in a shard's RAM is lower than [values] + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + bdb_size: + description: "Dataset size has reached the threshold value [% of the memory limit] expected fields: + -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + type: object + backup: + description: Target for automatic database backups. + properties: + abs: + properties: + absSecretName: + description: The name of the K8s secret that holds ABS credentials. + The secret must contain the keys "AccountName" and "AccountKey", + and these must hold the corresponding credentials + type: string + container: + description: Azure Blob Storage container name. + type: string + subdir: + description: Optional. Azure Blob Storage subdir under container. + type: string + required: + - absSecretName + - container + type: object + ftp: + properties: + url: + description: "a URI of the ftps://[USER[:PASSWORD]@]HOST[:PORT]/PATH[/]" + type: string + pattern: ftps?://(([^@]+)@)?([^@/:]+)(:(\d+))?([/\.]/?[^@/\.]+)*?/?$ + required: + - url + type: object + gcs: + description: GoogleStorage + properties: + bucketName: + description: Google Storage bucket name. + type: string + gcsSecretName: + description: The name of the K8s secret that holds the Google + Cloud Storage credentials. The secret must contain the keys + "CLIENT_ID", "PRIVATE_KEY", "PRIVATE_KEY_ID", "CLIENT_EMAIL" + and these must hold the corresponding credentials. The keys + should correspond to the values in the key JSON. + type: string + subdir: + description: Optional. Google Storage subdir under bucket. + type: string + required: + - bucketName + - gcsSecretName + type: object + interval: + description: Backup Interval in seconds + type: integer + mount: + description: MountPointStorage + properties: + path: + description: Path to the local mount point. You must create + the mount point on all nodes, and the redislabs:redislabs + user must have read and write permissions on the local mount + point. + type: string + required: + - path + type: object + s3: + properties: + awsSecretName: + description: The name of the K8s secret that holds the AWS credentials. + The secret must contain the keys "AWS_ACCESS_KEY_ID" and "AWS_SECRET_ACCESS_KEY", + and these must hold the corresponding credentials. + type: string + bucketName: + description: Amazon S3 bucket name. + type: string + subdir: + description: Optional. Amazon S3 subdir under bucket. + type: string + required: + - awsSecretName + - bucketName + type: object + sftp: + properties: + sftp_url: + description: SFTP url + type: string + pattern: ^sftp://(([^@]+)@)?([^@/:]+)(:(\d+))?(/([^@/\.]+[/\.]?)*)?$ + sftpSecretName: + description: The name of the K8s secret that holds SFTP credentials. + The secret must contain the "Key" key, which is the SSH private + key for connecting to the sftp server. + type: string + required: + - sftpSecretName + - sftp_url + type: object + swift: + properties: + auth_url: + description: Swift service authentication URL. + type: string + pattern: ^https?://(([^@]+)@)?([^@/:]+)(:(\d+))?([/\.]([^@/\.]+))*?/?$ + container: + description: Swift object store container for storing the backup + files. + type: string + prefix: + description: Optional. Prefix (path) of backup files in the + swift container. + type: string + swiftSecretName: + description: 'The name of the K8s secret that holds Swift credentials. + The secret must contain the keys "Key" and "User", and these + must hold the corresponding credentials: service access key + and service user name (pattern for the latter does not allow + special characters &,<,>,")' + type: string + required: + - auth_url + - container + - swiftSecretName + type: object + type: object + clientAuthenticationCertificates: + description: The Secrets containing TLS Client Certificate to use for + Authentication + items: + type: string + type: array + databaseSecretName: + description: The name of the K8s secret that holds the password to the + database. + type: string + evictionPolicy: + description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/ + type: string + memorySize: + description: memory size of database. use formats like 100MB, 0.1GB. + minimum value in 100MB. + type: string + modulesList: + description: List of modules associated with database + items: + description: 'Redis Enterprise Module: https://redislabs.com/redis-enterprise/modules/' + properties: + config: + description: Module command line arguments e.g. VKEY_MAX_ENTITY_COUNT + 30 + type: string + name: + description: The module's name e.g "ft" for redissearch + type: string + version: + description: Module's semantic version e.g "1.6.12" + type: string + required: + - name + - version + type: object + type: array + persistence: + description: Database on-disk persistence policy + enum: + - disabled + - aofEverySecond + - aofAlways + - snapshotEvery1Hour + - snapshotEvery6Hour + - snapshotEvery12Hour + type: string + rackAware: + description: 'Whether database should be rack aware. This improves availability + - more information: https://docs.redislabs.com/latest/rs/concepts/high-availability/rack-zone-awareness/' + type: boolean + redisEnterpriseCluster: + description: Connection to Redis Enterprise Cluster + properties: + name: + description: The name of the Redis Enterprise Cluster where the + database should be stored. + type: string + required: + - name + type: object + replicaSources: + description: What databases to replicate from + items: + properties: + clientKeySecret: + description: Secret that defines what client key to use. The + secret needs 2 keys in it's map, "cert" that is the PEM encoded + certificate and "key" that is the PEM encoded private key + type: string + compression: + description: GZIP Compression level (0-9) to use for replication + type: integer + replicaSourceName: + description: Kubernetes resource name of type ReplicaSourceType + type: string + replicaSourceType: + description: Determines what Kuberetes resource ReplicaSourceName + refers to SECRET - Get URI from secret named in ReplicaSourceName. The + secret will have a uri key that defines the complete, redis:// + URI REDB - Determine URI from Kubernetes REDB resource named + in ReplicaSourceName + type: string + serverCertSecret: + description: Secret that defines the Server's certificate. The + secret needs 1 key in it's map, "cert" that is the PEM encoded + certificate + type: string + tlsSniName: + description: TLS SNI Name to use + type: string + required: + - replicaSourceName + - replicaSourceType + type: object + type: array + replication: + description: In-memory database replication. When enabled, database + will have replica shard for every master - leading to higher availability. + type: boolean + shardCount: + description: Number of database server-side shards + type: integer + tlsMode: + description: Require SSL authenticated and encrypted connections to + the database. enabled - all incoming connections to the Database must + use SSL. disabled - no incoming connection to the Database should + use SSL. replica_ssl - databases that replicate from this one need + to use SSL. + enum: + - disabled + - enabled + - replica_ssl + type: string + type: object + status: + description: RedisEnterpriseDatabaseStatus defines the observed state of + RedisEnterpriseDatabase + properties: + createdTime: + description: Time when the database was created + type: string + databaseUID: + description: Database UID provided by redis enterprise + type: string + internalEndpoints: + description: Endpoints listed internally by the Redis Enterprise Cluster. + Can be used to correlate a ReplicaSourceStatus entry. + items: + properties: + host: + description: Hostname assigned to the database + type: string + port: + description: Database port name + type: integer + type: object + type: array + lastActionStatus: + description: Status of the last action done by operator on this database + type: string + lastActionUid: + description: UID of the last action done by operator on this database + type: string + lastUpdated: + description: Time when the database was last updated + type: string + observedGeneration: + description: 'The generation (built in update counter of K8s) of the + REDB resource that was fully acted upon, meaning that all changes + were handled and sent as an API call to the Redis Enterprise Cluster + (REC). This field value should equal the current generation when the + resource changes were handled. Note: the lastActionStatus field tracks + actions handled asynchronously by the Redis Enterprise Cluster.' + format: int64 + type: integer + redisEnterpriseCluster: + description: The Redis Enterprise Cluster Object this Resource is associated + with + type: string + replicaSourceStatuses: + description: ReplicaSource statuses + items: + properties: + endpointHost: + description: The internal host name of the replica source database. + Can be used as an identifier. See the internalEndpoints list + on the REDB status. + type: string + lag: + description: Lag in millisec between source and destination (while + synced). + type: integer + lastError: + description: Last error encountered when syncing from the source. + type: string + lastUpdate: + description: Time when we last receive an update from the source. + type: string + rdbSize: + description: The source’s RDB size to be transferred during the + syncing phase. + type: integer + rdbTransferred: + description: Number of bytes transferred from the source’s RDB + during the syncing phase. + type: integer + status: + description: Sync status of this source + type: string + required: + - endpointHost + type: object + type: array + shardStatuses: + additionalProperties: + type: integer + description: Aggregated statuses of shards + type: object + specStatus: + description: Whether the desired specification is valid + type: string + status: + description: The status of the database + type: string + version: + description: Database compatibility version + type: string + type: object + type: object + --- diff --git a/openshift/operator_rhel.yaml b/openshift/operator_rhel.yaml index 24b4cf3..d22d137 100644 --- a/openshift/operator_rhel.yaml +++ b/openshift/operator_rhel.yaml @@ -15,7 +15,7 @@ spec: serviceAccount: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.8-1 + image: redislabs/operator:6.0.8-20 securityContext: runAsUser: 1001 command: diff --git a/openshift/redis-enterprise-cluster_rhel.yaml b/openshift/redis-enterprise-cluster_rhel.yaml index 10c4d90..d55a4c9 100644 --- a/openshift/redis-enterprise-cluster_rhel.yaml +++ b/openshift/redis-enterprise-cluster_rhel.yaml @@ -19,5 +19,5 @@ spec: redisEnterpriseImageSpec: imagePullPolicy: IfNotPresent repository: redislabs/redis - versionTag: 6.0.8-28.rhel7-openshift + versionTag: 6.0.8-30.rhel7-openshift diff --git a/operator.yaml b/operator.yaml index 030c19e..2a284bf 100644 --- a/operator.yaml +++ b/operator.yaml @@ -15,7 +15,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.8-1 + image: redislabs/operator:6.0.8-20 command: - redis-enterprise-operator imagePullPolicy: Always diff --git a/redis_enterprise_cluster_api.md b/redis_enterprise_cluster_api.md index e28ffdc..8a896b3 100644 --- a/redis_enterprise_cluster_api.md +++ b/redis_enterprise_cluster_api.md @@ -6,7 +6,6 @@ This document describes the parameters for the Redis Enterprise Cluster custom r * [ActiveActive](#activeactive) * [ImageSpec](#imagespec) * [Module](#module) - * [PeerCluster](#peercluster) * [PersistentConfigurationSpec](#persistentconfigurationspec) * [RedisEnterpriseCluster](#redisenterprisecluster) * [RedisEnterpriseClusterList](#redisenterpriseclusterlist) @@ -29,7 +28,7 @@ This document describes the parameters for the Redis Enterprise Cluster custom r | ----- | ----------- | ------ | -------- | -------- | | method | Used to distinguish between different platforms implementation | [ActiveActiveMethod](#activeactivemethod) | | true | | apiIngressUrl | RS API URL | string | | true | -| dbIngressSuffix | DB ENDPOINT SUFFIX - will be used to set the db host ingress Creates a host name so it should be unique if more than one db is created on the cluster with the same name | string | | true | +| dbIngressSuffix | DB ENDPOINT SUFFIX - will be used to set the db host ingress . Creates a host name so it should be unique if more than one db is created on the cluster with the same name | string | | true | | ingressAnnotations | Used for ingress controllers such as ha-proxy or nginx in GKE | map[string]string | | false | [Back to Table of Contents](#table-of-contents) @@ -53,17 +52,6 @@ Image specification | versions | | []string | | true | [Back to Table of Contents](#table-of-contents) -### PeerCluster -Active Active peer cluster - -| Field | Description | Scheme | Default Value | Required | -| ----- | ----------- | ------ | -------- | -------- | -| fqdn | k8s cluster fqdn: cluster-name.namespace.svc.cluster.local | string | | true | -| apiIngressUrl | Redis Enterprise API URL | string | | true | -| dbIngressSuffix | DB host SUFFIX - will be used to set the db host ingress: Creates a host name so it should be unique if more than one db is created on the cluster with the same name | string | | true | -| authSecret | Name of k8s secret in current namespace that holds a \"password\" and \"username\" fields to allow connection to RS cluster API | string | | true | -[Back to Table of Contents](#table-of-contents) - ### PersistentConfigurationSpec Specification for Redis Enterprise Cluster persistence @@ -101,7 +89,7 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster | nodes | Number of Redis Enterprise nodes (pods) | int32 | 3 | true | | serviceAccountName | Name of the service account to use | string | RedisEnterpriseCluster's name | false | | createServiceAccount | Whether to create service account | *bool | True | false | -| uiServiceType | Type of service used to expose Redis Enterprise UI (https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) | *v1.ServiceType | v1.ServiceTypeClusterIP | false | +| uiServiceType | Type of service used to expose Redis Enterprise UI (https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) | *v1.ServiceType | ClusterIP | false | | uiAnnotations | Annotations for Redis Enterprise UI service | map[string]string | | false | | servicesRiggerSpec | Specification for service rigger | *[ServicesRiggerConfigurationSpec](#servicesriggerconfigurationspec) | | false | | license | Redis Enterprise License | string | Empty string which is a [Trial Mode licesne](https://docs.redislabs.com/latest/rs/administering/cluster-operations/settings/license-keys/#trial-mode) | false | diff --git a/redis_enterprise_database_api.md b/redis_enterprise_database_api.md index b448145..2e9b8ea 100644 --- a/redis_enterprise_database_api.md +++ b/redis_enterprise_database_api.md @@ -99,7 +99,7 @@ Redis Enterprise Module: https://redislabs.com/redis-enterprise/modules/ | Field | Description | Scheme | Default Value | Required | | ----- | ----------- | ------ | -------- | -------- | -| url | a URI of the \"ftp[s]://[USER[:PASSWORD]@]HOST[:PORT]/PATH[/]\" format | string | | true | +| url | a URI of the \"ftps://[USER[:PASSWORD]@]HOST[:PORT]/PATH[/]\" format | string | | true | [Back to Table of Contents](#table-of-contents) ### GoogleStorage @@ -161,7 +161,7 @@ RedisEnterpriseDatabaseSpec defines the desired state of RedisEnterpriseDatabase | Field | Description | Scheme | Default Value | Required | | ----- | ----------- | ------ | -------- | -------- | -| redisEnterpriseCluster | Connection to Redis Enterprise Cluster | [RedisEnterpriseConnection](#redisenterpriseconnection) | | true | +| redisEnterpriseCluster | Connection to Redis Enterprise Cluster | *[RedisEnterpriseConnection](#redisenterpriseconnection) | | false | | memorySize | memory size of database. use formats like 100MB, 0.1GB. minimum value in 100MB. | string | 100MB | false | | rackAware | Whether database should be rack aware. This improves availability - more information: https://docs.redislabs.com/latest/rs/concepts/high-availability/rack-zone-awareness/ | *bool | | false | | shardCount | Number of database server-side shards | uint16 | 1 | false | @@ -193,6 +193,7 @@ RedisEnterpriseDatabaseStatus defines the observed state of RedisEnterpriseDatab | version | Database compatibility version | string | | false | | replicaSourceStatuses | ReplicaSource statuses | [][ReplicaSourceStatus](#replicasourcestatus) | | false | | internalEndpoints | Endpoints listed internally by the Redis Enterprise Cluster. Can be used to correlate a ReplicaSourceStatus entry. | [][InternalEndpoint](#internalendpoint) | | false | +| redisEnterpriseCluster | The Redis Enterprise Cluster Object this Resource is associated with | string | | false | | observedGeneration | The generation (built in update counter of K8s) of the REDB resource that was fully acted upon, meaning that all changes were handled and sent as an API call to the Redis Enterprise Cluster (REC). This field value should equal the current generation when the resource changes were handled. Note: the lastActionStatus field tracks actions handled asynchronously by the Redis Enterprise Cluster. | int64 | | false | [Back to Table of Contents](#table-of-contents) @@ -202,10 +203,10 @@ RedisEnterpriseDatabaseStatus defines the observed state of RedisEnterpriseDatab | Field | Description | Scheme | Default Value | Required | | ----- | ----------- | ------ | -------- | -------- | | replicaSourceType | Determines what Kuberetes resource ReplicaSourceName refers to SECRET - Get URI from secret named in ReplicaSourceName. The secret will have a uri key that defines the complete, redis:// URI REDB - Determine URI from Kubernetes REDB resource named in ReplicaSourceName | [RepliceSourceType](#replicesourcetype) | | true | -| replicaSourceName | Kubernetes resource name of type ReplicaSourceType | string | | true | +| replicaSourceName | Kubernetes resource (SECRET/REDB) name of type ReplicaSourceType | string | | true | | compression | GZIP Compression level (0-9) to use for replication | int | | false | -| clientKeySecret | Secret that defines what client key to use. The secret needs 2 keys in it's map, \"cert\" that is the PEM encoded certificate and \"key\" that is the PEM encoded private key | *string | | false | -| serverCertSecret | Secret that defines the Server's certificate. The secret needs 1 key in it's map, \"cert\" that is the PEM encoded certificate | *string | | false | +| clientKeySecret | Secret that defines what client key to use. The secret needs 2 keys in its map, \"cert\" that is the PEM encoded certificate and \"key\" that is the PEM encoded private key | *string | | false | +| serverCertSecret | Secret that defines the Server's certificate. The secret needs 1 key in its map, \"cert\" that is the PEM encoded certificate | *string | | false | | tlsSniName | TLS SNI Name to use | *string | | false | [Back to Table of Contents](#table-of-contents) diff --git a/release_info.yaml b/release_info.yaml index 48c07fd..6722332 100644 --- a/release_info.yaml +++ b/release_info.yaml @@ -1,2 +1,2 @@ -operatorVersion: 6.0.8-1 -rsVersion: 6.0.8-28 +operatorVersion: 6.0.8-20 +rsVersion: 6.0.8-30 From 8b31411020aad5b2a8448f559c6c102a9c683b79 Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Thu, 10 Dec 2020 15:50:38 +0200 Subject: [PATCH 17/29] Update README.md --- admission/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/admission/README.md b/admission/README.md index fa8e72a..5a7e277 100644 --- a/admission/README.md +++ b/admission/README.md @@ -98,5 +98,5 @@ EOF This must fail with an error output by the admission webhook redb.admisison.redislabs that is being denied because it can't get the login credentials for the Redis Enterprise Cluster as none were specified. ```shell script -Error from server: error when creating "STDIN": admission webhook "redb.admission.redislabs" denied the request: createRECClient: GetLoginInfo: resource name may not be empty +Error from server: error when creating "STDIN": admission webhook "redb.admission.redislabs" denied the request: eviction_policy: u'illegal' is not one of [u'volatile-lru', u'volatile-ttl', u'volatile-random', u'allkeys-lru', u'allkeys-random', u'noeviction', u'volatile-lfu', u'allkeys-lfu'] ``` From b5bbcea781638144bbcbda36c9e37c4f5ade6f4c Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Thu, 10 Dec 2020 15:51:25 +0200 Subject: [PATCH 18/29] Update README.md --- multi-namespace-redb/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/multi-namespace-redb/README.md b/multi-namespace-redb/README.md index 34cc01e..f845575 100644 --- a/multi-namespace-redb/README.md +++ b/multi-namespace-redb/README.md @@ -69,7 +69,8 @@ value: "comma,delimited,list,of,namespaces,to,watch" ... ``` ### 4. Updating the admission control deployment -Admission control for REDB is recommended. If that is used, repeat step 3 to update the admission-deploy deployment (same environment variable). +Admission control for REDB is recommended. If that is used, repeat step 3 to update the admission-deploy deployment (same environment variable). +_Note: make sure to edit the container spec under 'containers' and not 'initContainers'_ After these steps have been done, users within the specified namespaces that have permission to create REDB objects will be able to create them. The database will be created within the centrally managed redis enterprise cluster and services corresponding to the databases will be visible within the namespace. From 0cda7df6415db55421ce4758b51ba776a6cbf7ba Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Thu, 10 Dec 2020 15:52:00 +0200 Subject: [PATCH 19/29] Update role_binding.yaml --- multi-namespace-redb/role_binding.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/multi-namespace-redb/role_binding.yaml b/multi-namespace-redb/role_binding.yaml index e756453..5d3d63f 100644 --- a/multi-namespace-redb/role_binding.yaml +++ b/multi-namespace-redb/role_binding.yaml @@ -6,6 +6,9 @@ subjects: - kind: ServiceAccount name: redis-enterprise-operator namespace: NAMESPACE_OF_SERVICE_ACCOUNT +- kind: ServiceAccount + name: redis-enterprise-admission + namespace: NAMESPACE_OF_SERVICE_ACCOUNT - kind: ServiceAccount name: NAME_OF_REC_SERVICE_ACCOUNT # service account of the REC, usually the same as the name of the custom resource namespace: NAMESPACE_OF_SERVICE_ACCOUNT From ef711daccf5ad28e6696feb2431622bff9bc8a8c Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Thu, 10 Dec 2020 15:56:37 +0200 Subject: [PATCH 20/29] Delete README.md --- crds/README.md | 30 ------------------------------ 1 file changed, 30 deletions(-) delete mode 100644 crds/README.md diff --git a/crds/README.md b/crds/README.md deleted file mode 100644 index 542f90e..0000000 --- a/crds/README.md +++ /dev/null @@ -1,30 +0,0 @@ -## CRD's Schema
- - -Purpose: -The schema is meant to ease the use of CRDs by restricting the fields to defined types and providing relevant description. - - -### Work Flow - How add a new field: -* Not all steps are always required - -#### 1. Update Tags: -In the files -+ `pkg/apis/app/v1alpha1/redisenterprisedatabase_types.go`
-+ `pkg/apis/app/v1alpha1/redisenterprisecluster_types.go`
-add tags on top of variables to mark allowed types (Enum)
-(see: https://book.kubebuilder.io/reference/markers/crd-validation.html).
-They will be used by the operator sdk when creating the scheme.
-**Default values** do not appear in the schema since the operator has its own default mechanism. - - -#### 2 .Create the schema: -1) Install operator-sdk version 0.17.2.
-See: https://sdk.operatorframework.io/docs/installation/install-operator-sdk/#install-from-github-release -2) Run `operator-sdk generate crds` - -#### 3. Update the schema: -- Edit the current schema in all of the relevant CRD yamls with the new section that was generated
-- Note that fields which are k8s objects might be very long - e.g. `SideContainersSpec` -in this case -
it appears in the schema but with no description in the fields since it extends the schema and is not unique for Redis Enterprise. - From b7973cd380e588bdb6043f20b9f4df933cb3476d Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Thu, 10 Dec 2020 15:59:16 +0200 Subject: [PATCH 21/29] Update log_collector.py --- log_collector/log_collector.py | 37 ++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/log_collector/log_collector.py b/log_collector/log_collector.py index 34fce92..ba62f2a 100755 --- a/log_collector/log_collector.py +++ b/log_collector/log_collector.py @@ -28,6 +28,8 @@ TIME_FORMAT = time.strftime("%Y%m%d-%H%M%S") +timeout = 180 + API_RESOURCES = [ "RedisEnterpriseCluster", "RedisEnterpriseDatabase", @@ -75,7 +77,6 @@ def make_dir(directory): def _get_namespaces_to_run_on(namespace): - def _get_namespace_from_config(): config_namespace = get_namespace_from_config() if not config_namespace: @@ -96,6 +97,21 @@ def _get_namespace_from_config(): return namespace.split(',') +def collect_from_ns(namespace, output_dir): + "Collect the context of a specific namespace. Typically runs in parallel processes." + logger.info("Started collecting from namespace '%s'", namespace) + ns_output_dir = output_dir + ("/" + namespace if output_dir[-1] != '/' else namespace) + make_dir(ns_output_dir) + + get_redis_enterprise_debug_info(namespace, ns_output_dir) + collect_pod_rs_logs(namespace, ns_output_dir) + collect_resources_list(namespace, ns_output_dir) + collect_events(namespace, ns_output_dir) + collect_api_resources(namespace, ns_output_dir) + collect_api_resources_description(namespace, ns_output_dir) + collect_pods_logs(namespace, ns_output_dir) + + def run(namespace_input, output_dir): """ Collect logs @@ -111,22 +127,9 @@ def run(namespace_input, output_dir): make_dir(output_dir) collect_cluster_info(output_dir) - def collect_from_ns(namespace): - logger.info("Started collecting from namespace '%s'", namespace) - ns_output_dir = output_dir + ("/" + namespace if output_dir[-1] != '/' else namespace) - make_dir(ns_output_dir) - - get_redis_enterprise_debug_info(namespace, ns_output_dir) - collect_pod_rs_logs(namespace, ns_output_dir) - collect_resources_list(namespace, ns_output_dir) - collect_events(namespace, ns_output_dir) - collect_api_resources(namespace, ns_output_dir) - collect_api_resources_description(namespace, ns_output_dir) - collect_pods_logs(namespace, ns_output_dir) - processes = [] for namespace in namespaces: - p = Process(target=collect_from_ns, args=[namespace]) + p = Process(target=collect_from_ns, args=[namespace, output_dir]) p.start() processes.append(p) @@ -135,7 +138,7 @@ def collect_from_ns(namespace): archive_files(output_dir, output_file_name) logger.info("Finished Redis Enterprise log collector") - logger.info("--- Run time: %d minutes ---", round(((time.time() - start_time)/60), 3)) + logger.info("--- Run time: %d minutes ---", round(((time.time() - start_time) / 60), 3)) def get_non_ready_rs_pod_names(namespace): @@ -576,7 +579,7 @@ def run_kubectl_describe(namespace, resource_type): "when left empty will use namespace from kube config") parser.add_argument('-o', '--output_dir', action="store", type=str) parser.add_argument('-t', '--timeout', action="store", - type=int, default=180, + type=int, default=timeout, help="time to wait for external commands to " "finish execution " "(default: 180s, specify 0 to not timeout) " From 920b0acbb50a5f295a3ee7ae82254e9664220c85 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 8 Feb 2021 17:37:04 +0000 Subject: [PATCH 22/29] promoting version 6.0.12-5 --- .gitignore | 2 +- README.md | 238 +++++++++++++----- admission.bundle.yaml | 4 +- admission/GESHER.md | 12 +- admission/deployment.yaml | 4 +- advanced/psp.yaml | 2 +- bundle.yaml | 27 +- crds/README.md | 30 +++ .../rec_crd.yaml} | 0 .../rec_crd.yaml} | 25 ++ .../redb_crd.yaml} | 23 ++ .../v1/rec.yaml | 2 +- .../v1alpha1/rec.yaml | 0 .../v1alpha1/redb.yaml | 0 log_collector/log_collector.py | 31 ++- multi-namespace-redb/README.md | 3 + multi-namespace-redb/operator.yaml | 2 +- openshift.bundle.yaml | 27 +- openshift/operator_rhel.yaml | 2 +- openshift/rec_rhel.yaml | 14 ++ openshift/redis-enterprise-cluster_rhel.yaml | 23 -- openshift/role.yaml | 2 +- operator.yaml | 2 +- redis_enterprise_cluster_api.md | 14 ++ redis_enterprise_database_api.md | 24 +- release_info.yaml | 4 +- role.yaml | 2 +- vault/cluster_role_binding.yaml | 15 ++ 28 files changed, 414 insertions(+), 120 deletions(-) create mode 100644 crds/README.md rename crds/{app_v1_redisenterprisecluster_crd.yaml => v1/rec_crd.yaml} (100%) rename crds/{app_v1alpha1_redisenterprisecluster_crd.yaml => v1alpha1/rec_crd.yaml} (98%) rename crds/{app_v1alpha1_redisenterprisedatabase_crd.yaml => v1alpha1/redb_crd.yaml} (96%) rename crds/app_v1_redisenterprisecluster_cr.yaml => examples/v1/rec.yaml (80%) rename crds/app_v1alpha1_redisenterprisecluster_cr.yaml => examples/v1alpha1/rec.yaml (100%) rename crds/app_v1alpha1_redisenterprisedatabase_cr.yaml => examples/v1alpha1/redb.yaml (100%) create mode 100644 openshift/rec_rhel.yaml delete mode 100644 openshift/redis-enterprise-cluster_rhel.yaml create mode 100644 vault/cluster_role_binding.yaml diff --git a/.gitignore b/.gitignore index 723ef36..5c3bdbb 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -.idea \ No newline at end of file +*bundle.yaml diff --git a/README.md b/README.md index e5f4b94..b027c0d 100644 --- a/README.md +++ b/README.md @@ -27,14 +27,14 @@ This page describe how to deploy Redis Enterprise on Kubernetes using the Redis The following are the images and tags for this release: | Component | k8s | Openshift | | --- | --- | --- | -| Redis Enterprise | `redislabs/redis:6.0.8-30` | `redislabs/redis:6.0.8-30.rhel7-openshift` | -| Operator | `redislabs/operator:6.0.8-20` | `redislabs/operator:6.0.8-20` | -| Services Rigger | `redislabs/k8s-controller:6.0.8-20` | `redislabs/k8s-controller:6.0.8-20` | +| Redis Enterprise | `redislabs/redis:6.0.12-57` | `redislabs/redis:6.0.12-57.rhel7-openshift` | +| Operator | `redislabs/operator:6.0.12-5` | `redislabs/operator:6.0.12-5` | +| Services Rigger | `redislabs/k8s-controller:6.0.12-5` | `redislabs/k8s-controller:6.0.12-5` | > * RedHat certified images are available on [Redhat Catalog](https://access.redhat.com/containers/#/product/71f6d1bb3408bd0d)
### Installation -The "Basic" installation deploys the operator (from the current release) with the default Ubuntu/Alpine base OS images from DockerHub and default settings. +The "Basic" installation deploys the operator (from the current release) from DockerHub and default settings. Recommended for KOPS, GKE, AKS, Rancher, VMWare Tanzu. This is the fastest way to get up and running with a new Redis Enterprise on Kubernetes. 1. Create a new namespace: @@ -63,16 +63,12 @@ This is the fastest way to get up and running with a new Redis Enterprise on Kub kubectl apply -f role.yaml kubectl apply -f role_binding.yaml kubectl apply -f service_account.yaml - kubectl apply -f crds/app_v1_redisenterprisecluster_crd.yaml - kubectl apply -f crds/app_v1alpha1_redisenterprisedatabase_crd.yaml + kubectl apply -f crds/v1/rec_crd.yaml + kubectl apply -f crds/v1alpha1/redb_crd.yaml kubectl apply -f operator.yaml ``` - > Note: The rbac.yaml file used in previous releases has been broken down into three distinct files: - `role.yaml`, `role_binding.yaml` and `service_account.yaml`. - The `crd.yaml` file was renamed to `redisenterprisecluster_crd.yaml`, with the API version prepended to the filename. - Apply the `crds/app_v1alpha1_redisenterprisedatabase_crd.yaml` if managing database instances through Kubernetes API and commands is desired. -3. Run `kubectl get deployment` and verify redis-enterprise-operator deployment is running. + Run `kubectl get deployment` and verify redis-enterprise-operator deployment is running. A typical response may look like this: @@ -81,25 +77,79 @@ This is the fastest way to get up and running with a new Redis Enterprise on Kub redis-enterprise-operator 1/1 1 1 2m ``` -4. Redis Enterprise Cluster custom resource - `RedisEnterpriseCluster` +3. Redis Enterprise Cluster custom resource - `RedisEnterpriseCluster` - Create a `RedisEnterpriseCluster`(REC) using the default configuration, which is suitable for development type deployments and works in typical scenarios. For more advanced deployment options you may choose the configuration relevant for you - see the index at the top for documentation references that cover many scenarios and the examples in the example folder. + Create a `RedisEnterpriseCluster`(REC) using the default configuration, which is suitable for development type deployments and works in typical scenarios. The full list of attributes supported through the Redis Enterprise Cluster (REC) API can be found [HERE](redis_enterprise_cluster_api.md). Some examples can be found in the examples folder. ```bash - kubectl apply -f crds/app_v1_redisenterprisecluster_cr.yaml + kubectl apply -f examples/v1/rec.yaml ``` - > Notes: - > 1. The `redis-enterprise-cluster.yaml` file was renamed to `redisenterprisecluster_cr.yaml`, with the API version prepended to the filename. - > 2. The Operator can only manage one Redis Enterprise Cluster custom resource in a namespace. To deploy another Enterprise Clusters in the same Kubernetes cluster, deploy an Operator in an additional namespace for each additional Enterprise Cluster required. Note that each Enterprise Cluster can effectively host hundreds of Redis Database instances. Deploying multiple clusters is typically used for scenarios where complete operational isolation is required at the cluster level. - -5. Run ```kubectl get rec``` and verify creation was successful. `rec` is a shortcut for RedisEnterpriseCluster. + > Note: + The Operator can only manage one Redis Enterprise Cluster custom resource in a namespace. To deploy another Enterprise Clusters in the same Kubernetes cluster, deploy an Operator in an additional namespace for each additional Enterprise Cluster required. Note that each Enterprise Cluster can effectively host hundreds of Redis Database instances. Deploying multiple clusters is typically used for scenarios where complete operational isolation is required at the cluster level. + +4. Run ```kubectl get rec``` and verify creation was successful. `rec` is a shortcut for RedisEnterpriseCluster. The cluster takes around 5-10 minutes to come up. A typical response may look like this: ``` - NAME AGE - redis-enterprise 5m + NAME AGE + rec 5m ``` - + > Note: Once the cluster is up, the cluster GUI and API could be used to configure databases. It is recommended to use the K8s REDB API that is configured through the following steps. To configure the cluster using the cluster GUI/API, use the ui service created by the operator and the default credentials as set in a secret. The secret name is the same as the cluster name within the namespace. +5. Redis Enterprise Database (REDB) Admission Controller: + The Admission Controlller is recommended for use. It uses the Redis Enterprise Cluster to dynamically validate that REDB resources as configured by the operator are valid. + Steps to configure the Admission Controller: + * Install the Admission Controller via a bundle: + ```shell script + kubectl create -f admission.bundle.yaml + ``` + * Wait for the secret to be created: + ```shell script + kubectl get secret admission-tls + NAME TYPE DATA AGE + admission-tls Opaque 2 2m43s + ``` + * Enable the Kubernetes webhook using the generated certificate + + **NOTE**: One must replace REPLACE_WITH_NAMESPACE in the following command with the namespace the REC was installed into. + + ```shell script + # save cert + CERT=`kubectl get secret admission-tls -o jsonpath='{.data.cert}'` + sed 's/NAMESPACE_OF_SERVICE_ACCOUNT/REPLACE_WITH_NAMESPACE/g' webhook.yaml | kubectl create -f - + + # create patch file + cat > modified-webhook.yaml < Note: procedure to enable admission is documented with further detail [here](admission/README.md + 6. Redis Enterprise Database custom resource - `RedisEnterpriseDatabase` Create a `RedisEnterpriseDatabase` (REDB) by using Custom Resource. @@ -112,8 +162,6 @@ This is the fastest way to get up and running with a new Redis Enterprise on Kub metadata: name: redis-enterprise-database spec: - redisEnterpriseCluster: - name: redis-enterprise memorySize: 100MB EOF kubectl apply -f /tmp/redis-enterprise-database.yml @@ -122,9 +170,6 @@ This is the fastest way to get up and running with a new Redis Enterprise on Kub All REDB configuration options are documented [here](redis_enterprise_database_api.md). - > Optional: REDB admission controller - > - > When using the REDB Custom Resource Definition (Redis Enterprise Database) it is recommended to set up admission control to improve input validation and catch configuration errors before they reach the cluster. The procedure is documented [here](admission/README.md) @@ -169,10 +214,64 @@ Other custom configurations are referenced in this repository. Apply the `RedisEnterpriseCluster` resource with RHEL7 based images: ```bash - oc apply -f openshift/redis-enterprise-cluster_rhel.yaml + oc apply -f openshift/rec_rhel.yaml ``` - -6. Redis Enterprise Database custom resource - `RedisEnterpriseDatabase` +6. Redis Enterprise Database (REDB) Admission Controller: + The Admission Controlller is recommended for use. It uses the Redis Enterprise Cluster to dynamically validate that REDB resources as configured by the operator are valid. + Steps to configure the Admission Controller: + * Install the Admission Controller via a bundle: + ```shell script + kubectl create -f admission.bundle.yaml + ``` + * Wait for the secret to be created: + ```shell script + kubectl get secret admission-tls + NAME TYPE DATA AGE + admission-tls Opaque 2 2m43s + ``` + * Enable the Kubernetes webhook using the generated certificate + + **NOTE**: One must replace REPLACE_WITH_NAMESPACE in the following command with the namespace the REC was installed into. + + ```shell script + # save cert + CERT=`kubectl get secret admission-tls -o jsonpath='{.data.cert}'` + sed 's/NAMESPACE_OF_SERVICE_ACCOUNT/REPLACE_WITH_NAMESPACE/g' webhook.yaml | kubectl create -f - + + # create patch file + cat > modified-webhook.yaml < Note: procedure to enable admission is documented with further detail [here](admission/README.md + +7. Redis Enterprise Database custom resource - `RedisEnterpriseDatabase` Create a `RedisEnterpriseDatabase` (REDB) by using Custom Resource. The Redis Enterprise Operator can be instructed to manage databases on the Redis Enterprise Cluster using the REDB custom resource. @@ -184,8 +283,7 @@ Other custom configurations are referenced in this repository. metadata: name: redis-enterprise-database spec: - redisEnterpriseCluster: - name: redis-enterprise + memorySize: 100MB EOF kubectl apply -f /tmp/redis-enterprise-database.yml @@ -194,13 +292,9 @@ Other custom configurations are referenced in this repository. All REDB configuration options are documented [here](redis_enterprise_database_api.md). - > Optional: REDB admission controller - > - > When using the REDB Custom Resource Definition (Redis Enterprise Database) it is recommended to set up admission controller to improve input validation and catch configuration errors before they reach the cluster. The procedure is documented [here](admission/README.md). - -### Installation on PKS - Instruction on how to deploy the Operator on PKS can be found on the [Redis Labs documentation Website](https://docs.redislabs.com/latest/platforms/pks/) +### Installation on VMWare Tanzu + Instruction on how to deploy the Operator on PKS can be found on the [Redis Labs documentation Website](https://docs.redislabs.com/latest/platforms/kubernetes/getting-started/tanzu/) ## Configuration @@ -213,7 +307,7 @@ The operator deploys a `RedisEnterpriseCluster` with default configurations valu redisEnterpriseImageSpec: imagePullPolicy: IfNotPresent repository: redislabs/redis - versionTag: 6.0.8-30 + versionTag: 6.0.12-57 ``` * Persistence @@ -315,21 +409,21 @@ For example: redisEnterpriseImageSpec: imagePullPolicy: IfNotPresent repository: harbor.corp.local/redisenterprise/redis - versionTag: 6.0.8-30 + versionTag: 6.0.12-57 ``` ```yaml redisEnterpriseServicesRiggerImageSpec: imagePullPolicy: IfNotPresent repository: harbor.corp.local/redisenterprise/k8s-controller - versionTag: 6.0.8-20 + versionTag: 6.0.12-5 ``` ```yaml bootstrapperImageSpec: imagePullPolicy: IfNotPresent repository: harbor.corp.local/redisenterprise/operator - versionTag: 6.0.8-20 + versionTag: 6.0.12-5 ``` In Operator Deployment spec (operator.yaml): @@ -341,7 +435,7 @@ spec: spec: containers: - name: redis-enterprise-operator - image: harbor.corp.local/redisenterprise/operator:6.0.8-20 + image: harbor.corp.local/redisenterprise/operator:6.0.12-5 ``` Image specification follow the [K8s Container schema](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#container-v1-core). @@ -392,7 +486,7 @@ spec: The Operator automates and simplifies the upgrade process. The Redis Enterprise Cluster Software, and the Redis Enterprise Operator for Kubernetes versions are tightly coupled and should be upgraded together. It is recommended to use the bundle.yaml to upgrade, as it loads all the relevant CRD documents for this version. If the updated CRDs are not loaded, the operator might fail. -There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within the Redis Enterprise Cluster Spec to instruct the operator to automatically upgrade to the compatible version, or specify the correct Redis Enterprise image manually using the versionTag attribute. The Redis Enterprise Version compatible with this release is 6.0.8-30 +There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within the Redis Enterprise Cluster Spec to instruct the operator to automatically upgrade to the compatible version, or specify the correct Redis Enterprise image manually using the versionTag attribute. The Redis Enterprise Version compatible with this release is 6.0.12-57 ```yaml autoUpgradeRedisEnterprise: true @@ -401,29 +495,39 @@ There are two ways to upgrade - either set 'autoUpgradeRedisEnterprise' within t Alternatively: ```yaml RedisEnterpriseImageSpec: - versionTag: redislabs/redis:6.0.8-30 + versionTag: redislabs/redis:6.0.12-57 ``` ## Supported K8S Distributions -Each release of the Redis Enterprise Operator deployment is thoroughly tested against a set of Kubernetes distributions. The table below lists these, along with the current release's support status. "Supported", as well as "deprecated" support status indicates the current release has been tested in this environment and supported by RedisLabs. "Deprecated" also indicates that support will be dropped in a coming future release. "No longer supported" indicates that support has been dropped for this distribution. Any distribution that isn't explicitly listed is not supported for production workloads by RedisLabs. -| Distribution | Support Status | -|-------------------|---------------------| -| Openshift 3.11 | supported | -| Openshift 4.1 | supported | -| Openshift 4.2 | supported | -| Openshift 4.3 | supported | -| Openshift 4.4 | supported | -| OpenShift 4.5 | supported | -| KOPS vanilla 1.9 | no longer supported | -| KOPS vanilla 1.10 | no longer supported | -| KOPS vanilla 1.11 | no longer supported | -| KOPS vanilla 1.12 | no longer supported | -| KOPS vanilla 1.13 | supported | -| KOPS vanilla 1.14 | supported | -| KOPS vanilla 1.15 | supported | -| KOPS vanilla 1.16 | supported | -| KOPS vanilla 1.17 | supported | -| GKE 1.14 | supported | -| GKE 1.15 | supported | -| GKE 1.16 | supported | -| Rancher 2.4 | supported | +Each release of the Redis Enterprise Operator deployment is thoroughly tested against a set of Kubernetes distributions. The table below lists these, along with the current release's support status. "Supported", as well as "deprecated" support status indicates the current release has been tested in this environment and supported by RedisLabs. "Deprecated" also indicates that support will be dropped in a coming future release. "No longer supported" indicates that support has been dropped for this distribution. Any distribution that isn't explicitly listed is not supported for production workloads by RedisLabs. +Supported versions (platforms/versions that are not listed are not supported): +| Distribution | Support Status | +|---------------------------------|----------------| +| Openshift 3.11 (K8s 1.11) | supported | +| Openshift 4.1 (K8s 1.13) | deprecated* | +| Openshift 4.2 (K8s 1.14) | deprecated* | +| Openshift 4.3 (K8s 1.16) | deprecated* | +| Openshift 4.4 (K8s 1.17) | supported | +| OpenShift 4.5 (K8s 1.18) | supported | +| OpenShift 4.6 (K8s 1.19) | supported | +| KOPS vanilla 1.13 | deprecated | +| KOPS vanilla 1.14 | supported | +| KOPS vanilla 1.15 | supported | +| KOPS vanilla 1.16 | supported | +| KOPS vanilla 1.17 | supported | +| KOPS vanilla 1.18 | supported | +| KOPS vanilla 1.19 | supported | +| GKE 1.14 | deprecated** | +| GKE 1.15 | supported | +| GKE 1.16 | supported | +| Rancher 2.4 (K8s 1.17) | supported | +| Rancher 2.4 (K8s 1.18) | supported | +| Rancher 2.5 (K8s 1.17) | supported | +| Rancher 2.5 (K8s 1.18) | supported | +| Rancher 2.5 (K8s 1.19). | supported | +| VMWare TKGIE*** 1.7 (K8s 1.16) | supported | +| AKS 1.18 | supported | + +\* No longer supported by Red Hat +\*\* No longer supported by Google +\*\*\* Tanzu Kubernetes Grid Integrated Edition diff --git a/admission.bundle.yaml b/admission.bundle.yaml index 67ffe6b..a1c1a04 100644 --- a/admission.bundle.yaml +++ b/admission.bundle.yaml @@ -57,7 +57,7 @@ spec: serviceAccountName: redis-enterprise-admission containers: - name: admin - image: redislabs/operator:6.0.8-20 + image: redislabs/operator:6.0.12-5 command: - /usr/local/bin/admission imagePullPolicy: Always @@ -86,7 +86,7 @@ spec: scheme: HTTPS initContainers: - name: admin-init - image: redislabs/operator:6.0.8-20 + image: redislabs/operator:6.0.12-5 command: - /usr/local/bin/admission args: diff --git a/admission/GESHER.md b/admission/GESHER.md index ec275cc..d6781d5 100644 --- a/admission/GESHER.md +++ b/admission/GESHER.md @@ -86,7 +86,7 @@ This will deploy the admission proxy, and via an included **NamespacedValidating 8. Deployment for the Gesher operator -**Note:** if one is using openshift, one should replace `operator.yaml` with `operator.openshift.yaml` + **Note:** if one is using openshift, one should replace `operator.yaml` with `operator.openshift.yaml` ```shell script kubectl apply -f gesher/operator.yaml @@ -239,12 +239,14 @@ $ kubectl apply -f - << EOF apiVersion: app.redislabs.com/v1alpha1 kind: RedisEnterpriseDatabase metadata: - name: test-database-custom-resource + name: redis-enterprise-database +spec: + evictionPolicy: illegal EOF ``` -This must fail with an error output by the admission webhook redb.admisison.redislabs that is being denied because it can't get the login credentials for the Redis Enterprise Cluster as none were specified. +This must fail with an error output by the admission webhook proxy.webhook.gesher that is being denied because 'illegal' is not a valid eviction policy. ```shell script -Error from server: error when creating "STDIN": admission webhook "proxy.webhook.gesher" denied the request: proxied webhook webhook denied the request: failed get RedisEnterpriseCluster client: custom resource (RedisEnterpriseCluster) not found: resource name may not be empty -``` \ No newline at end of file +Error from server: error when creating "STDIN": admission webhook "proxy.webhook.gesher" denied the request: proxied webhook webhook denied the request: eviction_policy: u'illegal' is not one of [u'volatile-lru', u'volatile-ttl', u'volatile-random', u'allkeys-lru', u'allkeys-random', u'noeviction', u'volatile-lfu', u'allkeys-lfu'] +``` diff --git a/admission/deployment.yaml b/admission/deployment.yaml index b062850..baae0f8 100644 --- a/admission/deployment.yaml +++ b/admission/deployment.yaml @@ -14,7 +14,7 @@ spec: serviceAccountName: redis-enterprise-admission containers: - name: admin - image: redislabs/operator:6.0.8-20 + image: redislabs/operator:6.0.12-5 command: - /usr/local/bin/admission imagePullPolicy: Always @@ -43,7 +43,7 @@ spec: scheme: HTTPS initContainers: - name: admin-init - image: redislabs/operator:6.0.8-20 + image: redislabs/operator:6.0.12-5 command: - /usr/local/bin/admission args: diff --git a/advanced/psp.yaml b/advanced/psp.yaml index de095e1..019d294 100644 --- a/advanced/psp.yaml +++ b/advanced/psp.yaml @@ -1,4 +1,4 @@ -apiVersion: extensions/v1beta1 +apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: redis-enterprise-psp diff --git a/bundle.yaml b/bundle.yaml index 7f3fe63..ce56340 100644 --- a/bundle.yaml +++ b/bundle.yaml @@ -23,7 +23,7 @@ rules: resources: ["events"] verbs: ["create"] - apiGroups: ["apps"] - resources: ["deployments", "statefulsets"] + resources: ["deployments", "statefulsets", "replicasets"] verbs: ["*"] - apiGroups: ["policy"] resources: ["poddisruptionbudgets"] @@ -1772,7 +1772,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.8-20 + image: redislabs/operator:6.0.12-5 command: - redis-enterprise-operator imagePullPolicy: Always @@ -2123,6 +2123,9 @@ spec: description: The name of the K8s secret that holds the password to the database. type: string + defaultUser: + description: Is connecting with a default user allowed? + type: boolean evictionPolicy: description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/ type: string @@ -2213,6 +2216,26 @@ spec: description: In-memory database replication. When enabled, database will have replica shard for every master - leading to higher availability. type: boolean + rolesPermissions: + description: List of Redis Enteprise ACL and Role bindings to apply + items: + description: Redis Enterprise Role and ACL Binding + properties: + acl: + description: Acl Name of RolePermissionType + type: string + role: + description: Role Name of RolePermissionType + type: string + type: + description: Type of Redis Enterprise Database Role Permission + type: string + required: + - acl + - role + - type + type: object + type: array shardCount: description: Number of database server-side shards type: integer diff --git a/crds/README.md b/crds/README.md new file mode 100644 index 0000000..542f90e --- /dev/null +++ b/crds/README.md @@ -0,0 +1,30 @@ +## CRD's Schema
+ + +Purpose: +The schema is meant to ease the use of CRDs by restricting the fields to defined types and providing relevant description. + + +### Work Flow - How add a new field: +* Not all steps are always required + +#### 1. Update Tags: +In the files ++ `pkg/apis/app/v1alpha1/redisenterprisedatabase_types.go`
++ `pkg/apis/app/v1alpha1/redisenterprisecluster_types.go`
+add tags on top of variables to mark allowed types (Enum)
+(see: https://book.kubebuilder.io/reference/markers/crd-validation.html).
+They will be used by the operator sdk when creating the scheme.
+**Default values** do not appear in the schema since the operator has its own default mechanism. + + +#### 2 .Create the schema: +1) Install operator-sdk version 0.17.2.
+See: https://sdk.operatorframework.io/docs/installation/install-operator-sdk/#install-from-github-release +2) Run `operator-sdk generate crds` + +#### 3. Update the schema: +- Edit the current schema in all of the relevant CRD yamls with the new section that was generated
+- Note that fields which are k8s objects might be very long - e.g. `SideContainersSpec` +in this case -
it appears in the schema but with no description in the fields since it extends the schema and is not unique for Redis Enterprise. + diff --git a/crds/app_v1_redisenterprisecluster_crd.yaml b/crds/v1/rec_crd.yaml similarity index 100% rename from crds/app_v1_redisenterprisecluster_crd.yaml rename to crds/v1/rec_crd.yaml diff --git a/crds/app_v1alpha1_redisenterprisecluster_crd.yaml b/crds/v1alpha1/rec_crd.yaml similarity index 98% rename from crds/app_v1alpha1_redisenterprisecluster_crd.yaml rename to crds/v1alpha1/rec_crd.yaml index 7f7f2c7..9788a7a 100644 --- a/crds/app_v1alpha1_redisenterprisecluster_crd.yaml +++ b/crds/v1alpha1/rec_crd.yaml @@ -3,6 +3,31 @@ kind: CustomResourceDefinition metadata: name: redisenterpriseclusters.app.redislabs.com spec: + additionalPrinterColumns: + - JSONPath: .spec.nodes + name: Nodes + type: string + - JSONPath: .spec.redisEnterpriseImageSpec.versionTag + name: Version + type: string + - JSONPath: .status.state + name: State + type: string + - JSONPath: .status.specStatus + name: Spec Status + type: string + - JSONPath: .status.licenseStatus.licenseState + name: License State + type: string + - JSONPath: .status.licenseStatus.shardsLimit + name: Shards Limit + type: string + - JSONPath: .status.licenseStatus.expirationDate + name: License Expiration Date + type: string + - name: Age + type: date + JSONPath: .metadata.creationTimestamp group: app.redislabs.com names: kind: RedisEnterpriseCluster diff --git a/crds/app_v1alpha1_redisenterprisedatabase_crd.yaml b/crds/v1alpha1/redb_crd.yaml similarity index 96% rename from crds/app_v1alpha1_redisenterprisedatabase_crd.yaml rename to crds/v1alpha1/redb_crd.yaml index e73b213..6965ad4 100644 --- a/crds/app_v1alpha1_redisenterprisedatabase_crd.yaml +++ b/crds/v1alpha1/redb_crd.yaml @@ -324,6 +324,9 @@ spec: description: The name of the K8s secret that holds the password to the database. type: string + defaultUser: + description: Is connecting with a default user allowed? + type: boolean evictionPolicy: description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/ type: string @@ -414,6 +417,26 @@ spec: description: In-memory database replication. When enabled, database will have replica shard for every master - leading to higher availability. type: boolean + rolesPermissions: + description: List of Redis Enteprise ACL and Role bindings to apply + items: + description: Redis Enterprise Role and ACL Binding + properties: + acl: + description: Acl Name of RolePermissionType + type: string + role: + description: Role Name of RolePermissionType + type: string + type: + description: Type of Redis Enterprise Database Role Permission + type: string + required: + - acl + - role + - type + type: object + type: array shardCount: description: Number of database server-side shards type: integer diff --git a/crds/app_v1_redisenterprisecluster_cr.yaml b/examples/v1/rec.yaml similarity index 80% rename from crds/app_v1_redisenterprisecluster_cr.yaml rename to examples/v1/rec.yaml index b66bfbb..2480955 100644 --- a/crds/app_v1_redisenterprisecluster_cr.yaml +++ b/examples/v1/rec.yaml @@ -1,7 +1,7 @@ apiVersion: app.redislabs.com/v1 kind: RedisEnterpriseCluster metadata: - name: "redis-enterprise" + name: rec spec: # Add fields here nodes: 3 diff --git a/crds/app_v1alpha1_redisenterprisecluster_cr.yaml b/examples/v1alpha1/rec.yaml similarity index 100% rename from crds/app_v1alpha1_redisenterprisecluster_cr.yaml rename to examples/v1alpha1/rec.yaml diff --git a/crds/app_v1alpha1_redisenterprisedatabase_cr.yaml b/examples/v1alpha1/redb.yaml similarity index 100% rename from crds/app_v1alpha1_redisenterprisedatabase_cr.yaml rename to examples/v1alpha1/redb.yaml diff --git a/log_collector/log_collector.py b/log_collector/log_collector.py index ba62f2a..54d295a 100755 --- a/log_collector/log_collector.py +++ b/log_collector/log_collector.py @@ -76,6 +76,23 @@ def make_dir(directory): sys.exit() +def _filter_non_existing_namespaces(namespaces): + """ + Filter non-existing namespaces from user's input + """ + return_code, out = run_shell_command("kubectl get ns -o=custom-columns='DATA:metadata.name' --no-headers=true") + if return_code: + return [] + res = [] + existing_namespaces = set(out.split()) + for ns in namespaces: + if ns in existing_namespaces: + res.append(ns) + else: + logger.warning("Namespace %s doesn't exist - Skipping", ns) + return res + + def _get_namespaces_to_run_on(namespace): def _get_namespace_from_config(): config_namespace = get_namespace_from_config() @@ -94,7 +111,12 @@ def _get_namespace_from_config(): return out.split() # comma separated string - return namespace.split(',') + namespaces = namespace.split(',') + existing_namespaces = _filter_non_existing_namespaces(namespaces) + if not existing_namespaces: + logger.warning("Input doesn't contain an existing namespace - will use namespace from config") + return _get_namespace_from_config() + return existing_namespaces def collect_from_ns(namespace, output_dir): @@ -168,11 +190,10 @@ def collect_pod_rs_logs(namespace, output_dir): get logs from rs pods that are not ready """ rs_pod_logs_dir = os.path.join(output_dir, "rs_pod_logs") - non_ready_rs_pod_names = get_non_ready_rs_pod_names(namespace) - if not non_ready_rs_pod_names: - return + rs_pod_names = get_pod_names(namespace=namespace, selector='redis.io/role=node') make_dir(rs_pod_logs_dir) - for rs_pod_name in non_ready_rs_pod_names: + # TODO restore usage of get_non_ready_rs_pod_names once RS bug is resolved (RED-51857) # pylint: disable=W0511 + for rs_pod_name in rs_pod_names: pod_log_dir = os.path.join(rs_pod_logs_dir, rs_pod_name) make_dir(pod_log_dir) cmd = "kubectl -n {} cp {}:{} {} -c {}".format(namespace, diff --git a/multi-namespace-redb/README.md b/multi-namespace-redb/README.md index f845575..cbc0fcd 100644 --- a/multi-namespace-redb/README.md +++ b/multi-namespace-redb/README.md @@ -45,6 +45,9 @@ subjects: - kind: ServiceAccount name: redis-enterprise-operator namespace: NAMESPACE_OF_SERVICE_ACCOUNT +- kind: ServiceAccount + name: redis-enterprise-admission + namespace: NAMESPACE_OF_SERVICE_ACCOUNT - kind: ServiceAccount name: NAME_OF_REC_SERVICE_ACCOUNT # service account of the REC, usually the same as the name of the custom resource namespace: NAMESPACE_OF_SERVICE_ACCOUNT diff --git a/multi-namespace-redb/operator.yaml b/multi-namespace-redb/operator.yaml index d35005b..9e97319 100644 --- a/multi-namespace-redb/operator.yaml +++ b/multi-namespace-redb/operator.yaml @@ -15,7 +15,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator-internal:6.0.8-20 + image: redislabs/operator-internal:6.0.12-5 command: - redis-enterprise-operator imagePullPolicy: Always diff --git a/openshift.bundle.yaml b/openshift.bundle.yaml index b23269c..8be4689 100644 --- a/openshift.bundle.yaml +++ b/openshift.bundle.yaml @@ -39,7 +39,7 @@ rules: resources: ["events"] verbs: ["create"] - apiGroups: ["apps"] - resources: ["deployments", "statefulsets"] + resources: ["deployments", "statefulsets", "replicasets"] verbs: ["*"] - apiGroups: ["policy"] resources: ["poddisruptionbudgets"] @@ -1788,7 +1788,7 @@ spec: serviceAccount: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.8-20 + image: redislabs/operator:6.0.12-5 securityContext: runAsUser: 1001 command: @@ -2139,6 +2139,9 @@ spec: description: The name of the K8s secret that holds the password to the database. type: string + defaultUser: + description: Is connecting with a default user allowed? + type: boolean evictionPolicy: description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/ type: string @@ -2229,6 +2232,26 @@ spec: description: In-memory database replication. When enabled, database will have replica shard for every master - leading to higher availability. type: boolean + rolesPermissions: + description: List of Redis Enteprise ACL and Role bindings to apply + items: + description: Redis Enterprise Role and ACL Binding + properties: + acl: + description: Acl Name of RolePermissionType + type: string + role: + description: Role Name of RolePermissionType + type: string + type: + description: Type of Redis Enterprise Database Role Permission + type: string + required: + - acl + - role + - type + type: object + type: array shardCount: description: Number of database server-side shards type: integer diff --git a/openshift/operator_rhel.yaml b/openshift/operator_rhel.yaml index d22d137..3eb62cb 100644 --- a/openshift/operator_rhel.yaml +++ b/openshift/operator_rhel.yaml @@ -15,7 +15,7 @@ spec: serviceAccount: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.8-20 + image: redislabs/operator:6.0.12-5 securityContext: runAsUser: 1001 command: diff --git a/openshift/rec_rhel.yaml b/openshift/rec_rhel.yaml new file mode 100644 index 0000000..fa28deb --- /dev/null +++ b/openshift/rec_rhel.yaml @@ -0,0 +1,14 @@ +apiVersion: app.redislabs.com/v1 +kind: RedisEnterpriseCluster +metadata: + name: rec +spec: + # Add fields here + nodes: 3 + redisEnterpriseImageSpec: + repository: registry.connect.redhat.com/redislabs/redis-enterprise + versionTag: 6.0.12-57.rhel7-openshift + redisEnterpriseServicesRiggerImageSpec: + repository: registry.connect.redhat.com/redislabs/services-manager + bootstrapperImageSpec: + repository: registry.connect.redhat.com/redislabs/redis-enterprise-operator diff --git a/openshift/redis-enterprise-cluster_rhel.yaml b/openshift/redis-enterprise-cluster_rhel.yaml deleted file mode 100644 index d55a4c9..0000000 --- a/openshift/redis-enterprise-cluster_rhel.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: "app.redislabs.com/v1" -kind: "RedisEnterpriseCluster" -metadata: - name: "redis-enterprise" -spec: - nodes: 3 - persistentSpec: - enabled: true - storageClassName: "gp2" # ! edit according to infrastructure - uiServiceType: LoadBalancer - username: "admin@acme.com" - redisEnterpriseNodeResources: - limits: - cpu: "4000m" - memory: 4Gi - requests: - cpu: "4000m" - memory: 4Gi - redisEnterpriseImageSpec: - imagePullPolicy: IfNotPresent - repository: redislabs/redis - versionTag: 6.0.8-30.rhel7-openshift - diff --git a/openshift/role.yaml b/openshift/role.yaml index aed5a32..698941c 100644 --- a/openshift/role.yaml +++ b/openshift/role.yaml @@ -22,7 +22,7 @@ rules: resources: ["events"] verbs: ["create"] - apiGroups: ["apps"] - resources: ["deployments", "statefulsets"] + resources: ["deployments", "statefulsets", "replicasets"] verbs: ["*"] - apiGroups: ["policy"] resources: ["poddisruptionbudgets"] diff --git a/operator.yaml b/operator.yaml index 2a284bf..fd16e51 100644 --- a/operator.yaml +++ b/operator.yaml @@ -15,7 +15,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.0.8-20 + image: redislabs/operator:6.0.12-5 command: - redis-enterprise-operator imagePullPolicy: Always diff --git a/redis_enterprise_cluster_api.md b/redis_enterprise_cluster_api.md index 8a896b3..3150a00 100644 --- a/redis_enterprise_cluster_api.md +++ b/redis_enterprise_cluster_api.md @@ -5,6 +5,7 @@ This document describes the parameters for the Redis Enterprise Cluster custom r * [Objects](#objects) * [ActiveActive](#activeactive) * [ImageSpec](#imagespec) + * [LicenseStatus](#licensestatus) * [Module](#module) * [PersistentConfigurationSpec](#persistentconfigurationspec) * [RedisEnterpriseCluster](#redisenterprisecluster) @@ -42,6 +43,17 @@ Image specification | imagePullPolicy | | v1.PullPolicy | | true | [Back to Table of Contents](#table-of-contents) +### LicenseStatus + + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| licenseState | Is the license expired | string | | true | +| activationDate | When the license was activated | string | | true | +| expirationDate | When the license will\has expired | string | | true | +| shardsLimit | Number of redis shards allowed under this license | int32 | | true | +[Back to Table of Contents](#table-of-contents) + ### Module @@ -129,6 +141,7 @@ RedisEnterpriseClusterStatus defines the observed state of RedisEnterpriseCluste | state | State of Redis Enterprise Cluster | [ClusterState](#clusterstate) | | true | | specStatus | Validity of Redis Enterprise Cluster specification | [SpecStatusName](#specstatusname) | | true | | modules | Modules Available in Cluster | [][Module](#module) | | false | +| licenseStatus | State of the Cluster's License | *[LicenseStatus](#licensestatus) | | false | [Back to Table of Contents](#table-of-contents) ### ServicesRiggerConfigurationSpec @@ -191,6 +204,7 @@ State of the Redis Enterprise Cluster | "Invalid" | ClusterConfigurationInvalid means an invalid spec was applied | | "InvalidUpgrade" | ClusterInvalidUpgrade means an upgrade is not possible at this time | | "Upgrade" | ClusterUpgrade | +| "Deleting" | ClusterDeleting | [Back to Table of Contents](#table-of-contents) ### SpecStatusName diff --git a/redis_enterprise_database_api.md b/redis_enterprise_database_api.md index 2e9b8ea..609acb6 100644 --- a/redis_enterprise_database_api.md +++ b/redis_enterprise_database_api.md @@ -19,6 +19,7 @@ This document describes the parameters for the Redis Enterprise Database custom * [RedisEnterpriseDatabaseStatus](#redisenterprisedatabasestatus) * [ReplicaSource](#replicasource) * [ReplicaSourceStatus](#replicasourcestatus) + * [RolePermission](#rolepermission) * [S3Storage](#s3storage) * [SftpStorage](#sftpstorage) * [SwiftStorage](#swiftstorage) @@ -26,6 +27,7 @@ This document describes the parameters for the Redis Enterprise Database custom * [DatabasePersistence](#databasepersistence) * [DatabaseStatus](#databasestatus) * [RepliceSourceType](#replicesourcetype) + * [RolePermissionType](#rolepermissiontype) ## Objects ### AzureBlobStorage @@ -91,7 +93,6 @@ Redis Enterprise Module: https://redislabs.com/redis-enterprise/modules/ | name | The module's name e.g \"ft\" for redissearch | string | | true | | version | Module's semantic version e.g \"1.6.12\" | string | | true | | config | Module command line arguments e.g. VKEY_MAX_ENTITY_COUNT 30 | string | | false | -| uid | Module's uid - do not set, for system use only | string | | false | [Back to Table of Contents](#table-of-contents) ### FtpStorage @@ -175,6 +176,8 @@ RedisEnterpriseDatabaseSpec defines the desired state of RedisEnterpriseDatabase | alertSettings | Settings for database alerts | *[DbAlertsSettings](#dbalertssettings) | | false | | backup | Target for automatic database backups. | *[BackupSpec](#backupspec) | | false | | modulesList | List of modules associated with database | *[][DbModule](#dbmodule) | | false | +| rolesPermissions | List of Redis Enteprise ACL and Role bindings to apply | [][RolePermission](#rolepermission) | | false | +| defaultUser | Is connecting with a default user allowed? If disabled, the DatabaseSecret will not be created or updated | *bool | true | false | [Back to Table of Contents](#table-of-contents) ### RedisEnterpriseDatabaseStatus @@ -224,6 +227,16 @@ RedisEnterpriseDatabaseStatus defines the observed state of RedisEnterpriseDatab | endpointHost | The internal host name of the replica source database. Can be used as an identifier. See the internalEndpoints list on the REDB status. | string | | true | [Back to Table of Contents](#table-of-contents) +### RolePermission +Redis Enterprise Role and ACL Binding + +| Field | Description | Scheme | Default Value | Required | +| ----- | ----------- | ------ | -------- | -------- | +| type | Type of Redis Enterprise Database Role Permission | [RolePermissionType](#rolepermissiontype) | | true | +| role | Role Name of RolePermissionType (note: use exact name of the role from the Redis Enterprise role list, case sensitive) | string | | true | +| acl | Acl Name of RolePermissionType (note: use exact name of the ACL from the Redis Enterprise ACL list, case sensitive) | string | | true | +[Back to Table of Contents](#table-of-contents) + ### S3Storage @@ -288,5 +301,12 @@ State of the Redis Enterprise Database | Value | Description | | ----- | ----------- | | "SECRET" | Information on DB to Replicate from stored in a secret | -| "REDB" | Replicate from a DB created via the RedisEnterpriseDatabase Controller | +| "REDB" | Replicate from a DB created via the RedisEnterpriseDatabase Controller. Note - specify only names of REDBs created on the same namespace. To configure replicaof with a database configured on another namespace, use \"SECRET\". | +[Back to Table of Contents](#table-of-contents) + +### RolePermissionType + +| Value | Description | +| ----- | ----------- | +| "redis-enterprise" | Use Roles and ACLs defined within Redis Enterprise directly | [Back to Table of Contents](#table-of-contents) diff --git a/release_info.yaml b/release_info.yaml index 6722332..be06515 100644 --- a/release_info.yaml +++ b/release_info.yaml @@ -1,2 +1,2 @@ -operatorVersion: 6.0.8-20 -rsVersion: 6.0.8-30 +operatorVersion: 6.0.12-5 +rsVersion: 6.0.12-57 diff --git a/role.yaml b/role.yaml index aed5a32..698941c 100644 --- a/role.yaml +++ b/role.yaml @@ -22,7 +22,7 @@ rules: resources: ["events"] verbs: ["create"] - apiGroups: ["apps"] - resources: ["deployments", "statefulsets"] + resources: ["deployments", "statefulsets", "replicasets"] verbs: ["*"] - apiGroups: ["policy"] resources: ["poddisruptionbudgets"] diff --git a/vault/cluster_role_binding.yaml b/vault/cluster_role_binding.yaml new file mode 100644 index 0000000..dd6fc1b --- /dev/null +++ b/vault/cluster_role_binding.yaml @@ -0,0 +1,15 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: redis-enterprise-vault-auth +subjects: +- kind: ServiceAccount + name: redis-enterprise-operator + namespace: NAMESPACE_OF_SERVICE_ACCOUNT +- kind: ServiceAccount + name: redis-enterprise-admission + namespace: NAMESPACE_OF_SERVICE_ACCOUNT +roleRef: + kind: ClusterRole + name: system:auth-delegator + apiGroup: rbac.authorization.k8s.io From bc6874ab0469a0bef8e4b1020557e2d55f16acae Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Mon, 8 Feb 2021 19:37:56 +0200 Subject: [PATCH 23/29] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b027c0d..11dc0c5 100644 --- a/README.md +++ b/README.md @@ -511,7 +511,7 @@ Supported versions (platforms/versions that are not listed are not supported): | OpenShift 4.5 (K8s 1.18) | supported | | OpenShift 4.6 (K8s 1.19) | supported | | KOPS vanilla 1.13 | deprecated | -| KOPS vanilla 1.14 | supported | +| KOPS vanilla 1.14 | deprecated | | KOPS vanilla 1.15 | supported | | KOPS vanilla 1.16 | supported | | KOPS vanilla 1.17 | supported | From d5236d817dc0c302d199e98f5cc592291af3c926 Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Mon, 8 Feb 2021 19:44:09 +0200 Subject: [PATCH 24/29] Update .gitignore --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 5c3bdbb..485dee6 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -*bundle.yaml +.idea From 38e23406f4929fb6b0ec3b973c8ea533b4799fd9 Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Mon, 8 Feb 2021 19:45:52 +0200 Subject: [PATCH 25/29] Update .gitignore --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 485dee6..1ef8759 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -.idea +.idea From 0b12397206ce1dba6bfc45968e6b13d032260208 Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Mon, 8 Feb 2021 19:47:27 +0200 Subject: [PATCH 26/29] Update .gitignore --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 1ef8759..485dee6 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -.idea +.idea From 555535c24cf224271dfc06b62852d587dcb00d1c Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Mon, 8 Feb 2021 19:50:38 +0200 Subject: [PATCH 27/29] Update operator.yaml --- multi-namespace-redb/operator.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/multi-namespace-redb/operator.yaml b/multi-namespace-redb/operator.yaml index 9e97319..b326831 100644 --- a/multi-namespace-redb/operator.yaml +++ b/multi-namespace-redb/operator.yaml @@ -15,7 +15,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator-internal:6.0.12-5 + image: redislabs/operator:6.0.12-5 command: - redis-enterprise-operator imagePullPolicy: Always From 0d5db26ea93abfdb57e408190ece1de50ca32916 Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Wed, 10 Feb 2021 10:07:03 +0200 Subject: [PATCH 28/29] Delete README.md --- crds/README.md | 30 ------------------------------ 1 file changed, 30 deletions(-) delete mode 100644 crds/README.md diff --git a/crds/README.md b/crds/README.md deleted file mode 100644 index 542f90e..0000000 --- a/crds/README.md +++ /dev/null @@ -1,30 +0,0 @@ -## CRD's Schema
- - -Purpose: -The schema is meant to ease the use of CRDs by restricting the fields to defined types and providing relevant description. - - -### Work Flow - How add a new field: -* Not all steps are always required - -#### 1. Update Tags: -In the files -+ `pkg/apis/app/v1alpha1/redisenterprisedatabase_types.go`
-+ `pkg/apis/app/v1alpha1/redisenterprisecluster_types.go`
-add tags on top of variables to mark allowed types (Enum)
-(see: https://book.kubebuilder.io/reference/markers/crd-validation.html).
-They will be used by the operator sdk when creating the scheme.
-**Default values** do not appear in the schema since the operator has its own default mechanism. - - -#### 2 .Create the schema: -1) Install operator-sdk version 0.17.2.
-See: https://sdk.operatorframework.io/docs/installation/install-operator-sdk/#install-from-github-release -2) Run `operator-sdk generate crds` - -#### 3. Update the schema: -- Edit the current schema in all of the relevant CRD yamls with the new section that was generated
-- Note that fields which are k8s objects might be very long - e.g. `SideContainersSpec` -in this case -
it appears in the schema but with no description in the fields since it extends the schema and is not unique for Redis Enterprise. - From b2879e1dbbdcb39d37989b475dd74172125e923e Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Wed, 10 Feb 2021 10:07:24 +0200 Subject: [PATCH 29/29] Delete vault directory --- vault/cluster_role_binding.yaml | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100644 vault/cluster_role_binding.yaml diff --git a/vault/cluster_role_binding.yaml b/vault/cluster_role_binding.yaml deleted file mode 100644 index dd6fc1b..0000000 --- a/vault/cluster_role_binding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: redis-enterprise-vault-auth -subjects: -- kind: ServiceAccount - name: redis-enterprise-operator - namespace: NAMESPACE_OF_SERVICE_ACCOUNT -- kind: ServiceAccount - name: redis-enterprise-admission - namespace: NAMESPACE_OF_SERVICE_ACCOUNT -roleRef: - kind: ClusterRole - name: system:auth-delegator - apiGroup: rbac.authorization.k8s.io