From ac925d078fa4007f1b6a0bbf24990f02482f3ce2 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Wed, 14 Feb 2024 11:19:12 +0000 Subject: [PATCH 1/3] promoting version 7.4.2-2 --- .gitignore | 2 +- bundle.yaml | 34 ++- crds/reaadb_crd.yaml | 11 + crds/rec_crd.yaml | 8 + crds/redb_crd.yaml | 11 + helm/redis-enterprise-operator/.helmignore | 1 + helm/redis-enterprise-operator/Chart.yaml | 17 ++ helm/redis-enterprise-operator/README.md | 149 +++++++++++++ .../templates/_helpers.tpl | 11 + .../templates/admission-service.yaml | 13 ++ .../templates/jobs/install_crds_job.yaml | 92 ++++++++ .../jobs/patch-webhook-configuration.yaml | 134 +++++++++++ .../templates/openshift/scc.yaml | 35 +++ .../operator-environment-config.yaml | 14 ++ .../templates/operator.yaml | 147 +++++++++++++ .../templates/role.yaml | 208 ++++++++++++++++++ .../templates/role_binding.yaml | 17 ++ .../templates/service_account.yaml | 10 + .../templates/webhook.yaml | 35 +++ helm/redis-enterprise-operator/values.yaml | 30 +++ log_collector/log_collector.py | 4 +- multi-namespace-redb/operator.yaml | 4 +- multi-namespace-redb/role.yaml | 7 +- openshift.bundle.yaml | 34 ++- openshift/operator_rhel.yaml | 4 +- openshift/rec_rhel.yaml | 2 +- operator.yaml | 4 +- redis_enterprise_cluster_api.md | 1 + redis_enterprise_database_api.md | 2 + vault/README.md | 2 +- 30 files changed, 1022 insertions(+), 21 deletions(-) create mode 100644 helm/redis-enterprise-operator/.helmignore create mode 100644 helm/redis-enterprise-operator/Chart.yaml create mode 100644 helm/redis-enterprise-operator/README.md create mode 100644 helm/redis-enterprise-operator/templates/_helpers.tpl create mode 100644 helm/redis-enterprise-operator/templates/admission-service.yaml create mode 100644 helm/redis-enterprise-operator/templates/jobs/install_crds_job.yaml create mode 100644 helm/redis-enterprise-operator/templates/jobs/patch-webhook-configuration.yaml create mode 100644 helm/redis-enterprise-operator/templates/openshift/scc.yaml create mode 100644 helm/redis-enterprise-operator/templates/operator-environment-config.yaml create mode 100644 helm/redis-enterprise-operator/templates/operator.yaml create mode 100644 helm/redis-enterprise-operator/templates/role.yaml create mode 100644 helm/redis-enterprise-operator/templates/role_binding.yaml create mode 100644 helm/redis-enterprise-operator/templates/service_account.yaml create mode 100644 helm/redis-enterprise-operator/templates/webhook.yaml create mode 100644 helm/redis-enterprise-operator/values.yaml diff --git a/.gitignore b/.gitignore index 485dee6..5c3bdbb 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -.idea +*bundle.yaml diff --git a/bundle.yaml b/bundle.yaml index e7af81b..8a14c99 100644 --- a/bundle.yaml +++ b/bundle.yaml @@ -3759,6 +3759,12 @@ spec: - major - latest type: string + resp3Default: + description: Whether databases will turn on RESP3 compatibility upon + database upgrade. Note - Deleting this property after explicitly + setting its value shall have no effect. Please view the corresponding + field in RS doc for more info. + type: boolean serviceAccountName: description: Name of the service account to use type: string @@ -11014,6 +11020,8 @@ spec: - major - latest type: string + resp3Default: + type: boolean serviceAccountName: type: string servicesRiggerSpec: @@ -15396,6 +15404,12 @@ spec: - type type: object type: array + shardingEnabled: + description: Toggles database sharding for REAADBs (Active Active + databases) and enabled by default. This field is blocked for REDB + (non-Active Active databases) and sharding is toggled via the shardCount + field - when shardCount is 1 this is disabled otherwise enabled. + type: boolean shardCount: description: Number of database server-side shards type: integer @@ -15473,6 +15487,11 @@ spec: For password, use ''password'' as the key and the actual password as the value. Note that connections are not encrypted.' type: string + resp3: + description: Whether this database supports RESP3 protocol. + Note - Deleting this property after explicitly setting its value shall have no effect. + Please view the corresponding field in RS doc for more info. + type: boolean type: object status: description: RedisEnterpriseDatabaseStatus defines the observed state of @@ -16393,6 +16412,11 @@ spec: will have replica shard for every master - leading to higher availability. type: boolean + resp3: + description: Whether this database supports RESP3 protocol. + Note - Deleting this property after explicitly setting its value shall have no effect. + Please view the corresponding field in RS doc for more info. + type: boolean rofRamSize: description: The size of the RAM portion of an RoF database. Similarly to "memorySize" use formats like 100MB, 0.1GB It must be at @@ -16424,6 +16448,12 @@ spec: - type type: object type: array + shardingEnabled: + description: Toggles database sharding for REAADBs (Active Active + databases) and enabled by default. This field is blocked for REDB + (non-Active Active databases) and sharding is toggled via the shardCount + field - when shardCount is 1 this is disabled otherwise enabled. + type: boolean shardCount: description: Number of database server-side shards type: integer @@ -16481,7 +16511,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:7.2.4-12 + image: redislabs/operator:7.4.2-2 command: - operator-root - operator @@ -16531,7 +16561,7 @@ spec: drop: - ALL - name: admission - image: redislabs/operator:7.2.4-12 + image: redislabs/operator:7.4.2-2 command: - operator-root - admission diff --git a/crds/reaadb_crd.yaml b/crds/reaadb_crd.yaml index 422b67e..dea349f 100644 --- a/crds/reaadb_crd.yaml +++ b/crds/reaadb_crd.yaml @@ -684,6 +684,11 @@ spec: will have replica shard for every master - leading to higher availability. type: boolean + resp3: + description: Whether this database supports RESP3 protocol. + Note - Deleting this property after explicitly setting its value shall have no effect. + Please view the corresponding field in RS doc for more info. + type: boolean rofRamSize: description: The size of the RAM portion of an RoF database. Similarly to "memorySize" use formats like 100MB, 0.1GB It must be at @@ -715,6 +720,12 @@ spec: - type type: object type: array + shardingEnabled: + description: Toggles database sharding for REAADBs (Active Active + databases) and enabled by default. This field is blocked for REDB + (non-Active Active databases) and sharding is toggled via the shardCount + field - when shardCount is 1 this is disabled otherwise enabled. + type: boolean shardCount: description: Number of database server-side shards type: integer diff --git a/crds/rec_crd.yaml b/crds/rec_crd.yaml index 4390f80..42a83b6 100644 --- a/crds/rec_crd.yaml +++ b/crds/rec_crd.yaml @@ -3664,6 +3664,12 @@ spec: - major - latest type: string + resp3Default: + description: Whether databases will turn on RESP3 compatibility upon + database upgrade. Note - Deleting this property after explicitly + setting its value shall have no effect. Please view the corresponding + field in RS doc for more info. + type: boolean serviceAccountName: description: Name of the service account to use type: string @@ -10919,6 +10925,8 @@ spec: - major - latest type: string + resp3Default: + type: boolean serviceAccountName: type: string servicesRiggerSpec: diff --git a/crds/redb_crd.yaml b/crds/redb_crd.yaml index 2449b5a..88b57e7 100644 --- a/crds/redb_crd.yaml +++ b/crds/redb_crd.yaml @@ -527,6 +527,12 @@ spec: - type type: object type: array + shardingEnabled: + description: Toggles database sharding for REAADBs (Active Active + databases) and enabled by default. This field is blocked for REDB + (non-Active Active databases) and sharding is toggled via the shardCount + field - when shardCount is 1 this is disabled otherwise enabled. + type: boolean shardCount: description: Number of database server-side shards type: integer @@ -604,6 +610,11 @@ spec: For password, use ''password'' as the key and the actual password as the value. Note that connections are not encrypted.' type: string + resp3: + description: Whether this database supports RESP3 protocol. + Note - Deleting this property after explicitly setting its value shall have no effect. + Please view the corresponding field in RS doc for more info. + type: boolean type: object status: description: RedisEnterpriseDatabaseStatus defines the observed state of diff --git a/helm/redis-enterprise-operator/.helmignore b/helm/redis-enterprise-operator/.helmignore new file mode 100644 index 0000000..6b8c0ab --- /dev/null +++ b/helm/redis-enterprise-operator/.helmignore @@ -0,0 +1 @@ +.helmignore diff --git a/helm/redis-enterprise-operator/Chart.yaml b/helm/redis-enterprise-operator/Chart.yaml new file mode 100644 index 0000000..86c8b70 --- /dev/null +++ b/helm/redis-enterprise-operator/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v2 +type: application + +name: redis-enterprise-operator +description: A Helm chart for Redis Enterprise Operator for Kubernetes + +version: 0.1.0 +appVersion: 7.4.2-2 + +home: https://redis.com +icon: https://redis.com/wp-content/themes/wpx/assets/images/logo-redis.svg +keywords: +- redis +- database +maintainers: +- name: Redis + url: https://redis.com/company/contact/ diff --git a/helm/redis-enterprise-operator/README.md b/helm/redis-enterprise-operator/README.md new file mode 100644 index 0000000..c99765c --- /dev/null +++ b/helm/redis-enterprise-operator/README.md @@ -0,0 +1,149 @@ +# Redis Enterprise Operator Helm Chart + +Official Helm chart for installing, configuring and upgrading **Redis Enterprise Operator for Kubernetes**. + +[Redis Enterprise](https://redis.com/redis-enterprise-software/overview/) is a self-managed data platform that unlocks the full potential of Redis at enterprise scale - on premises or in the cloud. +[Redis Enterprise Operator for Kubernetes](https://redis.com/redis-enterprise-software/redis-enterprise-on-kubernetes/) provides a simple, Kubernetes-native way for deploying and managing Redis Enterprise on Kubernetes. + +## Prerequisites + +- Kubernetes 1.23+ + Supported Kubernetes versions can vary according to the Kubernetes distribution being used. + Please consult the [release notes](https://docs.redis.com/latest/kubernetes/release-notes/) for detailed supported distributions information per operator version. +- Helm 3.10+ + +## Installing the Chart + +To install the chart: + +```sh +helm install [RELEASE_NAME] [PATH_TO_CHART] +``` + +The `[PATH_TO_CHART]` may be a path to the chart root directory, or a chart archive on the local filesystem. + +To install the chart on **OpenShift**, set the `isOpenshift=true` value: + +```sh +helm install [RELEASE_NAME] [PATH_TO_CHART] \ + --set isOpenshift=true +``` + +To create and select a namespace for the installation, specify the `--namespace` and `--create-namespace` flags: + +```sh +helm install [RELEASE_NAME] [PATH_TO_CHART] \ + --namespace [NAMESPACE] \ + --create-namespace +``` + +For example, to install the chart with release name "my-redis-enterprise" from within the chart's root directory: + +```sh +helm install my-redis-enterprise . \ + --namespace redis-enterprise \ + --create-namespace +``` + +Note: the chart installation includes several jobs that configure the CRDs and admission controller used by the operator. +These jobs run synchronously during the execution of `helm install` command, and may take around 1 minute to complete. +To view additional progress information during the `helm install` execution, use the `--debug` flag: + +```sh +helm install [RELEASE_NAME] [PATH_TO_CHART] \ + --debug +``` + +See [Configuration](#configuration) section below for various configuration options. +See [Creating a Redis Enterprise Cluster](#creating-a-redis-enterprise-cluster) section below for instructions for creating a Redis Enterprise Cluster. +See [helm install](https://helm.sh/docs/helm/helm_install/) and [Using Helm](https://helm.sh/docs/intro/using_helm/#helm-install-installing-a-package) for more information and options when installing charts. + +## Uninstalling the Chart + +Before uninstalling the chart, delete any custom resources managed by the Redis Enterprise Operator: + +```sh +kubectl delete redb +kubectl delete rerc +kubectl delete reaadb +kubectl delete rec +``` + +To uninstall a previously installed chart: + +```sh +helm uninstall [RELEASE_NAME] +``` + +This removes all the Kubernetes resources associated with the chart and deletes the release. + +See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for more information and options when uninstalling charts. + +## Creating a Redis Enterprise Cluster + +Once the chart is installed and the Redis Enterprise Operator is running, a Redis Enterprise Cluster can be created. +As of now, the Redis Enterprise Cluster is created directly via custom resources, and not via Helm. + +To create a Redis Enterprise Cluster: + +1. Validate that the `redis-enterprise-operator` pod is in `RUNNING` state: + +```sh +kubectl get pods -n [NAMESPACE] +``` + +2. Create a file for the `RedisEnterpriseCluster` custom resource: + +```yaml +apiVersion: app.redislabs.com/v1 +kind: RedisEnterpriseCluster +metadata: + name: rec +spec: + nodes: 3 +``` + +3. Apply the custom resource: + +```sh +kubectl apply -f rec.yaml -n [NAMESPACE] +``` + +See [Create a Redis Enterprise cluster](https://docs.redis.com/latest/kubernetes/deployment/quick-start/#create-a-redis-enterprise-cluster-rec) and [Redis Enterprise Cluster API](https://github.com/RedisLabs/redis-enterprise-k8s-docs/blob/master/redis_enterprise_cluster_api.md) for more information and options for creating a Redis Enterprise Cluster. + +## Configuration + +The chart supports several configuration options that allows to customize the behavior and capabilities of the Redis Enterprise Operator. +For a list of configurable options and their descriptions, please refer to the `values.yaml` file at the root of the chart. + +To install the chart with a customized values file: + +```sh +helm install [RELEASE_NAME] [PATH_TO_CHART] \ + --values [PATH_TO_VALUES_FILE] +``` + +To install the chart with the default values files but with some specific values overriden: + +```sh +helm install [RELEASE_NAME] [PATH_TO_CHART] \ + --set key1=value1 \ + --set key2=value2 +``` + +See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing) for additional information on how to customize the chart installation. + +## Known Limitations + +This is a preliminary release of this Helm chart, and as of now some if its functionality is still limited: + +- The chart only installs the Redis Enterprise Operator, but doesn't create a Redis Enterprise Cluster. See [Creating a Redis Enterprise Cluster](#creating-a-redis-enterprise-cluster) section for instructions on how to directly create a Redis Enterprise Cluster. +- Several configuration options for the operator are still unsupported, including multiple REDB namespaces, rack-aware, and vault integration. These options can be enabled by following the relevant instructions in the [product documentation](https://docs.redis.com/latest/kubernetes/). +- CRDs installed by the chart are not removed upon chart uninstallation. These could be manually removed when the chart is uninstalled and are no longer needed, using the following command: + ```sh + kubectl delete crds -l app=redis-enterprise + ``` +- Helm chart upgrades are not supported, nor migrations from a non-Helm deployment to a Helm deployment. +- Limited testing in advanced setups such as Active-Active configurations, airgapped deployments, IPv6/dual-stack environments. +- The chart is still unpublished in a "helm repo" or ArtifactHub, and thus can only be installed from a local source (chart directory/archive). +- While not really a limitation, please note that this chart also installs the [admission controller](https://docs.redis.com/latest/kubernetes/deployment/quick-start/#enable-the-admission-controller) by default, and there's no option to disable it (as opposed to the non-Helm deployment). \ No newline at end of file diff --git a/helm/redis-enterprise-operator/templates/_helpers.tpl b/helm/redis-enterprise-operator/templates/_helpers.tpl new file mode 100644 index 0000000..d3ce88d --- /dev/null +++ b/helm/redis-enterprise-operator/templates/_helpers.tpl @@ -0,0 +1,11 @@ +{{- define "redis-enterprise-operator.operator.image" }} +{{- if and .Values.global .Values.global.azure .Values.global.azure.images .Values.global.azure.images.operator }} +{{- with .Values.global.azure.images.operator }} +{{ .registry }}/{{ .image }}@{{ .digest }} +{{- end }} +{{- else }} +{{- $defaultRepository := ternary "registry.connect.redhat.com/redislabs/redis-enterprise-operator" "redislabs/operator" .Values.isOpenshift }} +{{- $repository := default $defaultRepository .Values.operator.image.repository }} +{{ $repository }}:{{ .Values.operator.image.tag }} +{{- end }} +{{- end }} diff --git a/helm/redis-enterprise-operator/templates/admission-service.yaml b/helm/redis-enterprise-operator/templates/admission-service.yaml new file mode 100644 index 0000000..bb96411 --- /dev/null +++ b/helm/redis-enterprise-operator/templates/admission-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: admission + labels: + app: redis-enterprise +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 8443 + selector: + name: redis-enterprise-operator diff --git a/helm/redis-enterprise-operator/templates/jobs/install_crds_job.yaml b/helm/redis-enterprise-operator/templates/jobs/install_crds_job.yaml new file mode 100644 index 0000000..4231021 --- /dev/null +++ b/helm/redis-enterprise-operator/templates/jobs/install_crds_job.yaml @@ -0,0 +1,92 @@ +apiVersion: batch/v1 +kind: Job +metadata: + namespace: {{ .Release.Namespace }} + name: redis-enterprise-crds + annotations: + "redis/operator-ver": {{ .Values.operator.image.tag }} + "redis/helm-chart-ver": {{ .Chart.Version }} + "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "-4" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + labels: + app: redis-enterprise +spec: + template: + metadata: + labels: + app: redis-enterprise + spec: + serviceAccountName: redis-enterprise-crds + containers: + - name: gatekeeper-crds + image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + runAsNonRoot: true + seccompProfile: + type: "RuntimeDefault" + command: + - crd-installer + args: + - "-action=applyCRD" + - "-crdPaths=/crds/rec_crd.yaml,/crds/redb_crd.yaml,/crds/reaadb_crd.yaml,/crds/rerc_crd.yaml" + resources: + limits: + cpu: 500m + memory: 256Mi + restartPolicy: OnFailure +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: redis-enterprise-crds + annotations: + "redis/operator-ver": {{ .Values.operator.image.tag }} + "redis/helm-chart-ver": {{ .Chart.Version }} + "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + labels: + app: redis-enterprise +rules: + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["create", "get", "list", "watch", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: redis-enterprise-crds + annotations: + "redis/operator-ver": {{ .Values.operator.image.tag }} + "redis/helm-chart-ver": {{ .Chart.Version }} + "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + labels: + app: redis-enterprise +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: redis-enterprise-crds +subjects: + - kind: ServiceAccount + name: redis-enterprise-crds + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: redis-enterprise-crds + namespace: {{ .Release.Namespace }} + annotations: + "redis/operator-ver": {{ .Values.operator.image.tag }} + "redis/helm-chart-ver": {{ .Chart.Version }} + "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + labels: + app: redis-enterprise diff --git a/helm/redis-enterprise-operator/templates/jobs/patch-webhook-configuration.yaml b/helm/redis-enterprise-operator/templates/jobs/patch-webhook-configuration.yaml new file mode 100644 index 0000000..fdff1a4 --- /dev/null +++ b/helm/redis-enterprise-operator/templates/jobs/patch-webhook-configuration.yaml @@ -0,0 +1,134 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: redis-admission-configuration + labels: + app: redis-enterprise + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + "redis/operator-ver": {{ .Values.operator.image.tag }} + "redis/helm-chart-ver": {{ .Chart.Version }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: redis-admission-configuration + labels: + app: redis-enterprise + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + "redis/operator-ver": {{ .Values.operator.image.tag }} + "redis/helm-chart-ver": {{ .Chart.Version }} +rules: +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + verbs: ["patch", "get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: redis-admission-configuration + labels: + app: redis-enterprise + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + "redis/operator-ver": {{ .Values.operator.image.tag }} + "redis/helm-chart-ver": {{ .Chart.Version }} +subjects: +- kind: ServiceAccount + name: redis-admission-configuration + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: redis-admission-configuration + apiGroup: rbac.authorization.k8s.io +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: redis-admission-configuration + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + "redis/operator-ver": {{ .Values.operator.image.tag }} + "redis/helm-chart-ver": {{ .Chart.Version }} + labels: + app: redis-enterprise +rules: + - apiGroups: [ "" ] + resources: [ "secrets" ] + verbs: [ "get"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: redis-admission-configuration + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + "redis/operator-ver": {{ .Values.operator.image.tag }} + "redis/helm-chart-ver": {{ .Chart.Version }} + labels: + app: redis-enterprise +subjects: +- kind: ServiceAccount + name: redis-admission-configuration +roleRef: + kind: Role + name: redis-admission-configuration + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: redis-webhook-configuration + labels: + app: redis-enterprise + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + "redis/operator-ver": {{ .Values.operator.image.tag }} + "redis/helm-chart-ver": {{ .Chart.Version }} +spec: + backoffLimit: 6 + completions: 1 + parallelism: 1 + template: + metadata: + labels: + app: redis-enterprise + spec: + containers: + - name: patch-admission-webhook-configuration + resources: + limits: + cpu: 500m + memory: 256Mi + image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }} + imagePullPolicy: Always + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + runAsNonRoot: true + seccompProfile: + type: "RuntimeDefault" + command: + - crd-installer + args: + - "-action=patchWebhook" + - "-webhookName=redis-enterprise-admission" + - -namespace={{ .Release.Namespace }} + restartPolicy: OnFailure + serviceAccountName: redis-admission-configuration diff --git a/helm/redis-enterprise-operator/templates/openshift/scc.yaml b/helm/redis-enterprise-operator/templates/openshift/scc.yaml new file mode 100644 index 0000000..dd0fc45 --- /dev/null +++ b/helm/redis-enterprise-operator/templates/openshift/scc.yaml @@ -0,0 +1,35 @@ +{{- if .Values.isOpenshift -}} +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + name: redis-enterprise-scc-v2 + annotations: + kubernetes.io/description: redis-enterprise-scc is the minimal SCC needed to run Redis Enterprise nodes on Kubernetes. + It provides the same features as restricted-v2 SCC, but allows pods to enable the SYS_RESOURCE capability, + which is required by Redis Enterprise nodes to manage file descriptor limits and OOM scores for database shards. + Additionally, it requires pods to run as UID/GID 1001, which are the UID/GID used within the Redis Enterprise node containers. +allowedCapabilities: +- SYS_RESOURCE +allowHostDirVolumePlugin: false +allowHostIPC : false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowPrivilegeEscalation: false +allowPrivilegedContainer: false +readOnlyRootFilesystem: false +runAsUser: + type: MustRunAs + uid: 1001 +fsGroup: + type: MustRunAs + ranges: + - min: 1001 + max: 1001 +seLinuxContext: + type: MustRunAs +seccompProfiles: +- runtime/default +supplementalGroups: + type: RunAsAny +{{- end -}} diff --git a/helm/redis-enterprise-operator/templates/operator-environment-config.yaml b/helm/redis-enterprise-operator/templates/operator-environment-config.yaml new file mode 100644 index 0000000..e5b37ed --- /dev/null +++ b/helm/redis-enterprise-operator/templates/operator-environment-config.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: redis-enterprise + name: operator-environment-config + namespace: {{ $.Release.Namespace }} + annotations: + "redis/operator-ver": {{ .Values.operator.image.tag }} + "redis/helm-chart-ver": {{ .Chart.Version }} +data: + {{- with .Values.operator }} + ACTIVE_ACTIVE_DATABASE_CONTROLLER_ENABLED: {{ .activeActiveDatabaseControllerEnabled | quote }} + {{- end }} \ No newline at end of file diff --git a/helm/redis-enterprise-operator/templates/operator.yaml b/helm/redis-enterprise-operator/templates/operator.yaml new file mode 100644 index 0000000..c6c86ca --- /dev/null +++ b/helm/redis-enterprise-operator/templates/operator.yaml @@ -0,0 +1,147 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + annotations: + redis/helm-chart-ver: {{ .Chart.Version }} + redis/operator-ver: {{ .Values.operator.image.tag }} + labels: + app: redis-enterprise + name: redis-enterprise-operator + namespace: {{ .Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + name: redis-enterprise-operator + strategy: + type: Recreate + template: + metadata: + labels: + app: redis-enterprise + name: redis-enterprise-operator + spec: + containers: + - command: + - operator-root + - operator + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: redis-enterprise-operator + {{- if .Values.isOpenshift }} + - name: DEPLOY_RHEL + value: "true" + {{- end }} + envFrom: + - configMapRef: + name: {{ "operator-environment-config" | quote }} + optional: true + image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }} + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: redis-enterprise-operator + ports: + - containerPort: 8080 + resources: + limits: + cpu: 4000m + memory: 512Mi + requests: + cpu: 500m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + - command: + - operator-root + - admission + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + envFrom: + - configMapRef: + name: {{ "operator-environment-config" | quote }} + optional: true + image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }} + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + httpGet: + path: /liveness + port: 8443 + scheme: HTTPS + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: admission + ports: + - containerPort: 8443 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8443 + scheme: HTTPS + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: 1000m + memory: 512Mi + requests: + cpu: 250m + memory: 256Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + securityContext: + {{- if not .Values.isOpenshift}} + seccompProfile: + type: RuntimeDefault + {{- end }} + runAsNonRoot: true + serviceAccountName: redis-enterprise-operator + {{- if .Values.imagePullSecret }} + imagePullSecrets: + - name: .Values.imagePullSecret + {{- end }} diff --git a/helm/redis-enterprise-operator/templates/role.yaml b/helm/redis-enterprise-operator/templates/role.yaml new file mode 100644 index 0000000..e635e1b --- /dev/null +++ b/helm/redis-enterprise-operator/templates/role.yaml @@ -0,0 +1,208 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + redis/helm-chart-ver: {{ .Chart.Version }} + redis/operator-ver: {{ .Values.operator.image.tag }} + labels: + app: redis-enterprise + name: redis-enterprise-operator + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: + - rbac.authorization.k8s.io + - "" + resources: + - roles + - serviceaccounts + - rolebindings + verbs: + - bind + - escalate + - impersonate + - userextras + - create + - get + - list + - watch + - update + - patch + - delete + - deletecollection + - apiGroups: + - app.redislabs.com + resources: + - redisenterpriseclusters + - redisenterpriseclusters/status + - redisenterpriseclusters/finalizers + - redisenterprisedatabases + - redisenterprisedatabases/status + - redisenterprisedatabases/finalizers + - redisenterpriseremoteclusters + - redisenterpriseremoteclusters/status + - redisenterpriseremoteclusters/finalizers + - redisenterpriseactiveactivedatabases + - redisenterpriseactiveactivedatabases/status + - redisenterpriseactiveactivedatabases/finalizers + verbs: + - delete + - deletecollection + - get + - list + - patch + - create + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - update + - get + - read + - list + - listallnamespaces + - watch + - watchlist + - watchlistallnamespaces + - create + - patch + - replace + - delete + - deletecollection + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - apps + resources: + - deployments + - statefulsets + - replicasets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - update + - list + - watch + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - update + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - list + - update + - patch + - delete + - apiGroups: + - "" + resources: + - services + verbs: + - get + - watch + - list + - update + - patch + - create + - delete + - apiGroups: + - policy + resourceNames: + - redis-enterprise-psp + resources: + - podsecuritypolicies + verbs: + - use + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - patch + - replace + - delete + - deletecollection + - read + - list + - listallnamespaces + - watch + - watchlist + - watchlistallnamespaces + - patchstatus + - readstatus + - replacestatus + - update + - apiGroups: + - networking.istio.io + resources: + - gateways + - virtualservices + verbs: + - get + - watch + - list + - update + - patch + - create + - delete + {{- if .Values.isOpenshift }} + - apiGroups: ["route.openshift.io"] + resources: ["routes", "routes/custom-host"] + verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] + - apiGroups: ["security.openshift.io"] + resourceNames: ["nonroot"] + resources: ["securitycontextconstraints"] + verbs: ["use"] + {{- end }} diff --git a/helm/redis-enterprise-operator/templates/role_binding.yaml b/helm/redis-enterprise-operator/templates/role_binding.yaml new file mode 100644 index 0000000..7e5cbaa --- /dev/null +++ b/helm/redis-enterprise-operator/templates/role_binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + annotations: + redis/helm-chart-ver: {{ .Chart.Version }} + redis/operator-ver: {{ .Values.operator.image.tag }} + labels: + app: redis-enterprise + name: redis-enterprise-operator + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: redis-enterprise-operator +subjects: + - kind: ServiceAccount + name: redis-enterprise-operator diff --git a/helm/redis-enterprise-operator/templates/service_account.yaml b/helm/redis-enterprise-operator/templates/service_account.yaml new file mode 100644 index 0000000..e381625 --- /dev/null +++ b/helm/redis-enterprise-operator/templates/service_account.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + redis/helm-chart-ver: {{ .Chart.Version }} + redis/operator-ver: {{ .Values.operator.image.tag }} + labels: + app: redis-enterprise + name: redis-enterprise-operator + namespace: {{ .Release.Namespace }} diff --git a/helm/redis-enterprise-operator/templates/webhook.yaml b/helm/redis-enterprise-operator/templates/webhook.yaml new file mode 100644 index 0000000..867f9e8 --- /dev/null +++ b/helm/redis-enterprise-operator/templates/webhook.yaml @@ -0,0 +1,35 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + redis/helm-chart-ver: {{ .Chart.Version }} + redis/operator-ver: {{ .Values.operator.image.tag }} + labels: + app: redis-enterprise + name: redis-enterprise-admission + namespace: {{ .Release.Namespace }} +webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: admission + namespace: {{ .Release.Namespace }} + path: /admission + failurePolicy: Fail + matchPolicy: Exact + name: redisenterprise.admission.redislabs + rules: + - apiGroups: + - app.redislabs.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + - redisenterpriseactiveactivedatabases + - redisenterpriseremoteclusters + sideEffects: None + timeoutSeconds: 30 diff --git a/helm/redis-enterprise-operator/values.yaml b/helm/redis-enterprise-operator/values.yaml new file mode 100644 index 0000000..02e92a9 --- /dev/null +++ b/helm/redis-enterprise-operator/values.yaml @@ -0,0 +1,30 @@ +# This file includes the values that can be customized for the chart. +# +# For instructions how to override these default values, +# see https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing + +# Set to true if deploying to an OpenShift cluster +isOpenshift: false + +# Image pull secret to use for registry authentication +imagePullSecret: "" + +# Configuration options for the operator +operator: + + # Configuration options for the operator image + image: + + # Image repository for the operator image. + # Leave blank to use the default image repository, + # which is `redislabs/operator` for non-OpenShift deployments, + # and `registry.connect.redhat.com/redislabs/redis-enterprise-operator` for OpenShift deployments. + repository: "" + + # Image tag for the operator image. + # This typically represents the operator version. + tag: 7.4.2-2 + + # Whether to enable the Active-Active database controller within the operator. + # When disabled, RedisEnterpriseActiveActiveDatabase custom resources are not reconciled. + activeActiveDatabaseControllerEnabled: true diff --git a/log_collector/log_collector.py b/log_collector/log_collector.py index f6d2255..89227ff 100644 --- a/log_collector/log_collector.py +++ b/log_collector/log_collector.py @@ -37,7 +37,7 @@ logger.setLevel(logging.INFO) LOGGER_FORMAT = '%(asctime)s - %(levelname)s - %(message)s' logging.basicConfig(format=LOGGER_FORMAT) -VERSION_LOG_COLLECTOR = "7.2.4-12" +VERSION_LOG_COLLECTOR = "7.4.2-2" TIME_FORMAT = time.strftime("%Y%m%d-%H%M%S") @@ -60,6 +60,7 @@ NON_LABELED_RESOURCES = OPERATOR_CUSTOM_RESOURCES + [ "VolumeAttachment", + "NetworkPolicy", ] RESTRICTED_MODE_API_RESOURCES = NON_LABELED_RESOURCES + [ @@ -97,7 +98,6 @@ ALL_ONLY_API_RESOURCES = [ "Node", "ResourceQuota", - "NetworkPolicy", "CertificateSigningRequest", "ClusterServiceVersion", "Subscription", diff --git a/multi-namespace-redb/operator.yaml b/multi-namespace-redb/operator.yaml index 788d78d..4210094 100644 --- a/multi-namespace-redb/operator.yaml +++ b/multi-namespace-redb/operator.yaml @@ -24,7 +24,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:7.2.4-12 + image: redislabs/operator:7.4.2-2 command: - operator-root - operator @@ -74,7 +74,7 @@ spec: drop: - ALL - name: admission - image: redislabs/operator:7.2.4-12 + image: redislabs/operator:7.4.2-2 command: - operator-root - admission diff --git a/multi-namespace-redb/role.yaml b/multi-namespace-redb/role.yaml index c223534..4ea5782 100644 --- a/multi-namespace-redb/role.yaml +++ b/multi-namespace-redb/role.yaml @@ -7,12 +7,7 @@ metadata: rules: - apiGroups: - app.redislabs.com - resources: ["redisenterpriseclusters", "redisenterpriseclusters/status", "redisenterpriseclusters/finalizers", - "redisenterprisedatabases", "redisenterprisedatabases/status", "redisenterprisedatabases/finalizers", - "redisenterpriseremoteclusters", "redisenterpriseremoteclusters/status", - "redisenterpriseremoteclusters/finalizers", - "redisenterpriseactiveactivedatabases", "redisenterpriseactiveactivedatabases/status", - "redisenterpriseactiveactivedatabases/finalizers"] + resources: ["redisenterprisedatabases", "redisenterprisedatabases/status", "redisenterprisedatabases/finalizers"] verbs: ["delete", "deletecollection", "get", "list", "patch", "create", "update", "watch"] - apiGroups: [""] resources: ["secrets"] diff --git a/openshift.bundle.yaml b/openshift.bundle.yaml index 0ce7544..5e3c71b 100644 --- a/openshift.bundle.yaml +++ b/openshift.bundle.yaml @@ -3801,6 +3801,12 @@ spec: - major - latest type: string + resp3Default: + description: Whether databases will turn on RESP3 compatibility upon + database upgrade. Note - Deleting this property after explicitly + setting its value shall have no effect. Please view the corresponding + field in RS doc for more info. + type: boolean serviceAccountName: description: Name of the service account to use type: string @@ -11056,6 +11062,8 @@ spec: - major - latest type: string + resp3Default: + type: boolean serviceAccountName: type: string servicesRiggerSpec: @@ -15438,6 +15446,12 @@ spec: - type type: object type: array + shardingEnabled: + description: Toggles database sharding for REAADBs (Active Active + databases) and enabled by default. This field is blocked for REDB + (non-Active Active databases) and sharding is toggled via the shardCount + field - when shardCount is 1 this is disabled otherwise enabled. + type: boolean shardCount: description: Number of database server-side shards type: integer @@ -15515,6 +15529,11 @@ spec: For password, use ''password'' as the key and the actual password as the value. Note that connections are not encrypted.' type: string + resp3: + description: Whether this database supports RESP3 protocol. + Note - Deleting this property after explicitly setting its value shall have no effect. + Please view the corresponding field in RS doc for more info. + type: boolean type: object status: description: RedisEnterpriseDatabaseStatus defines the observed state of @@ -16435,6 +16454,11 @@ spec: will have replica shard for every master - leading to higher availability. type: boolean + resp3: + description: Whether this database supports RESP3 protocol. + Note - Deleting this property after explicitly setting its value shall have no effect. + Please view the corresponding field in RS doc for more info. + type: boolean rofRamSize: description: The size of the RAM portion of an RoF database. Similarly to "memorySize" use formats like 100MB, 0.1GB It must be at @@ -16466,6 +16490,12 @@ spec: - type type: object type: array + shardingEnabled: + description: Toggles database sharding for REAADBs (Active Active + databases) and enabled by default. This field is blocked for REDB + (non-Active Active databases) and sharding is toggled via the shardCount + field - when shardCount is 1 this is disabled otherwise enabled. + type: boolean shardCount: description: Number of database server-side shards type: integer @@ -16521,7 +16551,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.2.4-12 + image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.2-2 securityContext: privileged: false readOnlyRootFilesystem: true @@ -16573,7 +16603,7 @@ spec: port: 8080 scheme: HTTP - name: admission - image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.2.4-12 + image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.2-2 securityContext: privileged: false readOnlyRootFilesystem: true diff --git a/openshift/operator_rhel.yaml b/openshift/operator_rhel.yaml index 6fd33f0..04fdd8d 100644 --- a/openshift/operator_rhel.yaml +++ b/openshift/operator_rhel.yaml @@ -22,7 +22,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.2.4-12 + image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.2-2 securityContext: privileged: false readOnlyRootFilesystem: true @@ -74,7 +74,7 @@ spec: port: 8080 scheme: HTTP - name: admission - image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.2.4-12 + image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.2-2 securityContext: privileged: false readOnlyRootFilesystem: true diff --git a/openshift/rec_rhel.yaml b/openshift/rec_rhel.yaml index 8cacf43..b15db5b 100644 --- a/openshift/rec_rhel.yaml +++ b/openshift/rec_rhel.yaml @@ -9,7 +9,7 @@ spec: nodes: 3 redisEnterpriseImageSpec: repository: registry.connect.redhat.com/redislabs/redis-enterprise - versionTag: 7.2.4-92.rhel8-openshift + versionTag: 7.4.2-54.rhel8-openshift redisEnterpriseServicesRiggerImageSpec: repository: registry.connect.redhat.com/redislabs/services-manager bootstrapperImageSpec: diff --git a/operator.yaml b/operator.yaml index 788d78d..4210094 100644 --- a/operator.yaml +++ b/operator.yaml @@ -24,7 +24,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:7.2.4-12 + image: redislabs/operator:7.4.2-2 command: - operator-root - operator @@ -74,7 +74,7 @@ spec: drop: - ALL - name: admission - image: redislabs/operator:7.2.4-12 + image: redislabs/operator:7.4.2-2 command: - operator-root - admission diff --git a/redis_enterprise_cluster_api.md b/redis_enterprise_cluster_api.md index dd737df..b6db906 100644 --- a/redis_enterprise_cluster_api.md +++ b/redis_enterprise_cluster_api.md @@ -389,6 +389,7 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster | services | Customization options for operator-managed service resources created for Redis Enterprise clusters and databases | *[Services](#services) | | false | | ldap | Cluster-level LDAP configuration, such as server addresses, protocol, authentication and query settings. | *[LDAPSpec](#ldapspec) | | false | | extraEnvVars | ADVANCED USAGE: use carefully. Add environment variables to RS StatefulSet's containers. | []v1.EnvVar | | false | +| resp3Default | Whether databases will turn on RESP3 compatibility upon database upgrade. Note - Deleting this property after explicitly setting its value shall have no effect. Please view the corresponding field in RS doc for more info. | *bool | | false | [Back to Table of Contents](#table-of-contents) ### RedisEnterpriseClusterStatus diff --git a/redis_enterprise_database_api.md b/redis_enterprise_database_api.md index 942435b..dc98de9 100644 --- a/redis_enterprise_database_api.md +++ b/redis_enterprise_database_api.md @@ -215,6 +215,8 @@ RedisEnterpriseDatabaseSpec defines the desired state of RedisEnterpriseDatabase | memcachedSaslSecretName | Credentials used for binary authentication in memcached databases. The credentials should be saved as an opaque secret and the name of that secret should be configured using this field. For username, use 'username' as the key and the actual username as the value. For password, use 'password' as the key and the actual password as the value. Note that connections are not encrypted. | string | | false | | redisVersion | Redis OSS version. For existing databases - Upgrade Redis OSS version. For new databases - the version which the database will be created with. If set to 'major' - will always upgrade to the most recent major Redis version. If set to 'latest' - will always upgrade to the most recent Redis version. Depends on 'redisUpgradePolicy' - if you want to set the value to 'latest' for some databases, you must set redisUpgradePolicy on the cluster before. Possible values are 'major' or 'latest' When using upgrade - make sure to backup the database before. This value is used only for database type 'redis' | string | | false | | activeActive | Connection/ association to the Active-Active database. | *[ActiveActiveInfo](#activeactiveinfo) | | false | +| resp3 | Whether this database supports RESP3 protocol. Note - Deleting this property after explicitly setting its value shall have no effect. Please view the corresponding field in RS doc for more info. | *bool | | false | +| shardingEnabled | Toggles database sharding for REAADBs (Active Active databases) and enabled by default. This field is blocked for REDB (non-Active Active databases) and sharding is toggled via the shardCount field - when shardCount is 1 this is disabled otherwise enabled. | *bool | | false | [Back to Table of Contents](#table-of-contents) ### RedisEnterpriseDatabaseStatus diff --git a/vault/README.md b/vault/README.md index bb5ddfe..b5d79e8 100644 --- a/vault/README.md +++ b/vault/README.md @@ -26,7 +26,7 @@ How to use Hashicorp Vault as a source for secrets: > Note: when using Openshift it might be recommended to use oc instead of kubectl ## Prerequisites -* Deploy a Hashicorp Vault instance and make sure there is network access to it from the Kubernetes cluster. The solution has been tested with Hashicorp Vault v1.6.2. The Hashicorp Vault instance must be using TLS. +* Deploy a Hashicorp Vault instance and make sure there is network access to it from the Kubernetes cluster. The solution has been tested with Hashicorp Vault v1.15.2. The Hashicorp Vault instance must be using TLS. * Configure the Hashicorp Vault Kubernetes authentication for the Kubernetes cluster the operator is being deployed. Refer to the Hashicorp Vault documentation for details. * Deploy the Hashicorp Vault agent sidecar controller on the Kubernetes cluster (https://learn.hashicorp.com/tutorials/vault/kubernetes-sidecar) * Note that Hashicorp offers a Vault Enterprise product. The Vault Enterprise product supports namespaces. Those namespaces should not be confused with Kubernetes namespaces. This document assumes that the Hashicorp Vault instance used is the Enterprise product, and a Vault namespace is used. The namespace is referred to as the below. From 92042e1489e48350feac506a7ae78463acd0a9d8 Mon Sep 17 00:00:00 2001 From: Heinrich Koutcherouk Date: Wed, 14 Feb 2024 13:38:00 +0200 Subject: [PATCH 2/3] revert git ignore changes --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 5c3bdbb..485dee6 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -*bundle.yaml +.idea From 605e8a279ff5deaaf7d316ab3952e91aca769c29 Mon Sep 17 00:00:00 2001 From: Heinrich Koutcherouk Date: Wed, 14 Feb 2024 15:42:44 +0200 Subject: [PATCH 3/3] remove helm directory --- helm/redis-enterprise-operator/.helmignore | 1 - helm/redis-enterprise-operator/Chart.yaml | 17 -- helm/redis-enterprise-operator/README.md | 149 ------------- .../templates/_helpers.tpl | 11 - .../templates/admission-service.yaml | 13 -- .../templates/jobs/install_crds_job.yaml | 92 -------- .../jobs/patch-webhook-configuration.yaml | 134 ----------- .../templates/openshift/scc.yaml | 35 --- .../operator-environment-config.yaml | 14 -- .../templates/operator.yaml | 147 ------------- .../templates/role.yaml | 208 ------------------ .../templates/role_binding.yaml | 17 -- .../templates/service_account.yaml | 10 - .../templates/webhook.yaml | 35 --- helm/redis-enterprise-operator/values.yaml | 30 --- 15 files changed, 913 deletions(-) delete mode 100644 helm/redis-enterprise-operator/.helmignore delete mode 100644 helm/redis-enterprise-operator/Chart.yaml delete mode 100644 helm/redis-enterprise-operator/README.md delete mode 100644 helm/redis-enterprise-operator/templates/_helpers.tpl delete mode 100644 helm/redis-enterprise-operator/templates/admission-service.yaml delete mode 100644 helm/redis-enterprise-operator/templates/jobs/install_crds_job.yaml delete mode 100644 helm/redis-enterprise-operator/templates/jobs/patch-webhook-configuration.yaml delete mode 100644 helm/redis-enterprise-operator/templates/openshift/scc.yaml delete mode 100644 helm/redis-enterprise-operator/templates/operator-environment-config.yaml delete mode 100644 helm/redis-enterprise-operator/templates/operator.yaml delete mode 100644 helm/redis-enterprise-operator/templates/role.yaml delete mode 100644 helm/redis-enterprise-operator/templates/role_binding.yaml delete mode 100644 helm/redis-enterprise-operator/templates/service_account.yaml delete mode 100644 helm/redis-enterprise-operator/templates/webhook.yaml delete mode 100644 helm/redis-enterprise-operator/values.yaml diff --git a/helm/redis-enterprise-operator/.helmignore b/helm/redis-enterprise-operator/.helmignore deleted file mode 100644 index 6b8c0ab..0000000 --- a/helm/redis-enterprise-operator/.helmignore +++ /dev/null @@ -1 +0,0 @@ -.helmignore diff --git a/helm/redis-enterprise-operator/Chart.yaml b/helm/redis-enterprise-operator/Chart.yaml deleted file mode 100644 index 86c8b70..0000000 --- a/helm/redis-enterprise-operator/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v2 -type: application - -name: redis-enterprise-operator -description: A Helm chart for Redis Enterprise Operator for Kubernetes - -version: 0.1.0 -appVersion: 7.4.2-2 - -home: https://redis.com -icon: https://redis.com/wp-content/themes/wpx/assets/images/logo-redis.svg -keywords: -- redis -- database -maintainers: -- name: Redis - url: https://redis.com/company/contact/ diff --git a/helm/redis-enterprise-operator/README.md b/helm/redis-enterprise-operator/README.md deleted file mode 100644 index c99765c..0000000 --- a/helm/redis-enterprise-operator/README.md +++ /dev/null @@ -1,149 +0,0 @@ -# Redis Enterprise Operator Helm Chart - -Official Helm chart for installing, configuring and upgrading **Redis Enterprise Operator for Kubernetes**. - -[Redis Enterprise](https://redis.com/redis-enterprise-software/overview/) is a self-managed data platform that unlocks the full potential of Redis at enterprise scale - on premises or in the cloud. -[Redis Enterprise Operator for Kubernetes](https://redis.com/redis-enterprise-software/redis-enterprise-on-kubernetes/) provides a simple, Kubernetes-native way for deploying and managing Redis Enterprise on Kubernetes. - -## Prerequisites - -- Kubernetes 1.23+ - Supported Kubernetes versions can vary according to the Kubernetes distribution being used. - Please consult the [release notes](https://docs.redis.com/latest/kubernetes/release-notes/) for detailed supported distributions information per operator version. -- Helm 3.10+ - -## Installing the Chart - -To install the chart: - -```sh -helm install [RELEASE_NAME] [PATH_TO_CHART] -``` - -The `[PATH_TO_CHART]` may be a path to the chart root directory, or a chart archive on the local filesystem. - -To install the chart on **OpenShift**, set the `isOpenshift=true` value: - -```sh -helm install [RELEASE_NAME] [PATH_TO_CHART] \ - --set isOpenshift=true -``` - -To create and select a namespace for the installation, specify the `--namespace` and `--create-namespace` flags: - -```sh -helm install [RELEASE_NAME] [PATH_TO_CHART] \ - --namespace [NAMESPACE] \ - --create-namespace -``` - -For example, to install the chart with release name "my-redis-enterprise" from within the chart's root directory: - -```sh -helm install my-redis-enterprise . \ - --namespace redis-enterprise \ - --create-namespace -``` - -Note: the chart installation includes several jobs that configure the CRDs and admission controller used by the operator. -These jobs run synchronously during the execution of `helm install` command, and may take around 1 minute to complete. -To view additional progress information during the `helm install` execution, use the `--debug` flag: - -```sh -helm install [RELEASE_NAME] [PATH_TO_CHART] \ - --debug -``` - -See [Configuration](#configuration) section below for various configuration options. -See [Creating a Redis Enterprise Cluster](#creating-a-redis-enterprise-cluster) section below for instructions for creating a Redis Enterprise Cluster. -See [helm install](https://helm.sh/docs/helm/helm_install/) and [Using Helm](https://helm.sh/docs/intro/using_helm/#helm-install-installing-a-package) for more information and options when installing charts. - -## Uninstalling the Chart - -Before uninstalling the chart, delete any custom resources managed by the Redis Enterprise Operator: - -```sh -kubectl delete redb -kubectl delete rerc -kubectl delete reaadb -kubectl delete rec -``` - -To uninstall a previously installed chart: - -```sh -helm uninstall [RELEASE_NAME] -``` - -This removes all the Kubernetes resources associated with the chart and deletes the release. - -See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for more information and options when uninstalling charts. - -## Creating a Redis Enterprise Cluster - -Once the chart is installed and the Redis Enterprise Operator is running, a Redis Enterprise Cluster can be created. -As of now, the Redis Enterprise Cluster is created directly via custom resources, and not via Helm. - -To create a Redis Enterprise Cluster: - -1. Validate that the `redis-enterprise-operator` pod is in `RUNNING` state: - -```sh -kubectl get pods -n [NAMESPACE] -``` - -2. Create a file for the `RedisEnterpriseCluster` custom resource: - -```yaml -apiVersion: app.redislabs.com/v1 -kind: RedisEnterpriseCluster -metadata: - name: rec -spec: - nodes: 3 -``` - -3. Apply the custom resource: - -```sh -kubectl apply -f rec.yaml -n [NAMESPACE] -``` - -See [Create a Redis Enterprise cluster](https://docs.redis.com/latest/kubernetes/deployment/quick-start/#create-a-redis-enterprise-cluster-rec) and [Redis Enterprise Cluster API](https://github.com/RedisLabs/redis-enterprise-k8s-docs/blob/master/redis_enterprise_cluster_api.md) for more information and options for creating a Redis Enterprise Cluster. - -## Configuration - -The chart supports several configuration options that allows to customize the behavior and capabilities of the Redis Enterprise Operator. -For a list of configurable options and their descriptions, please refer to the `values.yaml` file at the root of the chart. - -To install the chart with a customized values file: - -```sh -helm install [RELEASE_NAME] [PATH_TO_CHART] \ - --values [PATH_TO_VALUES_FILE] -``` - -To install the chart with the default values files but with some specific values overriden: - -```sh -helm install [RELEASE_NAME] [PATH_TO_CHART] \ - --set key1=value1 \ - --set key2=value2 -``` - -See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing) for additional information on how to customize the chart installation. - -## Known Limitations - -This is a preliminary release of this Helm chart, and as of now some if its functionality is still limited: - -- The chart only installs the Redis Enterprise Operator, but doesn't create a Redis Enterprise Cluster. See [Creating a Redis Enterprise Cluster](#creating-a-redis-enterprise-cluster) section for instructions on how to directly create a Redis Enterprise Cluster. -- Several configuration options for the operator are still unsupported, including multiple REDB namespaces, rack-aware, and vault integration. These options can be enabled by following the relevant instructions in the [product documentation](https://docs.redis.com/latest/kubernetes/). -- CRDs installed by the chart are not removed upon chart uninstallation. These could be manually removed when the chart is uninstalled and are no longer needed, using the following command: - ```sh - kubectl delete crds -l app=redis-enterprise - ``` -- Helm chart upgrades are not supported, nor migrations from a non-Helm deployment to a Helm deployment. -- Limited testing in advanced setups such as Active-Active configurations, airgapped deployments, IPv6/dual-stack environments. -- The chart is still unpublished in a "helm repo" or ArtifactHub, and thus can only be installed from a local source (chart directory/archive). -- While not really a limitation, please note that this chart also installs the [admission controller](https://docs.redis.com/latest/kubernetes/deployment/quick-start/#enable-the-admission-controller) by default, and there's no option to disable it (as opposed to the non-Helm deployment). \ No newline at end of file diff --git a/helm/redis-enterprise-operator/templates/_helpers.tpl b/helm/redis-enterprise-operator/templates/_helpers.tpl deleted file mode 100644 index d3ce88d..0000000 --- a/helm/redis-enterprise-operator/templates/_helpers.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{- define "redis-enterprise-operator.operator.image" }} -{{- if and .Values.global .Values.global.azure .Values.global.azure.images .Values.global.azure.images.operator }} -{{- with .Values.global.azure.images.operator }} -{{ .registry }}/{{ .image }}@{{ .digest }} -{{- end }} -{{- else }} -{{- $defaultRepository := ternary "registry.connect.redhat.com/redislabs/redis-enterprise-operator" "redislabs/operator" .Values.isOpenshift }} -{{- $repository := default $defaultRepository .Values.operator.image.repository }} -{{ $repository }}:{{ .Values.operator.image.tag }} -{{- end }} -{{- end }} diff --git a/helm/redis-enterprise-operator/templates/admission-service.yaml b/helm/redis-enterprise-operator/templates/admission-service.yaml deleted file mode 100644 index bb96411..0000000 --- a/helm/redis-enterprise-operator/templates/admission-service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: admission - labels: - app: redis-enterprise -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 8443 - selector: - name: redis-enterprise-operator diff --git a/helm/redis-enterprise-operator/templates/jobs/install_crds_job.yaml b/helm/redis-enterprise-operator/templates/jobs/install_crds_job.yaml deleted file mode 100644 index 4231021..0000000 --- a/helm/redis-enterprise-operator/templates/jobs/install_crds_job.yaml +++ /dev/null @@ -1,92 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - namespace: {{ .Release.Namespace }} - name: redis-enterprise-crds - annotations: - "redis/operator-ver": {{ .Values.operator.image.tag }} - "redis/helm-chart-ver": {{ .Chart.Version }} - "helm.sh/hook": pre-install, pre-upgrade - "helm.sh/hook-weight": "-4" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation - labels: - app: redis-enterprise -spec: - template: - metadata: - labels: - app: redis-enterprise - spec: - serviceAccountName: redis-enterprise-crds - containers: - - name: gatekeeper-crds - image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - runAsNonRoot: true - seccompProfile: - type: "RuntimeDefault" - command: - - crd-installer - args: - - "-action=applyCRD" - - "-crdPaths=/crds/rec_crd.yaml,/crds/redb_crd.yaml,/crds/reaadb_crd.yaml,/crds/rerc_crd.yaml" - resources: - limits: - cpu: 500m - memory: 256Mi - restartPolicy: OnFailure ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: redis-enterprise-crds - annotations: - "redis/operator-ver": {{ .Values.operator.image.tag }} - "redis/helm-chart-ver": {{ .Chart.Version }} - "helm.sh/hook": pre-install, pre-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation - labels: - app: redis-enterprise -rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["create", "get", "list", "watch", "patch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: redis-enterprise-crds - annotations: - "redis/operator-ver": {{ .Values.operator.image.tag }} - "redis/helm-chart-ver": {{ .Chart.Version }} - "helm.sh/hook": pre-install, pre-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation - labels: - app: redis-enterprise -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: redis-enterprise-crds -subjects: - - kind: ServiceAccount - name: redis-enterprise-crds - namespace: {{ .Release.Namespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: redis-enterprise-crds - namespace: {{ .Release.Namespace }} - annotations: - "redis/operator-ver": {{ .Values.operator.image.tag }} - "redis/helm-chart-ver": {{ .Chart.Version }} - "helm.sh/hook": pre-install, pre-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation - labels: - app: redis-enterprise diff --git a/helm/redis-enterprise-operator/templates/jobs/patch-webhook-configuration.yaml b/helm/redis-enterprise-operator/templates/jobs/patch-webhook-configuration.yaml deleted file mode 100644 index fdff1a4..0000000 --- a/helm/redis-enterprise-operator/templates/jobs/patch-webhook-configuration.yaml +++ /dev/null @@ -1,134 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: redis-admission-configuration - labels: - app: redis-enterprise - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation - "redis/operator-ver": {{ .Values.operator.image.tag }} - "redis/helm-chart-ver": {{ .Chart.Version }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: redis-admission-configuration - labels: - app: redis-enterprise - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation - "redis/operator-ver": {{ .Values.operator.image.tag }} - "redis/helm-chart-ver": {{ .Chart.Version }} -rules: -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["patch", "get"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: redis-admission-configuration - labels: - app: redis-enterprise - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation - "redis/operator-ver": {{ .Values.operator.image.tag }} - "redis/helm-chart-ver": {{ .Chart.Version }} -subjects: -- kind: ServiceAccount - name: redis-admission-configuration - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: redis-admission-configuration - apiGroup: rbac.authorization.k8s.io ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: redis-admission-configuration - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation - "redis/operator-ver": {{ .Values.operator.image.tag }} - "redis/helm-chart-ver": {{ .Chart.Version }} - labels: - app: redis-enterprise -rules: - - apiGroups: [ "" ] - resources: [ "secrets" ] - verbs: [ "get"] ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: redis-admission-configuration - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation - "redis/operator-ver": {{ .Values.operator.image.tag }} - "redis/helm-chart-ver": {{ .Chart.Version }} - labels: - app: redis-enterprise -subjects: -- kind: ServiceAccount - name: redis-admission-configuration -roleRef: - kind: Role - name: redis-admission-configuration - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: redis-webhook-configuration - labels: - app: redis-enterprise - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation - "redis/operator-ver": {{ .Values.operator.image.tag }} - "redis/helm-chart-ver": {{ .Chart.Version }} -spec: - backoffLimit: 6 - completions: 1 - parallelism: 1 - template: - metadata: - labels: - app: redis-enterprise - spec: - containers: - - name: patch-admission-webhook-configuration - resources: - limits: - cpu: 500m - memory: 256Mi - image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }} - imagePullPolicy: Always - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] - runAsNonRoot: true - seccompProfile: - type: "RuntimeDefault" - command: - - crd-installer - args: - - "-action=patchWebhook" - - "-webhookName=redis-enterprise-admission" - - -namespace={{ .Release.Namespace }} - restartPolicy: OnFailure - serviceAccountName: redis-admission-configuration diff --git a/helm/redis-enterprise-operator/templates/openshift/scc.yaml b/helm/redis-enterprise-operator/templates/openshift/scc.yaml deleted file mode 100644 index dd0fc45..0000000 --- a/helm/redis-enterprise-operator/templates/openshift/scc.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.isOpenshift -}} -apiVersion: security.openshift.io/v1 -kind: SecurityContextConstraints -metadata: - name: redis-enterprise-scc-v2 - annotations: - kubernetes.io/description: redis-enterprise-scc is the minimal SCC needed to run Redis Enterprise nodes on Kubernetes. - It provides the same features as restricted-v2 SCC, but allows pods to enable the SYS_RESOURCE capability, - which is required by Redis Enterprise nodes to manage file descriptor limits and OOM scores for database shards. - Additionally, it requires pods to run as UID/GID 1001, which are the UID/GID used within the Redis Enterprise node containers. -allowedCapabilities: -- SYS_RESOURCE -allowHostDirVolumePlugin: false -allowHostIPC : false -allowHostNetwork: false -allowHostPID: false -allowHostPorts: false -allowPrivilegeEscalation: false -allowPrivilegedContainer: false -readOnlyRootFilesystem: false -runAsUser: - type: MustRunAs - uid: 1001 -fsGroup: - type: MustRunAs - ranges: - - min: 1001 - max: 1001 -seLinuxContext: - type: MustRunAs -seccompProfiles: -- runtime/default -supplementalGroups: - type: RunAsAny -{{- end -}} diff --git a/helm/redis-enterprise-operator/templates/operator-environment-config.yaml b/helm/redis-enterprise-operator/templates/operator-environment-config.yaml deleted file mode 100644 index e5b37ed..0000000 --- a/helm/redis-enterprise-operator/templates/operator-environment-config.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app: redis-enterprise - name: operator-environment-config - namespace: {{ $.Release.Namespace }} - annotations: - "redis/operator-ver": {{ .Values.operator.image.tag }} - "redis/helm-chart-ver": {{ .Chart.Version }} -data: - {{- with .Values.operator }} - ACTIVE_ACTIVE_DATABASE_CONTROLLER_ENABLED: {{ .activeActiveDatabaseControllerEnabled | quote }} - {{- end }} \ No newline at end of file diff --git a/helm/redis-enterprise-operator/templates/operator.yaml b/helm/redis-enterprise-operator/templates/operator.yaml deleted file mode 100644 index c6c86ca..0000000 --- a/helm/redis-enterprise-operator/templates/operator.yaml +++ /dev/null @@ -1,147 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - redis/helm-chart-ver: {{ .Chart.Version }} - redis/operator-ver: {{ .Values.operator.image.tag }} - labels: - app: redis-enterprise - name: redis-enterprise-operator - namespace: {{ .Release.Namespace }} -spec: - replicas: 1 - selector: - matchLabels: - name: redis-enterprise-operator - strategy: - type: Recreate - template: - metadata: - labels: - app: redis-enterprise - name: redis-enterprise-operator - spec: - containers: - - command: - - operator-root - - operator - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: redis-enterprise-operator - {{- if .Values.isOpenshift }} - - name: DEPLOY_RHEL - value: "true" - {{- end }} - envFrom: - - configMapRef: - name: {{ "operator-environment-config" | quote }} - optional: true - image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }} - imagePullPolicy: Always - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: redis-enterprise-operator - ports: - - containerPort: 8080 - resources: - limits: - cpu: 4000m - memory: 512Mi - requests: - cpu: 500m - memory: 256Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - - command: - - operator-root - - admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - envFrom: - - configMapRef: - name: {{ "operator-environment-config" | quote }} - optional: true - image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }} - imagePullPolicy: Always - livenessProbe: - failureThreshold: 3 - httpGet: - path: /liveness - port: 8443 - scheme: HTTPS - initialDelaySeconds: 15 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - name: admission - ports: - - containerPort: 8443 - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8443 - scheme: HTTPS - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: 1000m - memory: 512Mi - requests: - cpu: 250m - memory: 256Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - securityContext: - {{- if not .Values.isOpenshift}} - seccompProfile: - type: RuntimeDefault - {{- end }} - runAsNonRoot: true - serviceAccountName: redis-enterprise-operator - {{- if .Values.imagePullSecret }} - imagePullSecrets: - - name: .Values.imagePullSecret - {{- end }} diff --git a/helm/redis-enterprise-operator/templates/role.yaml b/helm/redis-enterprise-operator/templates/role.yaml deleted file mode 100644 index e635e1b..0000000 --- a/helm/redis-enterprise-operator/templates/role.yaml +++ /dev/null @@ -1,208 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - redis/helm-chart-ver: {{ .Chart.Version }} - redis/operator-ver: {{ .Values.operator.image.tag }} - labels: - app: redis-enterprise - name: redis-enterprise-operator - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: - - rbac.authorization.k8s.io - - "" - resources: - - roles - - serviceaccounts - - rolebindings - verbs: - - bind - - escalate - - impersonate - - userextras - - create - - get - - list - - watch - - update - - patch - - delete - - deletecollection - - apiGroups: - - app.redislabs.com - resources: - - redisenterpriseclusters - - redisenterpriseclusters/status - - redisenterpriseclusters/finalizers - - redisenterprisedatabases - - redisenterprisedatabases/status - - redisenterprisedatabases/finalizers - - redisenterpriseremoteclusters - - redisenterpriseremoteclusters/status - - redisenterpriseremoteclusters/finalizers - - redisenterpriseactiveactivedatabases - - redisenterpriseactiveactivedatabases/status - - redisenterpriseactiveactivedatabases/finalizers - verbs: - - delete - - deletecollection - - get - - list - - patch - - create - - update - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - update - - get - - read - - list - - listallnamespaces - - watch - - watchlist - - watchlistallnamespaces - - create - - patch - - replace - - delete - - deletecollection - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - apps - resources: - - deployments - - statefulsets - - replicasets - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - create - - delete - - get - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - update - - list - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - update - - list - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - watch - - list - - update - - patch - - delete - - apiGroups: - - "" - resources: - - services - verbs: - - get - - watch - - list - - update - - patch - - create - - delete - - apiGroups: - - policy - resourceNames: - - redis-enterprise-psp - resources: - - podsecuritypolicies - verbs: - - use - - apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - patch - - replace - - delete - - deletecollection - - read - - list - - listallnamespaces - - watch - - watchlist - - watchlistallnamespaces - - patchstatus - - readstatus - - replacestatus - - update - - apiGroups: - - networking.istio.io - resources: - - gateways - - virtualservices - verbs: - - get - - watch - - list - - update - - patch - - create - - delete - {{- if .Values.isOpenshift }} - - apiGroups: ["route.openshift.io"] - resources: ["routes", "routes/custom-host"] - verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"] - - apiGroups: ["security.openshift.io"] - resourceNames: ["nonroot"] - resources: ["securitycontextconstraints"] - verbs: ["use"] - {{- end }} diff --git a/helm/redis-enterprise-operator/templates/role_binding.yaml b/helm/redis-enterprise-operator/templates/role_binding.yaml deleted file mode 100644 index 7e5cbaa..0000000 --- a/helm/redis-enterprise-operator/templates/role_binding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - redis/helm-chart-ver: {{ .Chart.Version }} - redis/operator-ver: {{ .Values.operator.image.tag }} - labels: - app: redis-enterprise - name: redis-enterprise-operator - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: redis-enterprise-operator -subjects: - - kind: ServiceAccount - name: redis-enterprise-operator diff --git a/helm/redis-enterprise-operator/templates/service_account.yaml b/helm/redis-enterprise-operator/templates/service_account.yaml deleted file mode 100644 index e381625..0000000 --- a/helm/redis-enterprise-operator/templates/service_account.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - redis/helm-chart-ver: {{ .Chart.Version }} - redis/operator-ver: {{ .Values.operator.image.tag }} - labels: - app: redis-enterprise - name: redis-enterprise-operator - namespace: {{ .Release.Namespace }} diff --git a/helm/redis-enterprise-operator/templates/webhook.yaml b/helm/redis-enterprise-operator/templates/webhook.yaml deleted file mode 100644 index 867f9e8..0000000 --- a/helm/redis-enterprise-operator/templates/webhook.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - redis/helm-chart-ver: {{ .Chart.Version }} - redis/operator-ver: {{ .Values.operator.image.tag }} - labels: - app: redis-enterprise - name: redis-enterprise-admission - namespace: {{ .Release.Namespace }} -webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: admission - namespace: {{ .Release.Namespace }} - path: /admission - failurePolicy: Fail - matchPolicy: Exact - name: redisenterprise.admission.redislabs - rules: - - apiGroups: - - app.redislabs.com - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - redisenterprisedatabases - - redisenterpriseactiveactivedatabases - - redisenterpriseremoteclusters - sideEffects: None - timeoutSeconds: 30 diff --git a/helm/redis-enterprise-operator/values.yaml b/helm/redis-enterprise-operator/values.yaml deleted file mode 100644 index 02e92a9..0000000 --- a/helm/redis-enterprise-operator/values.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# This file includes the values that can be customized for the chart. -# -# For instructions how to override these default values, -# see https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing - -# Set to true if deploying to an OpenShift cluster -isOpenshift: false - -# Image pull secret to use for registry authentication -imagePullSecret: "" - -# Configuration options for the operator -operator: - - # Configuration options for the operator image - image: - - # Image repository for the operator image. - # Leave blank to use the default image repository, - # which is `redislabs/operator` for non-OpenShift deployments, - # and `registry.connect.redhat.com/redislabs/redis-enterprise-operator` for OpenShift deployments. - repository: "" - - # Image tag for the operator image. - # This typically represents the operator version. - tag: 7.4.2-2 - - # Whether to enable the Active-Active database controller within the operator. - # When disabled, RedisEnterpriseActiveActiveDatabase custom resources are not reconciled. - activeActiveDatabaseControllerEnabled: true