diff --git a/content/embeds/admission-service.md b/content/embeds/admission-service.md new file mode 100644 index 000000000..43d8f91fe --- /dev/null +++ b/content/embeds/admission-service.md @@ -0,0 +1,15 @@ +```yaml +apiVersion: v1 +kind: Service +metadata: + name: admission + labels: + app: redis-enterprise +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 8443 + selector: + name: redis-enterprise-operator +``` diff --git a/content/embeds/admission_webhook.md b/content/embeds/admission_webhook.md new file mode 100644 index 000000000..17d570dd0 --- /dev/null +++ b/content/embeds/admission_webhook.md @@ -0,0 +1,34 @@ +```yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + labels: + app: redis-enterprise + name: redis-enterprise-admission +webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: admission + path: /admission + namespace: OPERATOR_NAMESPACE + caBundle: "" # Fill in with BASE64 encoded signed cert + failurePolicy: Fail + matchPolicy: Exact + name: redisenterprise.admission.redislabs + rules: + - apiGroups: + - app.redislabs.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - redisenterprisedatabases + - redisenterpriseactiveactivedatabases + - redisenterpriseremoteclusters + sideEffects: None + timeoutSeconds: 30 +``` diff --git a/content/embeds/log_collector_role_all_mode.md b/content/embeds/log_collector_role_all_mode.md new file mode 100644 index 000000000..6f56c7a6d --- /dev/null +++ b/content/embeds/log_collector_role_all_mode.md @@ -0,0 +1,187 @@ +```yaml +# The minimal Role and ClusterRole required for running the log collector in 'all' mode. +# The roles should be bound to the user executing the log collector, in each of the namespaces to be collected. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: redis-enterprise-log-collector +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get + - list +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +- apiGroups: + - "" + resources: + - events + - services + - endpoints + - configmaps + - secrets + - resourcequotas + - limitranges + - persistentvolumeclaims + - replicationcontrollers + verbs: + - get + - list +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - get + - list +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - list +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list +- apiGroups: + - app.redislabs.com + resources: + - "*" + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - get + - list +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - get + - list +- apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - subscriptions + - installplans + - catalogsources + verbs: + - get + - list +- apiGroups: + - networking.istio.io + resources: + - gateways + - virtualservices + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: redis-enterprise-log-collector +rules: +- apiGroups: + - "" + resources: + - nodes + - persistentvolumes + verbs: + - get + - list +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - get + - list +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + resourceNames: + - redisenterpriseclusters.app.redislabs.com + - redisenterprisedatabases.app.redislabs.com + - redisenterpriseremoteclusters.app.redislabs.com + - redisenterpriseactiveactivedatabases.app.redislabs.com + verbs: + - get + - list +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + - storageclasses + verbs: + - get + - list +- apiGroups: + - policy + resources: + - podsecuritypolicy + verbs: + - get + - list +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - get + - list +``` diff --git a/content/embeds/log_collector_role_restricted_mode.md b/content/embeds/log_collector_role_restricted_mode.md new file mode 100644 index 000000000..2a7d9d2ce --- /dev/null +++ b/content/embeds/log_collector_role_restricted_mode.md @@ -0,0 +1,146 @@ +```yaml +# The minimal Role and ClusterRole required for running the log collector in 'restricted' mode. +# The roles should be bound to the user executing the log collector, in each of the namespaces to be collected. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: redis-enterprise-log-collector +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get + - list +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +- apiGroups: + - "" + resources: + - events + - services + - endpoints + - configmaps + - secrets + - resourcequotas + - limitranges + - persistentvolumeclaims + - replicationcontrollers + verbs: + - get + - list +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - get + - list +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - list +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list +- apiGroups: + - app.redislabs.com + resources: + - "*" + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - get + - list +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: redis-enterprise-log-collector +rules: +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - get + - list +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + resourceNames: + - redisenterpriseclusters.app.redislabs.com + - redisenterprisedatabases.app.redislabs.com + - redisenterpriseremoteclusters.app.redislabs.com + - redisenterpriseactiveactivedatabases.app.redislabs.com + verbs: + - list + - get +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - list + - get +``` diff --git a/content/embeds/multi-ns_operator_cluster_role.md b/content/embeds/multi-ns_operator_cluster_role.md new file mode 100644 index 000000000..b7cc45f9a --- /dev/null +++ b/content/embeds/multi-ns_operator_cluster_role.md @@ -0,0 +1,12 @@ +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: redis-enterprise-operator-consumer-ns + labels: + app: redis-enterprise +rules: + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["list", "watch"] +``` diff --git a/content/embeds/multi-ns_operator_cluster_role_binding.md b/content/embeds/multi-ns_operator_cluster_role_binding.md new file mode 100644 index 000000000..b5103f518 --- /dev/null +++ b/content/embeds/multi-ns_operator_cluster_role_binding.md @@ -0,0 +1,16 @@ +```yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: redis-enterprise-operator-consumer-ns + labels: + app: redis-enterprise +subjects: +- kind: ServiceAccount + name: redis-enterprise-operator + namespace: NAMESPACE_OF_SERVICE_ACCOUNT +roleRef: + kind: ClusterRole + name: redis-enterprise-operator-consumer-ns + apiGroup: rbac.authorization.k8s.io +``` diff --git a/content/embeds/multi-ns_role.md b/content/embeds/multi-ns_role.md new file mode 100644 index 000000000..60ae8ca5a --- /dev/null +++ b/content/embeds/multi-ns_role.md @@ -0,0 +1,25 @@ +```yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: redb-role + labels: + app: redis-enterprise +rules: + - apiGroups: + - app.redislabs.com + resources: ["redisenterprisedatabases", "redisenterprisedatabases/status", "redisenterprisedatabases/finalizers"] + verbs: ["delete", "get", "list", "patch", "create", "update", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["update", "get", "watch", "create", "patch", "list"] + - apiGroups: [""] + resources: ["endpoints"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create"] + - apiGroups: [""] + resources: ["services"] + verbs: ["get", "list", "update", "patch", "create", "delete", "watch"] +``` diff --git a/content/embeds/multi-ns_role_binding.md b/content/embeds/multi-ns_role_binding.md new file mode 100644 index 000000000..9de0938a4 --- /dev/null +++ b/content/embeds/multi-ns_role_binding.md @@ -0,0 +1,19 @@ +```yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: redb-role + labels: + app: redis-enterprise +subjects: +- kind: ServiceAccount + name: redis-enterprise-operator + namespace: NAMESPACE_OF_SERVICE_ACCOUNT +- kind: ServiceAccount + name: NAME_OF_REC_SERVICE_ACCOUNT # service account of the REC, usually the same as the name of the custom resource + namespace: NAMESPACE_OF_SERVICE_ACCOUNT +roleRef: + kind: Role + name: redb-role + apiGroup: rbac.authorization.k8s.io +``` diff --git a/content/embeds/openshift_admission-service.md b/content/embeds/openshift_admission-service.md new file mode 100644 index 000000000..43d8f91fe --- /dev/null +++ b/content/embeds/openshift_admission-service.md @@ -0,0 +1,15 @@ +```yaml +apiVersion: v1 +kind: Service +metadata: + name: admission + labels: + app: redis-enterprise +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 8443 + selector: + name: redis-enterprise-operator +``` diff --git a/content/embeds/openshift_rec.md b/content/embeds/openshift_rec.md new file mode 100644 index 000000000..25b32e22b --- /dev/null +++ b/content/embeds/openshift_rec.md @@ -0,0 +1,18 @@ +```yaml +apiVersion: app.redislabs.com/v1 +kind: RedisEnterpriseCluster +metadata: + name: rec + labels: + app: redis-enterprise +spec: + # Add fields here + nodes: 3 + redisEnterpriseImageSpec: + repository: registry.connect.redhat.com/redislabs/redis-enterprise + versionTag: 7.8.2-34.rhel8-openshift + redisEnterpriseServicesRiggerImageSpec: + repository: registry.connect.redhat.com/redislabs/services-manager + bootstrapperImageSpec: + repository: registry.connect.redhat.com/redislabs/redis-enterprise-operator +``` diff --git a/content/embeds/openshift_role.md b/content/embeds/openshift_role.md new file mode 100644 index 000000000..e228260e8 --- /dev/null +++ b/content/embeds/openshift_role.md @@ -0,0 +1,195 @@ +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: redis-enterprise + name: redis-enterprise-operator +rules: + - apiGroups: + - rbac.authorization.k8s.io + - "" + resources: + - roles + - serviceaccounts + - rolebindings + verbs: + - create + - get + - update + - patch + - delete + - apiGroups: + - app.redislabs.com + resources: + - redisenterpriseclusters + - redisenterpriseclusters/status + - redisenterpriseclusters/finalizers + - redisenterprisedatabases + - redisenterprisedatabases/status + - redisenterprisedatabases/finalizers + - redisenterpriseremoteclusters + - redisenterpriseremoteclusters/status + - redisenterpriseremoteclusters/finalizers + - redisenterpriseactiveactivedatabases + - redisenterpriseactiveactivedatabases/status + - redisenterpriseactiveactivedatabases/finalizers + verbs: + - delete + - get + - list + - patch + - create + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - update + - get + - create + - patch + - delete + - list + - watch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - apps + resources: + - deployments + - statefulsets + - replicasets + verbs: + - create + - delete + - get + - patch + - update + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - update + - watch + - list + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - update + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - update + - patch + - delete + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - update + - patch + - create + - delete + - watch + - apiGroups: + - policy + resourceNames: + - redis-enterprise-psp + resources: + - podsecuritypolicies + verbs: + - use + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - patch + - delete + - list + - update + - get + - watch + - apiGroups: + - networking.istio.io + resources: + - gateways + - virtualservices + verbs: + - get + - list + - update + - patch + - create + - delete + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - security.openshift.io + resourceNames: + - nonroot + resources: + - securitycontextconstraints + verbs: + - use +``` diff --git a/content/embeds/openshift_role_binding.md b/content/embeds/openshift_role_binding.md new file mode 100644 index 000000000..8c72199c2 --- /dev/null +++ b/content/embeds/openshift_role_binding.md @@ -0,0 +1,15 @@ +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: redis-enterprise + name: redis-enterprise-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: redis-enterprise-operator +subjects: + - kind: ServiceAccount + name: redis-enterprise-operator +``` diff --git a/content/embeds/openshift_scc.md b/content/embeds/openshift_scc.md new file mode 100644 index 000000000..39b3cba9c --- /dev/null +++ b/content/embeds/openshift_scc.md @@ -0,0 +1,32 @@ +```yaml +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + name: redis-enterprise-scc-v2 + annotations: + kubernetes.io/description: redis-enterprise-scc-v2 is the minimal SCC needed to run Redis Enterprise nodes on Kubernetes. It provides the same features as restricted-v2 SCC, but allows pods to enable the SYS_RESOURCE capability, which is required by Redis Enterprise nodes to manage file descriptor limits and OOM scores for database shards. Additionally, it requires pods to run as UID/GID 1001, which are the UID/GID used within the Redis Enterprise node containers. +allowedCapabilities: + - SYS_RESOURCE +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowPrivilegeEscalation: false +allowPrivilegedContainer: false +readOnlyRootFilesystem: false +runAsUser: + type: MustRunAs + uid: 1001 +fsGroup: + type: MustRunAs + ranges: + - min: 1001 + max: 1001 +seLinuxContext: + type: MustRunAs +seccompProfiles: + - runtime/default +supplementalGroups: + type: RunAsAny +``` diff --git a/content/embeds/openshift_service_account.md b/content/embeds/openshift_service_account.md new file mode 100644 index 000000000..cdf09aed0 --- /dev/null +++ b/content/embeds/openshift_service_account.md @@ -0,0 +1,8 @@ +```yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: redis-enterprise + name: redis-enterprise-operator +``` diff --git a/content/embeds/rack_aware_cluster_role.md b/content/embeds/rack_aware_cluster_role.md new file mode 100644 index 000000000..a888f7ef7 --- /dev/null +++ b/content/embeds/rack_aware_cluster_role.md @@ -0,0 +1,11 @@ +```yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: redis-enterprise-operator +rules: + # needed for rack awareness + - apiGroups: [""] + resources: ["nodes"] + verbs: ["list", "get", "watch"] +``` diff --git a/content/embeds/rack_aware_cluster_role_binding.md b/content/embeds/rack_aware_cluster_role_binding.md new file mode 100644 index 000000000..c8f0a9206 --- /dev/null +++ b/content/embeds/rack_aware_cluster_role_binding.md @@ -0,0 +1,16 @@ +```yaml +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: redis-enterprise-operator + labels: + app: redis-enterprise +subjects: +- kind: ServiceAccount + namespace: NAMESPACE_OF_SERVICE_ACCOUNT + name: redis-enterprise-operator +roleRef: + kind: ClusterRole + name: redis-enterprise-operator + apiGroup: rbac.authorization.k8s.io +``` diff --git a/content/embeds/rack_aware_rec.md b/content/embeds/rack_aware_rec.md new file mode 100644 index 000000000..b66bdaeaf --- /dev/null +++ b/content/embeds/rack_aware_rec.md @@ -0,0 +1,11 @@ +```yaml +apiVersion: app.redislabs.com/v1alpha1 +kind: RedisEnterpriseCluster +metadata: + name: rack-aware-cluster + labels: + app: redis-enterprise +spec: + nodes: 3 + rackAwarenessNodeLabel: topology.kubernetes.io/zone +``` diff --git a/content/embeds/reaadb.md b/content/embeds/reaadb.md new file mode 100644 index 000000000..744c6f65e --- /dev/null +++ b/content/embeds/reaadb.md @@ -0,0 +1,14 @@ +```yaml +apiVersion: app.redislabs.com/v1alpha1 +kind: RedisEnterpriseActiveActiveDatabase +metadata: + name: reaadb-1 + labels: + app: redis-enterprise +spec: + participatingClusters: + # Participating cluster pointing to RERC named: 'new-york-1'. + - name: new-york-1 + # Participating cluster pointing to RERC named: 'boston-1'. + - name: boston-1 +``` diff --git a/content/embeds/rec.md b/content/embeds/rec.md new file mode 100644 index 000000000..0092204c5 --- /dev/null +++ b/content/embeds/rec.md @@ -0,0 +1,11 @@ +```yaml +apiVersion: app.redislabs.com/v1 +kind: RedisEnterpriseCluster +metadata: + name: rec + labels: + app: redis-enterprise +spec: + # Add fields here + nodes: 3 +``` diff --git a/content/embeds/redb.md b/content/embeds/redb.md new file mode 100644 index 000000000..5470c080c --- /dev/null +++ b/content/embeds/redb.md @@ -0,0 +1,8 @@ +```yaml +apiVersion: app.redislabs.com/v1alpha1 +kind: RedisEnterpriseDatabase +metadata: + name: redis-enterprise-database + labels: + app: redis-enterprise +``` diff --git a/content/embeds/rerc.md b/content/embeds/rerc.md new file mode 100644 index 000000000..48e80bee3 --- /dev/null +++ b/content/embeds/rerc.md @@ -0,0 +1,22 @@ +```yaml +apiVersion: app.redislabs.com/v1alpha1 +kind: RedisEnterpriseRemoteCluster +metadata: + # Your name of the RERC. + name: new-york-1 + labels: + app: redis-enterprise +spec: + # The name of the REC that the RERC is pointing at + recName: rec + # The Namespace of the REC that the RERC is pointing at + recNamespace: ns1 + # The URL of the cluster, will be used for the active-active database URL + apiFqdnUrl: testapi-new-york-1-ns1.redislabs.com + # The database URL suffix, will be used for the active-active + # database replication endpoint and replication endpoint SNI + dbFqdnSuffix: -example-new-york-1-ns1.redislabs.com + # The name of the secret containing cluster credentials. + # Need to follow format: "redis-enterprise-"' + secretName: redis-enterprise-new-york-1 +``` diff --git a/content/embeds/role.md b/content/embeds/role.md new file mode 100644 index 000000000..661fad55b --- /dev/null +++ b/content/embeds/role.md @@ -0,0 +1,174 @@ +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: redis-enterprise + name: redis-enterprise-operator +rules: + - apiGroups: + - rbac.authorization.k8s.io + - "" + resources: + - roles + - serviceaccounts + - rolebindings + verbs: + - create + - get + - update + - patch + - delete + - apiGroups: + - app.redislabs.com + resources: + - redisenterpriseclusters + - redisenterpriseclusters/status + - redisenterpriseclusters/finalizers + - redisenterprisedatabases + - redisenterprisedatabases/status + - redisenterprisedatabases/finalizers + - redisenterpriseremoteclusters + - redisenterpriseremoteclusters/status + - redisenterpriseremoteclusters/finalizers + - redisenterpriseactiveactivedatabases + - redisenterpriseactiveactivedatabases/status + - redisenterpriseactiveactivedatabases/finalizers + verbs: + - delete + - get + - list + - patch + - create + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - update + - get + - create + - patch + - delete + - list + - watch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - apps + resources: + - deployments + - statefulsets + - replicasets + verbs: + - create + - delete + - get + - patch + - update + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - update + - watch + - list + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - update + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - update + - patch + - delete + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - update + - patch + - create + - delete + - watch + - apiGroups: + - policy + resourceNames: + - redis-enterprise-psp + resources: + - podsecuritypolicies + verbs: + - use + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - patch + - delete + - list + - update + - get + - watch + - apiGroups: + - networking.istio.io + resources: + - gateways + - virtualservices + verbs: + - get + - list + - update + - patch + - create + - delete + - watch +``` diff --git a/content/embeds/role_binding.md b/content/embeds/role_binding.md new file mode 100644 index 000000000..8c72199c2 --- /dev/null +++ b/content/embeds/role_binding.md @@ -0,0 +1,15 @@ +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: redis-enterprise + name: redis-enterprise-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: redis-enterprise-operator +subjects: + - kind: ServiceAccount + name: redis-enterprise-operator +``` diff --git a/content/embeds/service_account.md b/content/embeds/service_account.md new file mode 100644 index 000000000..cdf09aed0 --- /dev/null +++ b/content/embeds/service_account.md @@ -0,0 +1,8 @@ +```yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: redis-enterprise + name: redis-enterprise-operator +``` diff --git a/content/operate/kubernetes/reference/redis_enterprise_active_active_database_api.md b/content/operate/kubernetes/reference/redis_enterprise_active_active_database_api.md index 3ad2ed833..abb026687 100644 --- a/content/operate/kubernetes/reference/redis_enterprise_active_active_database_api.md +++ b/content/operate/kubernetes/reference/redis_enterprise_active_active_database_api.md @@ -153,6 +153,13 @@ The Active-Active database global configurations, contains the global properties Connection/ association to the Active-Active database.
false + + alertSettings + object + + Settings for database alerts. Note - Alert settings are not supported for Active-Active database.
+ + false backup object @@ -267,6 +274,13 @@ The Active-Active database global configurations, contains the global properties Connection to Redis Enterprise Cluster
false + + redisVersion + string + + Redis OSS version. Version can be specified via prefix, or via channels - for existing databases - Upgrade Redis OSS version. For new databases - the version which the database will be created with. If set to 'major' - will always upgrade to the most recent major Redis version. If set to 'latest' - will always upgrade to the most recent Redis version. Depends on 'redisUpgradePolicy' - if you want to set the value to 'latest' for some databases, you must set redisUpgradePolicy on the cluster before. Possible values are 'major' or 'latest' When using upgrade - make sure to backup the database before. This value is used only for database type 'redis'. Note - Specifying Redis version is currently not supported for Active-Active database.
+ + false replicaSources []object @@ -384,6 +398,570 @@ Connection/ association to the Active-Active database. +### spec.globalConfigurations.alertSettings +[↩ Parent](#specglobalconfigurations) + +Settings for database alerts. Note - Alert settings are not supported for Active-Active database. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
bdb_backup_delayedobject + Periodic backup has been delayed for longer than specified threshold value [minutes]
+ 		false
bdb_crdt_src_high_syncer_lagobject + Active-active source - sync lag is higher than specified threshold value [seconds]
+ 		false
bdb_crdt_src_syncer_connection_errorobject + Active-active source - sync has connection error while trying to connect replica source
+ 		false
bdb_crdt_src_syncer_general_errorobject + Active-active source - sync encountered in general error
+ 		false
bdb_high_latencyobject + Latency is higher than specified threshold value [micro-sec]
+ 		false
bdb_high_throughputobject + Throughput is higher than specified threshold value [requests / sec.]
+ 		false
bdb_long_running_actionobject + An alert for state-machines that are running for too long
+ 		false
bdb_low_throughputobject + Throughput is lower than specified threshold value [requests / sec.]
+ 		false
bdb_ram_dataset_overheadobject + Dataset RAM overhead of a shard has reached the threshold value [% of its RAM limit]
+ 		false
bdb_ram_valuesobject + Percent of values kept in a shard's RAM is lower than [% of its key count]
+ 		false
bdb_replica_src_high_syncer_lagobject + Replica-of source - sync lag is higher than specified threshold value [seconds]
+ 		false
bdb_replica_src_syncer_connection_errorobject + Replica-of source - sync has connection error while trying to connect replica source
+ 		false
bdb_shard_num_ram_valuesobject + Number of values kept in a shard's RAM is lower than [values]
+ 		false
bdb_sizeobject + Dataset size has reached the threshold value [% of the memory limit]
+ 		false
+ + +### spec.globalConfigurations.alertSettings.bdb_backup_delayed +[↩ Parent](#specglobalconfigurationsalertsettings) + +Periodic backup has been delayed for longer than specified threshold value [minutes] + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Alert enabled or disabled
+ 		true
thresholdstring + Threshold for alert going on/off
+ 		true
+ + +### spec.globalConfigurations.alertSettings.bdb_crdt_src_high_syncer_lag +[↩ Parent](#specglobalconfigurationsalertsettings) + +Active-active source - sync lag is higher than specified threshold value [seconds] + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Alert enabled or disabled
+ 		true
thresholdstring + Threshold for alert going on/off
+ 		true
+ + +### spec.globalConfigurations.alertSettings.bdb_crdt_src_syncer_connection_error +[↩ Parent](#specglobalconfigurationsalertsettings) + +Active-active source - sync has connection error while trying to connect replica source + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Alert enabled or disabled
+ 		true
thresholdstring + Threshold for alert going on/off
+ 		true
+ + +### spec.globalConfigurations.alertSettings.bdb_crdt_src_syncer_general_error +[↩ Parent](#specglobalconfigurationsalertsettings) + +Active-active source - sync encountered in general error + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Alert enabled or disabled
+ 		true
thresholdstring + Threshold for alert going on/off
+ 		true
+ + +### spec.globalConfigurations.alertSettings.bdb_high_latency +[↩ Parent](#specglobalconfigurationsalertsettings) + +Latency is higher than specified threshold value [micro-sec] + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Alert enabled or disabled
+ 		true
thresholdstring + Threshold for alert going on/off
+ 		true
+ + +### spec.globalConfigurations.alertSettings.bdb_high_throughput +[↩ Parent](#specglobalconfigurationsalertsettings) + +Throughput is higher than specified threshold value [requests / sec.] + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Alert enabled or disabled
+ 		true
thresholdstring + Threshold for alert going on/off
+ 		true
+ + +### spec.globalConfigurations.alertSettings.bdb_long_running_action +[↩ Parent](#specglobalconfigurationsalertsettings) + +An alert for state-machines that are running for too long + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Alert enabled or disabled
+ 		true
thresholdstring + Threshold for alert going on/off
+ 		true
+ + +### spec.globalConfigurations.alertSettings.bdb_low_throughput +[↩ Parent](#specglobalconfigurationsalertsettings) + +Throughput is lower than specified threshold value [requests / sec.] + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Alert enabled or disabled
+ 		true
thresholdstring + Threshold for alert going on/off
+ 		true
+ + +### spec.globalConfigurations.alertSettings.bdb_ram_dataset_overhead +[↩ Parent](#specglobalconfigurationsalertsettings) + +Dataset RAM overhead of a shard has reached the threshold value [% of its RAM limit] + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Alert enabled or disabled
+ 		true
thresholdstring + Threshold for alert going on/off
+ 		true
+ + +### spec.globalConfigurations.alertSettings.bdb_ram_values +[↩ Parent](#specglobalconfigurationsalertsettings) + +Percent of values kept in a shard's RAM is lower than [% of its key count] + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Alert enabled or disabled
+ 		true
thresholdstring + Threshold for alert going on/off
+ 		true
+ + +### spec.globalConfigurations.alertSettings.bdb_replica_src_high_syncer_lag +[↩ Parent](#specglobalconfigurationsalertsettings) + +Replica-of source - sync lag is higher than specified threshold value [seconds] + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Alert enabled or disabled
+ 		true
thresholdstring + Threshold for alert going on/off
+ 		true
+ + +### spec.globalConfigurations.alertSettings.bdb_replica_src_syncer_connection_error +[↩ Parent](#specglobalconfigurationsalertsettings) + +Replica-of source - sync has connection error while trying to connect replica source + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Alert enabled or disabled
+ 		true
thresholdstring + Threshold for alert going on/off
+ 		true
+ + +### spec.globalConfigurations.alertSettings.bdb_shard_num_ram_values +[↩ Parent](#specglobalconfigurationsalertsettings) + +Number of values kept in a shard's RAM is lower than [values] + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Alert enabled or disabled
+ 		true
thresholdstring + Threshold for alert going on/off
+ 		true
+ + +### spec.globalConfigurations.alertSettings.bdb_size +[↩ Parent](#specglobalconfigurationsalertsettings) + +Dataset size has reached the threshold value [% of the memory limit] + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Alert enabled or disabled
+ 		true
thresholdstring + Threshold for alert going on/off
+ 		true
+ + ### spec.globalConfigurations.backup [↩ Parent](#specglobalconfigurations) @@ -891,7 +1469,7 @@ Specifications for DB upgrade. upgradeModulesToLatest boolean - Upgrades the modules to the latest version that supports the DB version during a DB upgrade action, to upgrade the DB version view the 'redisVersion' field. Note - This field is currently not supported for Active-Active databases.
+ Upgrades the modules to the latest version that supportes the DB version during a DB upgrade action, to upgrade the DB version view the 'redisVersion' field. Note - This field is currently not supported for Active-Active databases.
true