promoting version 6.0.12-5

.gitignore

@@ -1 +1 @@
-.idea
+*bundle.yaml

admission.bundle.yaml

@@ -57,7 +57,7 @@ spec:
       serviceAccountName: redis-enterprise-admission
       containers:
       - name: admin
-        image: redislabs/operator:6.0.8-20
+        image: redislabs/operator:6.0.12-5
         command:
         - /usr/local/bin/admission
         imagePullPolicy: Always
@@ -86,7 +86,7 @@ spec:
             scheme: HTTPS
       initContainers:
       - name: admin-init
-        image: redislabs/operator:6.0.8-20
+        image: redislabs/operator:6.0.12-5
         command:
         - /usr/local/bin/admission
         args:

admission/GESHER.md

@@ -86,7 +86,7 @@ This will deploy the admission proxy, and via an included **NamespacedValidating
 
 8. Deployment for the Gesher operator
 
-**Note:** if one is using openshift, one should replace `operator.yaml` with `operator.openshift.yaml`
+    **Note:** if one is using openshift, one should replace `operator.yaml` with `operator.openshift.yaml`
 
     ```shell script
     kubectl apply -f gesher/operator.yaml
@@ -239,12 +239,14 @@ $ kubectl apply -f - << EOF
 apiVersion: app.redislabs.com/v1alpha1
 kind: RedisEnterpriseDatabase
 metadata:
-  name: test-database-custom-resource
+  name: redis-enterprise-database
+spec:
+  evictionPolicy: illegal
 EOF
 ```
 
-This must fail with an error output by the admission webhook redb.admisison.redislabs that is being denied because it can't get the login credentials for the Redis Enterprise Cluster as none were specified.
+This must fail with an error output by the admission webhook proxy.webhook.gesher that is being denied because 'illegal' is not a valid eviction policy.
 
 ```shell script
-Error from server: error when creating "STDIN": admission webhook "proxy.webhook.gesher" denied the request: proxied webhook webhook denied the request: failed get RedisEnterpriseCluster client: custom resource (RedisEnterpriseCluster) not found: resource name may not be empty
-```
+Error from server: error when creating "STDIN": admission webhook "proxy.webhook.gesher" denied the request: proxied webhook webhook denied the request: eviction_policy: u'illegal' is not one of [u'volatile-lru', u'volatile-ttl', u'volatile-random', u'allkeys-lru', u'allkeys-random', u'noeviction', u'volatile-lfu', u'allkeys-lfu']
+```

admission/deployment.yaml

@@ -14,7 +14,7 @@ spec:
       serviceAccountName: redis-enterprise-admission
       containers:
       - name: admin
-        image: redislabs/operator:6.0.8-20
+        image: redislabs/operator:6.0.12-5
         command:
         - /usr/local/bin/admission
         imagePullPolicy: Always
@@ -43,7 +43,7 @@ spec:
             scheme: HTTPS
       initContainers:
       - name: admin-init
-        image: redislabs/operator:6.0.8-20
+        image: redislabs/operator:6.0.12-5
         command:
         - /usr/local/bin/admission
         args:

advanced/psp.yaml

@@ -1,4 +1,4 @@
-apiVersion: extensions/v1beta1
+apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
   name: redis-enterprise-psp

bundle.yaml

@@ -23,7 +23,7 @@ rules:
     resources: ["events"]
     verbs: ["create"]
   - apiGroups: ["apps"]
-    resources: ["deployments", "statefulsets"]
+    resources: ["deployments", "statefulsets", "replicasets"]
     verbs: ["*"]
   - apiGroups: ["policy"]
     resources: ["poddisruptionbudgets"]
@@ -1772,7 +1772,7 @@ spec:
       serviceAccountName: redis-enterprise-operator
       containers:
         - name: redis-enterprise-operator
-          image: redislabs/operator:6.0.8-20
+          image: redislabs/operator:6.0.12-5
           command:
           - redis-enterprise-operator
           imagePullPolicy: Always
@@ -2123,6 +2123,9 @@ spec:
               description: The name of the K8s secret that holds the password to the
                 database.
               type: string
+            defaultUser:
+              description: Is connecting with a default user allowed?
+              type: boolean
             evictionPolicy:
               description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/
               type: string
@@ -2213,6 +2216,26 @@ spec:
               description: In-memory database replication. When enabled, database
                 will have replica shard for every master - leading to higher availability.
               type: boolean
+            rolesPermissions:
+              description: List of Redis Enteprise ACL and Role bindings to apply
+              items:
+                description: Redis Enterprise Role and ACL Binding
+                properties:
+                  acl:
+                    description: Acl Name of RolePermissionType
+                    type: string
+                  role:
+                    description: Role Name of RolePermissionType
+                    type: string
+                  type:
+                    description: Type of Redis Enterprise Database Role Permission
+                    type: string
+                required:
+                - acl
+                - role
+                - type
+                type: object
+              type: array
             shardCount:
               description: Number of database server-side shards
               type: integer

crds/README.md

@@ -0,0 +1,30 @@
+## CRD's Schema<br/>
+
+
+Purpose:
+The schema is meant to ease the use of CRDs by restricting the fields to defined types and providing relevant description.
+
+
+### Work Flow - How add a new field:
+* Not all steps are always required
+
+#### 1. Update Tags:
+In the files 
++ `pkg/apis/app/v1alpha1/redisenterprisedatabase_types.go`<br/>
++ `pkg/apis/app/v1alpha1/redisenterprisecluster_types.go`<br/>
+add tags on top of variables to mark allowed types (Enum)<br/>
+(see: https://book.kubebuilder.io/reference/markers/crd-validation.html).<br/>
+They will be used by the operator sdk when creating the scheme.<br/>
+**Default values** do not appear in the schema since the operator has its own default mechanism.
+
+
+#### 2 .Create the schema:
+1) Install operator-sdk version 0.17.2.<br/> 
+See: https://sdk.operatorframework.io/docs/installation/install-operator-sdk/#install-from-github-release
+2) Run `operator-sdk generate crds`
+
+#### 3. Update the schema:
+- Edit the current schema in all of the relevant CRD yamls with the new section that was generated<br/>
+- Note that fields which are k8s objects might be very long - e.g. `SideContainersSpec`
+in this case -<br/>it appears in the schema but with no description in the fields since it extends the schema and is not unique for Redis Enterprise. 
+

crds/app_v1alpha1_redisenterprisecluster_crd.yaml → crds/v1alpha1/rec_crd.yaml

@@ -3,6 +3,31 @@ kind: CustomResourceDefinition
 metadata:
   name: redisenterpriseclusters.app.redislabs.com
 spec:
+  additionalPrinterColumns:
+    - JSONPath: .spec.nodes
+      name: Nodes
+      type: string
+    - JSONPath: .spec.redisEnterpriseImageSpec.versionTag
+      name: Version
+      type: string
+    - JSONPath: .status.state
+      name: State
+      type: string
+    - JSONPath: .status.specStatus
+      name: Spec Status
+      type: string
+    - JSONPath: .status.licenseStatus.licenseState
+      name: License State
+      type: string
+    - JSONPath: .status.licenseStatus.shardsLimit
+      name: Shards Limit
+      type: string
+    - JSONPath: .status.licenseStatus.expirationDate
+      name: License Expiration Date
+      type: string
+    - name: Age
+      type: date
+      JSONPath: .metadata.creationTimestamp
   group: app.redislabs.com
   names:
     kind: RedisEnterpriseCluster

crds/app_v1alpha1_redisenterprisedatabase_crd.yaml → crds/v1alpha1/redb_crd.yaml

@@ -324,6 +324,9 @@ spec:
               description: The name of the K8s secret that holds the password to the
                 database.
               type: string
+            defaultUser:
+              description: Is connecting with a default user allowed?
+              type: boolean
             evictionPolicy:
               description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/
               type: string
@@ -414,6 +417,26 @@ spec:
               description: In-memory database replication. When enabled, database
                 will have replica shard for every master - leading to higher availability.
               type: boolean
+            rolesPermissions:
+              description: List of Redis Enteprise ACL and Role bindings to apply
+              items:
+                description: Redis Enterprise Role and ACL Binding
+                properties:
+                  acl:
+                    description: Acl Name of RolePermissionType
+                    type: string
+                  role:
+                    description: Role Name of RolePermissionType
+                    type: string
+                  type:
+                    description: Type of Redis Enterprise Database Role Permission
+                    type: string
+                required:
+                - acl
+                - role
+                - type
+                type: object
+              type: array
             shardCount:
               description: Number of database server-side shards
               type: integer

crds/app_v1_redisenterprisecluster_cr.yaml → examples/v1/rec.yaml

@@ -1,7 +1,7 @@
 apiVersion: app.redislabs.com/v1
 kind: RedisEnterpriseCluster
 metadata:
-  name: "redis-enterprise"
+  name: rec
 spec:
   # Add fields here
   nodes: 3

log_collector/log_collector.py

@@ -76,6 +76,23 @@ def make_dir(directory):
             sys.exit()
 
 
+def _filter_non_existing_namespaces(namespaces):
+    """
+        Filter non-existing namespaces from user's input
+    """
+    return_code, out = run_shell_command("kubectl get ns -o=custom-columns='DATA:metadata.name' --no-headers=true")
+    if return_code:
+        return []
+    res = []
+    existing_namespaces = set(out.split())
+    for ns in namespaces:
+        if ns in existing_namespaces:
+            res.append(ns)
+        else:
+            logger.warning("Namespace %s doesn't exist - Skipping", ns)
+    return res
+
+
 def _get_namespaces_to_run_on(namespace):
     def _get_namespace_from_config():
         config_namespace = get_namespace_from_config()
@@ -94,7 +111,12 @@ def _get_namespace_from_config():
         return out.split()
 
     # comma separated string
-    return namespace.split(',')
+    namespaces = namespace.split(',')
+    existing_namespaces = _filter_non_existing_namespaces(namespaces)
+    if not existing_namespaces:
+        logger.warning("Input doesn't contain an existing namespace - will use namespace from config")
+        return _get_namespace_from_config()
+    return existing_namespaces
 
 
 def collect_from_ns(namespace, output_dir):
@@ -168,11 +190,10 @@ def collect_pod_rs_logs(namespace, output_dir):
         get logs from rs pods that are not ready
     """
     rs_pod_logs_dir = os.path.join(output_dir, "rs_pod_logs")
-    non_ready_rs_pod_names = get_non_ready_rs_pod_names(namespace)
-    if not non_ready_rs_pod_names:
-        return
+    rs_pod_names = get_pod_names(namespace=namespace, selector='redis.io/role=node')
     make_dir(rs_pod_logs_dir)
-    for rs_pod_name in non_ready_rs_pod_names:
+    # TODO restore usage of get_non_ready_rs_pod_names once RS bug is resolved (RED-51857) # pylint: disable=W0511
+    for rs_pod_name in rs_pod_names:
         pod_log_dir = os.path.join(rs_pod_logs_dir, rs_pod_name)
         make_dir(pod_log_dir)
         cmd = "kubectl -n {} cp {}:{} {} -c {}".format(namespace,

multi-namespace-redb/README.md

@@ -45,6 +45,9 @@ subjects:
 - kind: ServiceAccount
   name: redis-enterprise-operator
   namespace: NAMESPACE_OF_SERVICE_ACCOUNT
+- kind: ServiceAccount
+  name: redis-enterprise-admission
+  namespace: NAMESPACE_OF_SERVICE_ACCOUNT
 - kind: ServiceAccount
   name: NAME_OF_REC_SERVICE_ACCOUNT  # service account of the REC, usually the same as the name of the custom resource
   namespace: NAMESPACE_OF_SERVICE_ACCOUNT

multi-namespace-redb/operator.yaml

@@ -15,7 +15,7 @@ spec:
       serviceAccountName: redis-enterprise-operator
       containers:
         - name: redis-enterprise-operator
-          image: redislabs/operator-internal:6.0.8-20
+          image: redislabs/operator-internal:6.0.12-5
           command:
           - redis-enterprise-operator
           imagePullPolicy: Always

openshift.bundle.yaml

@@ -39,7 +39,7 @@ rules:
     resources: ["events"]
     verbs: ["create"]
   - apiGroups: ["apps"]
-    resources: ["deployments", "statefulsets"]
+    resources: ["deployments", "statefulsets", "replicasets"]
     verbs: ["*"]
   - apiGroups: ["policy"]
     resources: ["poddisruptionbudgets"]
@@ -1788,7 +1788,7 @@ spec:
       serviceAccount: redis-enterprise-operator
       containers:
         - name: redis-enterprise-operator
-          image: redislabs/operator:6.0.8-20
+          image: redislabs/operator:6.0.12-5
           securityContext:
             runAsUser: 1001
           command:
@@ -2139,6 +2139,9 @@ spec:
               description: The name of the K8s secret that holds the password to the
                 database.
               type: string
+            defaultUser:
+              description: Is connecting with a default user allowed?
+              type: boolean
             evictionPolicy:
               description: Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/
               type: string
@@ -2229,6 +2232,26 @@ spec:
               description: In-memory database replication. When enabled, database
                 will have replica shard for every master - leading to higher availability.
               type: boolean
+            rolesPermissions:
+              description: List of Redis Enteprise ACL and Role bindings to apply
+              items:
+                description: Redis Enterprise Role and ACL Binding
+                properties:
+                  acl:
+                    description: Acl Name of RolePermissionType
+                    type: string
+                  role:
+                    description: Role Name of RolePermissionType
+                    type: string
+                  type:
+                    description: Type of Redis Enterprise Database Role Permission
+                    type: string
+                required:
+                - acl
+                - role
+                - type
+                type: object
+              type: array
             shardCount:
               description: Number of database server-side shards
               type: integer

openshift/operator_rhel.yaml

@@ -15,7 +15,7 @@ spec:
       serviceAccount: redis-enterprise-operator
       containers:
         - name: redis-enterprise-operator
-          image: redislabs/operator:6.0.8-20
+          image: redislabs/operator:6.0.12-5
           securityContext:
             runAsUser: 1001
           command:

openshift/rec_rhel.yaml

@@ -0,0 +1,14 @@
+apiVersion: app.redislabs.com/v1
+kind: RedisEnterpriseCluster
+metadata:
+  name: rec
+spec:
+  # Add fields here
+  nodes: 3
+  redisEnterpriseImageSpec:
+    repository: registry.connect.redhat.com/redislabs/redis-enterprise
+    versionTag: 6.0.12-57.rhel7-openshift
+  redisEnterpriseServicesRiggerImageSpec:
+    repository: registry.connect.redhat.com/redislabs/services-manager
+  bootstrapperImageSpec:
+    repository: registry.connect.redhat.com/redislabs/redis-enterprise-operator