From 88fe37b205cb5fec2b8482dd0b218047e64ef9db Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Sun, 23 Jul 2023 15:29:39 +0000 Subject: [PATCH 1/4] promoting version 6.4.2-8 --- .gitignore | 2 +- active_active_database_readme.md | 16 ++++--------- bundle.yaml | 36 ++++++++++++++++++------------ crds/reaadb_crd.yaml | 20 ++++++++--------- crds/redb_crd.yaml | 12 ++++++++-- log_collector/log_collector.py | 2 +- multi-namespace-redb/operator.yaml | 4 ++-- openshift.bundle.yaml | 36 ++++++++++++++++++------------ openshift/operator_rhel.yaml | 4 ++-- openshift/rec_rhel.yaml | 2 +- operator.yaml | 4 ++-- redis_enterprise_database_api.md | 2 +- 12 files changed, 78 insertions(+), 62 deletions(-) diff --git a/.gitignore b/.gitignore index 485dee6..5c3bdbb 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -.idea +*bundle.yaml diff --git a/active_active_database_readme.md b/active_active_database_readme.md index b1cac08..705d8fb 100644 --- a/active_active_database_readme.md +++ b/active_active_database_readme.md @@ -19,7 +19,6 @@ This document describes how to deploy an Active-Active database with Redis Enter * [Delete an existing Active-Active database](#delete-an-existing-active-active-database) * [Update existing participating cluster (RERC) details](#update-existing-participating-cluster-rerc-details) * [Update existing participating cluster (RERC) secret](#update-existing-participating-cluster-rerc-secret) - * [Active-Active database with Redis modules](#active-active-database-with-redis-modules) * [Test your Active-Active database](#test-your-active-active-database) * [Limitations](#limitations) @@ -715,16 +714,6 @@ The output should be as below: Note: * As the 'STATUS' and the 'SPEC STATUS' are 'Active' and 'Valid' respectively it means the configurations are correct, in case of an error please view the RERC custom resource events and/ or the Redis Enterprise operator logs. -## Active-Active database with Redis modules - -Note - Modules are currently in preview for Active-Active databases. - -To use modules with Active-Active databases enable the alpha feature flag on all participating clusters: -To enable modules for Active-Active databases, set a boolean environment variable with the name "ENABLE_ALPHA_FEATURES" to True. This variable can be set via the redis-enterprise-operator pod spec, or through the operator-environment-config Config Map. - -Importent note: -upgrading modules with Active-Active databases is currently not supported via the operator, to upgrade please use the RS APIs directly and after the module has successfully upgraded update the module version on the REAADB custom resource. - ## Test your Active-Active database The easiest way to test your Active-Active database is to set a key-value pair in one database and retrieve it from the other. @@ -758,5 +747,8 @@ From the output fetch the redis 'targetPort': ### No migration from the previous AA method migrating Active-Active database with non-operator managed Active-Active database is currently not supported. +### HashiCorp Vault secret storage +Storing the secrets in HashiCorp Vault is currently not supported for operator managed Active-Active database . + ### database version is currently not supported -Setting database specific version is currently not supported for operator managed Active-Active database. +Setting database specific version is currently not supported for operator managed Active-Active database . diff --git a/bundle.yaml b/bundle.yaml index c6b912b..94752c4 100644 --- a/bundle.yaml +++ b/bundle.yaml @@ -15207,8 +15207,16 @@ spec: changed after creation type: integer databaseSecretName: - description: The name of the K8s secret that holds the password to the - database. + description: The name of the secret that holds the password + to the database (redis databases only). + If secret does not exist, it will be created. + To define the password, create an opaque secret and set the name in the spec. + The password will be taken from the value of the 'password' key. + Use an empty string as value within the secret to disable authentication for the database. + Notes - For Active-Active databases this secret will not be automatically created, + and also, memcached databases must not be set with a value, + and a secret/password will not be automatically created for them. + Use the memcachedSaslSecretName field to set authentication parameters for memcached databases. type: string defaultUser: description: Is connecting with a default user allowed? @@ -16182,16 +16190,16 @@ spec: not be changed after creation type: integer databaseSecretName: - description: The name of the secret that holds the password to - the database (redis databases only). If secret does not exist, - it will be created. To define the password, create an opaque - secret and set the name in the spec. The password will be taken - from the value of the 'password' key. Use an empty string as - value within the secret to disable authentication for the database. - Note - memcached databases must not be set with a value, and - a secret/password will not be automatically created for them. - Use the memcachedSaslSecretName field to set authentication - parameters for memcached databases. + description: The name of the secret that holds the password + to the database (redis databases only). + If secret does not exist, it will be created. + To define the password, create an opaque secret and set the name in the spec. + The password will be taken from the value of the 'password' key. + Use an empty string as value within the secret to disable authentication for the database. + Notes - For Active-Active databases this secret will not be automatically created, + and also, memcached databases must not be set with a value, + and a secret/password will not be automatically created for them. + Use the memcachedSaslSecretName field to set authentication parameters for memcached databases. type: string defaultUser: description: Is connecting with a default user allowed? If disabled, @@ -16433,7 +16441,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.4.2-6 + image: redislabs/operator:6.4.2-8 command: - operator-root - operator @@ -16476,7 +16484,7 @@ spec: port: 8080 scheme: HTTP - name: admission - image: redislabs/operator:6.4.2-6 + image: redislabs/operator:6.4.2-8 command: - operator-root - admission diff --git a/crds/reaadb_crd.yaml b/crds/reaadb_crd.yaml index adb45d5..422b67e 100644 --- a/crds/reaadb_crd.yaml +++ b/crds/reaadb_crd.yaml @@ -517,16 +517,16 @@ spec: not be changed after creation type: integer databaseSecretName: - description: The name of the secret that holds the password to - the database (redis databases only). If secret does not exist, - it will be created. To define the password, create an opaque - secret and set the name in the spec. The password will be taken - from the value of the 'password' key. Use an empty string as - value within the secret to disable authentication for the database. - Note - memcached databases must not be set with a value, and - a secret/password will not be automatically created for them. - Use the memcachedSaslSecretName field to set authentication - parameters for memcached databases. + description: The name of the secret that holds the password + to the database (redis databases only). + If secret does not exist, it will be created. + To define the password, create an opaque secret and set the name in the spec. + The password will be taken from the value of the 'password' key. + Use an empty string as value within the secret to disable authentication for the database. + Notes - For Active-Active databases this secret will not be automatically created, + and also, memcached databases must not be set with a value, + and a secret/password will not be automatically created for them. + Use the memcachedSaslSecretName field to set authentication parameters for memcached databases. type: string defaultUser: description: Is connecting with a default user allowed? If disabled, diff --git a/crds/redb_crd.yaml b/crds/redb_crd.yaml index 5b4c26d..69be6fb 100644 --- a/crds/redb_crd.yaml +++ b/crds/redb_crd.yaml @@ -372,8 +372,16 @@ spec: changed after creation type: integer databaseSecretName: - description: The name of the K8s secret that holds the password to the - database. + description: The name of the secret that holds the password + to the database (redis databases only). + If secret does not exist, it will be created. + To define the password, create an opaque secret and set the name in the spec. + The password will be taken from the value of the 'password' key. + Use an empty string as value within the secret to disable authentication for the database. + Notes - For Active-Active databases this secret will not be automatically created, + and also, memcached databases must not be set with a value, + and a secret/password will not be automatically created for them. + Use the memcachedSaslSecretName field to set authentication parameters for memcached databases. type: string defaultUser: description: Is connecting with a default user allowed? diff --git a/log_collector/log_collector.py b/log_collector/log_collector.py index 25481b4..91563e7 100644 --- a/log_collector/log_collector.py +++ b/log_collector/log_collector.py @@ -36,7 +36,7 @@ logger.setLevel(logging.INFO) LOGGER_FORMAT = '%(asctime)s - %(levelname)s - %(message)s' logging.basicConfig(format=LOGGER_FORMAT) -VERSION_LOG_COLLECTOR = "6.4.2-6" +VERSION_LOG_COLLECTOR = "6.4.2-8" TIME_FORMAT = time.strftime("%Y%m%d-%H%M%S") diff --git a/multi-namespace-redb/operator.yaml b/multi-namespace-redb/operator.yaml index 6baf047..3c5ad59 100644 --- a/multi-namespace-redb/operator.yaml +++ b/multi-namespace-redb/operator.yaml @@ -20,7 +20,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.4.2-6 + image: redislabs/operator:6.4.2-8 command: - operator-root - operator @@ -63,7 +63,7 @@ spec: port: 8080 scheme: HTTP - name: admission - image: redislabs/operator:6.4.2-6 + image: redislabs/operator:6.4.2-8 command: - operator-root - admission diff --git a/openshift.bundle.yaml b/openshift.bundle.yaml index 6b909fe..5d8f8e3 100644 --- a/openshift.bundle.yaml +++ b/openshift.bundle.yaml @@ -15249,8 +15249,16 @@ spec: changed after creation type: integer databaseSecretName: - description: The name of the K8s secret that holds the password to the - database. + description: The name of the secret that holds the password + to the database (redis databases only). + If secret does not exist, it will be created. + To define the password, create an opaque secret and set the name in the spec. + The password will be taken from the value of the 'password' key. + Use an empty string as value within the secret to disable authentication for the database. + Notes - For Active-Active databases this secret will not be automatically created, + and also, memcached databases must not be set with a value, + and a secret/password will not be automatically created for them. + Use the memcachedSaslSecretName field to set authentication parameters for memcached databases. type: string defaultUser: description: Is connecting with a default user allowed? @@ -16224,16 +16232,16 @@ spec: not be changed after creation type: integer databaseSecretName: - description: The name of the secret that holds the password to - the database (redis databases only). If secret does not exist, - it will be created. To define the password, create an opaque - secret and set the name in the spec. The password will be taken - from the value of the 'password' key. Use an empty string as - value within the secret to disable authentication for the database. - Note - memcached databases must not be set with a value, and - a secret/password will not be automatically created for them. - Use the memcachedSaslSecretName field to set authentication - parameters for memcached databases. + description: The name of the secret that holds the password + to the database (redis databases only). + If secret does not exist, it will be created. + To define the password, create an opaque secret and set the name in the spec. + The password will be taken from the value of the 'password' key. + Use an empty string as value within the secret to disable authentication for the database. + Notes - For Active-Active databases this secret will not be automatically created, + and also, memcached databases must not be set with a value, + and a secret/password will not be automatically created for them. + Use the memcachedSaslSecretName field to set authentication parameters for memcached databases. type: string defaultUser: description: Is connecting with a default user allowed? If disabled, @@ -16475,7 +16483,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.4.2-6 + image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.4.2-8 securityContext: runAsUser: 1001 command: @@ -16522,7 +16530,7 @@ spec: port: 8080 scheme: HTTP - name: admission - image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.4.2-6 + image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.4.2-8 command: - operator-root - admission diff --git a/openshift/operator_rhel.yaml b/openshift/operator_rhel.yaml index 5595eaa..ee200d4 100644 --- a/openshift/operator_rhel.yaml +++ b/openshift/operator_rhel.yaml @@ -20,7 +20,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.4.2-6 + image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.4.2-8 securityContext: runAsUser: 1001 command: @@ -67,7 +67,7 @@ spec: port: 8080 scheme: HTTP - name: admission - image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.4.2-6 + image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.4.2-8 command: - operator-root - admission diff --git a/openshift/rec_rhel.yaml b/openshift/rec_rhel.yaml index d22f73a..50f6cfb 100644 --- a/openshift/rec_rhel.yaml +++ b/openshift/rec_rhel.yaml @@ -9,7 +9,7 @@ spec: nodes: 3 redisEnterpriseImageSpec: repository: registry.connect.redhat.com/redislabs/redis-enterprise - versionTag: 6.4.2-81.rhel8-openshift + versionTag: 6.4.2-94.rhel8-openshift redisEnterpriseServicesRiggerImageSpec: repository: registry.connect.redhat.com/redislabs/services-manager bootstrapperImageSpec: diff --git a/operator.yaml b/operator.yaml index 6baf047..3c5ad59 100644 --- a/operator.yaml +++ b/operator.yaml @@ -20,7 +20,7 @@ spec: serviceAccountName: redis-enterprise-operator containers: - name: redis-enterprise-operator - image: redislabs/operator:6.4.2-6 + image: redislabs/operator:6.4.2-8 command: - operator-root - operator @@ -63,7 +63,7 @@ spec: port: 8080 scheme: HTTP - name: admission - image: redislabs/operator:6.4.2-6 + image: redislabs/operator:6.4.2-8 command: - operator-root - admission diff --git a/redis_enterprise_database_api.md b/redis_enterprise_database_api.md index 56708db..942435b 100644 --- a/redis_enterprise_database_api.md +++ b/redis_enterprise_database_api.md @@ -194,7 +194,7 @@ RedisEnterpriseDatabaseSpec defines the desired state of RedisEnterpriseDatabase | shardCount | Number of database server-side shards | uint16 | 1 | false | | replication | In-memory database replication. When enabled, database will have replica shard for every master - leading to higher availability. | *bool | false | false | | persistence | Database on-disk persistence policy | *[DatabasePersistence](#databasepersistence) | disabled | false | -| databaseSecretName | The name of the secret that holds the password to the database (redis databases only). If secret does not exist, it will be created. To define the password, create an opaque secret and set the name in the spec. The password will be taken from the value of the 'password' key. Use an empty string as value within the secret to disable authentication for the database. Note - memcached databases must not be set with a value, and a secret/password will not be automatically created for them. Use the memcachedSaslSecretName field to set authentication parameters for memcached databases. | string | | false | +| databaseSecretName | The name of the secret that holds the password to the database (redis databases only). If secret does not exist, it will be created. To define the password, create an opaque secret and set the name in the spec. The password will be taken from the value of the 'password' key. Use an empty string as value within the secret to disable authentication for the database. Notes - For Active-Active databases this secret will not be automatically created, and also, memcached databases must not be set with a value, and a secret/password will not be automatically created for them. Use the memcachedSaslSecretName field to set authentication parameters for memcached databases. | string | | false | | evictionPolicy | Database eviction policy. see more https://docs.redislabs.com/latest/rs/administering/database-operations/eviction-policy/ | string | volatile-lru | false | | tlsMode | Require SSL authenticated and encrypted connections to the database. enabled - all incoming connections to the Database must use SSL. disabled - no incoming connection to the Database should use SSL. replica_ssl - databases that replicate from this one need to use SSL. | string | disabled | false | | clientAuthenticationCertificates | The Secrets containing TLS Client Certificate to use for Authentication | []string | | false | From f7883a925f2b5da24779786d513a388e8be13827 Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Sun, 23 Jul 2023 18:31:47 +0300 Subject: [PATCH 2/4] Update .gitignore --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 5c3bdbb..485dee6 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -*bundle.yaml +.idea From c316cc2eea88fa2ed3ac89dcd5ff2ba3b24ed31b Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Mon, 24 Jul 2023 09:52:26 +0300 Subject: [PATCH 3/4] Update active_active_database_readme.md --- active_active_database_readme.md | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/active_active_database_readme.md b/active_active_database_readme.md index 705d8fb..330607f 100644 --- a/active_active_database_readme.md +++ b/active_active_database_readme.md @@ -20,6 +20,7 @@ This document describes how to deploy an Active-Active database with Redis Enter * [Update existing participating cluster (RERC) details](#update-existing-participating-cluster-rerc-details) * [Update existing participating cluster (RERC) secret](#update-existing-participating-cluster-rerc-secret) * [Test your Active-Active database](#test-your-active-active-database) + * [Active-Active database with Redis modules](#active-active-database-with-redis-modules) * [Limitations](#limitations) ## Overview @@ -714,6 +715,16 @@ The output should be as below: Note: * As the 'STATUS' and the 'SPEC STATUS' are 'Active' and 'Valid' respectively it means the configurations are correct, in case of an error please view the RERC custom resource events and/ or the Redis Enterprise operator logs. +## Active-Active database with Redis modules + +Note - Modules are currently in preview for Active-Active databases. + +To use modules with Active-Active databases enable the alpha feature flag on all participating clusters: +To enable modules for Active-Active databases, set a boolean environment variable with the name "ENABLE_ALPHA_FEATURES" to True. This variable can be set via the redis-enterprise-operator pod spec, or through the operator-environment-config Config Map. + +Important note: +upgrading modules with Active-Active databases is currently not supported via the operator, to upgrade please use the RS APIs directly and after the module has successfully upgraded update the module version on the REAADB custom resource. + ## Test your Active-Active database The easiest way to test your Active-Active database is to set a key-value pair in one database and retrieve it from the other. @@ -743,12 +754,8 @@ From the output fetch the redis 'targetPort': ## Limitations - ### No migration from the previous AA method migrating Active-Active database with non-operator managed Active-Active database is currently not supported. -### HashiCorp Vault secret storage -Storing the secrets in HashiCorp Vault is currently not supported for operator managed Active-Active database . - ### database version is currently not supported -Setting database specific version is currently not supported for operator managed Active-Active database . +Setting database specific version is currently not supported for operator managed Active-Active database. From 64068cb6f1023b3d864303eee63ccfc7499e70bf Mon Sep 17 00:00:00 2001 From: Yuval Levy Date: Mon, 24 Jul 2023 09:52:56 +0300 Subject: [PATCH 4/4] Update active_active_database_readme.md --- active_active_database_readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/active_active_database_readme.md b/active_active_database_readme.md index 330607f..2794470 100644 --- a/active_active_database_readme.md +++ b/active_active_database_readme.md @@ -19,8 +19,8 @@ This document describes how to deploy an Active-Active database with Redis Enter * [Delete an existing Active-Active database](#delete-an-existing-active-active-database) * [Update existing participating cluster (RERC) details](#update-existing-participating-cluster-rerc-details) * [Update existing participating cluster (RERC) secret](#update-existing-participating-cluster-rerc-secret) - * [Test your Active-Active database](#test-your-active-active-database) * [Active-Active database with Redis modules](#active-active-database-with-redis-modules) + * [Test your Active-Active database](#test-your-active-active-database) * [Limitations](#limitations) ## Overview