From f64f63f69f7eb93aa5b0be1b1559dc99055df9da Mon Sep 17 00:00:00 2001 From: Kaitlyn Michael Date: Thu, 24 Jul 2025 13:23:40 -0500 Subject: [PATCH 01/64] Add comprehensive YAML examples subsection for Kubernetes reference documentation - Created new YAML examples subsection in content/operate/kubernetes/reference/yaml-examples/ - Added 4 dedicated example pages for different deployment scenarios: * basic-deployment.md - Essential YAML files for simple Redis Enterprise deployment * rack-awareness.md - YAML examples for rack-aware deployments across availability zones * active-active.md - YAML examples for Active-Active databases across multiple clusters * multi-namespace.md - YAML examples for deploying across multiple namespaces - Added log-collector-rbac.md to logs section with RBAC configurations for restricted and all collection modes - Each YAML example is in its own linkable subsection for direct referencing - Updated reference index to include new YAML examples subsection - Updated logs index to include log collector RBAC documentation - All pages include complete YAML examples using existing embed files from content/embeds/k8s/ - Provides step-by-step instructions, configuration explanations, and troubleshooting guidance - Cross-referenced with relevant API documentation and guides --- content/operate/kubernetes/logs/_index.md | 1 + .../kubernetes/logs/log-collector-rbac.md | 203 ++++++++ .../operate/kubernetes/reference/_index.md | 13 + .../reference/yaml-examples/_index.md | 111 +++++ .../reference/yaml-examples/active-active.md | 328 +++++++++++++ .../yaml-examples/basic-deployment.md | 245 ++++++++++ .../yaml-examples/multi-namespace.md | 454 ++++++++++++++++++ .../reference/yaml-examples/rack-awareness.md | 280 +++++++++++ 8 files changed, 1635 insertions(+) create mode 100644 content/operate/kubernetes/logs/log-collector-rbac.md create mode 100644 content/operate/kubernetes/reference/yaml-examples/_index.md create mode 100644 content/operate/kubernetes/reference/yaml-examples/active-active.md create mode 100644 content/operate/kubernetes/reference/yaml-examples/basic-deployment.md create mode 100644 content/operate/kubernetes/reference/yaml-examples/multi-namespace.md create mode 100644 content/operate/kubernetes/reference/yaml-examples/rack-awareness.md diff --git a/content/operate/kubernetes/logs/_index.md b/content/operate/kubernetes/logs/_index.md index 00ba60e2c..8d7f938f3 100644 --- a/content/operate/kubernetes/logs/_index.md +++ b/content/operate/kubernetes/logs/_index.md @@ -18,6 +18,7 @@ Access and manage Redis Enterprise logs on Kubernetes for monitoring, troublesho Learn how to collect and access logs from your Redis Enterprise deployment: - [Collect logs]({{< relref "/operate/kubernetes/logs/collect-logs" >}}) - Methods for collecting logs from Redis Enterprise pods and containers +- [Log collector RBAC]({{< relref "/operate/kubernetes/logs/log-collector-rbac" >}}) - RBAC configurations for log collection in restricted and all modes ## Log storage and access diff --git a/content/operate/kubernetes/logs/log-collector-rbac.md b/content/operate/kubernetes/logs/log-collector-rbac.md new file mode 100644 index 000000000..84b73dbb8 --- /dev/null +++ b/content/operate/kubernetes/logs/log-collector-rbac.md @@ -0,0 +1,203 @@ +--- +Title: Log collector RBAC +alwaysopen: false +categories: +- docs +- operate +- kubernetes +description: RBAC configurations for Redis Enterprise log collector in all and restricted modes. +linkTitle: Log collector RBAC +weight: 20 +--- + +This page provides YAML examples for configuring RBAC permissions for the Redis Enterprise log collector tool. The log collector requires different permission levels depending on the collection mode you choose. + +## Overview + +The Redis Enterprise log collector script helps gather diagnostic information for troubleshooting. It has two collection modes that require different RBAC permissions: + +- **Restricted mode**: Collects only Redis Enterprise-related resources and logs (default for versions 6.2.18-3+) +- **All mode**: Collects comprehensive cluster information including non-Redis resources (default for versions 6.2.12-1 and earlier) + +## When to use each mode + +### Restricted mode (recommended) + +Use restricted mode when: +- You want to minimize security exposure +- Your organization has strict RBAC policies +- You only need Redis Enterprise-specific troubleshooting data +- You're running version 6.2.18-3 or later (default mode) + +### All mode + +Use all mode when: +- You need comprehensive cluster diagnostics +- Redis Support specifically requests additional cluster information +- You're troubleshooting complex issues that may involve non-Redis resources +- You're running version 6.2.12-1 or earlier (default mode) + +## Permission differences + +The key differences between the two modes: + +| Resource Category | Restricted Mode | All Mode | +|------------------|----------------|----------| +| **Cluster-level resources** | Limited | Full access | +| **Node information** | ❌ No access | ✅ Full access | +| **Storage classes** | ❌ No access | ✅ Full access | +| **Volume attachments** | ❌ No access | ✅ Full access | +| **Certificate signing requests** | ❌ No access | ✅ Full access | +| **Operator resources** | ❌ No access | ✅ Full access | +| **Istio resources** | ❌ No access | ✅ Full access | + +## Restricted mode RBAC + +Use restricted mode for minimal security exposure while still collecting essential Redis Enterprise diagnostics. + +**File: `log-collector-restricted-rbac.yaml`** + +{{}} + +### Restricted mode permissions + +The restricted mode provides access to: + +**Role permissions (namespace-scoped):** +- **Pods and logs**: Read pod information and access container logs +- **Pod exec**: Execute commands inside containers for diagnostics +- **Core resources**: Access to services, endpoints, ConfigMaps, secrets, and storage resources +- **Workload resources**: Read deployments, StatefulSets, DaemonSets, and jobs +- **Redis Enterprise resources**: Full read access to all Redis Enterprise custom resources +- **Networking**: Read ingress and network policy configurations +- **OpenShift routes**: Read route configurations (for OpenShift environments) + +**ClusterRole permissions (cluster-scoped):** +- **Persistent volumes**: Read cluster-wide storage information +- **Namespaces**: Read namespace information +- **RBAC**: Read cluster roles and bindings +- **Custom resource definitions**: Read Redis Enterprise CRDs +- **Admission controllers**: Read ValidatingWebhook configurations + +## All mode RBAC + +Use all mode when you need comprehensive cluster diagnostics or when specifically requested by Redis Support. + +**File: `log-collector-all-rbac.yaml`** + +{{}} + +### All mode additional permissions + +In addition to all restricted mode permissions, all mode provides: + +**Additional ClusterRole permissions:** +- **Nodes**: Read cluster node information and status +- **Storage classes**: Read storage class configurations +- **Volume attachments**: Read volume attachment status +- **Certificate signing requests**: Read certificate management information +- **Operator resources**: Read OLM (Operator Lifecycle Manager) resources +- **Istio resources**: Read Istio service mesh configurations + +## Role binding + +Bind the Role to your service account in each namespace where you want to collect logs. + +**File: `log-collector-role-binding.yaml`** + +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: redis-enterprise-log-collector + namespace: +subjects: +- kind: ServiceAccount + name: redis-enterprise-log-collector + namespace: +roleRef: + kind: Role + name: redis-enterprise-log-collector + apiGroup: rbac.authorization.k8s.io +``` + +## Cluster role binding + +Bind the ClusterRole to your service account for cluster-wide permissions. + +**File: `log-collector-cluster-role-binding.yaml`** + +```yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: redis-enterprise-log-collector +subjects: +- kind: ServiceAccount + name: redis-enterprise-log-collector + namespace: +roleRef: + kind: ClusterRole + name: redis-enterprise-log-collector + apiGroup: rbac.authorization.k8s.io +``` + +## Usage + +Apply the appropriate RBAC configuration and role bindings, then run the log collector with the desired mode: + +```bash +# Restricted mode (default for 6.2.18-3+) +python log_collector.py -m restricted -n + +# All mode +python log_collector.py -m all -n +``` + +## Security considerations + +### Principle of least privilege + +- **Start with restricted mode**: Use restricted mode unless you specifically need additional cluster information +- **Limit namespace access**: Only grant permissions in namespaces where log collection is needed +- **Time-bound access**: Consider creating temporary RBAC resources for log collection activities + +### Sensitive data handling + +Both modes collect: +- **Secrets metadata**: Names and types of secrets (not the actual secret values) +- **ConfigMap data**: Configuration information that may contain sensitive settings +- **Pod logs**: Application logs that may contain sensitive information + +Ensure collected logs are handled according to your organization's data security policies. + +## Troubleshooting + +### Permission denied errors + +If you encounter permission errors: + +1. **Verify RBAC resources**: Ensure roles and bindings are applied correctly +2. **Check service account**: Confirm the service account has the necessary bindings +3. **Validate namespace access**: Ensure role bindings exist in target namespaces +4. **Review mode requirements**: Verify you're using the correct mode for your needs + +### Missing resources + +If the log collector reports missing resources: + +1. **Check cluster role permissions**: Ensure ClusterRole is applied and bound +2. **Verify CRD access**: Confirm access to Redis Enterprise custom resource definitions +3. **Review mode selection**: Consider switching to all mode if additional resources are needed + +## Next steps + +- [Learn about log collection]({{< relref "/operate/kubernetes/logs/collect-logs" >}}) +- [Explore YAML deployment examples]({{< relref "/operate/kubernetes/reference/yaml-examples" >}}) +- [Configure monitoring]({{< relref "/operate/kubernetes/re-clusters/connect-prometheus-operator" >}}) + +## Related documentation + +- [Collect logs guide]({{< relref "/operate/kubernetes/logs/collect-logs" >}}) +- [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) +- [Redis Enterprise troubleshooting]({{< relref "/operate/kubernetes/logs" >}}) diff --git a/content/operate/kubernetes/reference/_index.md b/content/operate/kubernetes/reference/_index.md index 6a1196188..7f3c15a5d 100644 --- a/content/operate/kubernetes/reference/_index.md +++ b/content/operate/kubernetes/reference/_index.md @@ -72,6 +72,19 @@ kubectl delete rec my-cluster **Important:** Always delete databases (REDB) before deleting the cluster (REC) to ensure proper cleanup. +## YAML examples + +Complete YAML examples for common deployment scenarios: + +- [YAML examples]({{< relref "/operate/kubernetes/reference/yaml-examples" >}}) - Ready-to-use YAML configurations for different deployment types + +### Example categories + +- [Basic deployment]({{< relref "/operate/kubernetes/reference/yaml-examples/basic-deployment" >}}) - Essential YAML files for simple Redis Enterprise deployment +- [Rack awareness]({{< relref "/operate/kubernetes/reference/yaml-examples/rack-awareness" >}}) - YAML examples for rack-aware deployments across availability zones +- [Active-Active]({{< relref "/operate/kubernetes/reference/yaml-examples/active-active" >}}) - YAML examples for Active-Active databases across multiple clusters +- [Multi-namespace]({{< relref "/operate/kubernetes/reference/yaml-examples/multi-namespace" >}}) - YAML examples for deploying across multiple namespaces + ## API reference Complete API specifications for all Redis Enterprise custom resources: diff --git a/content/operate/kubernetes/reference/yaml-examples/_index.md b/content/operate/kubernetes/reference/yaml-examples/_index.md new file mode 100644 index 000000000..cf5843273 --- /dev/null +++ b/content/operate/kubernetes/reference/yaml-examples/_index.md @@ -0,0 +1,111 @@ +--- +Title: YAML examples +alwaysopen: false +categories: +- docs +- operate +- kubernetes +description: Example YAML files for deploying Redis Enterprise on Kubernetes with different configurations. +hideListLinks: true +linkTitle: YAML examples +weight: 85 +--- + +This section provides complete YAML examples for common Redis Enterprise for Kubernetes deployment scenarios. Each example includes the necessary configuration files and step-by-step instructions for editing and applying them. + +## How to use these examples + +### Download and customize + +1. Copy the YAML content from the examples below +2. Save each YAML block to a separate file with a descriptive name +3. Edit the configuration values to match your environment +4. Apply the files in the correct order using `kubectl apply` + +### Configuration storage + +Redis Enterprise for Kubernetes stores configuration in several places: + +- **Custom resources**: Cluster and database specifications are stored as Kubernetes custom resources (REC, REDB, REAADB, RERC) +- **Secrets**: Sensitive data like passwords and certificates are stored in Kubernetes secrets +- **ConfigMaps**: Non-sensitive configuration data is stored in ConfigMaps +- **RBAC resources**: Permissions are defined through Roles, ClusterRoles, and their bindings + +### Applying YAML files + +Apply YAML files using `kubectl apply`: + +```bash +# Apply a single file +kubectl apply -f my-config.yaml + +# Apply multiple files +kubectl apply -f rbac/ -f cluster/ -f database/ + +# Apply with validation +kubectl apply --dry-run=client -f my-config.yaml +``` + +### Monitoring deployment + +Check the status of your resources after applying: + +```bash +# Check operator deployment +kubectl get deployment redis-enterprise-operator + +# Check cluster status +kubectl get rec +kubectl describe rec + +# Check database status +kubectl get redb +kubectl describe redb + +# View events for troubleshooting +kubectl get events --sort-by=.metadata.creationTimestamp +``` + +## Example categories + +### Basic deployment + +Essential YAML files for a simple Redis Enterprise deployment: + +- [Basic deployment examples]({{< relref "/operate/kubernetes/reference/yaml-examples/basic-deployment" >}}) - Service account, RBAC, cluster, and database configurations + +### Rack awareness + +YAML examples for rack-aware deployments that distribute Redis Enterprise nodes across availability zones: + +- [Rack awareness examples]({{< relref "/operate/kubernetes/reference/yaml-examples/rack-awareness" >}}) - Rack-aware cluster configuration and required RBAC + +### Active-Active + +YAML examples for Active-Active database deployments across multiple clusters: + +- [Active-Active examples]({{< relref "/operate/kubernetes/reference/yaml-examples/active-active" >}}) - Multi-cluster Active-Active database setup + +### Multi-namespace + +YAML examples for deploying Redis Enterprise across multiple namespaces: + +- [Multi-namespace examples]({{< relref "/operate/kubernetes/reference/yaml-examples/multi-namespace" >}}) - Cross-namespace operator and cluster configurations + +## Best practices + +When working with these YAML examples: + +- **Start simple**: Begin with basic deployment examples before moving to advanced configurations +- **Validate syntax**: Use `kubectl apply --dry-run=client` to check YAML syntax before applying +- **Version control**: Store your customized YAML files in version control +- **Environment-specific values**: Use separate YAML files or tools like Kustomize for environment-specific configurations +- **Resource naming**: Use consistent, descriptive names for all resources +- **Documentation**: Add annotations to describe the purpose of each resource + +## Related documentation + +- [API reference]({{< relref "/operate/kubernetes/reference" >}}) - Complete API specifications for all custom resources +- [Quick start deployment]({{< relref "/operate/kubernetes/deployment/quick-start" >}}) - Step-by-step deployment guide +- [Multi-namespace deployment]({{< relref "/operate/kubernetes/re-clusters/multi-namespace" >}}) - Detailed multi-namespace setup guide +- [Active-Active databases]({{< relref "/operate/kubernetes/active-active" >}}) - Active-Active configuration and management diff --git a/content/operate/kubernetes/reference/yaml-examples/active-active.md b/content/operate/kubernetes/reference/yaml-examples/active-active.md new file mode 100644 index 000000000..4420df264 --- /dev/null +++ b/content/operate/kubernetes/reference/yaml-examples/active-active.md @@ -0,0 +1,328 @@ +--- +Title: Active-Active examples +alwaysopen: false +categories: +- docs +- operate +- kubernetes +description: YAML examples for Active-Active Redis Enterprise databases across multiple Kubernetes clusters. +linkTitle: Active-Active +weight: 30 +--- + +This page provides YAML examples for deploying Active-Active Redis Enterprise databases across multiple Kubernetes clusters. Active-Active databases provide multi-master replication with conflict resolution, enabling global distribution and local read/write access. + +## Overview + +Active-Active databases span multiple Redis Enterprise clusters and provide: +- **Multi-master replication**: Write to any participating cluster +- **Conflict resolution**: Automatic handling of concurrent writes +- **Global distribution**: Low-latency access from multiple regions +- **High availability**: Continues operating even if clusters go offline + +## Prerequisites + +Before creating Active-Active databases: + +1. **Multiple REC clusters**: Deploy Redis Enterprise clusters in different regions/zones +2. **Network connectivity**: Clusters must be able to communicate with each other +3. **DNS configuration**: Set up ingress/routes with proper DNS records +4. **Admission controller**: Enable the ValidatingWebhook for Active-Active support + +## Architecture + +This example shows a two-cluster Active-Active setup: +- **Cluster 1**: `rec-chicago` in namespace `ns-chicago` +- **Cluster 2**: `rec-boston` in namespace `ns-boston` + +## RERC for Chicago cluster + +Each participating cluster needs a RedisEnterpriseRemoteCluster (RERC) resource pointing to the other clusters. + +**File: `rerc-chicago.yaml`** (applied on Boston cluster) + +{{}} + +### RERC configuration + +- **metadata.name**: Unique name for this remote cluster reference +- **spec.recName**: Name of the remote REC +- **spec.recNamespace**: Namespace of the remote REC +- **spec.apiFqdnUrl**: API endpoint URL for the remote cluster +- **spec.dbFqdnSuffix**: Database hostname suffix for the remote cluster +- **spec.secretName**: Secret containing authentication credentials + +### Customization for your environment + +Edit these values for your specific setup: + +```yaml +apiVersion: app.redislabs.com/v1alpha1 +kind: RedisEnterpriseRemoteCluster +metadata: + name: rerc-chicago +spec: + # Remote cluster details + recName: rec-chicago + recNamespace: ns-chicago + + # Update with your actual domain + apiFqdnUrl: api-rec-chicago-ns-chicago.example.com + dbFqdnSuffix: -db-rec-chicago-ns-chicago.example.com + + # Secret with remote cluster credentials + secretName: redis-enterprise-rerc-chicago +``` + +## RERC for Boston cluster + +**File: `rerc-boston.yaml`** (applied on Chicago cluster) + +```yaml +apiVersion: app.redislabs.com/v1alpha1 +kind: RedisEnterpriseRemoteCluster +metadata: + name: rerc-boston +spec: + recName: rec-boston + recNamespace: ns-boston + apiFqdnUrl: api-rec-boston-ns-boston.example.com + dbFqdnSuffix: -db-rec-boston-ns-boston.example.com + secretName: redis-enterprise-rerc-boston +``` + +## Active-Active database + +The RedisEnterpriseActiveActiveDatabase (REAADB) resource defines the Active-Active database. + +**File: `active-active-database.yaml`** + +{{}} + +### REAADB configuration + +- **metadata.name**: Active-Active database name +- **spec.participatingClusters**: List of RERC names that participate in this database +- **spec.globalConfigurations**: Database settings applied to all participating clusters + +### Advanced configuration + +Add global database settings: + +```yaml +apiVersion: app.redislabs.com/v1alpha1 +kind: RedisEnterpriseActiveActiveDatabase +metadata: + name: reaadb +spec: + # Global database configuration + globalConfigurations: + # Memory allocation per participating cluster + memorySize: 1GB + + # Number of shards (affects performance) + shardCount: 2 + + # Enable replication within each cluster + replication: true + + # Secret containing database password + databaseSecretName: my-db-secret + + # Redis modules to enable + modules: + - name: RedisJSON + - name: RedisSearch + + # Database-specific Redis configuration + redisEnterpriseConfiguration: + # Set eviction policy + maxmemory-policy: allkeys-lru + + # Enable keyspace notifications + notify-keyspace-events: Ex + + # Participating clusters + participatingClusters: + - name: rerc-chicago + - name: rerc-boston +``` + +## Applying the configuration + +### Step 1: Prepare clusters + +Ensure both clusters are deployed and accessible: + +```bash +# Check cluster status on both clusters +kubectl get rec --all-namespaces + +# Verify ingress/routes are configured +kubectl get ingress,routes --all-namespaces +``` + +### Step 2: Create RERC resources + +Apply RERC resources on each cluster pointing to the other clusters: + +**On Chicago cluster:** +```bash +kubectl apply -f rerc-boston.yaml +``` + +**On Boston cluster:** +```bash +kubectl apply -f rerc-chicago.yaml +``` + +### Step 3: Verify RERC status + +Check that remote clusters are connected: + +```bash +# Check RERC status +kubectl get rerc +kubectl describe rerc rerc-boston + +# Verify connectivity +kubectl logs deployment/redis-enterprise-operator +``` + +### Step 4: Create Active-Active database + +Apply the REAADB resource on one of the participating clusters: + +```bash +kubectl apply -f active-active-database.yaml +``` + +### Step 5: Verify database creation + +Check that the database is created on all participating clusters: + +```bash +# Check REAADB status +kubectl get reaadb +kubectl describe reaadb reaadb + +# Verify local databases are created +kubectl get redb +``` + +## Verification + +### Check database status + +```bash +# View Active-Active database details +kubectl get reaadb reaadb -o yaml + +# Check local database instances +kubectl get redb --all-namespaces + +# Verify database connectivity +kubectl get svc | grep reaadb +``` + +### Test replication + +Connect to the database on different clusters and verify data replication: + +```bash +# Get database connection details +kubectl get secret reaadb -o yaml + +# Connect from Chicago cluster +redis-cli -h -p -a +SET test-key "chicago-value" + +# Connect from Boston cluster +redis-cli -h -p -a +GET test-key # Should return "chicago-value" +``` + +### Monitor replication lag + +Use the Redis Enterprise admin console to monitor: +- Replication status between clusters +- Sync lag metrics +- Conflict resolution statistics + +## Troubleshooting + +### Common issues + +**RERC connection failures** +- Verify DNS resolution for API and database endpoints +- Check network connectivity between clusters +- Validate ingress/route configurations + +**Database creation fails** +- Ensure admission controller is enabled +- Check that all RERC resources are in "Active" state +- Verify sufficient resources on all participating clusters + +**Replication not working** +- Check database endpoints are accessible +- Verify TLS certificates if using encrypted connections +- Monitor operator logs for replication errors + +### Debug commands + +```bash +# Check RERC connectivity +kubectl describe rerc + +# View operator logs +kubectl logs deployment/redis-enterprise-operator + +# Check database events +kubectl describe reaadb + +# Verify network policies +kubectl get networkpolicies +``` + +## Security considerations + +### TLS encryption + +Enable TLS for inter-cluster communication: + +```yaml +spec: + globalConfigurations: + # Enable TLS for replication + tlsMode: enabled + + # Specify TLS certificate secret + tlsSecretName: my-tls-secret +``` + +### Authentication + +Secure database access with authentication: + +```yaml +spec: + globalConfigurations: + # Enable database authentication + requireAuth: true + + # Secret containing database password + databaseSecretName: my-auth-secret +``` + +## Next steps + +- [Configure multi-namespace deployment]({{< relref "/operate/kubernetes/reference/yaml-examples/multi-namespace" >}}) +- [Learn about Active-Active management]({{< relref "/operate/kubernetes/active-active" >}}) +- [Set up monitoring and alerts]({{< relref "/operate/kubernetes/re-clusters/connect-prometheus-operator" >}}) + +## Related documentation + +- [Active-Active database guide]({{< relref "/operate/kubernetes/active-active/create-reaadb" >}}) +- [REAADB API reference]({{< relref "/operate/kubernetes/reference/redis_enterprise_active_active_database_api" >}}) +- [RERC API reference]({{< relref "/operate/kubernetes/reference/redis_enterprise_remote_cluster_api" >}}) +- [Networking configuration]({{< relref "/operate/kubernetes/networking" >}}) diff --git a/content/operate/kubernetes/reference/yaml-examples/basic-deployment.md b/content/operate/kubernetes/reference/yaml-examples/basic-deployment.md new file mode 100644 index 000000000..2dc342c48 --- /dev/null +++ b/content/operate/kubernetes/reference/yaml-examples/basic-deployment.md @@ -0,0 +1,245 @@ +--- +Title: Basic deployment examples +alwaysopen: false +categories: +- docs +- operate +- kubernetes +description: YAML examples for basic Redis Enterprise deployment including RBAC, cluster, and database configurations. +linkTitle: Basic deployment +weight: 10 +--- + +This page provides complete YAML examples for a basic Redis Enterprise deployment on Kubernetes. These examples include all the essential components needed to deploy a Redis Enterprise cluster and create a database. + +## Deployment order + +Apply the YAML files in this order: + +1. [Service account](#service-account) +2. [Role](#role) +3. [Role binding](#role-binding) +4. [Redis Enterprise cluster](#redis-enterprise-cluster) +5. [Redis Enterprise database](#redis-enterprise-database) + +## Service account + +The service account provides an identity for the Redis Enterprise operator. + +**File: `service-account.yaml`** + +{{}} + +### Service account configuration + +- **name**: The service account name used by the operator +- **labels**: Standard labels for Redis Enterprise resources + +## Role + +The Role defines the permissions needed by the Redis Enterprise operator within the namespace. + +**File: `role.yaml`** + +{{}} + +### Role configuration + +- **name**: Must match the role name referenced in the role binding +- **rules**: Comprehensive permissions for managing Redis Enterprise resources +- **apiGroups**: Includes core Kubernetes APIs and Redis Enterprise custom resources + +### Key permissions + +- **app.redislabs.com**: Full access to Redis Enterprise custom resources +- **secrets**: Manage TLS certificates and database credentials +- **services**: Create and manage service endpoints +- **pods**: Monitor and manage Redis Enterprise pods +- **persistentvolumeclaims**: Manage persistent storage + +## Role binding + +The RoleBinding connects the service account to the role, granting the necessary permissions. + +**File: `role-binding.yaml`** + +{{}} + +### Role binding configuration + +- **subjects.name**: Must match the service account name +- **roleRef.name**: Must match the role name +- **namespace**: Apply in the same namespace as other resources + +## Redis Enterprise cluster + +The RedisEnterpriseCluster (REC) custom resource defines the cluster specification. + +**File: `redis-cluster.yaml`** + +{{}} + +### Cluster configuration + +- **metadata.name**: Cluster name (cannot be changed after creation) +- **spec.nodes**: Number of Redis Enterprise nodes (minimum 3) +- **persistentSpec.volumeSize**: Storage size per node +- **redisEnterpriseNodeResources**: CPU and memory allocation per node + +### Customization options + +Edit these values based on your requirements: + +```yaml +spec: + # Increase nodes for larger clusters + nodes: 5 + + # Adjust storage size + persistentSpec: + volumeSize: 50Gi + + # Modify resource allocation + redisEnterpriseNodeResources: + requests: + cpu: 4 + memory: 8Gi + limits: + cpu: 4 + memory: 8Gi +``` + +## Redis Enterprise database + +The RedisEnterpriseDatabase (REDB) custom resource defines the database specification. + +**File: `redis-database.yaml`** + +{{}} + +### Database configuration + +- **metadata.name**: Database name +- **spec.memorySize**: Memory allocation for the database +- **spec.shardCount**: Number of shards (affects performance and scalability) +- **spec.replication**: Enable/disable database replication + +### Customization options + +Edit these values based on your requirements: + +```yaml +spec: + # Increase memory for larger datasets + memorySize: 1GB + + # Add more shards for better performance + shardCount: 3 + + # Enable replication for high availability + replication: true + + # Add database-specific configuration + redisEnterpriseConfiguration: + # Enable specific Redis modules + modules: + - name: RedisJSON + - name: RedisSearch +``` + +## Applying the configuration + +### Step 1: Create namespace + +```bash +kubectl create namespace redis-enterprise +kubectl config set-context --current --namespace=redis-enterprise +``` + +### Step 2: Apply RBAC resources + +```bash +kubectl apply -f service-account.yaml +kubectl apply -f role.yaml +kubectl apply -f role-binding.yaml +``` + +### Step 3: Deploy the cluster + +```bash +kubectl apply -f redis-cluster.yaml +``` + +Wait for the cluster to be ready: + +```bash +kubectl get rec +kubectl describe rec rec +``` + +### Step 4: Create the database + +```bash +kubectl apply -f redis-database.yaml +``` + +Verify the database is created: + +```bash +kubectl get redb +kubectl describe redb redb +``` + +## Verification + +### Check cluster status + +```bash +# View cluster details +kubectl get rec -o wide + +# Check cluster events +kubectl describe rec rec + +# View cluster pods +kubectl get pods -l app=redis-enterprise +``` + +### Check database status + +```bash +# View database details +kubectl get redb -o wide + +# Check database events +kubectl describe redb redb + +# Get database connection details +kubectl get secret redb -o yaml +``` + +### Access the admin console + +Get the admin console URL and credentials: + +```bash +# Get admin console service +kubectl get svc rec-ui + +# Get admin credentials +kubectl get secret rec -o jsonpath='{.data.username}' | base64 -d +kubectl get secret rec -o jsonpath='{.data.password}' | base64 -d +``` + +## Next steps + +- [Create additional databases]({{< relref "/operate/kubernetes/re-databases" >}}) +- [Configure networking]({{< relref "/operate/kubernetes/networking" >}}) +- [Set up monitoring]({{< relref "/operate/kubernetes/re-clusters/connect-prometheus-operator" >}}) +- [Explore rack awareness]({{< relref "/operate/kubernetes/reference/yaml-examples/rack-awareness" >}}) + +## Related documentation + +- [Quick start deployment]({{< relref "/operate/kubernetes/deployment/quick-start" >}}) +- [REC API reference]({{< relref "/operate/kubernetes/reference/redis_enterprise_cluster_api" >}}) +- [REDB API reference]({{< relref "/operate/kubernetes/reference/redis_enterprise_database_api" >}}) diff --git a/content/operate/kubernetes/reference/yaml-examples/multi-namespace.md b/content/operate/kubernetes/reference/yaml-examples/multi-namespace.md new file mode 100644 index 000000000..4947c220d --- /dev/null +++ b/content/operate/kubernetes/reference/yaml-examples/multi-namespace.md @@ -0,0 +1,454 @@ +--- +Title: Multi-namespace examples +alwaysopen: false +categories: +- docs +- operate +- kubernetes +description: YAML examples for deploying Redis Enterprise across multiple Kubernetes namespaces. +linkTitle: Multi-namespace +weight: 40 +--- + +This page provides YAML examples for deploying Redis Enterprise across multiple Kubernetes namespaces. Multi-namespace deployment allows a single Redis Enterprise operator to manage clusters and databases in different namespaces, providing better resource isolation and organization. + +## Overview + +Multi-namespace deployment enables: +- **Namespace isolation**: Separate Redis Enterprise resources by team, environment, or application +- **Centralized management**: Single operator manages multiple namespaces +- **Resource sharing**: Efficient use of cluster resources across namespaces +- **Flexible RBAC**: Fine-grained permissions per namespace + +## Architecture + +This example shows: +- **Operator namespace**: `redis-enterprise-operator` (where the operator runs) +- **Consumer namespaces**: `app-production`, `app-staging` (where REC/REDB resources are created) + +## Deployment order + +Apply the YAML files in this order: + +1. [Operator service account](#operator-service-account) +2. [Operator cluster role](#operator-cluster-role) +3. [Operator cluster role binding](#operator-cluster-role-binding) +4. [Consumer service account](#consumer-service-account) +5. [Consumer role](#consumer-role) +6. [Consumer role binding](#consumer-role-binding) +7. [Redis Enterprise clusters](#redis-enterprise-clusters) +8. [Redis Enterprise databases](#redis-enterprise-databases) + +## Operator service account + +These resources are deployed in the namespace where the Redis Enterprise operator runs. + +**File: `operator-service-account.yaml`** + +{{}} + +## Operator cluster role + +The operator needs cluster-wide permissions to manage resources across namespaces. + +**File: `operator-cluster-role.yaml`** + +{{}} + +## Operator cluster role binding + +**File: `operator-cluster-role-binding.yaml`** + +{{}} + +## Consumer service account + +These resources are deployed in each namespace where you want to create Redis Enterprise clusters or databases. + +**File: `consumer-service-account.yaml`** + +```yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: redis-enterprise-operator + labels: + app: redis-enterprise +``` + +## Consumer role + +**File: `consumer-role.yaml`** + +{{}} + +## Consumer role binding + +**File: `consumer-role-binding.yaml`** + +{{}} + +### Consumer namespace configuration + +- **subjects.name**: Must match the operator service account name +- **subjects.namespace**: Must be the operator namespace, not the consumer namespace +- **roleRef.name**: Must match the consumer role name + +## Redis Enterprise clusters + +Deploy Redis Enterprise clusters in consumer namespaces. + +### Production cluster + +**File: `production-cluster.yaml`** + +```yaml +apiVersion: app.redislabs.com/v1 +kind: RedisEnterpriseCluster +metadata: + name: rec-production + namespace: app-production + labels: + app: redis-enterprise + environment: production +spec: + nodes: 5 + + persistentSpec: + enabled: true + volumeSize: 50Gi + + redisEnterpriseNodeResources: + requests: + cpu: 4 + memory: 8Gi + limits: + cpu: 4 + memory: 8Gi + + # Production-specific configuration + redisEnterpriseConfiguration: + # Enable cluster backup + backup_interval: "24h" + + # Set log level + log_level: "info" +``` + +### Staging cluster + +**File: `staging-cluster.yaml`** + +```yaml +apiVersion: app.redislabs.com/v1 +kind: RedisEnterpriseCluster +metadata: + name: rec-staging + namespace: app-staging + labels: + app: redis-enterprise + environment: staging +spec: + nodes: 3 + + persistentSpec: + enabled: true + volumeSize: 20Gi + + redisEnterpriseNodeResources: + requests: + cpu: 2 + memory: 4Gi + limits: + cpu: 2 + memory: 4Gi +``` + +## Redis Enterprise databases + +Create databases in the appropriate namespaces. + +### Production database + +**File: `production-database.yaml`** + +```yaml +apiVersion: app.redislabs.com/v1alpha1 +kind: RedisEnterpriseDatabase +metadata: + name: redb-production + namespace: app-production + labels: + app: redis-enterprise + environment: production +spec: + memorySize: 2GB + shardCount: 3 + replication: true + + # Production-specific settings + redisEnterpriseConfiguration: + # Enable persistence + persistence: aof + + # Set eviction policy + maxmemory-policy: allkeys-lru + + # Enable modules + modules: + - name: RedisJSON + - name: RedisSearch +``` + +### Staging database + +**File: `staging-database.yaml`** + +```yaml +apiVersion: app.redislabs.com/v1alpha1 +kind: RedisEnterpriseDatabase +metadata: + name: redb-staging + namespace: app-staging + labels: + app: redis-enterprise + environment: staging +spec: + memorySize: 512MB + shardCount: 1 + replication: false + + # Staging-specific settings + redisEnterpriseConfiguration: + # Disable persistence for faster testing + persistence: disabled + + # Enable modules for testing + modules: + - name: RedisJSON +``` + +## Applying the configuration + +### Step 1: Create namespaces + +```bash +# Create operator namespace +kubectl create namespace redis-enterprise-operator + +# Create consumer namespaces +kubectl create namespace app-production +kubectl create namespace app-staging +``` + +### Step 2: Deploy operator resources + +```bash +# Switch to operator namespace +kubectl config set-context --current --namespace=redis-enterprise-operator + +# Apply operator RBAC +kubectl apply -f operator-service-account.yaml +kubectl apply -f operator-cluster-role.yaml +kubectl apply -f operator-cluster-role-binding.yaml + +# Deploy the operator (using bundle or Helm) +kubectl apply -f https://raw.githubusercontent.com/RedisLabs/redis-enterprise-k8s-docs/v7.8.6/bundle.yaml +``` + +### Step 3: Configure consumer namespaces + +**For production namespace:** +```bash +kubectl config set-context --current --namespace=app-production + +kubectl apply -f consumer-service-account.yaml +kubectl apply -f consumer-role.yaml +kubectl apply -f consumer-role-binding.yaml +``` + +**For staging namespace:** +```bash +kubectl config set-context --current --namespace=app-staging + +kubectl apply -f consumer-service-account.yaml +kubectl apply -f consumer-role.yaml +kubectl apply -f consumer-role-binding.yaml +``` + +### Step 4: Deploy clusters + +```bash +# Deploy production cluster +kubectl apply -f production-cluster.yaml + +# Deploy staging cluster +kubectl apply -f staging-cluster.yaml +``` + +### Step 5: Create databases + +```bash +# Create production database +kubectl apply -f production-database.yaml + +# Create staging database +kubectl apply -f staging-database.yaml +``` + +## Verification + +### Check operator status + +```bash +# Verify operator is running +kubectl get deployment redis-enterprise-operator -n redis-enterprise-operator + +# Check operator logs +kubectl logs deployment/redis-enterprise-operator -n redis-enterprise-operator +``` + +### Check clusters across namespaces + +```bash +# View all clusters +kubectl get rec --all-namespaces + +# Check specific cluster status +kubectl describe rec rec-production -n app-production +kubectl describe rec rec-staging -n app-staging +``` + +### Check databases across namespaces + +```bash +# View all databases +kubectl get redb --all-namespaces + +# Check specific database status +kubectl describe redb redb-production -n app-production +kubectl describe redb redb-staging -n app-staging +``` + +### Verify RBAC permissions + +```bash +# Check cluster role bindings +kubectl get clusterrolebinding | grep redis-enterprise + +# Check role bindings in consumer namespaces +kubectl get rolebinding -n app-production +kubectl get rolebinding -n app-staging +``` + +## Management operations + +### Adding new consumer namespaces + +To add a new consumer namespace: + +1. Create the namespace +2. Apply consumer RBAC resources +3. Deploy clusters and databases as needed + +```bash +# Create new namespace +kubectl create namespace app-development + +# Apply RBAC resources +kubectl config set-context --current --namespace=app-development +kubectl apply -f consumer-service-account.yaml +kubectl apply -f consumer-role.yaml +kubectl apply -f consumer-role-binding.yaml +``` + +### Monitoring across namespaces + +Monitor resources across all namespaces: + +```bash +# Watch all Redis Enterprise resources +kubectl get rec,redb,reaadb,rerc --all-namespaces -w + +# Check resource usage by namespace +kubectl top pods --all-namespaces | grep redis-enterprise +``` + +## Security considerations + +### Namespace isolation + +- Each consumer namespace has its own RBAC configuration +- Resources in one namespace cannot access resources in another +- Secrets and ConfigMaps are namespace-scoped + +### Operator permissions + +The operator has cluster-wide permissions but only for: +- Reading namespace information +- Managing Redis Enterprise custom resources +- Creating necessary Kubernetes resources + +### Network policies + +Consider implementing network policies for additional isolation: + +```yaml +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: redis-enterprise-isolation + namespace: app-production +spec: + podSelector: + matchLabels: + app: redis-enterprise + policyTypes: + - Ingress + - Egress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: app-production +``` + +## Troubleshooting + +### Common issues + +**Operator cannot create resources in consumer namespace** +- Verify ClusterRole and ClusterRoleBinding are applied +- Check that consumer namespace has proper Role and RoleBinding +- Ensure service account names match across configurations + +**Resources not appearing in consumer namespace** +- Confirm operator is running and healthy +- Check operator logs for permission errors +- Verify namespace labels and selectors + +### Debug commands + +```bash +# Check operator permissions +kubectl auth can-i create rec --as=system:serviceaccount:redis-enterprise-operator:redis-enterprise-operator -n app-production + +# View operator logs +kubectl logs deployment/redis-enterprise-operator -n redis-enterprise-operator --tail=100 + +# Check RBAC configuration +kubectl describe clusterrole redis-enterprise-operator-consumer-ns +kubectl describe rolebinding redis-enterprise-operator -n app-production +``` + +## Next steps + +- [Configure networking across namespaces]({{< relref "/operate/kubernetes/networking" >}}) +- [Set up monitoring for multi-namespace deployment]({{< relref "/operate/kubernetes/re-clusters/connect-prometheus-operator" >}}) +- [Learn about resource management]({{< relref "/operate/kubernetes/recommendations" >}}) + +## Related documentation + +- [Multi-namespace deployment guide]({{< relref "/operate/kubernetes/re-clusters/multi-namespace" >}}) +- [RBAC configuration]({{< relref "/operate/kubernetes/security" >}}) +- [Kubernetes namespaces](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/) diff --git a/content/operate/kubernetes/reference/yaml-examples/rack-awareness.md b/content/operate/kubernetes/reference/yaml-examples/rack-awareness.md new file mode 100644 index 000000000..65dac6d2a --- /dev/null +++ b/content/operate/kubernetes/reference/yaml-examples/rack-awareness.md @@ -0,0 +1,280 @@ +--- +Title: Rack awareness examples +alwaysopen: false +categories: +- docs +- operate +- kubernetes +description: YAML examples for rack-aware Redis Enterprise deployments that distribute nodes across availability zones. +linkTitle: Rack awareness +weight: 20 +--- + +This page provides YAML examples for deploying Redis Enterprise with rack awareness. Rack awareness distributes Redis Enterprise nodes across different availability zones or failure domains to improve high availability and fault tolerance. + +## Overview + +Rack awareness ensures that: +- Redis Enterprise nodes are distributed across different zones +- Database shards and replicas are placed on nodes in different zones +- The cluster remains available even if an entire zone fails + +## Prerequisites + +- Kubernetes nodes must be labeled with zone information +- Typically uses the standard label `topology.kubernetes.io/zone` +- Verify node labels: `kubectl get nodes --show-labels` + +## Deployment order + +Apply the YAML files in this order: + +1. [Service account](#service-account) +2. [Cluster role](#cluster-role) +3. [Cluster role binding](#cluster-role-binding) +4. [Rack-aware Redis Enterprise cluster](#rack-aware-redis-enterprise-cluster) +5. [Redis Enterprise database](#redis-enterprise-database) + +## Service account + +The service account for rack-aware deployments is the same as basic deployments. + +**File: `service-account.yaml`** + +{{}} + +## Cluster role + +Rack awareness requires additional permissions to read node labels across the cluster. + +**File: `cluster-role.yaml`** + +{{}} + +### Cluster role configuration + +- **name**: ClusterRole name for rack awareness permissions +- **rules**: Permissions to read nodes and their labels cluster-wide +- **resources**: Access to `nodes` resource for zone label discovery + +### Key permissions + +- **nodes**: Read access to discover node zone labels +- **get, list, watch**: Monitor node changes and zone assignments + +## Cluster role binding + +The ClusterRoleBinding grants cluster-wide permissions to the service account. + +**File: `cluster-role-binding.yaml`** + +{{}} + +### Cluster role binding configuration + +- **subjects.name**: Must match the service account name +- **subjects.namespace**: Namespace where the operator is deployed +- **roleRef.name**: Must match the cluster role name + +## Rack-aware Redis Enterprise cluster + +The rack-aware REC configuration includes the `rackAwarenessNodeLabel` field. + +**File: `rack-aware-cluster.yaml`** + +{{}} + +### Rack-aware cluster configuration + +- **metadata.name**: Cluster name (cannot be changed after creation) +- **spec.rackAwarenessNodeLabel**: Node label used for zone identification +- **spec.nodes**: Minimum 3 nodes, ideally distributed across zones + +### Customization options + +Edit these values based on your environment: + +```yaml +spec: + # Increase nodes for better zone distribution + nodes: 6 + + # Use custom zone label if needed + rackAwarenessNodeLabel: "failure-domain.beta.kubernetes.io/zone" + + # Add resource specifications + redisEnterpriseNodeResources: + requests: + cpu: 2 + memory: 4Gi + limits: + cpu: 2 + memory: 4Gi + + # Enable persistent storage + persistentSpec: + enabled: true + volumeSize: 20Gi +``` + +### Common zone labels + +Different Kubernetes distributions use different zone labels: + +- **Standard**: `topology.kubernetes.io/zone` +- **Legacy**: `failure-domain.beta.kubernetes.io/zone` +- **Custom**: Your organization's specific labeling scheme + +Verify the correct label on your nodes: + +```bash +kubectl get nodes -o custom-columns=NAME:.metadata.name,ZONE:.metadata.labels.'topology\.kubernetes\.io/zone' +``` + +## Redis Enterprise database + +Database configuration for rack-aware clusters is the same as basic deployments. + +**File: `redis-database.yaml`** + +{{}} + +### Rack awareness benefits + +When deployed on a rack-aware cluster, databases automatically benefit from: + +- **Shard distribution**: Database shards are distributed across zones +- **Replica placement**: Replicas are placed in different zones than their masters +- **Automatic failover**: Cluster can survive zone failures + +## Applying the configuration + +### Step 1: Verify node labels + +Check that your nodes have zone labels: + +```bash +kubectl get nodes --show-labels | grep topology.kubernetes.io/zone +``` + +If nodes don't have zone labels, add them: + +```bash +kubectl label node topology.kubernetes.io/zone= +``` + +### Step 2: Create namespace + +```bash +kubectl create namespace redis-enterprise +kubectl config set-context --current --namespace=redis-enterprise +``` + +### Step 3: Apply RBAC resources + +```bash +kubectl apply -f service-account.yaml +kubectl apply -f cluster-role.yaml +kubectl apply -f cluster-role-binding.yaml +``` + +### Step 4: Deploy the rack-aware cluster + +```bash +kubectl apply -f rack-aware-cluster.yaml +``` + +Wait for the cluster to be ready: + +```bash +kubectl get rec rack-aware-cluster +kubectl describe rec rack-aware-cluster +``` + +### Step 5: Create the database + +```bash +kubectl apply -f redis-database.yaml +``` + +## Verification + +### Check cluster rack awareness + +```bash +# View cluster status +kubectl get rec rack-aware-cluster -o yaml + +# Check that nodes are distributed across zones +kubectl get pods -l app=redis-enterprise -o wide + +# Verify zone distribution +kubectl get pods -l app=redis-enterprise -o custom-columns=NAME:.metadata.name,NODE:.spec.nodeName,ZONE:.spec.nodeSelector.'topology\.kubernetes\.io/zone' +``` + +### Verify database placement + +Access the Redis Enterprise admin console to verify: + +1. Database shards are distributed across zones +2. Replicas are in different zones than their masters +3. Zone information is displayed in the cluster topology + +### Test zone failure + +To test rack awareness: + +1. Simulate zone failure by cordoning nodes in one zone +2. Verify that the cluster remains operational +3. Check that databases continue to serve requests + +```bash +# Cordon nodes in a specific zone +kubectl cordon + +# Check cluster and database status +kubectl get rec,redb +``` + +## Troubleshooting + +### Common issues + +**Nodes not distributed across zones** +- Verify node labels are correct +- Check that sufficient nodes exist in each zone +- Ensure the `rackAwarenessNodeLabel` matches actual node labels + +**Cluster role permissions denied** +- Verify the ClusterRole and ClusterRoleBinding are applied +- Check that the service account name matches in all resources + +**Database shards not distributed** +- Confirm the cluster has rack awareness enabled +- Check that the database has multiple shards +- Verify sufficient nodes exist across zones + +### Debug commands + +```bash +# Check node labels +kubectl describe nodes | grep -A5 Labels + +# View cluster role permissions +kubectl describe clusterrole redis-enterprise-operator-consumer + +# Check operator logs +kubectl logs deployment/redis-enterprise-operator +``` + +## Next steps + +- [Configure Active-Active databases]({{< relref "/operate/kubernetes/reference/yaml-examples/active-active" >}}) +- [Set up multi-namespace deployment]({{< relref "/operate/kubernetes/reference/yaml-examples/multi-namespace" >}}) +- [Learn about database replication]({{< relref "/operate/kubernetes/re-databases/replica-redb" >}}) + +## Related documentation + +- [Node selection recommendations]({{< relref "/operate/kubernetes/recommendations/node-selection" >}}) +- [REC API reference]({{< relref "/operate/kubernetes/reference/redis_enterprise_cluster_api" >}}) +- [Kubernetes node affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) From 847ed148b6601697517d8f6cbb123e8a40b84c19 Mon Sep 17 00:00:00 2001 From: Kaitlyn Michael Date: Thu, 24 Jul 2025 13:25:15 -0500 Subject: [PATCH 02/64] Fix navigation order in logs section - Updated log collector RBAC page weight from 20 to 90 - Ensures 'Collect logs' (weight 89) appears before 'Log collector RBAC' (weight 90) in navigation --- content/operate/kubernetes/logs/log-collector-rbac.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/operate/kubernetes/logs/log-collector-rbac.md b/content/operate/kubernetes/logs/log-collector-rbac.md index 84b73dbb8..35fa66a0d 100644 --- a/content/operate/kubernetes/logs/log-collector-rbac.md +++ b/content/operate/kubernetes/logs/log-collector-rbac.md @@ -7,7 +7,7 @@ categories: - kubernetes description: RBAC configurations for Redis Enterprise log collector in all and restricted modes. linkTitle: Log collector RBAC -weight: 20 +weight: 90 --- This page provides YAML examples for configuring RBAC permissions for the Redis Enterprise log collector tool. The log collector requires different permission levels depending on the collection mode you choose. From 9b4d5e982dc07c5890fd054829b75f04eb086758 Mon Sep 17 00:00:00 2001 From: Kaitlyn Michael Date: Thu, 24 Jul 2025 13:27:00 -0500 Subject: [PATCH 03/64] Add links to YAML examples in log collector documentation - Link 'restricted' mode to #restricted-mode-rbac section - Link 'all' mode to #all-mode-rbac section - Add RBAC requirements section with link to complete YAML configurations - Improves navigation between log collection guide and RBAC setup --- content/operate/kubernetes/logs/collect-logs.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/content/operate/kubernetes/logs/collect-logs.md b/content/operate/kubernetes/logs/collect-logs.md index 808649ea3..a280aaa2d 100644 --- a/content/operate/kubernetes/logs/collect-logs.md +++ b/content/operate/kubernetes/logs/collect-logs.md @@ -15,9 +15,9 @@ The Redis Enterprise cluster (REC) log collector script ([`log_collector.py`](ht As of version 6.2.18-3, the log collector tool has two modes: -- **restricted** collects only resources and logs created by the operator and Redis Enterprise deployments +- **[restricted]({{< relref "/operate/kubernetes/logs/log-collector-rbac#restricted-mode-rbac" >}})** collects only resources and logs created by the operator and Redis Enterprise deployments - This is the default for versions 6.2.18-3 and later -- **all** collects everything from your environment +- **[all]({{< relref "/operate/kubernetes/logs/log-collector-rbac#all-mode-rbac" >}})** collects everything from your environment - This is the default mode for versions 6.2.12-1 and earlier {{}} This script requires Python 3.6 or later. {{}} @@ -39,3 +39,7 @@ As of version 6.2.18-3, the log collector tool has two modes: 1. Upload the resulting `tar.gz` file containing all the logs to [Redis Support](https://support.redislabs.com/). + +## RBAC requirements + +The log collector requires specific RBAC permissions depending on the collection mode. See [Log collector RBAC]({{< relref "/operate/kubernetes/logs/log-collector-rbac" >}}) for complete YAML configurations for both restricted and all modes. From 0d8da158f8b666b1f82f1f0b8cca6a31ae1e4285 Mon Sep 17 00:00:00 2001 From: Kaitlyn Michael Date: Thu, 24 Jul 2025 13:31:52 -0500 Subject: [PATCH 04/64] Remove unnecessary 'File:' labels from YAML examples - Removed 'File: filename.yaml' labels from all YAML examples across all pages - YAML examples are self-explanatory and don't need explicit file labels - Fixed duplicate 'Customization options' headings in basic-deployment.md - Renamed to 'Cluster customization options' and 'Database customization options' - Cleaner, more focused presentation of YAML configurations --- .../kubernetes/logs/log-collector-rbac.md | 8 ------- .../reference/yaml-examples/active-active.md | 6 ----- .../yaml-examples/basic-deployment.md | 24 ++++++------------- .../yaml-examples/multi-namespace.md | 12 ---------- .../reference/yaml-examples/rack-awareness.md | 10 -------- 5 files changed, 7 insertions(+), 53 deletions(-) diff --git a/content/operate/kubernetes/logs/log-collector-rbac.md b/content/operate/kubernetes/logs/log-collector-rbac.md index 35fa66a0d..c2b76d1c0 100644 --- a/content/operate/kubernetes/logs/log-collector-rbac.md +++ b/content/operate/kubernetes/logs/log-collector-rbac.md @@ -55,8 +55,6 @@ The key differences between the two modes: Use restricted mode for minimal security exposure while still collecting essential Redis Enterprise diagnostics. -**File: `log-collector-restricted-rbac.yaml`** - {{}} ### Restricted mode permissions @@ -83,8 +81,6 @@ The restricted mode provides access to: Use all mode when you need comprehensive cluster diagnostics or when specifically requested by Redis Support. -**File: `log-collector-all-rbac.yaml`** - {{}} ### All mode additional permissions @@ -103,8 +99,6 @@ In addition to all restricted mode permissions, all mode provides: Bind the Role to your service account in each namespace where you want to collect logs. -**File: `log-collector-role-binding.yaml`** - ```yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -125,8 +119,6 @@ roleRef: Bind the ClusterRole to your service account for cluster-wide permissions. -**File: `log-collector-cluster-role-binding.yaml`** - ```yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/content/operate/kubernetes/reference/yaml-examples/active-active.md b/content/operate/kubernetes/reference/yaml-examples/active-active.md index 4420df264..950c4298a 100644 --- a/content/operate/kubernetes/reference/yaml-examples/active-active.md +++ b/content/operate/kubernetes/reference/yaml-examples/active-active.md @@ -39,8 +39,6 @@ This example shows a two-cluster Active-Active setup: Each participating cluster needs a RedisEnterpriseRemoteCluster (RERC) resource pointing to the other clusters. -**File: `rerc-chicago.yaml`** (applied on Boston cluster) - {{}} ### RERC configuration @@ -76,8 +74,6 @@ spec: ## RERC for Boston cluster -**File: `rerc-boston.yaml`** (applied on Chicago cluster) - ```yaml apiVersion: app.redislabs.com/v1alpha1 kind: RedisEnterpriseRemoteCluster @@ -95,8 +91,6 @@ spec: The RedisEnterpriseActiveActiveDatabase (REAADB) resource defines the Active-Active database. -**File: `active-active-database.yaml`** - {{}} ### REAADB configuration diff --git a/content/operate/kubernetes/reference/yaml-examples/basic-deployment.md b/content/operate/kubernetes/reference/yaml-examples/basic-deployment.md index 2dc342c48..db66a094f 100644 --- a/content/operate/kubernetes/reference/yaml-examples/basic-deployment.md +++ b/content/operate/kubernetes/reference/yaml-examples/basic-deployment.md @@ -26,8 +26,6 @@ Apply the YAML files in this order: The service account provides an identity for the Redis Enterprise operator. -**File: `service-account.yaml`** - {{}} ### Service account configuration @@ -39,8 +37,6 @@ The service account provides an identity for the Redis Enterprise operator. The Role defines the permissions needed by the Redis Enterprise operator within the namespace. -**File: `role.yaml`** - {{}} ### Role configuration @@ -61,8 +57,6 @@ The Role defines the permissions needed by the Redis Enterprise operator within The RoleBinding connects the service account to the role, granting the necessary permissions. -**File: `role-binding.yaml`** - {{}} ### Role binding configuration @@ -75,8 +69,6 @@ The RoleBinding connects the service account to the role, granting the necessary The RedisEnterpriseCluster (REC) custom resource defines the cluster specification. -**File: `redis-cluster.yaml`** - {{}} ### Cluster configuration @@ -86,7 +78,7 @@ The RedisEnterpriseCluster (REC) custom resource defines the cluster specificati - **persistentSpec.volumeSize**: Storage size per node - **redisEnterpriseNodeResources**: CPU and memory allocation per node -### Customization options +### Cluster customization options Edit these values based on your requirements: @@ -94,11 +86,11 @@ Edit these values based on your requirements: spec: # Increase nodes for larger clusters nodes: 5 - + # Adjust storage size persistentSpec: volumeSize: 50Gi - + # Modify resource allocation redisEnterpriseNodeResources: requests: @@ -113,8 +105,6 @@ spec: The RedisEnterpriseDatabase (REDB) custom resource defines the database specification. -**File: `redis-database.yaml`** - {{}} ### Database configuration @@ -124,7 +114,7 @@ The RedisEnterpriseDatabase (REDB) custom resource defines the database specific - **spec.shardCount**: Number of shards (affects performance and scalability) - **spec.replication**: Enable/disable database replication -### Customization options +### Database customization options Edit these values based on your requirements: @@ -132,13 +122,13 @@ Edit these values based on your requirements: spec: # Increase memory for larger datasets memorySize: 1GB - + # Add more shards for better performance shardCount: 3 - + # Enable replication for high availability replication: true - + # Add database-specific configuration redisEnterpriseConfiguration: # Enable specific Redis modules diff --git a/content/operate/kubernetes/reference/yaml-examples/multi-namespace.md b/content/operate/kubernetes/reference/yaml-examples/multi-namespace.md index 4947c220d..2018598ae 100644 --- a/content/operate/kubernetes/reference/yaml-examples/multi-namespace.md +++ b/content/operate/kubernetes/reference/yaml-examples/multi-namespace.md @@ -43,30 +43,22 @@ Apply the YAML files in this order: These resources are deployed in the namespace where the Redis Enterprise operator runs. -**File: `operator-service-account.yaml`** - {{}} ## Operator cluster role The operator needs cluster-wide permissions to manage resources across namespaces. -**File: `operator-cluster-role.yaml`** - {{}} ## Operator cluster role binding -**File: `operator-cluster-role-binding.yaml`** - {{}} ## Consumer service account These resources are deployed in each namespace where you want to create Redis Enterprise clusters or databases. -**File: `consumer-service-account.yaml`** - ```yaml apiVersion: v1 kind: ServiceAccount @@ -78,14 +70,10 @@ metadata: ## Consumer role -**File: `consumer-role.yaml`** - {{}} ## Consumer role binding -**File: `consumer-role-binding.yaml`** - {{}} ### Consumer namespace configuration diff --git a/content/operate/kubernetes/reference/yaml-examples/rack-awareness.md b/content/operate/kubernetes/reference/yaml-examples/rack-awareness.md index 65dac6d2a..1dd22fcb9 100644 --- a/content/operate/kubernetes/reference/yaml-examples/rack-awareness.md +++ b/content/operate/kubernetes/reference/yaml-examples/rack-awareness.md @@ -39,16 +39,12 @@ Apply the YAML files in this order: The service account for rack-aware deployments is the same as basic deployments. -**File: `service-account.yaml`** - {{}} ## Cluster role Rack awareness requires additional permissions to read node labels across the cluster. -**File: `cluster-role.yaml`** - {{}} ### Cluster role configuration @@ -66,8 +62,6 @@ Rack awareness requires additional permissions to read node labels across the cl The ClusterRoleBinding grants cluster-wide permissions to the service account. -**File: `cluster-role-binding.yaml`** - {{}} ### Cluster role binding configuration @@ -80,8 +74,6 @@ The ClusterRoleBinding grants cluster-wide permissions to the service account. The rack-aware REC configuration includes the `rackAwarenessNodeLabel` field. -**File: `rack-aware-cluster.yaml`** - {{}} ### Rack-aware cluster configuration @@ -135,8 +127,6 @@ kubectl get nodes -o custom-columns=NAME:.metadata.name,ZONE:.metadata.labels.'t Database configuration for rack-aware clusters is the same as basic deployments. -**File: `redis-database.yaml`** - {{}} ### Rack awareness benefits From 2443841b22f0da03ece1771133a2f7cd88118912 Mon Sep 17 00:00:00 2001 From: Kaitlyn Michael Date: Thu, 24 Jul 2025 13:35:00 -0500 Subject: [PATCH 05/64] Move log collector changes to DOC-5485 branch - Removed log collector RBAC page from YAML examples section - Reverted logs section index to remove log collector RBAC reference - Reverted collect-logs.md to remove links to log collector RBAC page - DOC-4727 now focuses purely on YAML examples for deployment scenarios - Log collector documentation moved to DOC-5485 branch where it belongs thematically --- content/operate/kubernetes/logs/_index.md | 1 - .../operate/kubernetes/logs/collect-logs.md | 8 +- .../kubernetes/logs/log-collector-rbac.md | 195 ------------------ 3 files changed, 2 insertions(+), 202 deletions(-) delete mode 100644 content/operate/kubernetes/logs/log-collector-rbac.md diff --git a/content/operate/kubernetes/logs/_index.md b/content/operate/kubernetes/logs/_index.md index 8d7f938f3..00ba60e2c 100644 --- a/content/operate/kubernetes/logs/_index.md +++ b/content/operate/kubernetes/logs/_index.md @@ -18,7 +18,6 @@ Access and manage Redis Enterprise logs on Kubernetes for monitoring, troublesho Learn how to collect and access logs from your Redis Enterprise deployment: - [Collect logs]({{< relref "/operate/kubernetes/logs/collect-logs" >}}) - Methods for collecting logs from Redis Enterprise pods and containers -- [Log collector RBAC]({{< relref "/operate/kubernetes/logs/log-collector-rbac" >}}) - RBAC configurations for log collection in restricted and all modes ## Log storage and access diff --git a/content/operate/kubernetes/logs/collect-logs.md b/content/operate/kubernetes/logs/collect-logs.md index a280aaa2d..808649ea3 100644 --- a/content/operate/kubernetes/logs/collect-logs.md +++ b/content/operate/kubernetes/logs/collect-logs.md @@ -15,9 +15,9 @@ The Redis Enterprise cluster (REC) log collector script ([`log_collector.py`](ht As of version 6.2.18-3, the log collector tool has two modes: -- **[restricted]({{< relref "/operate/kubernetes/logs/log-collector-rbac#restricted-mode-rbac" >}})** collects only resources and logs created by the operator and Redis Enterprise deployments +- **restricted** collects only resources and logs created by the operator and Redis Enterprise deployments - This is the default for versions 6.2.18-3 and later -- **[all]({{< relref "/operate/kubernetes/logs/log-collector-rbac#all-mode-rbac" >}})** collects everything from your environment +- **all** collects everything from your environment - This is the default mode for versions 6.2.12-1 and earlier {{}} This script requires Python 3.6 or later. {{}} @@ -39,7 +39,3 @@ As of version 6.2.18-3, the log collector tool has two modes: 1. Upload the resulting `tar.gz` file containing all the logs to [Redis Support](https://support.redislabs.com/). - -## RBAC requirements - -The log collector requires specific RBAC permissions depending on the collection mode. See [Log collector RBAC]({{< relref "/operate/kubernetes/logs/log-collector-rbac" >}}) for complete YAML configurations for both restricted and all modes. diff --git a/content/operate/kubernetes/logs/log-collector-rbac.md b/content/operate/kubernetes/logs/log-collector-rbac.md deleted file mode 100644 index c2b76d1c0..000000000 --- a/content/operate/kubernetes/logs/log-collector-rbac.md +++ /dev/null @@ -1,195 +0,0 @@ ---- -Title: Log collector RBAC -alwaysopen: false -categories: -- docs -- operate -- kubernetes -description: RBAC configurations for Redis Enterprise log collector in all and restricted modes. -linkTitle: Log collector RBAC -weight: 90 ---- - -This page provides YAML examples for configuring RBAC permissions for the Redis Enterprise log collector tool. The log collector requires different permission levels depending on the collection mode you choose. - -## Overview - -The Redis Enterprise log collector script helps gather diagnostic information for troubleshooting. It has two collection modes that require different RBAC permissions: - -- **Restricted mode**: Collects only Redis Enterprise-related resources and logs (default for versions 6.2.18-3+) -- **All mode**: Collects comprehensive cluster information including non-Redis resources (default for versions 6.2.12-1 and earlier) - -## When to use each mode - -### Restricted mode (recommended) - -Use restricted mode when: -- You want to minimize security exposure -- Your organization has strict RBAC policies -- You only need Redis Enterprise-specific troubleshooting data -- You're running version 6.2.18-3 or later (default mode) - -### All mode - -Use all mode when: -- You need comprehensive cluster diagnostics -- Redis Support specifically requests additional cluster information -- You're troubleshooting complex issues that may involve non-Redis resources -- You're running version 6.2.12-1 or earlier (default mode) - -## Permission differences - -The key differences between the two modes: - -| Resource Category | Restricted Mode | All Mode | -|------------------|----------------|----------| -| **Cluster-level resources** | Limited | Full access | -| **Node information** | ❌ No access | ✅ Full access | -| **Storage classes** | ❌ No access | ✅ Full access | -| **Volume attachments** | ❌ No access | ✅ Full access | -| **Certificate signing requests** | ❌ No access | ✅ Full access | -| **Operator resources** | ❌ No access | ✅ Full access | -| **Istio resources** | ❌ No access | ✅ Full access | - -## Restricted mode RBAC - -Use restricted mode for minimal security exposure while still collecting essential Redis Enterprise diagnostics. - -{{}} - -### Restricted mode permissions - -The restricted mode provides access to: - -**Role permissions (namespace-scoped):** -- **Pods and logs**: Read pod information and access container logs -- **Pod exec**: Execute commands inside containers for diagnostics -- **Core resources**: Access to services, endpoints, ConfigMaps, secrets, and storage resources -- **Workload resources**: Read deployments, StatefulSets, DaemonSets, and jobs -- **Redis Enterprise resources**: Full read access to all Redis Enterprise custom resources -- **Networking**: Read ingress and network policy configurations -- **OpenShift routes**: Read route configurations (for OpenShift environments) - -**ClusterRole permissions (cluster-scoped):** -- **Persistent volumes**: Read cluster-wide storage information -- **Namespaces**: Read namespace information -- **RBAC**: Read cluster roles and bindings -- **Custom resource definitions**: Read Redis Enterprise CRDs -- **Admission controllers**: Read ValidatingWebhook configurations - -## All mode RBAC - -Use all mode when you need comprehensive cluster diagnostics or when specifically requested by Redis Support. - -{{}} - -### All mode additional permissions - -In addition to all restricted mode permissions, all mode provides: - -**Additional ClusterRole permissions:** -- **Nodes**: Read cluster node information and status -- **Storage classes**: Read storage class configurations -- **Volume attachments**: Read volume attachment status -- **Certificate signing requests**: Read certificate management information -- **Operator resources**: Read OLM (Operator Lifecycle Manager) resources -- **Istio resources**: Read Istio service mesh configurations - -## Role binding - -Bind the Role to your service account in each namespace where you want to collect logs. - -```yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: redis-enterprise-log-collector - namespace: -subjects: -- kind: ServiceAccount - name: redis-enterprise-log-collector - namespace: -roleRef: - kind: Role - name: redis-enterprise-log-collector - apiGroup: rbac.authorization.k8s.io -``` - -## Cluster role binding - -Bind the ClusterRole to your service account for cluster-wide permissions. - -```yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: redis-enterprise-log-collector -subjects: -- kind: ServiceAccount - name: redis-enterprise-log-collector - namespace: -roleRef: - kind: ClusterRole - name: redis-enterprise-log-collector - apiGroup: rbac.authorization.k8s.io -``` - -## Usage - -Apply the appropriate RBAC configuration and role bindings, then run the log collector with the desired mode: - -```bash -# Restricted mode (default for 6.2.18-3+) -python log_collector.py -m restricted -n - -# All mode -python log_collector.py -m all -n -``` - -## Security considerations - -### Principle of least privilege - -- **Start with restricted mode**: Use restricted mode unless you specifically need additional cluster information -- **Limit namespace access**: Only grant permissions in namespaces where log collection is needed -- **Time-bound access**: Consider creating temporary RBAC resources for log collection activities - -### Sensitive data handling - -Both modes collect: -- **Secrets metadata**: Names and types of secrets (not the actual secret values) -- **ConfigMap data**: Configuration information that may contain sensitive settings -- **Pod logs**: Application logs that may contain sensitive information - -Ensure collected logs are handled according to your organization's data security policies. - -## Troubleshooting - -### Permission denied errors - -If you encounter permission errors: - -1. **Verify RBAC resources**: Ensure roles and bindings are applied correctly -2. **Check service account**: Confirm the service account has the necessary bindings -3. **Validate namespace access**: Ensure role bindings exist in target namespaces -4. **Review mode requirements**: Verify you're using the correct mode for your needs - -### Missing resources - -If the log collector reports missing resources: - -1. **Check cluster role permissions**: Ensure ClusterRole is applied and bound -2. **Verify CRD access**: Confirm access to Redis Enterprise custom resource definitions -3. **Review mode selection**: Consider switching to all mode if additional resources are needed - -## Next steps - -- [Learn about log collection]({{< relref "/operate/kubernetes/logs/collect-logs" >}}) -- [Explore YAML deployment examples]({{< relref "/operate/kubernetes/reference/yaml-examples" >}}) -- [Configure monitoring]({{< relref "/operate/kubernetes/re-clusters/connect-prometheus-operator" >}}) - -## Related documentation - -- [Collect logs guide]({{< relref "/operate/kubernetes/logs/collect-logs" >}}) -- [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) -- [Redis Enterprise troubleshooting]({{< relref "/operate/kubernetes/logs" >}}) From 5c369ef9c00694d5114fe989a73b303ee2f69c3f Mon Sep 17 00:00:00 2001 From: Kaitlyn Michael Date: Thu, 24 Jul 2025 14:20:11 -0500 Subject: [PATCH 06/64] edits --- .../reference/yaml-examples/active-active.md | 192 ++------------- .../yaml-examples/basic-deployment.md | 137 +++-------- .../yaml-examples/multi-namespace.md | 222 ++---------------- .../reference/yaml-examples/rack-awareness.md | 75 +++--- layouts/shortcodes/embed-yaml.html | 2 + 5 files changed, 116 insertions(+), 512 deletions(-) create mode 100644 layouts/shortcodes/embed-yaml.html diff --git a/content/operate/kubernetes/reference/yaml-examples/active-active.md b/content/operate/kubernetes/reference/yaml-examples/active-active.md index 950c4298a..cc7b141fd 100644 --- a/content/operate/kubernetes/reference/yaml-examples/active-active.md +++ b/content/operate/kubernetes/reference/yaml-examples/active-active.md @@ -22,12 +22,11 @@ Active-Active databases span multiple Redis Enterprise clusters and provide: ## Prerequisites -Before creating Active-Active databases: +Before creating Active-Active databases, see the [Active-Active prerequisites]({{< relref "/operate/kubernetes/active-active/create-reaadb#prerequisites" >}}) for detailed requirements including: -1. **Multiple REC clusters**: Deploy Redis Enterprise clusters in different regions/zones -2. **Network connectivity**: Clusters must be able to communicate with each other -3. **DNS configuration**: Set up ingress/routes with proper DNS records -4. **Admission controller**: Enable the ValidatingWebhook for Active-Active support +- Multiple REC clusters deployed in different regions/zones +- Network connectivity and DNS configuration +- Admission controller setup ## Architecture @@ -39,16 +38,16 @@ This example shows a two-cluster Active-Active setup: Each participating cluster needs a RedisEnterpriseRemoteCluster (RERC) resource pointing to the other clusters. -{{}} +{{}} ### RERC configuration -- **metadata.name**: Unique name for this remote cluster reference -- **spec.recName**: Name of the remote REC -- **spec.recNamespace**: Namespace of the remote REC -- **spec.apiFqdnUrl**: API endpoint URL for the remote cluster -- **spec.dbFqdnSuffix**: Database hostname suffix for the remote cluster -- **spec.secretName**: Secret containing authentication credentials +- `metadata.name`: Unique name for this remote cluster reference +- `spec.recName`: Name of the remote REC +- `spec.recNamespace`: Namespace of the remote REC +- `spec.apiFqdnUrl`: API endpoint URL for the remote cluster +- `spec.dbFqdnSuffix`: Database hostname suffix for the remote cluster +- `spec.secretName`: Secret containing authentication credentials ### Customization for your environment @@ -91,13 +90,13 @@ spec: The RedisEnterpriseActiveActiveDatabase (REAADB) resource defines the Active-Active database. -{{}} +{{}} ### REAADB configuration -- **metadata.name**: Active-Active database name -- **spec.participatingClusters**: List of RERC names that participate in this database -- **spec.globalConfigurations**: Database settings applied to all participating clusters +- `metadata.name`: Active-Active database name +- `spec.participatingClusters`: List of RERC names that participate in this database +- `spec.globalConfigurations`: Database settings applied to all participating clusters ### Advanced configuration @@ -144,169 +143,24 @@ spec: ## Applying the configuration -### Step 1: Prepare clusters +For detailed deployment steps, see [Create Active-Active database (REAADB)]({{< relref "/operate/kubernetes/active-active/create-reaadb" >}}). The process includes: -Ensure both clusters are deployed and accessible: - -```bash -# Check cluster status on both clusters -kubectl get rec --all-namespaces - -# Verify ingress/routes are configured -kubectl get ingress,routes --all-namespaces -``` - -### Step 2: Create RERC resources - -Apply RERC resources on each cluster pointing to the other clusters: - -**On Chicago cluster:** -```bash -kubectl apply -f rerc-boston.yaml -``` - -**On Boston cluster:** -```bash -kubectl apply -f rerc-chicago.yaml -``` - -### Step 3: Verify RERC status - -Check that remote clusters are connected: - -```bash -# Check RERC status -kubectl get rerc -kubectl describe rerc rerc-boston - -# Verify connectivity -kubectl logs deployment/redis-enterprise-operator -``` - -### Step 4: Create Active-Active database - -Apply the REAADB resource on one of the participating clusters: - -```bash -kubectl apply -f active-active-database.yaml -``` - -### Step 5: Verify database creation - -Check that the database is created on all participating clusters: - -```bash -# Check REAADB status -kubectl get reaadb -kubectl describe reaadb reaadb - -# Verify local databases are created -kubectl get redb -``` +1. [Prepare participating clusters]({{< relref "/operate/kubernetes/active-active/prepare-clusters" >}}) +2. [Create RERC resources]({{< relref "/operate/kubernetes/active-active/create-reaadb#create-rerc" >}}) +3. [Create REAADB resource]({{< relref "/operate/kubernetes/active-active/create-reaadb#create-reaadb" >}}) +4. [Verify database creation]({{< relref "/operate/kubernetes/active-active/create-reaadb#verify-creation" >}}) ## Verification -### Check database status - -```bash -# View Active-Active database details -kubectl get reaadb reaadb -o yaml - -# Check local database instances -kubectl get redb --all-namespaces - -# Verify database connectivity -kubectl get svc | grep reaadb -``` - -### Test replication - -Connect to the database on different clusters and verify data replication: - -```bash -# Get database connection details -kubectl get secret reaadb -o yaml - -# Connect from Chicago cluster -redis-cli -h -p -a -SET test-key "chicago-value" - -# Connect from Boston cluster -redis-cli -h -p -a -GET test-key # Should return "chicago-value" -``` - -### Monitor replication lag - -Use the Redis Enterprise admin console to monitor: -- Replication status between clusters -- Sync lag metrics -- Conflict resolution statistics +For verification steps and testing procedures, see [Verify Active-Active database creation]({{< relref "/operate/kubernetes/active-active/create-reaadb#verify-creation" >}}) and [Active-Active database management]({{< relref "/operate/kubernetes/active-active" >}}). ## Troubleshooting -### Common issues - -**RERC connection failures** -- Verify DNS resolution for API and database endpoints -- Check network connectivity between clusters -- Validate ingress/route configurations - -**Database creation fails** -- Ensure admission controller is enabled -- Check that all RERC resources are in "Active" state -- Verify sufficient resources on all participating clusters - -**Replication not working** -- Check database endpoints are accessible -- Verify TLS certificates if using encrypted connections -- Monitor operator logs for replication errors - -### Debug commands - -```bash -# Check RERC connectivity -kubectl describe rerc - -# View operator logs -kubectl logs deployment/redis-enterprise-operator - -# Check database events -kubectl describe reaadb - -# Verify network policies -kubectl get networkpolicies -``` +For troubleshooting Active-Active databases, see [Active-Active troubleshooting]({{< relref "/operate/kubernetes/troubleshooting" >}}) and [general Kubernetes troubleshooting]({{< relref "/operate/kubernetes/troubleshooting" >}}). ## Security considerations -### TLS encryption - -Enable TLS for inter-cluster communication: - -```yaml -spec: - globalConfigurations: - # Enable TLS for replication - tlsMode: enabled - - # Specify TLS certificate secret - tlsSecretName: my-tls-secret -``` - -### Authentication - -Secure database access with authentication: - -```yaml -spec: - globalConfigurations: - # Enable database authentication - requireAuth: true - - # Secret containing database password - databaseSecretName: my-auth-secret -``` +For security configuration including TLS encryption and authentication, see [Active-Active security]({{< relref "/operate/kubernetes/security" >}}) and [database security]({{< relref "/operate/kubernetes/re-databases" >}}). ## Next steps diff --git a/content/operate/kubernetes/reference/yaml-examples/basic-deployment.md b/content/operate/kubernetes/reference/yaml-examples/basic-deployment.md index db66a094f..e3f177044 100644 --- a/content/operate/kubernetes/reference/yaml-examples/basic-deployment.md +++ b/content/operate/kubernetes/reference/yaml-examples/basic-deployment.md @@ -26,57 +26,57 @@ Apply the YAML files in this order: The service account provides an identity for the Redis Enterprise operator. -{{}} +{{}} ### Service account configuration -- **name**: The service account name used by the operator -- **labels**: Standard labels for Redis Enterprise resources +- `name`: The service account name used by the operator +- `labels`: Standard labels for Redis Enterprise resources ## Role The Role defines the permissions needed by the Redis Enterprise operator within the namespace. -{{}} +{{}} ### Role configuration -- **name**: Must match the role name referenced in the role binding -- **rules**: Comprehensive permissions for managing Redis Enterprise resources -- **apiGroups**: Includes core Kubernetes APIs and Redis Enterprise custom resources +- `name`: Must match the role name referenced in the role binding +- `rules`: Comprehensive permissions for managing Redis Enterprise resources +- `apiGroups`: Includes core Kubernetes APIs and Redis Enterprise custom resources ### Key permissions -- **app.redislabs.com**: Full access to Redis Enterprise custom resources -- **secrets**: Manage TLS certificates and database credentials -- **services**: Create and manage service endpoints -- **pods**: Monitor and manage Redis Enterprise pods -- **persistentvolumeclaims**: Manage persistent storage +- `app.redislabs.com`: Full access to Redis Enterprise custom resources +- `secrets`: Manage TLS certificates and database credentials +- `services`: Create and manage service endpoints +- `pods`: Monitor and manage Redis Enterprise pods +- `persistentvolumeclaims`: Manage persistent storage ## Role binding The RoleBinding connects the service account to the role, granting the necessary permissions. -{{}} +{{}} ### Role binding configuration -- **subjects.name**: Must match the service account name -- **roleRef.name**: Must match the role name -- **namespace**: Apply in the same namespace as other resources +- `subjects.name`: Must match the service account name +- `roleRef.name`: Must match the role name +- `namespace`: Apply in the same namespace as other resources ## Redis Enterprise cluster The RedisEnterpriseCluster (REC) custom resource defines the cluster specification. -{{}} +{{}} ### Cluster configuration -- **metadata.name**: Cluster name (cannot be changed after creation) -- **spec.nodes**: Number of Redis Enterprise nodes (minimum 3) -- **persistentSpec.volumeSize**: Storage size per node -- **redisEnterpriseNodeResources**: CPU and memory allocation per node +- `metadata.name`: Cluster name (cannot be changed after creation) +- `spec.nodes`: Number of Redis Enterprise nodes (minimum 3) +- `persistentSpec.volumeSize`: Storage size per node +- `redisEnterpriseNodeResources`: CPU and memory allocation per node ### Cluster customization options @@ -105,14 +105,14 @@ spec: The RedisEnterpriseDatabase (REDB) custom resource defines the database specification. -{{}} +{{}} ### Database configuration -- **metadata.name**: Database name -- **spec.memorySize**: Memory allocation for the database -- **spec.shardCount**: Number of shards (affects performance and scalability) -- **spec.replication**: Enable/disable database replication +- `metadata.name`: Database name +- `spec.memorySize`: Memory allocation for the database +- `spec.shardCount`: Number of shards (affects performance and scalability) +- `spec.replication`: Enable/disable database replication ### Database customization options @@ -139,87 +139,20 @@ spec: ## Applying the configuration -### Step 1: Create namespace +For detailed deployment steps, see the [Quick start deployment guide]({{< relref "/operate/kubernetes/deployment/quick-start" >}}). The process includes: -```bash -kubectl create namespace redis-enterprise -kubectl config set-context --current --namespace=redis-enterprise -``` - -### Step 2: Apply RBAC resources - -```bash -kubectl apply -f service-account.yaml -kubectl apply -f role.yaml -kubectl apply -f role-binding.yaml -``` - -### Step 3: Deploy the cluster - -```bash -kubectl apply -f redis-cluster.yaml -``` - -Wait for the cluster to be ready: - -```bash -kubectl get rec -kubectl describe rec rec -``` - -### Step 4: Create the database - -```bash -kubectl apply -f redis-database.yaml -``` - -Verify the database is created: - -```bash -kubectl get redb -kubectl describe redb redb -``` +1. [Create namespace]({{< relref "/operate/kubernetes/deployment/quick-start#create-a-new-namespace" >}}) +2. [Deploy the operator]({{< relref "/operate/kubernetes/deployment/quick-start#deploy-the-operator" >}}) +3. [Create Redis Enterprise cluster]({{< relref "/operate/kubernetes/deployment/quick-start#create-a-redis-enterprise-cluster-rec" >}}) +4. [Create Redis Enterprise database]({{< relref "/operate/kubernetes/deployment/quick-start#create-a-database" >}}) ## Verification -### Check cluster status - -```bash -# View cluster details -kubectl get rec -o wide - -# Check cluster events -kubectl describe rec rec - -# View cluster pods -kubectl get pods -l app=redis-enterprise -``` - -### Check database status - -```bash -# View database details -kubectl get redb -o wide +For verification steps and accessing the admin console, see: -# Check database events -kubectl describe redb redb - -# Get database connection details -kubectl get secret redb -o yaml -``` - -### Access the admin console - -Get the admin console URL and credentials: - -```bash -# Get admin console service -kubectl get svc rec-ui - -# Get admin credentials -kubectl get secret rec -o jsonpath='{.data.username}' | base64 -d -kubectl get secret rec -o jsonpath='{.data.password}' | base64 -d -``` +- [Verify cluster deployment]({{< relref "/operate/kubernetes/deployment/quick-start#verify-the-deployment" >}}) +- [Connect to the cluster]({{< relref "/operate/kubernetes/re-clusters/connect-to-cluster" >}}) +- [Access the admin console]({{< relref "/operate/kubernetes/re-clusters/connect-to-cluster#access-the-cluster-manager-ui" >}}) ## Next steps diff --git a/content/operate/kubernetes/reference/yaml-examples/multi-namespace.md b/content/operate/kubernetes/reference/yaml-examples/multi-namespace.md index 2018598ae..44d6aa576 100644 --- a/content/operate/kubernetes/reference/yaml-examples/multi-namespace.md +++ b/content/operate/kubernetes/reference/yaml-examples/multi-namespace.md @@ -43,17 +43,17 @@ Apply the YAML files in this order: These resources are deployed in the namespace where the Redis Enterprise operator runs. -{{}} +{{}} ## Operator cluster role The operator needs cluster-wide permissions to manage resources across namespaces. -{{}} +{{}} ## Operator cluster role binding -{{}} +{{}} ## Consumer service account @@ -70,17 +70,17 @@ metadata: ## Consumer role -{{}} +{{}} ## Consumer role binding -{{}} +{{}} ### Consumer namespace configuration -- **subjects.name**: Must match the operator service account name -- **subjects.namespace**: Must be the operator namespace, not the consumer namespace -- **roleRef.name**: Must match the consumer role name +- `subjects.name`: Must match the operator service account name +- `subjects.namespace`: Must be the operator namespace, not the consumer namespace +- `roleRef.name`: Must match the consumer role name ## Redis Enterprise clusters @@ -218,216 +218,28 @@ spec: ## Applying the configuration -### Step 1: Create namespaces +For detailed multi-namespace deployment steps, see [Multi-namespace deployment]({{< relref "/operate/kubernetes/deployment/multi-namespace" >}}). The process includes: -```bash -# Create operator namespace -kubectl create namespace redis-enterprise-operator - -# Create consumer namespaces -kubectl create namespace app-production -kubectl create namespace app-staging -``` - -### Step 2: Deploy operator resources - -```bash -# Switch to operator namespace -kubectl config set-context --current --namespace=redis-enterprise-operator - -# Apply operator RBAC -kubectl apply -f operator-service-account.yaml -kubectl apply -f operator-cluster-role.yaml -kubectl apply -f operator-cluster-role-binding.yaml - -# Deploy the operator (using bundle or Helm) -kubectl apply -f https://raw.githubusercontent.com/RedisLabs/redis-enterprise-k8s-docs/v7.8.6/bundle.yaml -``` - -### Step 3: Configure consumer namespaces - -**For production namespace:** -```bash -kubectl config set-context --current --namespace=app-production - -kubectl apply -f consumer-service-account.yaml -kubectl apply -f consumer-role.yaml -kubectl apply -f consumer-role-binding.yaml -``` - -**For staging namespace:** -```bash -kubectl config set-context --current --namespace=app-staging - -kubectl apply -f consumer-service-account.yaml -kubectl apply -f consumer-role.yaml -kubectl apply -f consumer-role-binding.yaml -``` - -### Step 4: Deploy clusters - -```bash -# Deploy production cluster -kubectl apply -f production-cluster.yaml - -# Deploy staging cluster -kubectl apply -f staging-cluster.yaml -``` - -### Step 5: Create databases - -```bash -# Create production database -kubectl apply -f production-database.yaml - -# Create staging database -kubectl apply -f staging-database.yaml -``` +1. Create operator and consumer namespaces +2. Deploy operator with cluster-wide permissions +3. Configure RBAC for consumer namespaces +4. Deploy clusters and databases in consumer namespaces ## Verification -### Check operator status - -```bash -# Verify operator is running -kubectl get deployment redis-enterprise-operator -n redis-enterprise-operator - -# Check operator logs -kubectl logs deployment/redis-enterprise-operator -n redis-enterprise-operator -``` - -### Check clusters across namespaces - -```bash -# View all clusters -kubectl get rec --all-namespaces - -# Check specific cluster status -kubectl describe rec rec-production -n app-production -kubectl describe rec rec-staging -n app-staging -``` - -### Check databases across namespaces - -```bash -# View all databases -kubectl get redb --all-namespaces - -# Check specific database status -kubectl describe redb redb-production -n app-production -kubectl describe redb redb-staging -n app-staging -``` - -### Verify RBAC permissions - -```bash -# Check cluster role bindings -kubectl get clusterrolebinding | grep redis-enterprise - -# Check role bindings in consumer namespaces -kubectl get rolebinding -n app-production -kubectl get rolebinding -n app-staging -``` +For verification steps and troubleshooting multi-namespace deployments, see [Multi-namespace verification]({{< relref "/operate/kubernetes/deployment/multi-namespace#verify-deployment" >}}) and [troubleshooting guide]({{< relref "/operate/kubernetes/troubleshooting" >}}). ## Management operations -### Adding new consumer namespaces - -To add a new consumer namespace: - -1. Create the namespace -2. Apply consumer RBAC resources -3. Deploy clusters and databases as needed - -```bash -# Create new namespace -kubectl create namespace app-development - -# Apply RBAC resources -kubectl config set-context --current --namespace=app-development -kubectl apply -f consumer-service-account.yaml -kubectl apply -f consumer-role.yaml -kubectl apply -f consumer-role-binding.yaml -``` - -### Monitoring across namespaces - -Monitor resources across all namespaces: - -```bash -# Watch all Redis Enterprise resources -kubectl get rec,redb,reaadb,rerc --all-namespaces -w - -# Check resource usage by namespace -kubectl top pods --all-namespaces | grep redis-enterprise -``` +For managing multi-namespace deployments including adding/removing namespaces and monitoring, see [Multi-namespace management]({{< relref "/operate/kubernetes/deployment/multi-namespace" >}}). ## Security considerations -### Namespace isolation - -- Each consumer namespace has its own RBAC configuration -- Resources in one namespace cannot access resources in another -- Secrets and ConfigMaps are namespace-scoped - -### Operator permissions - -The operator has cluster-wide permissions but only for: -- Reading namespace information -- Managing Redis Enterprise custom resources -- Creating necessary Kubernetes resources - -### Network policies - -Consider implementing network policies for additional isolation: - -```yaml -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: redis-enterprise-isolation - namespace: app-production -spec: - podSelector: - matchLabels: - app: redis-enterprise - policyTypes: - - Ingress - - Egress - ingress: - - from: - - namespaceSelector: - matchLabels: - name: app-production -``` +For security considerations including namespace isolation, RBAC permissions, and network policies, see [Kubernetes security]({{< relref "/operate/kubernetes/security" >}}) and [multi-namespace security]({{< relref "/operate/kubernetes/deployment/multi-namespace#security-considerations" >}}). ## Troubleshooting -### Common issues - -**Operator cannot create resources in consumer namespace** -- Verify ClusterRole and ClusterRoleBinding are applied -- Check that consumer namespace has proper Role and RoleBinding -- Ensure service account names match across configurations - -**Resources not appearing in consumer namespace** -- Confirm operator is running and healthy -- Check operator logs for permission errors -- Verify namespace labels and selectors - -### Debug commands - -```bash -# Check operator permissions -kubectl auth can-i create rec --as=system:serviceaccount:redis-enterprise-operator:redis-enterprise-operator -n app-production - -# View operator logs -kubectl logs deployment/redis-enterprise-operator -n redis-enterprise-operator --tail=100 - -# Check RBAC configuration -kubectl describe clusterrole redis-enterprise-operator-consumer-ns -kubectl describe rolebinding redis-enterprise-operator -n app-production -``` +For troubleshooting multi-namespace deployments, see [Multi-namespace troubleshooting]({{< relref "/operate/kubernetes/troubleshooting" >}}). ## Next steps diff --git a/content/operate/kubernetes/reference/yaml-examples/rack-awareness.md b/content/operate/kubernetes/reference/yaml-examples/rack-awareness.md index 1dd22fcb9..98e9b9f57 100644 --- a/content/operate/kubernetes/reference/yaml-examples/rack-awareness.md +++ b/content/operate/kubernetes/reference/yaml-examples/rack-awareness.md @@ -10,20 +10,14 @@ linkTitle: Rack awareness weight: 20 --- -This page provides YAML examples for deploying Redis Enterprise with rack awareness. Rack awareness distributes Redis Enterprise nodes across different availability zones or failure domains to improve high availability and fault tolerance. - -## Overview - -Rack awareness ensures that: -- Redis Enterprise nodes are distributed across different zones -- Database shards and replicas are placed on nodes in different zones -- The cluster remains available even if an entire zone fails +This page provides YAML examples for deploying Redis Enterprise with [rack awareness]({{< relref "/operate/kubernetes/architecture/operator-architecture#rack-awareness" >}}). Rack awareness distributes Redis Enterprise nodes across different availability zones or failure domains to improve high availability and fault tolerance. ## Prerequisites -- Kubernetes nodes must be labeled with zone information +- [Kubernetes nodes](https://kubernetes.io/docs/concepts/architecture/nodes/) must be labeled with zone information - Typically uses the standard label `topology.kubernetes.io/zone` - Verify node labels: `kubectl get nodes --show-labels` +- [Redis Enterprise operator]({{< relref "/operate/kubernetes/deployment" >}}) must be installed ## Deployment order @@ -37,50 +31,50 @@ Apply the YAML files in this order: ## Service account -The service account for rack-aware deployments is the same as basic deployments. +The service account for rack-aware deployments is the same as [basic deployments]({{< relref "/operate/kubernetes/reference/yaml-examples/basic-deployment#service-account" >}}). -{{}} +{{}} ## Cluster role -Rack awareness requires additional permissions to read node labels across the cluster. +Rack awareness requires additional permissions to read [node labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) across the cluster. -{{}} +{{}} ### Cluster role configuration -- **name**: ClusterRole name for rack awareness permissions -- **rules**: Permissions to read nodes and their labels cluster-wide -- **resources**: Access to `nodes` resource for zone label discovery +- `name`: ClusterRole name for rack awareness permissions +- `rules`: Permissions to read nodes and their labels cluster-wide +- `resources`: Access to `nodes` resource for zone label discovery ### Key permissions -- **nodes**: Read access to discover node zone labels -- **get, list, watch**: Monitor node changes and zone assignments +- `nodes`: Read access to discover node zone labels +- `get, list, watch`: Monitor node changes and zone assignments ## Cluster role binding -The ClusterRoleBinding grants cluster-wide permissions to the service account. +The [ClusterRoleBinding](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding) grants cluster-wide permissions to the service account. -{{}} +{{}} ### Cluster role binding configuration -- **subjects.name**: Must match the service account name -- **subjects.namespace**: Namespace where the operator is deployed -- **roleRef.name**: Must match the cluster role name +- `subjects.name`: Must match the service account name +- `subjects.namespace`: Namespace where the operator is deployed +- `roleRef.name`: Must match the cluster role name ## Rack-aware Redis Enterprise cluster -The rack-aware REC configuration includes the `rackAwarenessNodeLabel` field. +The rack-aware [REC configuration]({{< relref "/operate/kubernetes/reference/redis_enterprise_cluster_api" >}}) includes the `rackAwarenessNodeLabel` field. -{{}} +{{}} ### Rack-aware cluster configuration -- **metadata.name**: Cluster name (cannot be changed after creation) -- **spec.rackAwarenessNodeLabel**: Node label used for zone identification -- **spec.nodes**: Minimum 3 nodes, ideally distributed across zones +- `metadata.name`: Cluster name (cannot be changed after creation) +- `spec.rackAwarenessNodeLabel`: Node label used for zone identification +- `spec.nodes`: Minimum 3 nodes, ideally distributed across zones ### Customization options @@ -113,9 +107,9 @@ spec: Different Kubernetes distributions use different zone labels: -- **Standard**: `topology.kubernetes.io/zone` -- **Legacy**: `failure-domain.beta.kubernetes.io/zone` -- **Custom**: Your organization's specific labeling scheme +- `Standard`: `topology.kubernetes.io/zone` +- `Legacy`: `failure-domain.beta.kubernetes.io/zone` +- `Custom`: Your organization's specific labeling scheme Verify the correct label on your nodes: @@ -125,9 +119,9 @@ kubectl get nodes -o custom-columns=NAME:.metadata.name,ZONE:.metadata.labels.'t ## Redis Enterprise database -Database configuration for rack-aware clusters is the same as basic deployments. +Database configuration for rack-aware clusters is the same as [basic deployments]({{< relref "/operate/kubernetes/reference/yaml-examples/basic-deployment#redis-enterprise-database" >}}). -{{}} +{{}} ### Rack awareness benefits @@ -141,7 +135,7 @@ When deployed on a rack-aware cluster, databases automatically benefit from: ### Step 1: Verify node labels -Check that your nodes have zone labels: +Check that your nodes have [zone labels](https://kubernetes.io/docs/reference/labels-annotations-taints/#topologykubernetesiozone): ```bash kubectl get nodes --show-labels | grep topology.kubernetes.io/zone @@ -160,6 +154,8 @@ kubectl create namespace redis-enterprise kubectl config set-context --current --namespace=redis-enterprise ``` +For more details, see [namespace management]({{< relref "/operate/kubernetes/deployment/quick-start#create-a-new-namespace" >}}). + ### Step 3: Apply RBAC resources ```bash @@ -204,7 +200,7 @@ kubectl get pods -l app=redis-enterprise -o custom-columns=NAME:.metadata.name,N ### Verify database placement -Access the Redis Enterprise admin console to verify: +Access the [Redis Enterprise admin console]({{< relref "/operate/kubernetes/re-clusters/connect-to-cluster#access-the-cluster-manager-ui" >}}) to verify: 1. Database shards are distributed across zones 2. Replicas are in different zones than their masters @@ -214,7 +210,7 @@ Access the Redis Enterprise admin console to verify: To test rack awareness: -1. Simulate zone failure by cordoning nodes in one zone +1. Simulate zone failure by [cordoning nodes](https://kubernetes.io/docs/concepts/architecture/nodes/#manual-node-administration) in one zone 2. Verify that the cluster remains operational 3. Check that databases continue to serve requests @@ -231,15 +227,18 @@ kubectl get rec,redb ### Common issues **Nodes not distributed across zones** + - Verify node labels are correct - Check that sufficient nodes exist in each zone - Ensure the `rackAwarenessNodeLabel` matches actual node labels **Cluster role permissions denied** + - Verify the ClusterRole and ClusterRoleBinding are applied - Check that the service account name matches in all resources **Database shards not distributed** + - Confirm the cluster has rack awareness enabled - Check that the database has multiple shards - Verify sufficient nodes exist across zones @@ -257,6 +256,8 @@ kubectl describe clusterrole redis-enterprise-operator-consumer kubectl logs deployment/redis-enterprise-operator ``` +For more troubleshooting guidance, see [troubleshooting Redis Enterprise on Kubernetes]({{< relref "/operate/kubernetes/troubleshooting" >}}). + ## Next steps - [Configure Active-Active databases]({{< relref "/operate/kubernetes/reference/yaml-examples/active-active" >}}) @@ -267,4 +268,6 @@ kubectl logs deployment/redis-enterprise-operator - [Node selection recommendations]({{< relref "/operate/kubernetes/recommendations/node-selection" >}}) - [REC API reference]({{< relref "/operate/kubernetes/reference/redis_enterprise_cluster_api" >}}) +- [REDB API reference]({{< relref "/operate/kubernetes/reference/redis_enterprise_database_api" >}}) - [Kubernetes node affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/) +- [Redis Enterprise cluster architecture]({{< relref "/operate/kubernetes/architecture" >}}) diff --git a/layouts/shortcodes/embed-yaml.html b/layouts/shortcodes/embed-yaml.html new file mode 100644 index 000000000..ff55f7efe --- /dev/null +++ b/layouts/shortcodes/embed-yaml.html @@ -0,0 +1,2 @@ +{{$file := .Get 0}} +{{printf "./content/embeds/%s" $file | readFile | markdownify}} From 6f9c84d1a608863f8f4a033b3ef27f55a79170a8 Mon Sep 17 00:00:00 2001 From: Kaitlyn Michael Date: Thu, 24 Jul 2025 14:28:29 -0500 Subject: [PATCH 07/64] Add log-collector-rbac.md with RBAC configurations --- .../kubernetes/logs/log-collector-rbac.md | 99 +++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 content/operate/kubernetes/logs/log-collector-rbac.md diff --git a/content/operate/kubernetes/logs/log-collector-rbac.md b/content/operate/kubernetes/logs/log-collector-rbac.md new file mode 100644 index 000000000..caf5cca1b --- /dev/null +++ b/content/operate/kubernetes/logs/log-collector-rbac.md @@ -0,0 +1,99 @@ +--- +Title: Log collector RBAC +alwaysopen: false +categories: +- docs +- operate +- kubernetes +description: RBAC configurations for Redis Enterprise log collector in all and restricted modes. +linkTitle: Log collector RBAC +weight: 90 +--- + +This page provides YAML examples for configuring RBAC permissions for the Redis Enterprise log collector tool. + +## Overview + +The Redis Enterprise log collector script helps gather diagnostic information for troubleshooting. +The log collector requires different permission levels depending on the collection mode you choose. +It has two collection modes that require different RBAC permissions: +h +- **Restricted mode** (recommended): Collects only Redis Enterprise resources with minimal security exposure. Default for versions 6.2.18-3+. +- **All mode**: Collects comprehensive cluster information including nodes, storage classes, and operator resources. Use when specifically requested by Redis Support. + +## RBAC configurations + +### Restricted mode + +{{}} + +### All mode + +{{}} + +{{< note >}} +For the complete list of resources and permissions required by each mode, refer to the role definitions in the YAML files above. +{{< /note >}} + +## Applying RBAC configurations + +### Namespace requirements + +The Role and RoleBinding must be created in every namespace where you need to collect logs. This varies based on your deployment model: + +- **Single namespace**: Apply to the namespace where Redis Enterprise runs +- **Multi-namespace with single REC**: Apply to the REC namespace plus each REDB namespace +- **Multi-namespace with multiple RECs**: Apply to each REC namespace + +The ClusterRole and ClusterRoleBinding need to be created only once per cluster. + +{{< note >}} +Each YAML file contains both Role and ClusterRole objects. Running `kubectl apply` installs both components. You can safely run the command multiple times with different namespaces. +{{< /note >}} + +### Manual deployment + +If you prefer to apply the configurations manually, save the YAML content to local files and apply them: + +```bash +# Save the YAML content to a file +kubectl apply -f log-collector-rbac.yaml --namespace +``` + +## Usage + +After applying the RBAC configuration, run the log collector: + +```bash +# Restricted mode (default for 6.2.18-3+) +python log_collector.py -m restricted -n + +# All mode +python log_collector.py -m all -n +``` + +## Security considerations + +- **Use restricted mode** unless you specifically need additional cluster information +- **Limit namespace access** to only where log collection is needed +- **Handle collected data** according to your organization's security policies (logs may contain sensitive information) + +### Secrets permission explanation + +The RBAC configurations request read access to secrets in the collected namespaces. **Secrets are not collected or included in the log package sent to Redis Support.** This permission is required because: + +- The log collector uses Helm commands (`helm list`, `helm get all`) to gather information about Redis Enterprise Helm chart deployments +- Helm stores its deployment metadata in Kubernetes secrets +- For Redis Enterprise charts, this metadata contains only deployment configuration (not sensitive data), but follows Helm's standard storage pattern + +If your security policies prohibit secrets access, you can remove the secrets permission from the Role, but this will limit the log collector's ability to gather Helm deployment information. + +## Troubleshooting + +If you encounter permission errors, verify that roles and bindings are applied correctly in the target namespaces. For missing resources, ensure the ClusterRole is applied and consider switching to all mode if additional resources are needed. + +## Related documentation + +- [Collect logs guide]({{< relref "/operate/kubernetes/logs/collect-logs" >}}) +- [Kubernetes RBAC documentation](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) +- [Redis Enterprise troubleshooting]({{< relref "/operate/kubernetes/logs" >}}) From 9683c0e1f5805e52d414b6b5f65b906e67ca27f5 Mon Sep 17 00:00:00 2001 From: Kaitlyn Michael Date: Thu, 24 Jul 2025 15:00:58 -0500 Subject: [PATCH 08/64] api section --- .../kubernetes/reference/api/_index.md | 56 +++++++++++++++++++ ...kubernetes-api-reference-frontmatter.patch | 0 .../kubernetes-api-reference-template.tmpl | 0 ...s_enterprise_active_active_database_api.md | 0 .../{ => api}/redis_enterprise_cluster_api.md | 0 .../redis_enterprise_database_api.md | 0 .../redis_enterprise_remote_cluster_api.md | 0 .../reference/supported_k8s_distributions.md | 2 +- .../{yaml-examples => yaml}/_index.md | 0 .../{yaml-examples => yaml}/active-active.md | 0 .../basic-deployment.md | 0 .../multi-namespace.md | 0 .../{yaml-examples => yaml}/rack-awareness.md | 0 13 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 content/operate/kubernetes/reference/api/_index.md rename content/operate/kubernetes/reference/{ => api}/kubernetes-api-reference-frontmatter.patch (100%) rename content/operate/kubernetes/reference/{ => api}/kubernetes-api-reference-template.tmpl (100%) rename content/operate/kubernetes/reference/{ => api}/redis_enterprise_active_active_database_api.md (100%) rename content/operate/kubernetes/reference/{ => api}/redis_enterprise_cluster_api.md (100%) rename content/operate/kubernetes/reference/{ => api}/redis_enterprise_database_api.md (100%) rename content/operate/kubernetes/reference/{ => api}/redis_enterprise_remote_cluster_api.md (100%) rename content/operate/kubernetes/reference/{yaml-examples => yaml}/_index.md (100%) rename content/operate/kubernetes/reference/{yaml-examples => yaml}/active-active.md (100%) rename content/operate/kubernetes/reference/{yaml-examples => yaml}/basic-deployment.md (100%) rename content/operate/kubernetes/reference/{yaml-examples => yaml}/multi-namespace.md (100%) rename content/operate/kubernetes/reference/{yaml-examples => yaml}/rack-awareness.md (100%) diff --git a/content/operate/kubernetes/reference/api/_index.md b/content/operate/kubernetes/reference/api/_index.md new file mode 100644 index 000000000..587b86834 --- /dev/null +++ b/content/operate/kubernetes/reference/api/_index.md @@ -0,0 +1,56 @@ +--- +title: API reference +categories: +- docs +- operate +- kubernetes +linkTitle: API reference +description: Reference documentation for Redis Enterprise operator APIs +weight: 30 +alwaysopen: false +hideListLinks: true +aliases: +--- + +The Redis Enterprise operator provides Kubernetes custom resource definitions (CRDs) that allow you to manage Redis Enterprise clusters and databases declaratively. This section contains the complete API reference for all operator resources. + +## API versions and stability + +The operator uses different API versions to indicate stability and feature maturity: + +- **`app.redislabs.com/v1`** - Stable APIs for production use +- **`app.redislabs.com/v1alpha1`** - Alpha APIs that may change in future releases + +## Custom resources + +| Resource | API Version | Purpose | +|----------|-------------|---------| +| [RedisEnterpriseCluster (REC)](redis_enterprise_cluster_api) | `v1` | Manages Redis Enterprise cluster deployments | +| [RedisEnterpriseDatabase (REDB)](redis_enterprise_database_api) | `v1alpha1` | Creates and configures Redis databases | +| [RedisEnterpriseActiveActiveDatabase (REAADB)](redis_enterprise_active_active_database_api) | `v1alpha1` | Sets up active-active databases across clusters | +| [RedisEnterpriseRemoteCluster (RERC)](redis_enterprise_remote_cluster_api) | `v1alpha1` | Defines remote cluster connections for active-active | + +## Working with the APIs + +### Using kubectl + +All resources can be managed using standard `kubectl` commands: + +```bash +# List all Redis Enterprise clusters +kubectl get rec + +# Get detailed information about a specific database +kubectl describe redb my-database + +# Apply a configuration from a YAML file +kubectl apply -f my-redis-config.yaml +``` + +### Resource relationships + +- A `RedisEnterpriseCluster` (REC) must be created first to provide the Redis Enterprise infrastructure +- `RedisEnterpriseDatabase` (REDB) resources are created within a cluster to provision individual databases +- `RedisEnterpriseActiveActiveDatabase` (REAADB) requires `RedisEnterpriseRemoteCluster (RERC)` resources to define participating clusters + +For complete YAML configuration examples, see the [YAML examples](../yaml/) section. diff --git a/content/operate/kubernetes/reference/kubernetes-api-reference-frontmatter.patch b/content/operate/kubernetes/reference/api/kubernetes-api-reference-frontmatter.patch similarity index 100% rename from content/operate/kubernetes/reference/kubernetes-api-reference-frontmatter.patch rename to content/operate/kubernetes/reference/api/kubernetes-api-reference-frontmatter.patch diff --git a/content/operate/kubernetes/reference/kubernetes-api-reference-template.tmpl b/content/operate/kubernetes/reference/api/kubernetes-api-reference-template.tmpl similarity index 100% rename from content/operate/kubernetes/reference/kubernetes-api-reference-template.tmpl rename to content/operate/kubernetes/reference/api/kubernetes-api-reference-template.tmpl diff --git a/content/operate/kubernetes/reference/redis_enterprise_active_active_database_api.md b/content/operate/kubernetes/reference/api/redis_enterprise_active_active_database_api.md similarity index 100% rename from content/operate/kubernetes/reference/redis_enterprise_active_active_database_api.md rename to content/operate/kubernetes/reference/api/redis_enterprise_active_active_database_api.md diff --git a/content/operate/kubernetes/reference/redis_enterprise_cluster_api.md b/content/operate/kubernetes/reference/api/redis_enterprise_cluster_api.md similarity index 100% rename from content/operate/kubernetes/reference/redis_enterprise_cluster_api.md rename to content/operate/kubernetes/reference/api/redis_enterprise_cluster_api.md diff --git a/content/operate/kubernetes/reference/redis_enterprise_database_api.md b/content/operate/kubernetes/reference/api/redis_enterprise_database_api.md similarity index 100% rename from content/operate/kubernetes/reference/redis_enterprise_database_api.md rename to content/operate/kubernetes/reference/api/redis_enterprise_database_api.md diff --git a/content/operate/kubernetes/reference/redis_enterprise_remote_cluster_api.md b/content/operate/kubernetes/reference/api/redis_enterprise_remote_cluster_api.md similarity index 100% rename from content/operate/kubernetes/reference/redis_enterprise_remote_cluster_api.md rename to content/operate/kubernetes/reference/api/redis_enterprise_remote_cluster_api.md diff --git a/content/operate/kubernetes/reference/supported_k8s_distributions.md b/content/operate/kubernetes/reference/supported_k8s_distributions.md index 62530d709..db5726d75 100644 --- a/content/operate/kubernetes/reference/supported_k8s_distributions.md +++ b/content/operate/kubernetes/reference/supported_k8s_distributions.md @@ -7,7 +7,7 @@ categories: - kubernetes description: Support matrix for the current Redis Enterprise K8s operator linkTitle: Supported distributions -weight: 30 +weight: 10 --- Each release of Redis Enterprise for Kubernetes is thoroughly tested against a set of Kubernetes distributions. The table below lists Redis Enterprise for Kubernetes versions and the Kubernetes distributions they support. diff --git a/content/operate/kubernetes/reference/yaml-examples/_index.md b/content/operate/kubernetes/reference/yaml/_index.md similarity index 100% rename from content/operate/kubernetes/reference/yaml-examples/_index.md rename to content/operate/kubernetes/reference/yaml/_index.md diff --git a/content/operate/kubernetes/reference/yaml-examples/active-active.md b/content/operate/kubernetes/reference/yaml/active-active.md similarity index 100% rename from content/operate/kubernetes/reference/yaml-examples/active-active.md rename to content/operate/kubernetes/reference/yaml/active-active.md diff --git a/content/operate/kubernetes/reference/yaml-examples/basic-deployment.md b/content/operate/kubernetes/reference/yaml/basic-deployment.md similarity index 100% rename from content/operate/kubernetes/reference/yaml-examples/basic-deployment.md rename to content/operate/kubernetes/reference/yaml/basic-deployment.md diff --git a/content/operate/kubernetes/reference/yaml-examples/multi-namespace.md b/content/operate/kubernetes/reference/yaml/multi-namespace.md similarity index 100% rename from content/operate/kubernetes/reference/yaml-examples/multi-namespace.md rename to content/operate/kubernetes/reference/yaml/multi-namespace.md diff --git a/content/operate/kubernetes/reference/yaml-examples/rack-awareness.md b/content/operate/kubernetes/reference/yaml/rack-awareness.md similarity index 100% rename from content/operate/kubernetes/reference/yaml-examples/rack-awareness.md rename to content/operate/kubernetes/reference/yaml/rack-awareness.md From acbfaf11a9bc6b26819c445a662599ab158ed99d Mon Sep 17 00:00:00 2001 From: Kaitlyn Michael Date: Thu, 24 Jul 2025 15:05:29 -0500 Subject: [PATCH 09/64] copy edits --- .../kubernetes/reference/yaml/_index.md | 30 ++----------------- 1 file changed, 3 insertions(+), 27 deletions(-) diff --git a/content/operate/kubernetes/reference/yaml/_index.md b/content/operate/kubernetes/reference/yaml/_index.md index cf5843273..a811c2285 100644 --- a/content/operate/kubernetes/reference/yaml/_index.md +++ b/content/operate/kubernetes/reference/yaml/_index.md @@ -68,40 +68,16 @@ kubectl get events --sort-by=.metadata.creationTimestamp ## Example categories -### Basic deployment - -Essential YAML files for a simple Redis Enterprise deployment: - - [Basic deployment examples]({{< relref "/operate/kubernetes/reference/yaml-examples/basic-deployment" >}}) - Service account, RBAC, cluster, and database configurations - -### Rack awareness - -YAML examples for rack-aware deployments that distribute Redis Enterprise nodes across availability zones: - - [Rack awareness examples]({{< relref "/operate/kubernetes/reference/yaml-examples/rack-awareness" >}}) - Rack-aware cluster configuration and required RBAC - -### Active-Active - -YAML examples for Active-Active database deployments across multiple clusters: - - [Active-Active examples]({{< relref "/operate/kubernetes/reference/yaml-examples/active-active" >}}) - Multi-cluster Active-Active database setup - -### Multi-namespace - -YAML examples for deploying Redis Enterprise across multiple namespaces: - - [Multi-namespace examples]({{< relref "/operate/kubernetes/reference/yaml-examples/multi-namespace" >}}) - Cross-namespace operator and cluster configurations ## Best practices -When working with these YAML examples: - -- **Start simple**: Begin with basic deployment examples before moving to advanced configurations -- **Validate syntax**: Use `kubectl apply --dry-run=client` to check YAML syntax before applying -- **Version control**: Store your customized YAML files in version control -- **Environment-specific values**: Use separate YAML files or tools like Kustomize for environment-specific configurations -- **Resource naming**: Use consistent, descriptive names for all resources -- **Documentation**: Add annotations to describe the purpose of each resource +- Validate syntax: Use `kubectl apply --dry-run=client` to check YAML syntax before applying +- Version control: Store your customized YAML files in version control +- Resource naming: Use consistent, descriptive names for all resources ## Related documentation From 37caa05c83b32906d844b0802b30e9a24d14e041 Mon Sep 17 00:00:00 2001 From: Kaitlyn Michael Date: Thu, 24 Jul 2025 15:13:06 -0500 Subject: [PATCH 10/64] download button --- assets/css/index.css | 21 ++++ .../reference/yaml/active-active.md | 4 +- .../reference/yaml/basic-deployment.md | 10 +- .../reference/yaml/multi-namespace.md | 10 +- .../reference/yaml/rack-awareness.md | 10 +- layouts/shortcodes/embed-yaml.html | 99 ++++++++++++++++++- 6 files changed, 136 insertions(+), 18 deletions(-) diff --git a/assets/css/index.css b/assets/css/index.css index cb4b11bf1..9dd0f1125 100644 --- a/assets/css/index.css +++ b/assets/css/index.css @@ -521,6 +521,27 @@ select { @apply w-10 h-10; } +/* YAML embed container styles */ +.yaml-embed-container { + @apply relative; +} + +.yaml-embed-container .download-yaml-btn { + @apply absolute top-2 right-2 z-10; + @apply bg-redis-yellow-500 hover:bg-redis-ink-900 hover:text-white; + @apply text-redis-ink-900 text-xs font-mono px-3 py-1 rounded; + @apply border border-redis-pen-600 transition-colors; + @apply flex items-center gap-1; +} + +.yaml-embed-container .download-yaml-btn:disabled { + @apply opacity-75 cursor-not-allowed; +} + +.yaml-embed-container .download-yaml-btn svg { + @apply w-3 h-3; +} + #download-redis > h3, #download-redis-stack > h3 { @apply mt-2; diff --git a/content/operate/kubernetes/reference/yaml/active-active.md b/content/operate/kubernetes/reference/yaml/active-active.md index cc7b141fd..e40a16370 100644 --- a/content/operate/kubernetes/reference/yaml/active-active.md +++ b/content/operate/kubernetes/reference/yaml/active-active.md @@ -38,7 +38,7 @@ This example shows a two-cluster Active-Active setup: Each participating cluster needs a RedisEnterpriseRemoteCluster (RERC) resource pointing to the other clusters. -{{}} +{{}} ### RERC configuration @@ -90,7 +90,7 @@ spec: The RedisEnterpriseActiveActiveDatabase (REAADB) resource defines the Active-Active database. -{{}} +{{}} ### REAADB configuration diff --git a/content/operate/kubernetes/reference/yaml/basic-deployment.md b/content/operate/kubernetes/reference/yaml/basic-deployment.md index e3f177044..87437d9ba 100644 --- a/content/operate/kubernetes/reference/yaml/basic-deployment.md +++ b/content/operate/kubernetes/reference/yaml/basic-deployment.md @@ -26,7 +26,7 @@ Apply the YAML files in this order: The service account provides an identity for the Redis Enterprise operator. -{{}} +{{}} ### Service account configuration @@ -37,7 +37,7 @@ The service account provides an identity for the Redis Enterprise operator. The Role defines the permissions needed by the Redis Enterprise operator within the namespace. -{{}} +{{}} ### Role configuration @@ -57,7 +57,7 @@ The Role defines the permissions needed by the Redis Enterprise operator within The RoleBinding connects the service account to the role, granting the necessary permissions. -{{}} +{{}} ### Role binding configuration @@ -69,7 +69,7 @@ The RoleBinding connects the service account to the role, granting the necessary The RedisEnterpriseCluster (REC) custom resource defines the cluster specification. -{{}} +{{}} ### Cluster configuration @@ -105,7 +105,7 @@ spec: The RedisEnterpriseDatabase (REDB) custom resource defines the database specification. -{{}} +{{}} ### Database configuration diff --git a/content/operate/kubernetes/reference/yaml/multi-namespace.md b/content/operate/kubernetes/reference/yaml/multi-namespace.md index 44d6aa576..afd40d332 100644 --- a/content/operate/kubernetes/reference/yaml/multi-namespace.md +++ b/content/operate/kubernetes/reference/yaml/multi-namespace.md @@ -43,17 +43,17 @@ Apply the YAML files in this order: These resources are deployed in the namespace where the Redis Enterprise operator runs. -{{}} +{{}} ## Operator cluster role The operator needs cluster-wide permissions to manage resources across namespaces. -{{}} +{{}} ## Operator cluster role binding -{{}} +{{}} ## Consumer service account @@ -70,11 +70,11 @@ metadata: ## Consumer role -{{}} +{{}} ## Consumer role binding -{{}} +{{}} ### Consumer namespace configuration diff --git a/content/operate/kubernetes/reference/yaml/rack-awareness.md b/content/operate/kubernetes/reference/yaml/rack-awareness.md index 98e9b9f57..6fc5b86f7 100644 --- a/content/operate/kubernetes/reference/yaml/rack-awareness.md +++ b/content/operate/kubernetes/reference/yaml/rack-awareness.md @@ -33,13 +33,13 @@ Apply the YAML files in this order: The service account for rack-aware deployments is the same as [basic deployments]({{< relref "/operate/kubernetes/reference/yaml-examples/basic-deployment#service-account" >}}). -{{}} +{{}} ## Cluster role Rack awareness requires additional permissions to read [node labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) across the cluster. -{{}} +{{}} ### Cluster role configuration @@ -56,7 +56,7 @@ Rack awareness requires additional permissions to read [node labels](https://kub The [ClusterRoleBinding](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding) grants cluster-wide permissions to the service account. -{{}} +{{}} ### Cluster role binding configuration @@ -68,7 +68,7 @@ The [ClusterRoleBinding](https://kubernetes.io/docs/reference/access-authn-authz The rack-aware [REC configuration]({{< relref "/operate/kubernetes/reference/redis_enterprise_cluster_api" >}}) includes the `rackAwarenessNodeLabel` field. -{{}} +{{}} ### Rack-aware cluster configuration @@ -121,7 +121,7 @@ kubectl get nodes -o custom-columns=NAME:.metadata.name,ZONE:.metadata.labels.'t Database configuration for rack-aware clusters is the same as [basic deployments]({{< relref "/operate/kubernetes/reference/yaml-examples/basic-deployment#redis-enterprise-database" >}}). -{{}} +{{}} ### Rack awareness benefits diff --git a/layouts/shortcodes/embed-yaml.html b/layouts/shortcodes/embed-yaml.html index ff55f7efe..47783236a 100644 --- a/layouts/shortcodes/embed-yaml.html +++ b/layouts/shortcodes/embed-yaml.html @@ -1,2 +1,99 @@ {{$file := .Get 0}} -{{printf "./content/embeds/%s" $file | readFile | markdownify}} +{{$filename := .Get 1}} +{{$content := printf "./content/embeds/%s" $file | readFile}} + + +
+ + {{ if $filename }} +
+ +
+ {{ end }} + + +
+ {{ $content | markdownify }} +
+
+ +{{ if $filename }} + +{{ end }} From f7daf5c8283ce6563a55d407de3cdb9fac966b99 Mon Sep 17 00:00:00 2001 From: Kaitlyn Michael Date: Thu, 24 Jul 2025 15:16:36 -0500 Subject: [PATCH 11/64] deployment links --- .../reference/yaml/active-active.md | 9 +-- .../reference/yaml/basic-deployment.md | 17 +----- .../reference/yaml/multi-namespace.md | 20 +------ .../reference/yaml/rack-awareness.md | 60 +------------------ 4 files changed, 9 insertions(+), 97 deletions(-) diff --git a/content/operate/kubernetes/reference/yaml/active-active.md b/content/operate/kubernetes/reference/yaml/active-active.md index e40a16370..c015e3586 100644 --- a/content/operate/kubernetes/reference/yaml/active-active.md +++ b/content/operate/kubernetes/reference/yaml/active-active.md @@ -34,6 +34,8 @@ This example shows a two-cluster Active-Active setup: - **Cluster 1**: `rec-chicago` in namespace `ns-chicago` - **Cluster 2**: `rec-boston` in namespace `ns-boston` +For complete deployment instructions, see the [Active-Active database guide]({{< relref "/operate/kubernetes/active-active" >}}). + ## RERC for Chicago cluster Each participating cluster needs a RedisEnterpriseRemoteCluster (RERC) resource pointing to the other clusters. @@ -143,12 +145,7 @@ spec: ## Applying the configuration -For detailed deployment steps, see [Create Active-Active database (REAADB)]({{< relref "/operate/kubernetes/active-active/create-reaadb" >}}). The process includes: - -1. [Prepare participating clusters]({{< relref "/operate/kubernetes/active-active/prepare-clusters" >}}) -2. [Create RERC resources]({{< relref "/operate/kubernetes/active-active/create-reaadb#create-rerc" >}}) -3. [Create REAADB resource]({{< relref "/operate/kubernetes/active-active/create-reaadb#create-reaadb" >}}) -4. [Verify database creation]({{< relref "/operate/kubernetes/active-active/create-reaadb#verify-creation" >}}) +To deploy Active-Active databases using these YAML files, follow the [Create Active-Active database (REAADB)]({{< relref "/operate/kubernetes/active-active/create-reaadb" >}}) guide, which provides detailed instructions for preparing clusters, creating RERC resources, and deploying REAADB configurations. ## Verification diff --git a/content/operate/kubernetes/reference/yaml/basic-deployment.md b/content/operate/kubernetes/reference/yaml/basic-deployment.md index 87437d9ba..a92830695 100644 --- a/content/operate/kubernetes/reference/yaml/basic-deployment.md +++ b/content/operate/kubernetes/reference/yaml/basic-deployment.md @@ -12,15 +12,7 @@ weight: 10 This page provides complete YAML examples for a basic Redis Enterprise deployment on Kubernetes. These examples include all the essential components needed to deploy a Redis Enterprise cluster and create a database. -## Deployment order - -Apply the YAML files in this order: - -1. [Service account](#service-account) -2. [Role](#role) -3. [Role binding](#role-binding) -4. [Redis Enterprise cluster](#redis-enterprise-cluster) -5. [Redis Enterprise database](#redis-enterprise-database) +For complete deployment instructions, see the [Quick start deployment guide]({{< relref "/operate/kubernetes/deployment/quick-start" >}}). ## Service account @@ -139,12 +131,7 @@ spec: ## Applying the configuration -For detailed deployment steps, see the [Quick start deployment guide]({{< relref "/operate/kubernetes/deployment/quick-start" >}}). The process includes: - -1. [Create namespace]({{< relref "/operate/kubernetes/deployment/quick-start#create-a-new-namespace" >}}) -2. [Deploy the operator]({{< relref "/operate/kubernetes/deployment/quick-start#deploy-the-operator" >}}) -3. [Create Redis Enterprise cluster]({{< relref "/operate/kubernetes/deployment/quick-start#create-a-redis-enterprise-cluster-rec" >}}) -4. [Create Redis Enterprise database]({{< relref "/operate/kubernetes/deployment/quick-start#create-a-database" >}}) +To deploy these YAML files, follow the [Quick start deployment guide]({{< relref "/operate/kubernetes/deployment/quick-start" >}}), which provides step-by-step instructions for creating namespaces, deploying the operator, and applying these configuration files. ## Verification diff --git a/content/operate/kubernetes/reference/yaml/multi-namespace.md b/content/operate/kubernetes/reference/yaml/multi-namespace.md index afd40d332..2fe69549b 100644 --- a/content/operate/kubernetes/reference/yaml/multi-namespace.md +++ b/content/operate/kubernetes/reference/yaml/multi-namespace.md @@ -26,18 +26,7 @@ This example shows: - **Operator namespace**: `redis-enterprise-operator` (where the operator runs) - **Consumer namespaces**: `app-production`, `app-staging` (where REC/REDB resources are created) -## Deployment order - -Apply the YAML files in this order: - -1. [Operator service account](#operator-service-account) -2. [Operator cluster role](#operator-cluster-role) -3. [Operator cluster role binding](#operator-cluster-role-binding) -4. [Consumer service account](#consumer-service-account) -5. [Consumer role](#consumer-role) -6. [Consumer role binding](#consumer-role-binding) -7. [Redis Enterprise clusters](#redis-enterprise-clusters) -8. [Redis Enterprise databases](#redis-enterprise-databases) +For complete deployment instructions, see the [Multi-namespace deployment guide]({{< relref "/operate/kubernetes/re-clusters/multi-namespace" >}}). ## Operator service account @@ -218,12 +207,7 @@ spec: ## Applying the configuration -For detailed multi-namespace deployment steps, see [Multi-namespace deployment]({{< relref "/operate/kubernetes/deployment/multi-namespace" >}}). The process includes: - -1. Create operator and consumer namespaces -2. Deploy operator with cluster-wide permissions -3. Configure RBAC for consumer namespaces -4. Deploy clusters and databases in consumer namespaces +To deploy Redis Enterprise across multiple namespaces using these YAML files, follow the [Multi-namespace deployment guide]({{< relref "/operate/kubernetes/re-clusters/multi-namespace" >}}), which provides step-by-step instructions for setting up operator and consumer namespaces, configuring RBAC, and deploying clusters and databases. ## Verification diff --git a/content/operate/kubernetes/reference/yaml/rack-awareness.md b/content/operate/kubernetes/reference/yaml/rack-awareness.md index 6fc5b86f7..5c229e3c9 100644 --- a/content/operate/kubernetes/reference/yaml/rack-awareness.md +++ b/content/operate/kubernetes/reference/yaml/rack-awareness.md @@ -19,15 +19,7 @@ This page provides YAML examples for deploying Redis Enterprise with [rack aware - Verify node labels: `kubectl get nodes --show-labels` - [Redis Enterprise operator]({{< relref "/operate/kubernetes/deployment" >}}) must be installed -## Deployment order - -Apply the YAML files in this order: - -1. [Service account](#service-account) -2. [Cluster role](#cluster-role) -3. [Cluster role binding](#cluster-role-binding) -4. [Rack-aware Redis Enterprise cluster](#rack-aware-redis-enterprise-cluster) -5. [Redis Enterprise database](#redis-enterprise-database) +For complete deployment instructions, see the [Redis Enterprise operator deployment guide]({{< relref "/operate/kubernetes/deployment" >}}). ## Service account @@ -133,55 +125,7 @@ When deployed on a rack-aware cluster, databases automatically benefit from: ## Applying the configuration -### Step 1: Verify node labels - -Check that your nodes have [zone labels](https://kubernetes.io/docs/reference/labels-annotations-taints/#topologykubernetesiozone): - -```bash -kubectl get nodes --show-labels | grep topology.kubernetes.io/zone -``` - -If nodes don't have zone labels, add them: - -```bash -kubectl label node topology.kubernetes.io/zone= -``` - -### Step 2: Create namespace - -```bash -kubectl create namespace redis-enterprise -kubectl config set-context --current --namespace=redis-enterprise -``` - -For more details, see [namespace management]({{< relref "/operate/kubernetes/deployment/quick-start#create-a-new-namespace" >}}). - -### Step 3: Apply RBAC resources - -```bash -kubectl apply -f service-account.yaml -kubectl apply -f cluster-role.yaml -kubectl apply -f cluster-role-binding.yaml -``` - -### Step 4: Deploy the rack-aware cluster - -```bash -kubectl apply -f rack-aware-cluster.yaml -``` - -Wait for the cluster to be ready: - -```bash -kubectl get rec rack-aware-cluster -kubectl describe rec rack-aware-cluster -``` - -### Step 5: Create the database - -```bash -kubectl apply -f redis-database.yaml -``` +To deploy rack-aware Redis Enterprise clusters, follow the [Redis Enterprise operator deployment guide]({{< relref "/operate/kubernetes/deployment" >}}) and ensure your Kubernetes nodes have proper zone labels. For detailed rack awareness configuration, see the [node selection recommendations]({{< relref "/operate/kubernetes/recommendations/node-selection" >}}). ## Verification From 3d1f5c533ede85b96962ef1db03dd583277b6479 Mon Sep 17 00:00:00 2001 From: Kaitlyn Michael Date: Thu, 24 Jul 2025 15:36:26 -0500 Subject: [PATCH 12/64] copy edits --- .../kubernetes/reference/yaml/_index.md | 8 +- .../reference/yaml/active-active.md | 124 +----------- .../reference/yaml/basic-deployment.md | 85 ++------ .../reference/yaml/multi-namespace.md | 187 +----------------- .../reference/yaml/rack-awareness.md | 115 +---------- 5 files changed, 39 insertions(+), 480 deletions(-) diff --git a/content/operate/kubernetes/reference/yaml/_index.md b/content/operate/kubernetes/reference/yaml/_index.md index a811c2285..423106e23 100644 --- a/content/operate/kubernetes/reference/yaml/_index.md +++ b/content/operate/kubernetes/reference/yaml/_index.md @@ -26,10 +26,10 @@ This section provides complete YAML examples for common Redis Enterprise for Kub Redis Enterprise for Kubernetes stores configuration in several places: -- **Custom resources**: Cluster and database specifications are stored as Kubernetes custom resources (REC, REDB, REAADB, RERC) -- **Secrets**: Sensitive data like passwords and certificates are stored in Kubernetes secrets -- **ConfigMaps**: Non-sensitive configuration data is stored in ConfigMaps -- **RBAC resources**: Permissions are defined through Roles, ClusterRoles, and their bindings +- Custom resources: Cluster and database specifications are stored as Kubernetes custom resources (REC, REDB, REAADB, RERC) +- Secrets: Sensitive data like passwords and certificates are stored in Kubernetes secrets +- ConfigMaps: Non-sensitive configuration data is stored in ConfigMaps +- RBAC resources: Permissions are defined through Roles, ClusterRoles, and their bindings ### Applying YAML files diff --git a/content/operate/kubernetes/reference/yaml/active-active.md b/content/operate/kubernetes/reference/yaml/active-active.md index c015e3586..163b2f7f7 100644 --- a/content/operate/kubernetes/reference/yaml/active-active.md +++ b/content/operate/kubernetes/reference/yaml/active-active.md @@ -12,27 +12,13 @@ weight: 30 This page provides YAML examples for deploying Active-Active Redis Enterprise databases across multiple Kubernetes clusters. Active-Active databases provide multi-master replication with conflict resolution, enabling global distribution and local read/write access. -## Overview - -Active-Active databases span multiple Redis Enterprise clusters and provide: -- **Multi-master replication**: Write to any participating cluster -- **Conflict resolution**: Automatic handling of concurrent writes -- **Global distribution**: Low-latency access from multiple regions -- **High availability**: Continues operating even if clusters go offline - -## Prerequisites - -Before creating Active-Active databases, see the [Active-Active prerequisites]({{< relref "/operate/kubernetes/active-active/create-reaadb#prerequisites" >}}) for detailed requirements including: - -- Multiple REC clusters deployed in different regions/zones -- Network connectivity and DNS configuration -- Admission controller setup +To learn more, see the [Active-Active databases]({{< relref "/operate/kubernetes/active-active" >}}). ## Architecture This example shows a two-cluster Active-Active setup: -- **Cluster 1**: `rec-chicago` in namespace `ns-chicago` -- **Cluster 2**: `rec-boston` in namespace `ns-boston` +- Cluster 1: `rec-chicago` in namespace `ns-chicago` +- Cluster 2: `rec-boston` in namespace `ns-boston` For complete deployment instructions, see the [Active-Active database guide]({{< relref "/operate/kubernetes/active-active" >}}). @@ -42,8 +28,7 @@ Each participating cluster needs a RedisEnterpriseRemoteCluster (RERC) resource {{}} -### RERC configuration - +RERC configuration: - `metadata.name`: Unique name for this remote cluster reference - `spec.recName`: Name of the remote REC - `spec.recNamespace`: Namespace of the remote REC @@ -51,42 +36,7 @@ Each participating cluster needs a RedisEnterpriseRemoteCluster (RERC) resource - `spec.dbFqdnSuffix`: Database hostname suffix for the remote cluster - `spec.secretName`: Secret containing authentication credentials -### Customization for your environment - -Edit these values for your specific setup: - -```yaml -apiVersion: app.redislabs.com/v1alpha1 -kind: RedisEnterpriseRemoteCluster -metadata: - name: rerc-chicago -spec: - # Remote cluster details - recName: rec-chicago - recNamespace: ns-chicago - - # Update with your actual domain - apiFqdnUrl: api-rec-chicago-ns-chicago.example.com - dbFqdnSuffix: -db-rec-chicago-ns-chicago.example.com - - # Secret with remote cluster credentials - secretName: redis-enterprise-rerc-chicago -``` - -## RERC for Boston cluster - -```yaml -apiVersion: app.redislabs.com/v1alpha1 -kind: RedisEnterpriseRemoteCluster -metadata: - name: rerc-boston -spec: - recName: rec-boston - recNamespace: ns-boston - apiFqdnUrl: api-rec-boston-ns-boston.example.com - dbFqdnSuffix: -db-rec-boston-ns-boston.example.com - secretName: redis-enterprise-rerc-boston -``` +Edit the values in the downloaded YAML file for your specific setup, updating the remote cluster details, API endpoints, and secret names to match your actual environment. ## Active-Active database @@ -94,77 +44,17 @@ The RedisEnterpriseActiveActiveDatabase (REAADB) resource defines the Active-Act {{}} -### REAADB configuration - +REAADB configuration: - `metadata.name`: Active-Active database name - `spec.participatingClusters`: List of RERC names that participate in this database - `spec.globalConfigurations`: Database settings applied to all participating clusters -### Advanced configuration - -Add global database settings: - -```yaml -apiVersion: app.redislabs.com/v1alpha1 -kind: RedisEnterpriseActiveActiveDatabase -metadata: - name: reaadb -spec: - # Global database configuration - globalConfigurations: - # Memory allocation per participating cluster - memorySize: 1GB - - # Number of shards (affects performance) - shardCount: 2 - - # Enable replication within each cluster - replication: true - - # Secret containing database password - databaseSecretName: my-db-secret - - # Redis modules to enable - modules: - - name: RedisJSON - - name: RedisSearch - - # Database-specific Redis configuration - redisEnterpriseConfiguration: - # Set eviction policy - maxmemory-policy: allkeys-lru - - # Enable keyspace notifications - notify-keyspace-events: Ex - - # Participating clusters - participatingClusters: - - name: rerc-chicago - - name: rerc-boston -``` +Edit the downloaded YAML file to add global database settings such as memory allocation, shard count, replication settings, database secrets, Redis modules, and database-specific Redis configuration. ## Applying the configuration To deploy Active-Active databases using these YAML files, follow the [Create Active-Active database (REAADB)]({{< relref "/operate/kubernetes/active-active/create-reaadb" >}}) guide, which provides detailed instructions for preparing clusters, creating RERC resources, and deploying REAADB configurations. -## Verification - -For verification steps and testing procedures, see [Verify Active-Active database creation]({{< relref "/operate/kubernetes/active-active/create-reaadb#verify-creation" >}}) and [Active-Active database management]({{< relref "/operate/kubernetes/active-active" >}}). - -## Troubleshooting - -For troubleshooting Active-Active databases, see [Active-Active troubleshooting]({{< relref "/operate/kubernetes/troubleshooting" >}}) and [general Kubernetes troubleshooting]({{< relref "/operate/kubernetes/troubleshooting" >}}). - -## Security considerations - -For security configuration including TLS encryption and authentication, see [Active-Active security]({{< relref "/operate/kubernetes/security" >}}) and [database security]({{< relref "/operate/kubernetes/re-databases" >}}). - -## Next steps - -- [Configure multi-namespace deployment]({{< relref "/operate/kubernetes/reference/yaml-examples/multi-namespace" >}}) -- [Learn about Active-Active management]({{< relref "/operate/kubernetes/active-active" >}}) -- [Set up monitoring and alerts]({{< relref "/operate/kubernetes/re-clusters/connect-prometheus-operator" >}}) - ## Related documentation - [Active-Active database guide]({{< relref "/operate/kubernetes/active-active/create-reaadb" >}}) diff --git a/content/operate/kubernetes/reference/yaml/basic-deployment.md b/content/operate/kubernetes/reference/yaml/basic-deployment.md index a92830695..ab83d36e0 100644 --- a/content/operate/kubernetes/reference/yaml/basic-deployment.md +++ b/content/operate/kubernetes/reference/yaml/basic-deployment.md @@ -20,8 +20,7 @@ The service account provides an identity for the Redis Enterprise operator. {{}} -### Service account configuration - +Service account configuration: - `name`: The service account name used by the operator - `labels`: Standard labels for Redis Enterprise resources @@ -31,14 +30,12 @@ The Role defines the permissions needed by the Redis Enterprise operator within {{}} -### Role configuration - +Role configuration: - `name`: Must match the role name referenced in the role binding - `rules`: Comprehensive permissions for managing Redis Enterprise resources - `apiGroups`: Includes core Kubernetes APIs and Redis Enterprise custom resources -### Key permissions - +Key permissions: - `app.redislabs.com`: Full access to Redis Enterprise custom resources - `secrets`: Manage TLS certificates and database credentials - `services`: Create and manage service endpoints @@ -51,8 +48,7 @@ The RoleBinding connects the service account to the role, granting the necessary {{}} -### Role binding configuration - +Role binding configuration: - `subjects.name`: Must match the service account name - `roleRef.name`: Must match the role name - `namespace`: Apply in the same namespace as other resources @@ -63,35 +59,13 @@ The RedisEnterpriseCluster (REC) custom resource defines the cluster specificati {{}} -### Cluster configuration - +Cluster configuration: - `metadata.name`: Cluster name (cannot be changed after creation) - `spec.nodes`: Number of Redis Enterprise nodes (minimum 3) - `persistentSpec.volumeSize`: Storage size per node - `redisEnterpriseNodeResources`: CPU and memory allocation per node -### Cluster customization options - -Edit these values based on your requirements: - -```yaml -spec: - # Increase nodes for larger clusters - nodes: 5 - - # Adjust storage size - persistentSpec: - volumeSize: 50Gi - - # Modify resource allocation - redisEnterpriseNodeResources: - requests: - cpu: 4 - memory: 8Gi - limits: - cpu: 4 - memory: 8Gi -``` +Edit the values in the downloaded YAML file based on your requirements, such as increasing the number of nodes, adjusting storage size, or modifying resource allocation. ## Redis Enterprise database @@ -99,57 +73,20 @@ The RedisEnterpriseDatabase (REDB) custom resource defines the database specific {{}} -### Database configuration - +Database configuration: - `metadata.name`: Database name - `spec.memorySize`: Memory allocation for the database - `spec.shardCount`: Number of shards (affects performance and scalability) - `spec.replication`: Enable/disable database replication -### Database customization options - -Edit these values based on your requirements: - -```yaml -spec: - # Increase memory for larger datasets - memorySize: 1GB - - # Add more shards for better performance - shardCount: 3 - - # Enable replication for high availability - replication: true - - # Add database-specific configuration - redisEnterpriseConfiguration: - # Enable specific Redis modules - modules: - - name: RedisJSON - - name: RedisSearch -``` - -## Applying the configuration - -To deploy these YAML files, follow the [Quick start deployment guide]({{< relref "/operate/kubernetes/deployment/quick-start" >}}), which provides step-by-step instructions for creating namespaces, deploying the operator, and applying these configuration files. - -## Verification - -For verification steps and accessing the admin console, see: - -- [Verify cluster deployment]({{< relref "/operate/kubernetes/deployment/quick-start#verify-the-deployment" >}}) -- [Connect to the cluster]({{< relref "/operate/kubernetes/re-clusters/connect-to-cluster" >}}) -- [Access the admin console]({{< relref "/operate/kubernetes/re-clusters/connect-to-cluster#access-the-cluster-manager-ui" >}}) +Edit the values in the downloaded YAML file based on your requirements, such as increasing memory for larger datasets, adding more shards for better performance, enabling replication for high availability, or adding Redis modules. -## Next steps +## Apply the configuration -- [Create additional databases]({{< relref "/operate/kubernetes/re-databases" >}}) -- [Configure networking]({{< relref "/operate/kubernetes/networking" >}}) -- [Set up monitoring]({{< relref "/operate/kubernetes/re-clusters/connect-prometheus-operator" >}}) -- [Explore rack awareness]({{< relref "/operate/kubernetes/reference/yaml-examples/rack-awareness" >}}) +To deploy these YAML files, follow the [deployment guide]({{< relref "/operate/kubernetes/deployment/quick-start" >}}), which provides step-by-step instructions for creating namespaces, deploying the operator, and applying these configuration files. ## Related documentation -- [Quick start deployment]({{< relref "/operate/kubernetes/deployment/quick-start" >}}) +- [Deploy on Kubernetes]({{< relref "/operate/kubernetes/deployment/quick-start" >}}) - [REC API reference]({{< relref "/operate/kubernetes/reference/redis_enterprise_cluster_api" >}}) - [REDB API reference]({{< relref "/operate/kubernetes/reference/redis_enterprise_database_api" >}}) diff --git a/content/operate/kubernetes/reference/yaml/multi-namespace.md b/content/operate/kubernetes/reference/yaml/multi-namespace.md index 2fe69549b..0539a25f9 100644 --- a/content/operate/kubernetes/reference/yaml/multi-namespace.md +++ b/content/operate/kubernetes/reference/yaml/multi-namespace.md @@ -10,21 +10,17 @@ linkTitle: Multi-namespace weight: 40 --- -This page provides YAML examples for deploying Redis Enterprise across multiple Kubernetes namespaces. Multi-namespace deployment allows a single Redis Enterprise operator to manage clusters and databases in different namespaces, providing better resource isolation and organization. - -## Overview +Multi-namespace deployment allows a single Redis Enterprise operator to manage clusters and databases in different namespaces, providing better resource isolation and organization. Multi-namespace deployment enables: -- **Namespace isolation**: Separate Redis Enterprise resources by team, environment, or application -- **Centralized management**: Single operator manages multiple namespaces -- **Resource sharing**: Efficient use of cluster resources across namespaces -- **Flexible RBAC**: Fine-grained permissions per namespace - -## Architecture +- Namespace isolation: Separate Redis Enterprise resources by team, environment, or application +- Centralized management: Single operator manages multiple namespaces +- Resource sharing: Efficient use of cluster resources across namespaces +- Flexible RBAC: Fine-grained permissions per namespace This example shows: -- **Operator namespace**: `redis-enterprise-operator` (where the operator runs) -- **Consumer namespaces**: `app-production`, `app-staging` (where REC/REDB resources are created) +- Operator namespace: `redis-enterprise-operator` (where the operator runs) +- Consumer namespaces: `app-production`, `app-staging` (where REC/REDB resources are created) For complete deployment instructions, see the [Multi-namespace deployment guide]({{< relref "/operate/kubernetes/re-clusters/multi-namespace" >}}). @@ -44,19 +40,6 @@ The operator needs cluster-wide permissions to manage resources across namespace {{}} -## Consumer service account - -These resources are deployed in each namespace where you want to create Redis Enterprise clusters or databases. - -```yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: redis-enterprise-operator - labels: - app: redis-enterprise -``` - ## Consumer role {{}} @@ -65,166 +48,12 @@ metadata: {{}} -### Consumer namespace configuration +Consumer namespace configuration: - `subjects.name`: Must match the operator service account name - `subjects.namespace`: Must be the operator namespace, not the consumer namespace - `roleRef.name`: Must match the consumer role name -## Redis Enterprise clusters - -Deploy Redis Enterprise clusters in consumer namespaces. - -### Production cluster - -**File: `production-cluster.yaml`** - -```yaml -apiVersion: app.redislabs.com/v1 -kind: RedisEnterpriseCluster -metadata: - name: rec-production - namespace: app-production - labels: - app: redis-enterprise - environment: production -spec: - nodes: 5 - - persistentSpec: - enabled: true - volumeSize: 50Gi - - redisEnterpriseNodeResources: - requests: - cpu: 4 - memory: 8Gi - limits: - cpu: 4 - memory: 8Gi - - # Production-specific configuration - redisEnterpriseConfiguration: - # Enable cluster backup - backup_interval: "24h" - - # Set log level - log_level: "info" -``` - -### Staging cluster - -**File: `staging-cluster.yaml`** - -```yaml -apiVersion: app.redislabs.com/v1 -kind: RedisEnterpriseCluster -metadata: - name: rec-staging - namespace: app-staging - labels: - app: redis-enterprise - environment: staging -spec: - nodes: 3 - - persistentSpec: - enabled: true - volumeSize: 20Gi - - redisEnterpriseNodeResources: - requests: - cpu: 2 - memory: 4Gi - limits: - cpu: 2 - memory: 4Gi -``` - -## Redis Enterprise databases - -Create databases in the appropriate namespaces. - -### Production database - -**File: `production-database.yaml`** - -```yaml -apiVersion: app.redislabs.com/v1alpha1 -kind: RedisEnterpriseDatabase -metadata: - name: redb-production - namespace: app-production - labels: - app: redis-enterprise - environment: production -spec: - memorySize: 2GB - shardCount: 3 - replication: true - - # Production-specific settings - redisEnterpriseConfiguration: - # Enable persistence - persistence: aof - - # Set eviction policy - maxmemory-policy: allkeys-lru - - # Enable modules - modules: - - name: RedisJSON - - name: RedisSearch -``` - -### Staging database - -**File: `staging-database.yaml`** - -```yaml -apiVersion: app.redislabs.com/v1alpha1 -kind: RedisEnterpriseDatabase -metadata: - name: redb-staging - namespace: app-staging - labels: - app: redis-enterprise - environment: staging -spec: - memorySize: 512MB - shardCount: 1 - replication: false - - # Staging-specific settings - redisEnterpriseConfiguration: - # Disable persistence for faster testing - persistence: disabled - - # Enable modules for testing - modules: - - name: RedisJSON -``` - -## Applying the configuration - -To deploy Redis Enterprise across multiple namespaces using these YAML files, follow the [Multi-namespace deployment guide]({{< relref "/operate/kubernetes/re-clusters/multi-namespace" >}}), which provides step-by-step instructions for setting up operator and consumer namespaces, configuring RBAC, and deploying clusters and databases. - -## Verification - -For verification steps and troubleshooting multi-namespace deployments, see [Multi-namespace verification]({{< relref "/operate/kubernetes/deployment/multi-namespace#verify-deployment" >}}) and [troubleshooting guide]({{< relref "/operate/kubernetes/troubleshooting" >}}). - -## Management operations - -For managing multi-namespace deployments including adding/removing namespaces and monitoring, see [Multi-namespace management]({{< relref "/operate/kubernetes/deployment/multi-namespace" >}}). - -## Security considerations - -For security considerations including namespace isolation, RBAC permissions, and network policies, see [Kubernetes security]({{< relref "/operate/kubernetes/security" >}}) and [multi-namespace security]({{< relref "/operate/kubernetes/deployment/multi-namespace#security-considerations" >}}). - -## Troubleshooting - -For troubleshooting multi-namespace deployments, see [Multi-namespace troubleshooting]({{< relref "/operate/kubernetes/troubleshooting" >}}). - ## Next steps - [Configure networking across namespaces]({{< relref "/operate/kubernetes/networking" >}}) diff --git a/content/operate/kubernetes/reference/yaml/rack-awareness.md b/content/operate/kubernetes/reference/yaml/rack-awareness.md index 5c229e3c9..73fd1e792 100644 --- a/content/operate/kubernetes/reference/yaml/rack-awareness.md +++ b/content/operate/kubernetes/reference/yaml/rack-awareness.md @@ -33,14 +33,12 @@ Rack awareness requires additional permissions to read [node labels](https://kub {{}} -### Cluster role configuration - +Cluster role configuration: - `name`: ClusterRole name for rack awareness permissions - `rules`: Permissions to read nodes and their labels cluster-wide - `resources`: Access to `nodes` resource for zone label discovery -### Key permissions - +Key permissions: - `nodes`: Read access to discover node zone labels - `get, list, watch`: Monitor node changes and zone assignments @@ -50,8 +48,7 @@ The [ClusterRoleBinding](https://kubernetes.io/docs/reference/access-authn-authz {{}} -### Cluster role binding configuration - +Cluster role binding configuration: - `subjects.name`: Must match the service account name - `subjects.namespace`: Namespace where the operator is deployed - `roleRef.name`: Must match the cluster role name @@ -62,43 +59,16 @@ The rack-aware [REC configuration]({{< relref "/operate/kubernetes/reference/red {{}} -### Rack-aware cluster configuration - +Rack-aware cluster configuration: - `metadata.name`: Cluster name (cannot be changed after creation) - `spec.rackAwarenessNodeLabel`: Node label used for zone identification - `spec.nodes`: Minimum 3 nodes, ideally distributed across zones -### Customization options - -Edit these values based on your environment: - -```yaml -spec: - # Increase nodes for better zone distribution - nodes: 6 - - # Use custom zone label if needed - rackAwarenessNodeLabel: "failure-domain.beta.kubernetes.io/zone" - - # Add resource specifications - redisEnterpriseNodeResources: - requests: - cpu: 2 - memory: 4Gi - limits: - cpu: 2 - memory: 4Gi - - # Enable persistent storage - persistentSpec: - enabled: true - volumeSize: 20Gi -``` +Edit the values in the downloaded YAML file based on your environment, such as increasing nodes for better zone distribution, using custom zone labels, adding resource specifications, or enabling persistent storage. ### Common zone labels Different Kubernetes distributions use different zone labels: - - `Standard`: `topology.kubernetes.io/zone` - `Legacy`: `failure-domain.beta.kubernetes.io/zone` - `Custom`: Your organization's specific labeling scheme @@ -115,93 +85,26 @@ Database configuration for rack-aware clusters is the same as [basic deployments {{}} -### Rack awareness benefits - -When deployed on a rack-aware cluster, databases automatically benefit from: - -- **Shard distribution**: Database shards are distributed across zones -- **Replica placement**: Replicas are placed in different zones than their masters -- **Automatic failover**: Cluster can survive zone failures - -## Applying the configuration +## Apply the configuration To deploy rack-aware Redis Enterprise clusters, follow the [Redis Enterprise operator deployment guide]({{< relref "/operate/kubernetes/deployment" >}}) and ensure your Kubernetes nodes have proper zone labels. For detailed rack awareness configuration, see the [node selection recommendations]({{< relref "/operate/kubernetes/recommendations/node-selection" >}}). -## Verification - -### Check cluster rack awareness - -```bash -# View cluster status -kubectl get rec rack-aware-cluster -o yaml - -# Check that nodes are distributed across zones -kubectl get pods -l app=redis-enterprise -o wide - -# Verify zone distribution -kubectl get pods -l app=redis-enterprise -o custom-columns=NAME:.metadata.name,NODE:.spec.nodeName,ZONE:.spec.nodeSelector.'topology\.kubernetes\.io/zone' -``` - -### Verify database placement - -Access the [Redis Enterprise admin console]({{< relref "/operate/kubernetes/re-clusters/connect-to-cluster#access-the-cluster-manager-ui" >}}) to verify: - -1. Database shards are distributed across zones -2. Replicas are in different zones than their masters -3. Zone information is displayed in the cluster topology - -### Test zone failure - -To test rack awareness: - -1. Simulate zone failure by [cordoning nodes](https://kubernetes.io/docs/concepts/architecture/nodes/#manual-node-administration) in one zone -2. Verify that the cluster remains operational -3. Check that databases continue to serve requests - -```bash -# Cordon nodes in a specific zone -kubectl cordon - -# Check cluster and database status -kubectl get rec,redb -``` - ## Troubleshooting -### Common issues - -**Nodes not distributed across zones** - +### Nodes not distributed across zones - Verify node labels are correct - Check that sufficient nodes exist in each zone - Ensure the `rackAwarenessNodeLabel` matches actual node labels -**Cluster role permissions denied** - +### Cluster role permissions denied - Verify the ClusterRole and ClusterRoleBinding are applied - Check that the service account name matches in all resources -**Database shards not distributed** - +### Database shards not distributed - Confirm the cluster has rack awareness enabled - Check that the database has multiple shards - Verify sufficient nodes exist across zones -### Debug commands - -```bash -# Check node labels -kubectl describe nodes | grep -A5 Labels - -# View cluster role permissions -kubectl describe clusterrole redis-enterprise-operator-consumer - -# Check operator logs -kubectl logs deployment/redis-enterprise-operator -``` - -For more troubleshooting guidance, see [troubleshooting Redis Enterprise on Kubernetes]({{< relref "/operate/kubernetes/troubleshooting" >}}). - ## Next steps - [Configure Active-Active databases]({{< relref "/operate/kubernetes/reference/yaml-examples/active-active" >}}) From ba19a2f917d59a823227af37a63a669fddcb0e8a Mon Sep 17 00:00:00 2001 From: Kaitlyn Michael Date: Thu, 24 Jul 2025 15:40:48 -0500 Subject: [PATCH 13/64] fix download button --- assets/css/index.css | 20 ++----- layouts/partials/scripts.html | 28 ++++++++- layouts/shortcodes/embed-yaml.html | 92 +++++++++++++++++++++++++----- 3 files changed, 111 insertions(+), 29 deletions(-) diff --git a/assets/css/index.css b/assets/css/index.css index 9dd0f1125..bce42b67e 100644 --- a/assets/css/index.css +++ b/assets/css/index.css @@ -521,25 +521,17 @@ select { @apply w-10 h-10; } -/* YAML embed container styles */ -.yaml-embed-container { - @apply relative; -} - -.yaml-embed-container .download-yaml-btn { - @apply absolute top-2 right-2 z-10; - @apply bg-redis-yellow-500 hover:bg-redis-ink-900 hover:text-white; - @apply text-redis-ink-900 text-xs font-mono px-3 py-1 rounded; - @apply border border-redis-pen-600 transition-colors; - @apply flex items-center gap-1; +/* YAML embed download button styles */ +.download-yaml-btn { + @apply transition-colors; } -.yaml-embed-container .download-yaml-btn:disabled { +.download-yaml-btn:disabled { @apply opacity-75 cursor-not-allowed; } -.yaml-embed-container .download-yaml-btn svg { - @apply w-3 h-3; +.download-yaml-btn svg { + @apply w-4 h-4; } #download-redis > h3, diff --git a/layouts/partials/scripts.html b/layouts/partials/scripts.html index 243916f8e..cf8f4d803 100644 --- a/layouts/partials/scripts.html +++ b/layouts/partials/scripts.html @@ -13,6 +13,11 @@ } else { wrapper.style = 'position:absolute;top:10px;right:10px;z-index:1;display:flex;align-items:center;gap:6px;'; } + + // Check if this is a YAML embed with download functionality + const yamlContainer = block.closest('.yaml-embed-container'); + const downloadFilename = yamlContainer ? yamlContainer.getAttribute('data-download-filename') : null; + // Create the copy button const button = document.createElement('button'); button.innerHTML = ` @@ -51,9 +56,30 @@ }); }); - // Append button and message + // Append copy button wrapper.appendChild(button); wrapper.appendChild(tooltipContainer); + + // Add download button if this is a YAML embed + if (downloadFilename) { + const downloadButton = document.createElement('button'); + downloadButton.className = 'download-yaml-btn text-neutral-400 hover:text-slate-100 bg-slate-600 h-7 w-7 p-1 rounded rounded-mx'; + downloadButton.title = 'Download YAML file'; + downloadButton.innerHTML = ` + + + + `; + + downloadButton.addEventListener('click', () => { + if (typeof downloadYaml === 'function') { + downloadYaml(downloadFilename, downloadButton); + } + }); + + wrapper.appendChild(downloadButton); + } + block.style.position = 'relative'; block.appendChild(wrapper); }); diff --git a/layouts/shortcodes/embed-yaml.html b/layouts/shortcodes/embed-yaml.html index 47783236a..d95493887 100644 --- a/layouts/shortcodes/embed-yaml.html +++ b/layouts/shortcodes/embed-yaml.html @@ -2,26 +2,90 @@ {{$filename := .Get 1}} {{$content := printf "./content/embeds/%s" $file | readFile}} - -
- - {{ if $filename }} -
- -
- {{ end }} - + +
{{ $content | markdownify }}
+{{ if $filename }} + +{{ end }} + {{ if $filename }}