formatting cleanup

kaitlynmichael · kaitlynmichael · commit a538390350e0 · 2025-07-24T16:07:21.000-05:00
diff --git a/content/operate/kubernetes/logs/log-collector-rbac.md b/content/operate/kubernetes/logs/log-collector-rbac.md
@@ -1,99 +1,128 @@
 ---
-Title: Log collector RBAC
+Title: Log collector RBAC examples
 alwaysopen: false
 categories:
 - docs
 - operate
 - kubernetes
-description: RBAC configurations for Redis Enterprise log collector in all and restricted modes.
+description: YAML examples for configuring RBAC permissions for the Redis Enterprise log collector tool in restricted and all modes.
 linkTitle: Log collector RBAC
-weight: 90
+weight: 50
 ---
 
-This page provides YAML examples for configuring RBAC permissions for the Redis Enterprise log collector tool. 
+This page provides YAML examples for configuring RBAC permissions for the Redis Enterprise log collector tool. The log collector requires different permission levels depending on the collection mode you choose.
 
-## Overview
+For complete log collection instructions, see [Collect logs]({{< relref "/operate/kubernetes/logs/collect-logs" >}}).
 
-The Redis Enterprise log collector script helps gather diagnostic information for troubleshooting. 
-The log collector requires different permission levels depending on the collection mode you choose.
-It has two collection modes that require different RBAC permissions:
-h
-- **Restricted mode** (recommended): Collects only Redis Enterprise resources with minimal security exposure. Default for versions 6.2.18-3+.
-- **All mode**: Collects comprehensive cluster information including nodes, storage classes, and operator resources. Use when specifically requested by Redis Support.
+## Prerequisites
 
-## RBAC configurations
+- [Deployment]({{< relref "/operate/kubernetes/deployment" >}}) must be installed
+- Appropriate permissions to create RBAC resources in target namespaces
+- Understanding of your deployment model (single namespace, multi-namespace, etc.)
 
-### Restricted mode
+## Collection modes
 
-{{<embed-md "k8s/log_collector_role_restricted_mode.md">}}
+The log collector has two collection modes that require different RBAC permissions:
 
-### All mode
+- **Restricted mode** (recommended): Collects only Redis Enterprise resources with minimal security exposure. Default for versions 6.2.18-3 and later.
+- **All mode**: Collects comprehensive cluster information including nodes, storage classes, and operator resources. Use when specifically requested by Redis Support.
 
-{{<embed-md "k8s/log_collector_role_all_mode.md">}}
+## Restricted mode
 
-{{< note >}}
-For the complete list of resources and permissions required by each mode, refer to the role definitions in the YAML files above.
-{{< /note >}}
+The restricted mode configuration provides minimal permissions for collecting Redis Enterprise resources only.
 
-## Applying RBAC configurations
+{{<embed-yaml "k8s/log_collector_role_restricted_mode.md" "log-collector-restricted-rbac.yaml">}}
 
-### Namespace requirements
+Restricted mode configuration:
+- `Role`: Namespace-scoped permissions for Redis Enterprise resources
+- `ClusterRole`: Cluster-wide permissions for CRDs and basic cluster resources
+- `rules`: Minimal permissions for Redis Enterprise diagnostics
 
-The Role and RoleBinding must be created in every namespace where you need to collect logs. This varies based on your deployment model:
+Key permissions:
+- `pods, pods/log, pods/exec`: Access to pod information and logs
+- `app.redislabs.com/*`: All Redis Enterprise custom resources
+- `persistentvolumes`: Storage information for troubleshooting
 
-- **Single namespace**: Apply to the namespace where Redis Enterprise runs
-- **Multi-namespace with single REC**: Apply to the REC namespace plus each REDB namespace
-- **Multi-namespace with multiple RECs**: Apply to each REC namespace
+## All mode
 
-The ClusterRole and ClusterRoleBinding need to be created only once per cluster.
+The all mode configuration provides comprehensive permissions for collecting detailed cluster information.
+
+{{<embed-yaml "k8s/log_collector_role_all_mode.md" "log-collector-all-rbac.yaml">}}
+
+All mode configuration:
+- `Role`: Extended namespace permissions including operator resources
+- `ClusterRole`: Additional cluster-wide permissions for nodes and storage
+- `rules`: Comprehensive permissions for full cluster diagnostics
 
-{{< note >}}
-Each YAML file contains both Role and ClusterRole objects. Running `kubectl apply` installs both components. You can safely run the command multiple times with different namespaces.
-{{< /note >}}
+Additional permissions in all mode:
+- `nodes`: Node information and status
+- `storageclasses, volumeattachments`: Storage system details
+- `operators.coreos.com/*`: OpenShift operator information
+- `networking.istio.io/*`: Istio service mesh resources
+
+## Apply the configuration
 
 ### Manual deployment
 
-If you prefer to apply the configurations manually, save the YAML content to local files and apply them:
+To apply the RBAC configurations manually:
 
 ```bash
-# Save the YAML content to a file
-kubectl apply -f log-collector-rbac.yaml --namespace <namespace>
+# Apply restricted mode RBAC
+kubectl apply -f log-collector-restricted-rbac.yaml --namespace <namespace>
+
+# Apply all mode RBAC
+kubectl apply -f log-collector-all-rbac.yaml --namespace <namespace>
 ```
+### Namespace requirements
 
-## Usage
+The Role and RoleBinding must be created in every namespace where you need to collect logs:
 
-After applying the RBAC configuration, run the log collector:
+- **Single namespace**: Apply to the namespace where Redis Enterprise runs
+- **Multi-namespace with single REC**: Apply to the REC namespace plus each REDB namespace
+- **Multi-namespace with multiple RECs**: Apply to each REC namespace
 
-```bash
-# Restricted mode (default for 6.2.18-3+)
-python log_collector.py -m restricted -n <namespace>
+The ClusterRole and ClusterRoleBinding need to be created only once per cluster.
 
-# All mode
-python log_collector.py -m all -n <namespace>
-```
+Edit the values in the downloaded YAML file for your specific setup, updating the namespace references and role binding subjects to match your environment.
 
 ## Security considerations
 
-- **Use restricted mode** unless you specifically need additional cluster information
-- **Limit namespace access** to only where log collection is needed
-- **Handle collected data** according to your organization's security policies (logs may contain sensitive information)
+### Best practices
+
+- Use restricted mode unless you specifically need additional cluster information
+- Limit namespace access to only where log collection is needed
+- Handle collected data according to your organization's security policies
 
 ### Secrets permission explanation
 
 The RBAC configurations request read access to secrets in the collected namespaces. **Secrets are not collected or included in the log package sent to Redis Support.** This permission is required because:
 
-- The log collector uses Helm commands (`helm list`, `helm get all`) to gather information about Redis Enterprise Helm chart deployments
+- The log collector uses Helm commands (`helm list`, `helm get all`) to gather Redis Enterprise Helm chart deployment information
 - Helm stores its deployment metadata in Kubernetes secrets
-- For Redis Enterprise charts, this metadata contains only deployment configuration (not sensitive data), but follows Helm's standard storage pattern
+- This metadata contains only deployment configuration (not sensitive data)
 
 If your security policies prohibit secrets access, you can remove the secrets permission from the Role, but this will limit the log collector's ability to gather Helm deployment information.
 
 ## Troubleshooting
 
-If you encounter permission errors, verify that roles and bindings are applied correctly in the target namespaces. For missing resources, ensure the ClusterRole is applied and consider switching to all mode if additional resources are needed.
+### Permission errors
+
+- Verify that roles and bindings are applied correctly in the target namespaces
+- Check that the ClusterRole is applied cluster-wide
+- Ensure the service account has proper role bindings
+
+### Missing resources
+
+- Consider switching to all mode if additional cluster resources are needed
+- Verify that custom resource definitions are installed
+- Check that the operator has proper permissions
+
+## Next steps
+
+- [Collect logs]({{< relref "/operate/kubernetes/logs/collect-logs" >}})
 
 ## Related documentation
 
-- [Collect logs guide]({{< relref "/operate/kubernetes/logs/collect-logs" >}})
 - [Kubernetes RBAC documentation](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
-- [Redis Enterprise troubleshooting]({{< relref "/operate/kubernetes/logs" >}})
+- [Logs]({{< relref "/operate/kubernetes/logs" >}})
+- [Deployment]({{< relref "/operate/kubernetes/deployment" >}})
diff --git a/content/operate/kubernetes/reference/_index.md b/content/operate/kubernetes/reference/_index.md
@@ -5,19 +5,19 @@ categories:
 - docs
 - operate
 - kubernetes
-description: API reference and guides for managing Redis Enterprise custom resources on Kubernetes.
+description: Resources to help you manage Redis Enterprise custom resources on Kubernetes.
 hideListLinks: true
 linkTitle: Reference
 weight: 89
 ---
 
 Reference documentation for Redis Enterprise custom resources, including API specifications and practical guides for creating, configuring, and managing Redis Enterprise deployments on Kubernetes.
 
-## Working with custom resources
+## Work with custom resources
 
 Redis Enterprise for Kubernetes uses custom resources to manage clusters and databases. You can create, modify, and delete these resources using standard Kubernetes tools.
 
-### Creating custom resources
+### Create custom resources
 
 Create custom resources using `kubectl apply` with YAML manifests:
 
@@ -26,7 +26,7 @@ kubectl apply -f my-redis-cluster.yaml
 kubectl apply -f my-redis-database.yaml
 ```
 
-### Viewing custom resources
+### View custom resources
 
 List and inspect existing custom resources:
 
@@ -48,7 +48,7 @@ kubectl describe rec my-cluster
 kubectl describe redb my-database
 ```
 
-### Modifying custom resources
+### Modify custom resources
 
 Update custom resources by editing the YAML manifest and reapplying:
 
@@ -61,17 +61,6 @@ kubectl edit rec my-cluster
 kubectl edit redb my-database
 ```
 
-### Deleting custom resources
-
-Remove custom resources when no longer needed:
-
-```bash
-kubectl delete redb my-database
-kubectl delete rec my-cluster
-```
-
-**Important:** Always delete databases (REDB) before deleting the cluster (REC) to ensure proper cleanup.
-
 ## YAML examples
 
 Complete YAML examples for common deployment scenarios:
@@ -89,12 +78,12 @@ Complete YAML examples for common deployment scenarios:
 
 Complete API specifications for all Redis Enterprise custom resources:
 
-### Core resources
+Core resources:
 
 - [Redis Enterprise cluster API (REC)]({{< relref "/operate/kubernetes/reference/redis_enterprise_cluster_api" >}}) - Manage Redis Enterprise clusters
 - [Redis Enterprise database API (REDB)]({{< relref "/operate/kubernetes/reference/redis_enterprise_database_api" >}}) - Manage Redis databases
 
-### Active-Active resources
+Active-Active resources:
 
 - [Active-Active database API (REAADB)]({{< relref "/operate/kubernetes/reference/redis_enterprise_active_active_database_api" >}}) - Manage Active-Active databases
 - [Remote cluster API (RERC)]({{< relref "/operate/kubernetes/reference/redis_enterprise_remote_cluster_api" >}}) - Configure remote cluster connections
diff --git a/content/operate/kubernetes/reference/yaml/_index.md b/content/operate/kubernetes/reference/yaml/_index.md
@@ -72,6 +72,7 @@ kubectl get events --sort-by=.metadata.creationTimestamp
 - [Rack awareness examples]({{< relref "/operate/kubernetes/reference/yaml-examples/rack-awareness" >}}) - Rack-aware cluster configuration and required RBAC
 - [Active-Active examples]({{< relref "/operate/kubernetes/reference/yaml-examples/active-active" >}}) - Multi-cluster Active-Active database setup
 - [Multi-namespace examples]({{< relref "/operate/kubernetes/reference/yaml-examples/multi-namespace" >}}) - Cross-namespace operator and cluster configurations
+- [Log collector RBAC examples]({{< relref "/operate/kubernetes/reference/yaml-examples/log-collector-rbac" >}}) - RBAC permissions for log collection in restricted and all modes
 
 ## Best practices
 
@@ -81,7 +82,7 @@ kubectl get events --sort-by=.metadata.creationTimestamp
 
 ## Related documentation
 
-- [API reference]({{< relref "/operate/kubernetes/reference" >}}) - Complete API specifications for all custom resources
-- [Deploy on Kubernetes]({{< relref "/operate/kubernetes/deployment/quick-start" >}}) - Step-by-step deployment guide
-- [Multi-namespace deployment]({{< relref "/operate/kubernetes/re-clusters/multi-namespace" >}}) - Detailed multi-namespace setup guide
+- [Reference]({{< relref "/operate/kubernetes/reference" >}}) - Complete API specifications for all custom resources
+- [Deploy Redis Enterprise Software for Kubernetes]({{< relref "/operate/kubernetes/deployment/quick-start" >}}) - Step-by-step deployment instructions
+- [Manage databases in multiple namespaces]({{< relref "/operate/kubernetes/re-clusters/multi-namespace" >}}) - Detailed multi-namespace setup instructions
 - [Active-Active databases]({{< relref "/operate/kubernetes/active-active" >}}) - Active-Active configuration and management
diff --git a/content/operate/kubernetes/reference/yaml/active-active.md b/content/operate/kubernetes/reference/yaml/active-active.md
@@ -20,7 +20,7 @@ This example shows a two-cluster Active-Active setup:
 - Cluster 1: `rec-chicago` in namespace `ns-chicago`
 - Cluster 2: `rec-boston` in namespace `ns-boston`
 
-For complete deployment instructions, see the [Active-Active database guide]({{< relref "/operate/kubernetes/active-active" >}}).
+For complete deployment instructions, see [Active-Active databases]({{< relref "/operate/kubernetes/active-active" >}}).
 
 ## RERC for Chicago cluster
 
@@ -53,11 +53,11 @@ Edit the downloaded YAML file to add global database settings such as memory all
 
 ## Applying the configuration
 
-To deploy Active-Active databases using these YAML files, follow the [Create Active-Active database (REAADB)]({{< relref "/operate/kubernetes/active-active/create-reaadb" >}}) guide, which provides detailed instructions for preparing clusters, creating RERC resources, and deploying REAADB configurations.
+To deploy Active-Active databases using these YAML files, follow [Create Active-Active database (REAADB)]({{< relref "/operate/kubernetes/active-active/create-reaadb" >}}), which provides detailed instructions for preparing clusters, creating RERC resources, and deploying REAADB configurations.
 
 ## Related documentation
 
-- [Active-Active database guide]({{< relref "/operate/kubernetes/active-active/create-reaadb" >}})
+- [Create Active-Active database (REAADB)]({{< relref "/operate/kubernetes/active-active/create-reaadb" >}})
 - [REAADB API reference]({{< relref "/operate/kubernetes/reference/redis_enterprise_active_active_database_api" >}})
 - [RERC API reference]({{< relref "/operate/kubernetes/reference/redis_enterprise_remote_cluster_api" >}})
 - [Networking configuration]({{< relref "/operate/kubernetes/networking" >}})
diff --git a/content/operate/kubernetes/reference/yaml/log-collector-rbac.md b/content/operate/kubernetes/reference/yaml/log-collector-rbac.md
diff --git a/content/operate/kubernetes/reference/yaml/multi-namespace.md b/content/operate/kubernetes/reference/yaml/multi-namespace.md
