Skip to content

K8s: Add YAML examples #1872

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 16 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions assets/css/index.css
Original file line number Diff line number Diff line change
Expand Up @@ -521,6 +521,41 @@ select {
@apply w-10 h-10;
}

/* YAML embed download button styles */
.download-yaml-btn {
@apply transition-colors;
}

.download-yaml-btn:disabled {
@apply opacity-75 cursor-not-allowed;
}

.download-yaml-btn svg {
@apply w-4 h-4;
}

/* Make long code blocks scrollable */
.yaml-embed-container .highlight {
max-height: 800px;
overflow-y: auto;
}

.yaml-embed-container .highlight::-webkit-scrollbar {
width: 8px;
}

.yaml-embed-container .highlight::-webkit-scrollbar-track {
@apply bg-slate-700 rounded;
}

.yaml-embed-container .highlight::-webkit-scrollbar-thumb {
@apply bg-slate-500 rounded;
}

.yaml-embed-container .highlight::-webkit-scrollbar-thumb:hover {
@apply bg-slate-400;
}

#download-redis > h3,
#download-redis-stack > h3 {
@apply mt-2;
Expand Down
128 changes: 128 additions & 0 deletions content/operate/kubernetes/logs/log-collector-rbac.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,128 @@
---
Title: Log collector RBAC examples
alwaysopen: false
categories:
- docs
- operate
- kubernetes
description: YAML examples for configuring RBAC permissions for the Redis Enterprise log collector tool in restricted and all modes.
linkTitle: Log collector RBAC
weight: 50
---

This page provides YAML examples for configuring RBAC permissions for the Redis Enterprise log collector tool. The log collector requires different permission levels depending on the collection mode you choose.

For complete log collection instructions, see [Collect logs]({{< relref "/operate/kubernetes/logs/collect-logs" >}}).

## Prerequisites

- [Deployment]({{< relref "/operate/kubernetes/deployment" >}}) must be installed
- Appropriate permissions to create RBAC resources in target namespaces
- Understanding of your deployment model (single namespace, multi-namespace, etc.)

## Collection modes

The log collector has two collection modes that require different RBAC permissions:

- **Restricted mode** (recommended): Collects only Redis Enterprise resources with minimal security exposure. Default for versions 6.2.18-3 and later.
- **All mode**: Collects comprehensive cluster information including nodes, storage classes, and operator resources. Use when specifically requested by Redis Support.

## Restricted mode

The restricted mode configuration provides minimal permissions for collecting Redis Enterprise resources only.

{{<embed-yaml "k8s/log_collector_role_restricted_mode.md" "log-collector-restricted-rbac.yaml">}}

Restricted mode configuration:
- `Role`: Namespace-scoped permissions for Redis Enterprise resources
- `ClusterRole`: Cluster-wide permissions for CRDs and basic cluster resources
- `rules`: Minimal permissions for Redis Enterprise diagnostics

Key permissions:
- `pods, pods/log, pods/exec`: Access to pod information and logs
- `app.redislabs.com/*`: All Redis Enterprise custom resources
- `persistentvolumes`: Storage information for troubleshooting

## All mode

The all mode configuration provides comprehensive permissions for collecting detailed cluster information.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nothing major, but I'm just wondering if there's an easy way to add italics or code style or something to "all" when it's used as the mode name (and I guess you would do the same for "restricted" for consistency)? For example, later in the page you say "Consider switching to all mode..." and it took me a second reading to get what it meant.


{{<embed-yaml "k8s/log_collector_role_all_mode.md" "log-collector-all-rbac.yaml">}}

All mode configuration:
- `Role`: Extended namespace permissions including operator resources
- `ClusterRole`: Additional cluster-wide permissions for nodes and storage
- `rules`: Comprehensive permissions for full cluster diagnostics

Additional permissions in all mode:
- `nodes`: Node information and status
- `storageclasses, volumeattachments`: Storage system details
- `operators.coreos.com/*`: OpenShift operator information
- `networking.istio.io/*`: Istio service mesh resources

## Apply the configuration

### Manual deployment

To apply the RBAC configurations manually:

```bash
# Apply restricted mode RBAC
kubectl apply -f log-collector-restricted-rbac.yaml --namespace <namespace>

# Apply all mode RBAC
kubectl apply -f log-collector-all-rbac.yaml --namespace <namespace>
```
### Namespace requirements

The Role and RoleBinding must be created in every namespace where you need to collect logs:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"You must create" to avoid PV?


- **Single namespace**: Apply to the namespace where Redis Enterprise runs
- **Multi-namespace with single REC**: Apply to the REC namespace plus each REDB namespace
- **Multi-namespace with multiple RECs**: Apply to each REC namespace

The ClusterRole and ClusterRoleBinding need to be created only once per cluster.

Edit the values in the downloaded YAML file for your specific setup, updating the namespace references and role binding subjects to match your environment.

## Security considerations

### Best practices

- Use restricted mode unless you specifically need additional cluster information
- Limit namespace access to only where log collection is needed
- Handle collected data according to your organization's security policies

### Secrets permission explanation

The RBAC configurations request read access to secrets in the collected namespaces. **Secrets are not collected or included in the log package sent to Redis Support.** This permission is required because:

- The log collector uses Helm commands (`helm list`, `helm get all`) to gather Redis Enterprise Helm chart deployment information
- Helm stores its deployment metadata in Kubernetes secrets
- This metadata contains only deployment configuration (not sensitive data)

If your security policies prohibit secrets access, you can remove the secrets permission from the Role, but this will limit the log collector's ability to gather Helm deployment information.

## Troubleshooting

### Permission errors

- Verify that roles and bindings are applied correctly in the target namespaces
- Check that the ClusterRole is applied cluster-wide
- Ensure the service account has proper role bindings

### Missing resources

- Consider switching to all mode if additional cluster resources are needed
- Verify that custom resource definitions are installed
- Check that the operator has proper permissions

## Next steps

- [Collect logs]({{< relref "/operate/kubernetes/logs/collect-logs" >}})

## Related documentation

- [Kubernetes RBAC documentation](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
- [Logs]({{< relref "/operate/kubernetes/logs" >}})
- [Deployment]({{< relref "/operate/kubernetes/deployment" >}})
44 changes: 23 additions & 21 deletions content/operate/kubernetes/reference/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,30 +5,30 @@ categories:
- docs
- operate
- kubernetes
description: API reference and guides for managing Redis Enterprise custom resources on Kubernetes.
description: Resources to help you manage Redis Enterprise custom resources on Kubernetes.
hideListLinks: true
linkTitle: Reference
weight: 89
---

Reference documentation for Redis Enterprise custom resources, including API specifications and practical guides for creating, configuring, and managing Redis Enterprise deployments on Kubernetes.
This reference documentation covers Redis Enterprise custom resources, API specifications, and practical instructions for creating, configuring, and managing Redis Enterprise deployments on Kubernetes.

## Working with custom resources
## Work with custom resources

Redis Enterprise for Kubernetes uses custom resources to manage clusters and databases. You can create, modify, and delete these resources using standard Kubernetes tools.
Redis Enterprise for Kubernetes uses custom resources to manage clusters and databases. Use standard Kubernetes tools to create, modify, and delete these resources.

### Creating custom resources
### Create custom resources

Create custom resources using `kubectl apply` with YAML manifests:
Use `kubectl apply` with YAML manifests to create custom resources:

```bash
kubectl apply -f my-redis-cluster.yaml
kubectl apply -f my-redis-database.yaml
```

### Viewing custom resources
### View custom resources

List and inspect existing custom resources:
Use these commands to list and inspect existing custom resources:

```bash
# List Redis Enterprise clusters
Expand All @@ -48,9 +48,9 @@ kubectl describe rec my-cluster
kubectl describe redb my-database
```

### Modifying custom resources
### Modify custom resources

Update custom resources by editing the YAML manifest and reapplying:
Edit the YAML manifest and reapply to update custom resources:

```bash
# Edit and apply updated manifest
Expand All @@ -61,20 +61,22 @@ kubectl edit rec my-cluster
kubectl edit redb my-database
```

### Deleting custom resources
## YAML examples

Remove custom resources when no longer needed:
Find complete YAML examples for common deployment scenarios:

```bash
kubectl delete redb my-database
kubectl delete rec my-cluster
```
- [YAML examples]({{< relref "/operate/kubernetes/reference/yaml-examples" >}}) - Ready-to-use YAML configurations for different deployment types

### Example categories

**Important:** Always delete databases (REDB) before deleting the cluster (REC) to ensure proper cleanup.
- [Basic deployment]({{< relref "/operate/kubernetes/reference/yaml-examples/basic-deployment" >}}) - Essential YAML files for simple Redis Enterprise deployment
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are all dead links. I think the /yaml-examples/ bit should be just /yaml/, unless you're planning to rename the folder in a future commit?

Suggested change
- [Basic deployment]({{< relref "/operate/kubernetes/reference/yaml-examples/basic-deployment" >}}) - Essential YAML files for simple Redis Enterprise deployment
- [Basic deployment]({{< relref "/operate/kubernetes/reference/yaml/basic-deployment" >}}) - Essential YAML files for simple Redis Enterprise deployment

- [Rack awareness]({{< relref "/operate/kubernetes/reference/yaml-examples/rack-awareness" >}}) - YAML examples for rack-aware deployments across availability zones
- [Active-Active]({{< relref "/operate/kubernetes/reference/yaml-examples/active-active" >}}) - YAML examples for Active-Active databases across multiple clusters
- [Multi-namespace]({{< relref "/operate/kubernetes/reference/yaml-examples/multi-namespace" >}}) - YAML examples for deploying across multiple namespaces

## API reference

Complete API specifications for all Redis Enterprise custom resources:
Review complete API specifications for all Redis Enterprise custom resources:

### Core resources

Expand All @@ -88,16 +90,16 @@ Complete API specifications for all Redis Enterprise custom resources:

## Compatibility

Information about supported Kubernetes distributions and versions:
Check supported Kubernetes distributions and versions:

- [Supported Kubernetes distributions]({{< relref "/operate/kubernetes/reference/supported_k8s_distributions" >}}) - Compatible Kubernetes platforms and versions

## Best practices

When working with custom resources:
Follow these best practices when working with custom resources:

- **Use version control**: Store your YAML manifests in version control systems
- **Validate before applying**: Use `kubectl apply --dry-run=client` to validate changes
- **Monitor resource status**: Check resource status after applying changes
- **Monitor resource status**: Check resource status after you apply changes
- **Follow naming conventions**: Use consistent naming for easier management
- **Document configurations**: Add annotations and labels to describe resource purpose
56 changes: 56 additions & 0 deletions content/operate/kubernetes/reference/api/_index.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
---
title: API reference
categories:
- docs
- operate
- kubernetes
linkTitle: API reference
description: Reference documentation for Redis Enterprise operator APIs
weight: 30
alwaysopen: false
hideListLinks: true
aliases:
---

The Redis Enterprise operator provides Kubernetes custom resource definitions (CRDs) that let you manage Redis Enterprise clusters and databases declaratively. This section contains the complete API reference for all operator resources.

## API versions and stability

The operator uses different API versions to indicate stability and feature maturity:

- **`app.redislabs.com/v1`** - Stable APIs for production use
- **`app.redislabs.com/v1alpha1`** - Alpha APIs that may change in future releases

## Custom resources

| Resource | API Version | Purpose |
|----------|-------------|---------|
| [RedisEnterpriseCluster (REC)](redis_enterprise_cluster_api) | `v1` | Manages Redis Enterprise cluster deployments |
| [RedisEnterpriseDatabase (REDB)](redis_enterprise_database_api) | `v1alpha1` | Creates and configures Redis databases |
| [RedisEnterpriseActiveActiveDatabase (REAADB)](redis_enterprise_active_active_database_api) | `v1alpha1` | Sets up active-active databases across clusters |
| [RedisEnterpriseRemoteCluster (RERC)](redis_enterprise_remote_cluster_api) | `v1alpha1` | Defines remote cluster connections for active-active |

## Working with the APIs

### Using kubectl

Manage all resources using standard `kubectl` commands:

```bash
# List all Redis Enterprise clusters
kubectl get rec

# Get detailed information about a specific database
kubectl describe redb my-database

# Apply a configuration from a YAML file
kubectl apply -f my-redis-config.yaml
```

### Resource relationships

- Create a `RedisEnterpriseCluster` (REC) first to provide the Redis Enterprise infrastructure
- Create `RedisEnterpriseDatabase` (REDB) resources within a cluster to provision individual databases
- Use `RedisEnterpriseActiveActiveDatabase` (REAADB) with `RedisEnterpriseRemoteCluster (RERC)` resources to define participating clusters

For complete YAML configuration examples, see the [YAML examples](../yaml/) section.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be a relref.

Suggested change
For complete YAML configuration examples, see the [YAML examples](../yaml/) section.
For complete YAML configuration examples, see the [YAML examples]({{< relref "/operate/kubernetes/reference/yaml/" >}}) section.

Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@ categories:
- kubernetes
description: Support matrix for the current Redis Enterprise K8s operator
linkTitle: Supported distributions
weight: 30
weight: 10
---

Each release of Redis Enterprise for Kubernetes is thoroughly tested against a set of Kubernetes distributions. The table below lists Redis Enterprise for Kubernetes versions and the Kubernetes distributions they support.
We thoroughly test each release of Redis Enterprise for Kubernetes against a set of Kubernetes distributions. The table below lists Redis Enterprise for Kubernetes versions and the Kubernetes distributions they support.

{{<note>}}x86 is currently the only computer architecture supported by Redis Enterprise for Kubernetes. Support for ARM architecture is coming in future releases.{{</note>}}

Expand Down
Loading