diff --git a/Makefile b/Makefile index 1a54410..0e2caa7 100644 --- a/Makefile +++ b/Makefile @@ -21,10 +21,10 @@ $(info ---- REGISTRY = $(REGISTRY)) CHART_NAME := redis-operator $(info ---- CHART_NAME = $(CHART_NAME)) -REDIS_TAG ?= 7.22.2-14 +REDIS_TAG ?= 8.0.2-17 $(info ---- REDIS_TAG = $(REDIS_TAG)) -OPERATOR_TAG ?= 7.22.2-21 +OPERATOR_TAG ?= 8.0.2-2 $(info ---- OPERATOR_TAG = $(OPERATOR_TAG)) # The repo to pull the operator image from Docker Hub registry. @@ -41,6 +41,13 @@ $(info ---- OPERATOR_REPO = $(OPERATOR_REPO)) DEPLOYER_TAG ?= 6.021001 $(info ---- DEPLOYER_TAG = $(DEPLOYER_TAG)) +# Override the default image tag for the deployer's base image (gcr.io/cloud-marketplace-tools/k8s/deployer_helm). +# The default tag is defined in https://github.com/GoogleCloudPlatform/click-to-deploy/blob/master/k8s/MARKETPLACE_TOOLS_TAG, +# and gets propagated into the Dockerfile in an absurdly convoluted way. +# The default tag is currently hardcoded to 0.12.2, which includes multiple critical-level vulnerabiilities that prevent publishing. +MARKETPLACE_TOOLS_TAG_OVERRIDE ?= 0.12.7 +$(info ---- MARKETPLACE_TOOLS_TAG_OVERRIDE = $(MARKETPLACE_TOOLS_TAG_OVERRIDE)) + # Tag the deployer image with modified version. APP_DEPLOYER_IMAGE := $(REGISTRY)/deployer:$(DEPLOYER_TAG) @@ -84,7 +91,7 @@ app/build:: .build/redis-enterprise-operator/deployer \ --build-arg REGISTRY="$(REGISTRY)" \ --build-arg TAG="$(OPERATOR_TAG)" \ --build-arg CHART_NAME="$(CHART_NAME)" \ - --build-arg MARKETPLACE_TOOLS_TAG="$(MARKETPLACE_TOOLS_TAG)" \ + --build-arg MARKETPLACE_TOOLS_TAG="$(MARKETPLACE_TOOLS_TAG_OVERRIDE)" \ --tag "$(APP_DEPLOYER_IMAGE)" \ -f deployer/Dockerfile \ . diff --git a/README.md b/README.md index 2794efd..9acaaf2 100644 --- a/README.md +++ b/README.md @@ -91,8 +91,8 @@ Redis version tags are in the format Major.Minor.Patch-Sub but GKE Marketplace r ```shell export APP_INSTANCE_NAME=redis-enterprise-operator export NAMESPACE=redis -export TAG=7.22.2-21 -export DEPLOYER_TAG=7.22221 +export TAG=8.0.2-2 +export DEPLOYER_TAG=8.022 export REPO=gcr.io/cloud-marketplace/redislabs-public/redis-enterprise ``` diff --git a/chart/redis-operator/Chart.yaml b/chart/redis-operator/Chart.yaml index 92f2907..531de86 100644 --- a/chart/redis-operator/Chart.yaml +++ b/chart/redis-operator/Chart.yaml @@ -1,3 +1,3 @@ apiVersion: "v2" name: redis-operator -version: "1.33" +version: "1.34" diff --git a/chart/redis-operator/templates/deployment/operator.yaml b/chart/redis-operator/templates/deployment/operator.yaml index ffa5bc1..9231699 100644 --- a/chart/redis-operator/templates/deployment/operator.yaml +++ b/chart/redis-operator/templates/deployment/operator.yaml @@ -61,13 +61,21 @@ spec: memory: 256Mi livenessProbe: failureThreshold: 3 - successThreshold: 1 - periodSeconds: 10 - timeoutSeconds: 5 httpGet: - path: /healthz + path: /liveness port: 8080 scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + failureThreshold: 3 + exec: + command: [ "true" ] + periodSeconds: 60 + successThreshold: 1 + timeoutSeconds: 5 + initialDelaySeconds: 0 securityContext: privileged: false readOnlyRootFilesystem: true @@ -114,7 +122,7 @@ spec: periodSeconds: 10 timeoutSeconds: 5 httpGet: - path: /healthz + path: /readiness port: 8443 scheme: HTTPS livenessProbe: diff --git a/deployer/reaadb_crd.yaml b/deployer/reaadb_crd.yaml index 74af20b..3e67287 100644 --- a/deployer/reaadb_crd.yaml +++ b/deployer/reaadb_crd.yaml @@ -391,6 +391,20 @@ spec: - enabled - threshold type: object + bdb_proxy_cert_expiring_soon: + description: Proxy certificate will expire in less than specified + threshold value [days] + properties: + enabled: + description: Alert enabled or disabled + type: boolean + threshold: + description: Threshold for alert going on/off + type: string + required: + - enabled + - threshold + type: object type: object backup: description: Target for automatic database backups. @@ -749,8 +763,12 @@ spec: list, case sensitive)' type: string type: - description: Type of Redis Enterprise Database Role Permission + description: Type of Redis Enterprise Database Role Permission. + Currently, only "redis-enterprise" is supported, which uses roles and ACLs defined within Redis Enterprise directly. type: string + enum: + - redis-enterprise + default: redis-enterprise required: - acl - role diff --git a/deployer/rec_crd.yaml b/deployer/rec_crd.yaml index 1f2c14b..33a2a21 100644 --- a/deployer/rec_crd.yaml +++ b/deployer/rec_crd.yaml @@ -18,7 +18,7 @@ spec: versions: - name: v1 served: true - storage: false + storage: true subresources: status: {} additionalPrinterColumns: @@ -757,8 +757,12 @@ spec: anyOf: - type: integer - type: string - description: To enable resizing after creating the cluster - please - follow the instructions in the pvc_expansion readme + description: >- + By default, if you omit spec.persistentSpec.volumeSize, the operator allocates a + persistent volume that is five times (5x) the Redis Enterprise node memory request + defined in spec.redisEnterpriseNodeResources.requests.memory (per node). This 5x ratio + is the recommended minimum capacity. To enable resizing after creating the cluster, + see the Expand PVC docs: https://redis.io/docs/latest/operate/kubernetes/re-clusters/expand-pvc/ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -3749,7 +3753,7 @@ spec: false. type: boolean required: - - enabled + - enabled type: object resourceLimits: description: Settings pertaining to resource limits management by @@ -6427,7 +6431,7 @@ spec: description: databaseServicePortPolicy instructs how to determine the service ports for REDB services. Defaults to DatabasePortForward, if not specified otherwise. - Note - Regardless whether this flag is set or not, if an REDB/REAADB + Note - Regardless whether this flag is set or not, if an REDB/REAADB configured with databaseServicePort that would be the port exposed by the Service. DatabasePortForward - The service port will be the same as the database port. RedisDefaultPort - The service port will be the default Redis port (6379). @@ -7823,7 +7827,7 @@ spec: type: date jsonPath: .metadata.creationTimestamp served: true - storage: true + storage: false subresources: status: {} schema: @@ -11194,7 +11198,7 @@ spec: false. type: boolean required: - - enabled + - enabled type: object resourceLimits: description: Settings pertaining to resource limits management by diff --git a/deployer/redb_crd.yaml b/deployer/redb_crd.yaml index a28dd93..088a3f9 100644 --- a/deployer/redb_crd.yaml +++ b/deployer/redb_crd.yaml @@ -156,6 +156,18 @@ spec: # type: string x-kubernetes-preserve-unknown-fields: true type: object + bdb_proxy_cert_expiring_soon: + description: "Proxy certificate will expire in less than specified + threshold value [days]" + properties: + enabled: + description: Alert enabled or disabled + type: boolean +# threshold: +# description: Threshold for alert going on/off +# type: string + x-kubernetes-preserve-unknown-fields: true + type: object bdb_ram_dataset_overhead: description: "Dataset RAM overhead of a shard has reached the threshold value [% of its RAM limit] -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required" @@ -375,7 +387,7 @@ spec: changed after creation type: integer databaseServicePort: - description: A custom port to be exposed by the database Services. Can be modified/added/removed + description: A custom port to be exposed by the database Services. Can be modified/added/removed after REDB creation. If set, it'll replace the default service port (namely, databasePort or defaultRedisPort). type: integer databaseSecretName: @@ -410,6 +422,7 @@ spec: If specifying an explicit version for a module, automatic modules versions upgrade must be disabled by setting the '.upgradeSpec.upgradeModulesToLatest' field in the REC to 'false'. Note that the option to specify module versions is deprecated, and will be removed in future releases. + for Redis version 8 and above, bundled modules are enabled automatically, so there is no need to specify them items: description: Redis Enterprise module (see https://redis.io/docs/latest/develop/reference/modules/) properties: @@ -526,8 +539,12 @@ spec: description: Role Name of RolePermissionType type: string type: - description: Type of Redis Enterprise Database Role Permission + description: Type of Redis Enterprise Database Role Permission. + Currently, only "redis-enterprise" is supported, which uses roles and ACLs defined within Redis Enterprise directly. type: string + enum: + - redis-enterprise + default: redis-enterprise required: - acl - role diff --git a/schema.yaml b/schema.yaml index dcbe11f..4eb26fe 100644 --- a/schema.yaml +++ b/schema.yaml @@ -94,8 +94,8 @@ properties: verbs: ["update", "get", "read", "list", "listallnamespaces", "watch", "watchlist", "watchlistallnamespaces", "create", "patch", "replace", "delete", "deletecollection"] - - apiGroups: [""] - resources: ["endpoints"] + - apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"]