Release version 8.0.2-2

Makefile

@@ -21,10 +21,10 @@ $(info ---- REGISTRY = $(REGISTRY))
 CHART_NAME := redis-operator
 $(info ---- CHART_NAME = $(CHART_NAME))
 
-REDIS_TAG ?= 7.22.2-14
+REDIS_TAG ?= 8.0.2-17
 $(info ---- REDIS_TAG = $(REDIS_TAG))
 
-OPERATOR_TAG ?= 7.22.2-21
+OPERATOR_TAG ?= 8.0.2-2
 $(info ---- OPERATOR_TAG = $(OPERATOR_TAG))
 
 # The repo to pull the operator image from Docker Hub registry.
@@ -41,6 +41,13 @@ $(info ---- OPERATOR_REPO = $(OPERATOR_REPO))
 DEPLOYER_TAG ?= 6.021001
 $(info ---- DEPLOYER_TAG = $(DEPLOYER_TAG))
 
+# Override the default image tag for the deployer's base image (gcr.io/cloud-marketplace-tools/k8s/deployer_helm).
+# The default tag is defined in https://github.com/GoogleCloudPlatform/click-to-deploy/blob/master/k8s/MARKETPLACE_TOOLS_TAG,
+# and gets propagated into the Dockerfile in an absurdly convoluted way.
+# The default tag is currently hardcoded to 0.12.2, which includes multiple critical-level vulnerabiilities that prevent publishing.
+MARKETPLACE_TOOLS_TAG_OVERRIDE ?= 0.12.7
+$(info ---- MARKETPLACE_TOOLS_TAG_OVERRIDE = $(MARKETPLACE_TOOLS_TAG_OVERRIDE))
+
 # Tag the deployer image with modified version.
 APP_DEPLOYER_IMAGE := $(REGISTRY)/deployer:$(DEPLOYER_TAG)
 
@@ -84,7 +91,7 @@ app/build:: .build/redis-enterprise-operator/deployer \
 	    --build-arg REGISTRY="$(REGISTRY)" \
 	    --build-arg TAG="$(OPERATOR_TAG)" \
 	    --build-arg CHART_NAME="$(CHART_NAME)" \
-	    --build-arg MARKETPLACE_TOOLS_TAG="$(MARKETPLACE_TOOLS_TAG)" \
+	    --build-arg MARKETPLACE_TOOLS_TAG="$(MARKETPLACE_TOOLS_TAG_OVERRIDE)" \
 	    --tag "$(APP_DEPLOYER_IMAGE)" \
 	    -f deployer/Dockerfile \
 	    .

README.md

@@ -91,8 +91,8 @@ Redis version tags are in the format Major.Minor.Patch-Sub but GKE Marketplace r
 ```shell
 export APP_INSTANCE_NAME=redis-enterprise-operator
 export NAMESPACE=redis
-export TAG=7.22.2-21
-export DEPLOYER_TAG=7.22221
+export TAG=8.0.2-2
+export DEPLOYER_TAG=8.022
 export REPO=gcr.io/cloud-marketplace/redislabs-public/redis-enterprise
 ```
 

chart/redis-operator/Chart.yaml

@@ -1,3 +1,3 @@
 apiVersion: "v2"
 name: redis-operator
-version: "1.33"
+version: "1.34"

chart/redis-operator/templates/deployment/operator.yaml

@@ -61,13 +61,21 @@ spec:
               memory: 256Mi
           livenessProbe:
             failureThreshold: 3
-            successThreshold: 1
-            periodSeconds: 10
-            timeoutSeconds: 5
             httpGet:
-              path: /healthz
+              path: /liveness
               port: 8080
               scheme: HTTP
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            failureThreshold: 3
+            exec:
+              command: [ "true" ]
+            periodSeconds: 60
+            successThreshold: 1
+            timeoutSeconds: 5
+            initialDelaySeconds: 0
           securityContext:
             privileged: false
             readOnlyRootFilesystem: true
@@ -114,7 +122,7 @@ spec:
             periodSeconds: 10
             timeoutSeconds: 5
             httpGet:
-              path: /healthz
+              path: /readiness
               port: 8443
               scheme: HTTPS
           livenessProbe:

deployer/reaadb_crd.yaml

@@ -391,6 +391,20 @@ spec:
                             - enabled
                             - threshold
                           type: object
+                        bdb_proxy_cert_expiring_soon:
+                          description: Proxy certificate will expire in less than specified
+                            threshold value [days]
+                          properties:
+                            enabled:
+                              description: Alert enabled or disabled
+                              type: boolean
+                            threshold:
+                              description: Threshold for alert going on/off
+                              type: string
+                          required:
+                            - enabled
+                            - threshold
+                          type: object
                       type: object
                     backup:
                       description: Target for automatic database backups.
@@ -749,8 +763,12 @@ spec:
                               list, case sensitive)'
                             type: string
                           type:
-                            description: Type of Redis Enterprise Database Role Permission
+                            description: Type of Redis Enterprise Database Role Permission.
+                              Currently, only "redis-enterprise" is supported, which uses roles and ACLs defined within Redis Enterprise directly.
                             type: string
+                            enum:
+                              - redis-enterprise
+                            default: redis-enterprise
                         required:
                           - acl
                           - role

deployer/rec_crd.yaml

@@ -18,7 +18,7 @@ spec:
   versions:
     - name: v1
       served: true
-      storage: false
+      storage: true
       subresources:
         status: {}
       additionalPrinterColumns:
@@ -757,8 +757,12 @@ spec:
                       anyOf:
                         - type: integer
                         - type: string
-                      description: To enable resizing after creating the cluster - please
-                        follow the instructions in the pvc_expansion readme
+                      description: >-
+                        By default, if you omit spec.persistentSpec.volumeSize, the operator allocates a
+                        persistent volume that is five times (5x) the Redis Enterprise node memory request
+                        defined in spec.redisEnterpriseNodeResources.requests.memory (per node). This 5x ratio
+                        is the recommended minimum capacity. To enable resizing after creating the cluster,
+                        see the Expand PVC docs: https://redis.io/docs/latest/operate/kubernetes/re-clusters/expand-pvc/
                       pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                       x-kubernetes-int-or-string: true
                   type: object
@@ -3749,7 +3753,7 @@ spec:
                             false.
                           type: boolean
                       required:
-                      - enabled
+                        - enabled
                       type: object
                     resourceLimits:
                       description: Settings pertaining to resource limits management by
@@ -6427,7 +6431,7 @@ spec:
                       description: databaseServicePortPolicy instructs how to determine the service
                         ports for REDB services. Defaults to DatabasePortForward, if not specified
                         otherwise.
-                        Note - Regardless whether this flag is set or not, if an REDB/REAADB 
+                        Note - Regardless whether this flag is set or not, if an REDB/REAADB
                         configured with databaseServicePort that would be the port exposed by the Service.
                         DatabasePortForward - The service port will be the same as the database port.
                         RedisDefaultPort - The service port will be the default Redis port (6379).
@@ -7823,7 +7827,7 @@ spec:
           type: date
           jsonPath: .metadata.creationTimestamp
       served: true
-      storage: true
+      storage: false
       subresources:
         status: {}
       schema:
@@ -11194,7 +11198,7 @@ spec:
                             false.
                           type: boolean
                       required:
-                      - enabled
+                        - enabled
                       type: object
                     resourceLimits:
                       description: Settings pertaining to resource limits management by

deployer/redb_crd.yaml

@@ -156,6 +156,18 @@ spec:
     #                     type: string
                       x-kubernetes-preserve-unknown-fields: true
                       type: object
+                    bdb_proxy_cert_expiring_soon:
+                      description: "Proxy certificate will expire in less than specified
+                        threshold value [days]"
+                      properties:
+                        enabled:
+                          description: Alert enabled or disabled
+                          type: boolean
+#                        threshold:
+#                          description: Threshold for alert going on/off
+#                          type: string
+                      x-kubernetes-preserve-unknown-fields: true
+                      type: object
                     bdb_ram_dataset_overhead:
                       description: "Dataset RAM overhead of a shard has reached the threshold value [% of its RAM limit]
                         -Note threshold is commented (allow string/int/float and support backwards compatibility) but is required"
@@ -375,7 +387,7 @@ spec:
                     changed after creation
                   type: integer
                 databaseServicePort:
-                  description:  A custom port to be exposed by the database Services. Can be modified/added/removed
+                  description: A custom port to be exposed by the database Services. Can be modified/added/removed
                     after REDB creation. If set, it'll replace the default service port (namely, databasePort or defaultRedisPort).
                   type: integer
                 databaseSecretName:
@@ -410,6 +422,7 @@ spec:
                     If specifying an explicit version for a module, automatic modules versions upgrade must be disabled by
                     setting the '.upgradeSpec.upgradeModulesToLatest' field in the REC to 'false'.
                     Note that the option to specify module versions is deprecated, and will be removed in future releases.
+                    for Redis version 8 and above, bundled modules are enabled automatically, so there is no need to specify them
                   items:
                     description: Redis Enterprise module (see https://redis.io/docs/latest/develop/reference/modules/)
                     properties:
@@ -526,8 +539,12 @@ spec:
                         description: Role Name of RolePermissionType
                         type: string
                       type:
-                        description: Type of Redis Enterprise Database Role Permission
+                        description: Type of Redis Enterprise Database Role Permission.
+                          Currently, only "redis-enterprise" is supported, which uses roles and ACLs defined within Redis Enterprise directly.
                         type: string
+                        enum:
+                          - redis-enterprise
+                        default: redis-enterprise
                     required:
                       - acl
                       - role

schema.yaml

@@ -94,8 +94,8 @@ properties:
               verbs: ["update", "get", "read", "list", "listallnamespaces",
                       "watch", "watchlist", "watchlistallnamespaces", "create",
                       "patch", "replace", "delete", "deletecollection"]
-            - apiGroups: [""]
-              resources: ["endpoints"]
+            - apiGroups: ["discovery.k8s.io"]
+              resources: ["endpointslices"]
               verbs: ["get", "list", "watch"]
             - apiGroups: [""]
               resources: ["events"]