{
  "id": "openshift-cli",
  "title": "Upgrade Redis Enterprise with OpenShift CLI",
  "url": "https://redis.io/docs/latest/operate/kubernetes/8.0/upgrade/openshift-cli/",
  "summary": "This task describes how to upgrade a Redis Enterprise cluster via OpenShift CLI.",
  "content": "\nRedis implements rolling updates for software upgrades in Kubernetes deployments. The upgrade process includes updating three components:\n\n  1. [Upgrade the Redis Enterprise operator](#upgrade-the-operator)\n  1. [Upgrade the Redis Enterprise cluster (REC)](#upgrade-the-redis-enterprise-cluster)\n  1. [Upgrade Redis Enterprise databases (REDB)](#upgrade-databases)\n\n## Prerequisites\n\nThe following steps ensure you have the minimum versions of all components necessary to upgrade to 7.8.2-6 or later. **Without these minimum versions, the upgrade will freeze and require manual recovery.**\n\nSee the [troubleshooting](#troubleshooting) section for details on recovering a failed upgrade.\n\n#### Kubernetes version\n\nCheck [Supported Kubernetes distributions](https://redis.io/docs/latest/operate/kubernetes/reference/supported_k8s_distributions) to make sure your Kubernetes distribution is supported. If not, upgrade your Kubernetes distribution before upgrading the Redis operator.\n\n#### Redis operator version\n\nYour Redis Enterprise clusters must be running version 7.4.2-2 or later before upgrading to 7.8.2-6 or later. See the [7.4 upgrade](https://redis.io/docs/latest/operate/kubernetes/7.4.6/upgrade/openshift-cli/) for detailed steps.\n\n#### Redis database version\n\nYour Redis databases must be running version 7.2 or later before upgrading your cluster version. See [upgrade databases](#upgrade-databases) for detailed steps. You can find your database version in the [REDB `spec.redisVersion` field](https://redis.io/docs/latest/operate/kubernetes/reference/api/redis_enterprise_database_api#redisversion).\n\n#### User-defined modules\n\nIf your databases use user-defined modules (custom non-bundled modules):\n\n- Set `autoUpgradeRedisEnterprise: false` in the REC custom resource before upgrading the operator.\n- Define the user-defined modules in the REC custom resource before upgrading the database.\n- See [Edit `redisEnterpriseImageSpec`](#edit-redisenterpriseimagespec) for more details.\n\nFor more information about user-defined modules, see [User-defined modules](https://redis.io/docs/latest/operate/kubernetes/re-databases/modules#user-defined-modules).\n\n#### RHEL9-compatible modules\n\nUpgrading to Redis operator versions 7.8.2-6 and later  involves migrating your Redis Enterprise nodes to RHEL9 from either Ubuntu 18 or RHEL8. If your databases use modules, you need to manually install modules compatible with RHEL9.\n\nTo see which modules you have installed, run:\n\n```sh\ncurl -k -u \u003crec_username\u003e:\u003crec_password\u003e -X GET https://localhost:9443/v1/modules | jq -r 'map([.module_name, .semantic_version, (.platforms | keys)]) | .[] | .[0] as $name | .[1] as $version | .[2][] | $name + \"-\" + $version + \"-\" + .' | sort\n```\n\nTo see which modules are currently in use, run:\n\n```sh\ncurl -k -u \u003crec_username\u003e:\u003crec_password\u003e -X GET https://localhost:9443/v1/bdbs | jq -r '.[].module_list | map(.module_name + \"-\" + .semantic_version) | .[]'\n```\n\nSee [Upgrade modules](https://redis.io/docs/latest/operate/oss_and_stack/stack-with-enterprise/install/upgrade-module) for details on how to upgrade modules with the `rladmin` tool.\n\n#### Valid license\n\nUse `kubectl get rec` and verify the `LICENSE STATE` is valid on your REC before you start the upgrade process.\n\n## Upgrade with Helm charts\n\nIf you installed the Redis Enterprise operator using Helm charts on OpenShift, you can upgrade using Helm commands. This method automatically handles the operator upgrade and Custom Resource Definition (CRD) updates.\n\nTo upgrade using Helm on OpenShift:\n\n```sh\nhelm upgrade \u003crelease-name\u003e \u003crepo-name\u003e/redis-enterprise-operator --version \u003cchart-version\u003e \\\n    --set openshift.mode=true\n```\n\nFor example:\n\n```sh\nhelm upgrade my-redis-enterprise \u003crepo-name\u003e/redis-enterprise-operator --version 7.8.2-2 \\\n    --set openshift.mode=true\n```\n\nAfter the Helm upgrade completes, continue with [upgrading the Redis Enterprise cluster](#upgrade-the-redis-enterprise-cluster) and [upgrading databases](#upgrade-databases).\n\nFor detailed Helm upgrade instructions, see [Upgrade the chart](https://redis.io/docs/latest/operate/kubernetes/deployment/helm#upgrade-the-chart).\n\n## Upgrade the operator\n\nIf your databases use user-defined modules, set `autoUpgradeRedisEnterprise: false` in the REC custom resource before upgrading the operator.\n\n### Download the bundle\n\nMake sure you pull the correct version of the bundle. You can find the version tags\nby checking the [operator releases on GitHub](https://github.com/RedisLabs/redis-enterprise-k8s-docs/releases)\nor by [using the GitHub API](https://docs.github.com/en/rest/reference/repos#releases).\n\nFor OpenShift environments, the name of the bundle is `openshift.bundle.yaml`, and so the `curl` command to run is:\n\n```sh\ncurl --silent -O https://raw.githubusercontent.com/RedisLabs/redis-enterprise-k8s-docs/$VERSION/openshift.bundle.yaml\n```\n\nIf you need a different release, replace `VERSION` in the above with a specific release tag.\n\n### Apply the bundle\n\nApply the bundle to deploy the new operator binary. This will also apply any changes in the new release to custom resource definitions, roles, role binding, or operator service accounts.\n\n\nIf you are not pulling images from Docker Hub, update the operator image spec to point to your private repository.\nIf you have made changes to the role, role binding, RBAC, or custom resource definition (CRD) in the previous version, merge them with the updated declarations in the new version files.\n\n\nIf you are using OpenShift, run this instead:\n\n```sh\noc apply -f openshift.bundle.yaml\n```\n\nAfter running this command, you should see a result similar to this:\n\n```sh\nrole.rbac.authorization.k8s.io/redis-enterprise-operator configured\nserviceaccount/redis-enterprise-operator configured\nrolebinding.rbac.authorization.k8s.io/redis-enterprise-operator configured\ncustomresourcedefinition.apiextensions.k8s.io/redisenterpriseclusters.app.redislabs.com configured\ncustomresourcedefinition.apiextensions.k8s.io/redisenterprisedatabases.app.redislabs.com configured\ndeployment.apps/redis-enterprise-operator configured\n```\n\n### Reapply the admission controller webhook {#reapply-webhook}\n\nIf you have the admission controller enabled, you need to manually reapply the `ValidatingWebhookConfiguration`.\n\n\n [Versions 6.4.2 and later](https://redis.io/docs/latest/operate/kubernetes/release-notes/previous-releases/) uses a new `ValidatingWebhookConfiguration` resource to replace `redb-admission`. To use newer releases, delete the old webhook resource and apply the new file.\n\n1. Delete the existing `ValidatingWebhookConfiguration` on the Kubernetes cluster (named `redb-admission`).\n\n        ```sh\n        kubectl delete ValidatingWebhookConfiguration redb-admission\n        ```\n\n1. Apply the resource from the new file.\n\n        ```sh\n        kubectl apply -f deploy/admission/webhook.yaml\n        ```\n        \n\n\n1. Verify the `admission-tls` secret exists.\n\n    ```sh\n    kubectl get secret admission-tls\n    ```\n  \n    The output should look similar to\n  \n    ```sh\n    NAME            TYPE     DATA   AGE\n    admission-tls   Opaque   2      2m43s\n    ```\n\n1. Save the certificate to a local environment variable.\n\n    ```sh\n    CERT=`kubectl get secret admission-tls -o jsonpath='{.data.cert}'`\n    ```\n\n1. Create a Kubernetes validating webhook, replacing `\u003cnamespace\u003e` with the namespace where the REC was installed.\n\n    The `webhook.yaml` template can be found in [redis-enterprise-k8s-docs/admission](https://github.com/RedisLabs/redis-enterprise-k8s-docs/tree/master/admission)\n\n    ```sh\n    sed 's/OPERATOR_NAMESPACE/\u003cnamespace\u003e/g' webhook.yaml | kubectl create -f -\n    ```\n\n1. Create a patch file for the Kubernetes validating webhook.\n\n    ```sh\n    cat \u003e modified-webhook.yaml \u003c\u003cEOF\n    webhooks:\n    - name: redisenterprise.admission.redislabs\n      clientConfig:\n       caBundle: $CERT\n    EOF\n    ```\n\n1. Patch the webhook with the certificate.\n\n    ```sh\n    kubectl patch ValidatingWebhookConfiguration \\\n        redis-enterprise-admission --patch \"$(cat modified-webhook.yaml)\"\n    ```\n\n\n### Verify the operator is running\n\nYou can check your deployment to verify the operator is running in your namespace.\n\n```sh\noc get deployment/redis-enterprise-operator\n```\n\nYou should see a result similar to this:\n\n```sh\nNAME                        READY   UP-TO-DATE   AVAILABLE   AGE\nredis-enterprise-operator   1/1     1            1           0m36s\n```\n\n\n We recommend upgrading the REC as soon as possible after updating the operator. After the operator upgrade completes, the operator suspends the management of the REC and its associated REDBs, until the REC upgrade completes.\n \n\n## Security context constraints\n\nUpgrades to versions 7.22.0-6 and later run in **unprivileged mode** without any additional permissions or capabilities. If you don't specifally require additional capabilities, we recommend you maintain the default unprivileged mode, as its more secure. After upgrading, remove the existing `redis-enterprise-scc-v2` SCC and unbind it from the REC service account.\n\nTo enable automatic resource adjustment, see [Allow automatic resource adjustment \u003e OpenShift upgrades](https://redis.io/docs/latest/operate/kubernetes/security/allow-resource-adjustment#openshift-upgrades).\n\n## Upgrade the Redis Enterprise cluster\n\n\nVerify your license is valid before upgrading. Invalid licenses will cause the upgrade to fail.\n\nUse `oc get rec` and verify the `LICENSE STATE` is valid on your REC before you start the upgrade process.\n\n\nThe Redis Enterprise cluster (REC) can be updated automatically or manually. To trigger automatic upgrade of the REC after the operator upgrade completes, specify `autoUpgradeRedisEnterprise: true` in your REC spec. If you don't have automatic upgrade enabled, follow the below steps for the manual upgrade.\n\nBefore beginning the upgrade of the Redis Enterprise cluster, check the K8s operator [release notes](https://redis.io/docs/latest/operate/kubernetes/release-notes) to find the Redis Enterprise image tag.\n\nAfter the operator upgrade is complete, you can upgrade Redis Enterprise cluster (REC).\n\n### Edit `redisEnterpriseImageSpec`\n\n1. Edit the REC custom resource YAML file.\n\n    ```sh\n    oc edit rec \u003cyour-rec.yaml\u003e\n    ```\n\n1. Replace the `versionTag:` declaration under `redisEnterpriseImageSpec` with the new version tag.\n\n    ```YAML\n    spec:\n      redisEnterpriseImageSpec:\n        imagePullPolicy:  IfNotPresent\n        repository:       redislabs/redis\n        versionTag:       \u003cnew-version-tag\u003e\n    ```\n\n1. Define any user-defined modules used by databases in the cluster.\n\n    ```YAML\n    spec:\n      userDefinedModules:\n        - name: \"custom-module\"\n          source:\n            https:\n              url: \"https://modules.company.com/search-v2.1.zip\"\n              credentialsSecret: \"module-repo-creds\"\n    ```\n\n  The `name` field must match the `display_name` or `module_name` that appears in the module manifest (for example, \"redisgears\"). This enables the operator to run validation on the user-defined module. If these names don't match, the operator can't run validation on the user-defined module and preventable errors may occur.\n\n  \nAdding or modifying the `userDefinedModules` list triggers a rolling restart of the Redis Enterprise cluster pods in addition to the rolling upgrade for the version change.\n  \n\n1. Save the changes to apply.\n\n### Reapply roles and role bindings\n\nIf your operator is monitoring multiple namespaces, you'll need to [reapply your role and role bindings](https://redis.io/docs/latest/operate/kubernetes/re-clusters/multi-namespace#create-role-and-role-binding-for-managed-namespaces) for each managed namespace. See [Manage databases in multiple namespaces](https://redis.io/docs/latest/operate/kubernetes/re-clusters/multi-namespace) for more details.\n\n### Monitor the upgrade\n\nYou can view the state of the REC with `oc get rec`.\n\n  During the upgrade, the state should be `Upgrade`.\n  When the upgrade is complete and the cluster is ready to use, the state will change to `Running`.\n  If the state is `InvalidUpgrade`, there is an error (usually relating to configuration) in the upgrade.\n\n```sh\n$ oc get rec\nNAME   NODES   VERSION      STATE     SPEC STATUS   LICENSE STATE   SHARDS LIMIT   LICENSE EXPIRATION DATE   AGE\nrec    3       6.2.10-107   Upgrade   Valid         Valid           4              2022-07-16T13:59:00Z      92m\n```\n\nTo see the status of the current rolling upgrade, run:\n\n```sh\noc rollout status sts \u003cREC_name\u003e\n```\n\n### Upgrade databases\n\nAfter the cluster is upgraded, you can upgrade your databases.\n\nTo upgrade your REDB, specify your new database version in the `spec.redisVersion` field in the REDB or REAADB custom resources. Supported database versions for operator versions include \"7.2\", \"7.4\", \"8.0\", and \"8.2\" (note this value is a string).  \n\nFor Active-Active databases, the `redis.Version` change only needs to be applied on one participating cluster and will automatically propagate to all other participating clusters. All participating clusters must be running operator version 8.0.2-2 or later.\n\nIf your REAADB uses supported modules, keep the existing `moduleList` version numbers unchanged when upgrading `redisVersion`. The database will automatically use the module versions that are bundled with the new Redis version, regardless of what versions are specified in `moduleList`. After the upgrade is complete, you can optionally change the old version numbers from `moduleList`, but this change has no functional impact.\n\n#### Upgrade with user-defined modules\n\nIf a user-defined module is used by any database in the cluster, the module must be defined in the REC custom resource before upgrading the database. See [Add user-defined modules to the REC](https://redis.io/docs/latest/operate/kubernetes/re-databases/modules#add-user-defined-modules-to-the-rec) for detailed instructions.\n\n#### General upgrade notes\n\nNote that if your cluster [`redisUpgradePolicy`](https://redis.io/docs/latest/operate/kubernetes/reference/api/redis_enterprise_cluster_api#redisupgradepolicy) or your database [`redisVersion`](https://redis.io/docs/latest/operate/kubernetes/reference/api/redis_enterprise_database_api#redisversion) are set to `major`, you won't be able to upgrade those databases to minor versions. See [Redis upgrade policy](https://redis.io/docs/latest/operate/rs/installing-upgrading/upgrading#redis-upgrade-policy) for more details.\n\n## Troubleshooting\n\nIf you start an upgrade without meeting the [prerequisites](#prerequisites), the operator will freeze the upgrade. Check the operator logs for the source of the error. The REDB reconsilliation doesn't work during an upgrade, so you need to apply a manual fix with the Redis Software API (examples below). The updates will also need to be added to the REDB custom resource.\n\n### Invalid module version\n\nIf the operator logs show an event related to an unsupported module, download the updated module locally, and install it using the `v2/modules` API endpoint.\n\n```sh\ncurl -sfk -u \u003crec_username\u003e:\u003crec_password\u003e -X POST -F 'module=@\u003cfull path to your module\u003e' https://localhost:9443/v2/modules\n```\n\nAfter updating the modules with the Redis Software API, update the REDB custom resource to reflect the change.\n\n### Invalid database version\n\nIf the operator logs show an event related to an incompatible database version, upgrade the database using the Redis Software API.\n\n```sh\ncurl -sfk -u \u003crec_username\u003e:\u003crec_password\u003e -X POST -H \"Content-Type: application/json\" -d '{\"redis_version\": \u003ctarget redis version\u003e}' https://localhost:9443/v1/bdbs/\u003cBDB UID\u003e/upgrade\n```\n\nAfter updating the database with the Redis Software API, update the REDB custom resource to reflect the change.\n",
  "tags": ["docs","operate","kubernetes"],
  "last_updated": "2026-06-04T14:49:57+01:00"
}