RedisEnterpriseCluster API Reference
| Redis Enterprise for Kubernetes |
|---|
apiVersion:
app.redislabs.com/v1
RedisEnterpriseCluster is the Schema for the redisenterpriseclusters API
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | app.redislabs.com/v1 | true |
| kind | string | RedisEnterpriseCluster | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the `metadata` field. | true |
| spec | object |
RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster |
false |
| status | object |
|
false |
spec
RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster
| Name | Type | Description | Required |
|---|---|---|---|
| activeActive | object |
Specification for ActiveActive setup. At most one of ingressOrRouteSpec or activeActive fields can be set at the same time. |
false |
| antiAffinityAdditionalTopologyKeys | []string |
Additional antiAffinity terms in order to support installation on different zones/vcenters |
false |
| backup | object |
Cluster-wide backup configurations |
false |
| bootstrapperImageSpec | object |
Specification for Bootstrapper container image |
false |
| bootstrapperResources | object |
Compute resource requirements for bootstrapper containers |
false |
| certificates | object |
RS Cluster Certificates. Used to modify the certificates used by the cluster. See the "RSClusterCertificates" struct described above to see the supported certificates. |
false |
| clusterCredentialSecretName | string |
Secret Name/Path to use for Cluster Credentials. To be used only if ClusterCredentialSecretType is vault. If left blank, will use cluster name. |
false |
| clusterCredentialSecretRole | string |
Used only if ClusterCredentialSecretType is vault, to define vault role to be used. If blank, defaults to "redis-enterprise-operator" |
false |
| clusterCredentialSecretType | enum |
Type of Secret to use for ClusterCredential, Vault, Kuberetes,... If left blank, will default ot kubernetes secrets Enum: vault, kubernetes |
false |
| clusterRecovery | boolean |
ClusterRecovery initiates cluster recovery when set to true. Note that this field is cleared automatically after the cluster is recovered |
false |
| containerTimezone | object |
Container timezone configuration. While the default timezone on all containers is UTC, this setting can be used to set the timezone on services rigger/bootstrapper/RS containers. You can either propagate the hosts timezone to RS pods or set it manually via timezoneName. |
false |
| createServiceAccount | boolean |
Whether to create service account |
false |
| dataInternodeEncryption | boolean |
Internode encryption (INE) cluster wide policy. An optional boolean setting. Specifies if INE should be on/off for new created REDBs. May be overridden for specific REDB via similar setting, please view the similar setting for REDB for more info. |
false |
| encryptPkeys | boolean |
Private key encryption Possible values: true/false |
false |
| enforceIPv4 | boolean |
Sets ENFORCE_IPV4 environment variable |
false |
| extraEnvVars | []object |
ADVANCED USAGE: use carefully. Add environment variables to RS StatefulSet's containers. |
false |
| extraLabels | map[string]string |
Labels that the user defines for their convenience |
false |
| hostAliases | []object |
Adds hostAliases entries to the Redis Enterprise pods |
false |
| ingressOrRouteSpec | object |
Access configurations for the Redis Enterprise Cluster and Databases. At most one of ingressOrRouteSpec or activeActive fields can be set at the same time. |
false |
| ldap | object |
Cluster-level LDAP configuration, such as server addresses, protocol, authentication and query settings. |
false |
| license | string |
Redis Enterprise License |
false |
| licenseSecretName | string |
K8s secret or Vault Secret Name/Path to use for Cluster License. When left blank, the license is read from the "license" field. Note that you can't specify non-empty values in both "license" and "licenseSecretName", only one of these fields can be used to pass the license string. The license needs to be stored under the key "license". |
false |
| nodeSelector | map[string]string |
Selector for nodes that could fit Redis Enterprise pod |
false |
| nodes | integer |
Number of Redis Enterprise nodes (pods) Format: int32 |
false |
| ocspConfiguration | object |
An API object that represents the cluster's OCSP configuration. To enable OCSP, the cluster's proxy certificate should contain the OCSP responder URL. |
false |
| persistentSpec | object |
Specification for Redis Enterprise Cluster persistence |
false |
| podAnnotations | map[string]string |
annotations for the service rigger and redis enterprise pods |
false |
| podAntiAffinity | object |
Override for the default anti-affinity rules of the Redis Enterprise pods. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#an-example-of-a-pod-that-uses-pod-affinity |
false |
| podStartingPolicy | object |
Mitigation setting for STS pods stuck in "ContainerCreating" |
false |
| podTolerations | []object |
Tolerations that are added to all managed pods. More information: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ |
false |
| priorityClassName | string |
Adds the priority class to pods managed by the operator |
false |
| pullSecrets | []object |
PullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
false |
| rackAwarenessNodeLabel | string |
Node label that specifies rack ID - if specified, will create rack aware cluster. Rack awareness requires node label must exist on all nodes. Additionally, operator needs a special cluster role with permission to list nodes. |
false |
| redisEnterpriseAdditionalPodSpecAttributes | object |
ADVANCED USAGE USE AT YOUR OWN RISK - specify pod attributes that are required for the statefulset - Redis Enterprise pods. Pod attributes managed by the operator might override these settings. Also make sure the attributes are supported by the K8s version running on the cluster - the operator does not validate that. |
false |
| redisEnterpriseIPFamily | enum |
Reserved, future use, only for use if instructed by Redis. IPFamily dictates what IP family to choose for pods' internal and external communication. Enum: IPv4, IPv6 |
false |
| redisEnterpriseImageSpec | object |
Specification for Redis Enterprise container image |
false |
| redisEnterpriseNodeResources | object |
Compute resource requirements for Redis Enterprise containers |
false |
| redisEnterprisePodAnnotations | map[string]string |
annotations for redis enterprise pod |
false |
| redisEnterpriseServicesConfiguration | object |
RS Cluster optional services settings |
false |
| redisEnterpriseServicesRiggerImageSpec | object |
Specification for Services Rigger container image |
false |
| redisEnterpriseServicesRiggerResources | object |
Compute resource requirements for Services Rigger pod |
false |
| redisEnterpriseTerminationGracePeriodSeconds | integer |
The TerminationGracePeriodSeconds value for the (STS created) REC pods Format: int64 |
false |
| redisEnterpriseVolumeMounts | []object |
additional volume mounts within the redis enterprise containers. More info: https://kubernetes.io/docs/concepts/storage/volumes/ |
false |
| redisOnFlashSpec | object |
Stores configurations specific to redis on flash. If provided, the cluster will be capable of creating redis on flash databases. |
false |
| redisUpgradePolicy | enum |
Redis upgrade policy to be set on the Redis Enterprise Cluster. Possible values: major/latest This value is used by the cluster to choose the Redis version of the database when an upgrade is performed. The Redis Enterprise Cluster includes multiple versions of OSS Redis that can be used for databases. Enum: major, latest |
false |
| resp3Default | boolean |
Whether databases will turn on RESP3 compatibility upon database upgrade. Note - Deleting this property after explicitly setting its value shall have no effect. Please view the corresponding field in RS doc for more info. |
false |
| securityContext | object |
The security configuration that will be applied to RS pods. |
false |
| serviceAccountName | string |
Name of the service account to use |
false |
| services | object |
Customization options for operator-managed service resources created for Redis Enterprise clusters and databases |
false |
| servicesRiggerSpec | object |
Specification for service rigger |
false |
| sideContainersSpec | []object |
|
false |
| slaveHA | object |
Slave high availability mechanism configuration. |
false |
| uiAnnotations | map[string]string |
Annotations for Redis Enterprise UI service. This annotations will override the overlapping global annotations set under spec.services.servicesAnnotations The specified annotations will not override annotations that already exist and didn't originate from the operator, except for the 'redis.io/last-keys' annotation which is reserved. |
false |
| uiServiceType | enum |
Type of service used to expose Redis Enterprise UI (https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) Enum: ClusterIP, NodePort, LoadBalancer, ExternalName |
false |
| upgradeSpec | object |
Specification for upgrades of Redis Enterprise |
false |
| usageMeter | object |
The configuration of the usage meter. |
false |
| username | string |
Username for the admin user of Redis Enterprise |
false |
| vaultCASecret | string |
K8s secret name containing Vault's CA cert - defaults to "vault-ca-cert" |
false |
| volumes | []object |
additional volumes |
false |
spec.activeActive
Specification for ActiveActive setup. At most one of ingressOrRouteSpec or activeActive fields can be set at the same time.
| Name | Type | Description | Required |
|---|---|---|---|
| apiIngressUrl | string |
RS API URL |
true |
| dbIngressSuffix | string |
DB ENDPOINT SUFFIX - will be used to set the db host. ingress |
true |
| method | enum |
Used to distinguish between different platforms implementation Enum: openShiftRoute, ingress |
true |
| ingressAnnotations | map[string]string |
Used for ingress controllers such as ha-proxy or nginx in GKE |
false |
spec.backup
Cluster-wide backup configurations
| Name | Type | Description | Required |
|---|---|---|---|
| s3 | object |
Configurations for backups to s3 and s3-compatible storage |
false |
spec.backup.s3
Configurations for backups to s3 and s3-compatible storage
| Name | Type | Description | Required |
|---|---|---|---|
| caCertificateSecretName | string |
Secret name that holds the S3 CA certificate, which contains the TLS certificate mapped to the key in the secret 'cert' |
false |
| url | string |
Specifies the URL for S3 export and import |
false |
spec.bootstrapperImageSpec
Specification for Bootstrapper container image
| Name | Type | Description | Required |
|---|---|---|---|
| digestHash | string |
The digest hash of the container image to pull. When specified, the container image is pulled according to the digest hash instead of the image tag. The versionTag field must also be specified with the image tag matching this digest hash. Note: This field is only supported for OLM deployments. |
false |
| imagePullPolicy | string |
The image pull policy to be applied to the container image. One of Always, Never, IfNotPresent. |
false |
| repository | string |
The repository (name) of the container image to be deployed. |
false |
| versionTag | string |
The tag of the container image to be deployed. |
false |
spec.bootstrapperResources
Compute resource requirements for bootstrapper containers
| Name | Type | Description | Required |
|---|---|---|---|
| claims | []object |
|
false |
| limits | map[string]int or string |
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ |
false |
| requests | map[string]int or string |
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ |
false |
spec.bootstrapperResources.claims[]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
|
true |
spec.certificates
RS Cluster Certificates. Used to modify the certificates used by the cluster. See the "RSClusterCertificates" struct described above to see the supported certificates.
| Name | Type | Description | Required |
|---|---|---|---|
| apiCertificateSecretName | string |
Secret name to use for cluster's API certificate. If left blank, a cluster-provided certificate will be used. |
false |
| cmCertificateSecretName | string |
Secret name to use for cluster's CM (Cluster Manager) certificate. If left blank, a cluster-provided certificate will be used. |
false |
| ldapClientCertificateSecretName | string |
Secret name to use for cluster's LDAP client certificate. If left blank, LDAP client certificate authentication will be disabled. |
false |
| metricsExporterCertificateSecretName | string |
Secret name to use for cluster's Metrics Exporter certificate. If left blank, a cluster-provided certificate will be used. |
false |
| proxyCertificateSecretName | string |
Secret name to use for cluster's Proxy certificate. If left blank, a cluster-provided certificate will be used. |
false |
| syncerCertificateSecretName | string |
Secret name to use for cluster's Syncer certificate. If left blank, a cluster-provided certificate will be used. |
false |
spec.containerTimezone
Container timezone configuration. While the default timezone on all containers is UTC, this setting can be used to set the timezone on services rigger/bootstrapper/RS containers. You can either propagate the hosts timezone to RS pods or set it manually via timezoneName.
| Name | Type | Description | Required |
|---|---|---|---|
| propagateHost | object |
Identifies that container timezone should be in sync with the host, this option mounts a hostPath volume onto RS pods that could be restricted in some systems. |
false |
| timezoneName | string |
POSIX-style timezone name as a string to be passed as EnvVar to RE pods, e.g. "Europe/London". |
false |
spec.extraEnvVars[]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
|
true |
| value | string |
|
false |
| valueFrom | object |
|
false |
spec.hostAliases[]
HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
| Name | Type | Description | Required |
|---|---|---|---|
| hostnames | []string |
Hostnames for the above IP address. |
false |
| ip | string |
IP address of the host file entry. |
false |
spec.ingressOrRouteSpec
Access configurations for the Redis Enterprise Cluster and Databases. At most one of ingressOrRouteSpec or activeActive fields can be set at the same time.
| Name | Type | Description | Required |
|---|---|---|---|
| apiFqdnUrl | string |
RS API URL |
true |
| dbFqdnSuffix | string |
DB ENDPOINT SUFFIX - will be used to set the db host ingress |
true |
| method | enum |
Used to distinguish between different platforms implementation. Enum: openShiftRoute, ingress, istio |
true |
| ingressAnnotations | map[string]string |
Additional annotations to set on ingress resources created by the operator |
false |
spec.ldap
Cluster-level LDAP configuration, such as server addresses, protocol, authentication and query settings.
| Name | Type | Description | Required |
|---|---|---|---|
| authenticationQuery | object |
Configuration of authentication queries, mapping between the username, provided to the cluster for authentication, and the LDAP Distinguished Name. |
true |
| authorizationQuery | object |
Configuration of authorization queries, mapping between a user's Distinguished Name and its group memberships. |
true |
| protocol | enum |
Specifies the LDAP protocol to use. One of: LDAP, LDAPS, STARTTLS. Enum: LDAP, LDAPS, STARTTLS |
true |
| servers | []object |
One or more LDAP servers. If multiple servers are specified, they must all share an identical organization tree structure. |
true |
| bindCredentialsSecretName | string |
Name of a secret within the same namespace, holding the credentials used to communicate with the LDAP server for authentication queries. The secret must have a key named 'dn' with the Distinguished Name of the user to execute the query, and 'password' with its password. If left blank, credentials-based authentication is disabled. |
false |
| caCertificateSecretName | string |
Name of a secret within the same namespace, holding a PEM-encoded CA certificate for validating the TLS connection to the LDAP server. The secret must have a key named 'cert' with the certificate data. This field is applicable only when the protocol is LDAPS or STARTTLS. |
false |
| cacheTTLSeconds | integer |
The maximum TTL of cached entries. |
false |
| directoryTimeoutSeconds | integer |
The connection timeout to the LDAP server when authenticating a user, in seconds |
false |
| enabledForControlPlane | boolean |
Whether to enable LDAP for control plane access. Disabled by default. |
false |
| enabledForDataPlane | boolean |
Whether to enable LDAP for data plane access. Disabled by default. |
false |
spec.ldap.authenticationQuery
Configuration of authentication queries, mapping between the username, provided to the cluster for authentication, and the LDAP Distinguished Name.
| Name | Type | Description | Required |
|---|---|---|---|
| query | object |
Configuration for a search query. Mutually exclusive with the 'template' field. The substring '%u' in the query filter will be replaced with the username. |
false |
| template | string |
Configuration for a template query. Mutually exclusive with the 'query' field. The substring '%u' will be replaced with the username, e.g., 'cn=%u,ou=dev,dc=example,dc=com'. |
false |
spec.ldap.authenticationQuery.query
Configuration for a search query. Mutually exclusive with the 'template' field. The substring '%u' in the query filter will be replaced with the username.
| Name | Type | Description | Required |
|---|---|---|---|
| base | string |
The Distinguished Name of the entry at which to start the search, e.g., 'ou=dev,dc=example,dc=com'. |
true |
| filter | string |
An RFC-4515 string representation of the filter to apply in the search. For an authentication query, the substring '%u' will be replaced with the username, e.g., '(cn=%u)'. For an authorization query, the substring '%D' will be replaced with the user's Distinguished Name, e.g., '(members=%D)'. |
true |
| scope | enum |
The search scope for an LDAP query. One of: BaseObject, SingleLevel, WholeSubtree Enum: BaseObject, SingleLevel, WholeSubtree |
true |
spec.ldap.authorizationQuery
Configuration of authorization queries, mapping between a user's Distinguished Name and its group memberships.
| Name | Type | Description | Required |
|---|---|---|---|
| attribute | string |
Configuration for an attribute query. Mutually exclusive with the 'query' field. Holds the name of an attribute of the LDAP user entity that contains a list of the groups that the user belongs to, e.g., 'memberOf'. |
false |
| query | object |
Configuration for a search query. Mutually exclusive with the 'attribute' field. The substring '%D' in the query filter will be replaced with the user's Distinguished Name. |
false |
spec.ldap.authorizationQuery.query
Configuration for a search query. Mutually exclusive with the 'attribute' field. The substring '%D' in the query filter will be replaced with the user's Distinguished Name.
| Name | Type | Description | Required |
|---|---|---|---|
| base | string |
The Distinguished Name of the entry at which to start the search, e.g., 'ou=dev,dc=example,dc=com'. |
true |
| filter | string |
An RFC-4515 string representation of the filter to apply in the search. For an authentication query, the substring '%u' will be replaced with the username, e.g., '(cn=%u)'. For an authorization query, the substring '%D' will be replaced with the user's Distinguished Name, e.g., '(members=%D)'. |
true |
| scope | enum |
The search scope for an LDAP query. One of: BaseObject, SingleLevel, WholeSubtree Enum: BaseObject, SingleLevel, WholeSubtree |
true |
spec.ldap.servers[]
Address of an LDAP server.
| Name | Type | Description | Required |
|---|---|---|---|
| host | string |
Host name of the LDAP server |
true |
| port | integer |
Port number of the LDAP server. If unspecified, defaults to 389 for LDAP and STARTTLS protocols, and 636 for LDAPS protocol. Format: int32 |
false |
spec.ocspConfiguration
An API object that represents the cluster's OCSP configuration. To enable OCSP, the cluster's proxy certificate should contain the OCSP responder URL.
| Name | Type | Description | Required |
|---|---|---|---|
| ocspFunctionality | boolean |
Whether to enable/disable OCSP mechanism for the cluster. |
false |
| queryFrequency | integer |
Determines the interval (in seconds) in which the control plane will poll the OCSP responder for a new status for the server certificate. Minimum value is 60. Maximum value is 86400. |
false |
| recoveryFrequency | integer |
Determines the interval (in seconds) in which the control plane will poll the OCSP responder for a new status for the server certificate when the current staple is invalid. Minimum value is 60. Maximum value is 86400. |
false |
| recoveryMaxTries | integer |
Determines the maximum number for the OCSP recovery attempts. After max number of tries passed, the control plane will revert back to the regular frequency. Minimum value is 1. Maximum value is 100. |
false |
| responseTimeout | integer |
Determines the time interval (in seconds) for which the request waits for a response from the OCSP responder. Minimum value is 1. Maximum value is 60. |
false |
spec.persistentSpec
Specification for Redis Enterprise Cluster persistence
| Name | Type | Description | Required |
|---|---|---|---|
| enablePersistentVolumeResize | boolean |
Whether to enable PersistentVolumes resize. Disabled by default. Read the instruction in pvc_expansion readme carefully before using this feature. |
false |
| enabled | boolean |
Whether to add persistent volume to Redis Enterprise pods |
false |
| storageClassName | string |
Storage class for persistent volume in Redis Enterprise pods. Leave empty to use the default. If using the default this way, make sure the Kubernetes Cluster has a default Storage Class configured. This can be done by running a `kubectl get storageclass` and see if one of the Storage Classes' names contains a `(default)` mark. |
false |
| volumeSize | int or string |
To enable resizing after creating the cluster - please follow the instructions in the pvc_expansion readme |
false |
spec.podAntiAffinity
Override for the default anti-affinity rules of the Redis Enterprise pods. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#an-example-of-a-pod-that-uses-pod-affinity
| Name | Type | Description | Required |
|---|---|---|---|
| preferredDuringSchedulingIgnoredDuringExecution | []object |
|
false |
| requiredDuringSchedulingIgnoredDuringExecution | []object |
|
false |
spec.podStartingPolicy
Mitigation setting for STS pods stuck in "ContainerCreating"
| Name | Type | Description | Required |
|---|---|---|---|
| enabled | boolean |
Whether to detect and attempt to mitigate pod startup issues |
true |
| startingThresholdSeconds | integer |
Time in seconds to wait for a pod to be stuck while starting up before action is taken. If set to 0, will be treated as if disabled. Format: int32 |
true |
spec.podTolerations[]
| Name | Type | Description | Required |
|---|---|---|---|
| effect | string |
|
false |
| key | string |
|
false |
| operator | string |
|
false |
| tolerationSeconds | integer |
Format: int64 |
false |
| value | string |
|
false |
spec.pullSecrets[]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Secret name |
false |
spec.redisEnterpriseAdditionalPodSpecAttributes
ADVANCED USAGE USE AT YOUR OWN RISK - specify pod attributes that are required for the statefulset - Redis Enterprise pods. Pod attributes managed by the operator might override these settings. Also make sure the attributes are supported by the K8s version running on the cluster - the operator does not validate that.
| Name | Type | Description | Required |
|---|---|---|---|
| activeDeadlineSeconds | integer |
Format: int64 |
false |
| affinity | object |
|
false |
| automountServiceAccountToken | boolean |
|
false |
| dnsConfig | object |
|
false |
| dnsPolicy | string |
|
false |
| enableServiceLinks | boolean |
|
false |
| ephemeralContainers | []object |
|
false |
| hostAliases | []object |
|
false |
| hostIPC | boolean |
|
false |
| hostNetwork | boolean |
|
false |
| hostPID | boolean |
|
false |
| hostUsers | boolean |
|
false |
| hostname | string |
|
false |
| imagePullSecrets | []object |
|
false |
| initContainers | []object |
|
false |
| nodeName | string |
|
false |
| nodeSelector | map[string]string |
|
false |
| os | object |
|
false |
| overhead | map[string]int or string |
|
false |
| preemptionPolicy | string |
|
false |
| priority | integer |
Format: int32 |
false |
| priorityClassName | string |
|
false |
| readinessGates | []object |
|
false |
| resourceClaims | []object |
|
false |
| restartPolicy | string |
|
false |
| runtimeClassName | string |
|
false |
| schedulerName | string |
|
false |
| schedulingGates | []object |
|
false |
| securityContext | object |
|
false |
| serviceAccount | string |
|
false |
| serviceAccountName | string |
|
false |
| setHostnameAsFQDN | boolean |
|
false |
| shareProcessNamespace | boolean |
|
false |
| subdomain | string |
|
false |
| terminationGracePeriodSeconds | integer |
Format: int64 |
false |
| tolerations | []object |
|
false |
| topologySpreadConstraints | []object |
|
false |
| volumes | []object |
|
false |
spec.redisEnterpriseImageSpec
Specification for Redis Enterprise container image
| Name | Type | Description | Required |
|---|---|---|---|
| digestHash | string |
The digest hash of the container image to pull. When specified, the container image is pulled according to the digest hash instead of the image tag. The versionTag field must also be specified with the image tag matching this digest hash. Note: This field is only supported for OLM deployments. |
false |
| imagePullPolicy | string |
The image pull policy to be applied to the container image. One of Always, Never, IfNotPresent. |
false |
| repository | string |
The repository (name) of the container image to be deployed. |
false |
| versionTag | string |
The tag of the container image to be deployed. |
false |
spec.redisEnterpriseNodeResources
Compute resource requirements for Redis Enterprise containers
| Name | Type | Description | Required |
|---|---|---|---|
| claims | []object |
|
false |
| limits | map[string]int or string |
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ |
false |
| requests | map[string]int or string |
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ |
false |
spec.redisEnterpriseNodeResources.claims[]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
|
true |
spec.redisEnterpriseServicesConfiguration
RS Cluster optional services settings
| Name | Type | Description | Required |
|---|---|---|---|
| cmServer | object |
|
false |
| crdbCoordinator | object |
|
false |
| crdbWorker | object |
|
false |
| mdnsServer | object |
|
false |
| pdnsServer | object |
|
false |
| saslauthd | object |
|
false |
| statsArchiver | object |
|
false |
spec.redisEnterpriseServicesConfiguration.cmServer
| Name | Type | Description | Required |
|---|---|---|---|
| operatingMode | enum |
Whether to enable/disable the CM server Enum: enabled, disabled |
true |
spec.redisEnterpriseServicesConfiguration.crdbCoordinator
| Name | Type | Description | Required |
|---|---|---|---|
| operatingMode | enum |
Whether to enable/disable the crdb coordinator process Enum: enabled, disabled |
true |
spec.redisEnterpriseServicesConfiguration.crdbWorker
| Name | Type | Description | Required |
|---|---|---|---|
| operatingMode | enum |
Whether to enable/disable the crdb worker processes Enum: enabled, disabled |
true |
spec.redisEnterpriseServicesConfiguration.mdnsServer
| Name | Type | Description | Required |
|---|---|---|---|
| operatingMode | enum |
Whether to enable/disable the Multicast DNS server Enum: enabled, disabled |
true |
spec.redisEnterpriseServicesConfiguration.pdnsServer
| Name | Type | Description | Required |
|---|---|---|---|
| operatingMode | enum |
Deprecated: The PDNS Server is now disabled by the operator. This field will be ignored. Enum: enabled, disabled |
true |
spec.redisEnterpriseServicesConfiguration.saslauthd
| Name | Type | Description | Required |
|---|---|---|---|
| operatingMode | enum |
Whether to enable/disable the saslauthd service Enum: enabled, disabled |
true |
spec.redisEnterpriseServicesConfiguration.statsArchiver
| Name | Type | Description | Required |
|---|---|---|---|
| operatingMode | enum |
Whether to enable/disable the stats archiver service Enum: enabled, disabled |
true |
spec.redisEnterpriseServicesRiggerImageSpec
Specification for Services Rigger container image
| Name | Type | Description | Required |
|---|---|---|---|
| digestHash | string |
The digest hash of the container image to pull. When specified, the container image is pulled according to the digest hash instead of the image tag. The versionTag field must also be specified with the image tag matching this digest hash. Note: This field is only supported for OLM deployments. |
false |
| imagePullPolicy | string |
The image pull policy to be applied to the container image. One of Always, Never, IfNotPresent. |
false |
| repository | string |
The repository (name) of the container image to be deployed. |
false |
| versionTag | string |
The tag of the container image to be deployed. |
false |
spec.redisEnterpriseServicesRiggerResources
Compute resource requirements for Services Rigger pod
| Name | Type | Description | Required |
|---|---|---|---|
| claims | []object |
|
false |
| limits | map[string]int or string |
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ |
false |
| requests | map[string]int or string |
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ |
false |
spec.redisEnterpriseVolumeMounts[]
| Name | Type | Description | Required |
|---|---|---|---|
| mountPath | string |
|
true |
| name | string |
|
true |
| mountPropagation | string |
|
false |
| readOnly | boolean |
|
false |
| subPath | string |
|
false |
| subPathExpr | string |
|
false |
spec.redisOnFlashSpec
Stores configurations specific to redis on flash. If provided, the cluster will be capable of creating redis on flash databases.
| Name | Type | Description | Required |
|---|---|---|---|
| enabled | boolean |
|
true |
| storageClassName | string |
|
true |
| bigStoreDriver | enum |
Enum: rocksdb, speedb |
false |
| flashDiskSize | int or string |
|
false |
| flashStorageEngine | enum |
Enum: rocksdb |
false |
spec.securityContext
The security configuration that will be applied to RS pods.
| Name | Type | Description | Required |
|---|---|---|---|
| readOnlyRootFilesystemPolicy | object |
Policy controlling whether to enable read-only root filesystem for the Redis Enterprise software containers. Note that certain filesystem paths remain writable through mounted volumes to ensure proper functionality. |
false |
| resourceLimits | object |
Settings pertaining to resource limits management by the Redis Enterprise Node container. |
false |
spec.securityContext.readOnlyRootFilesystemPolicy
Policy controlling whether to enable read-only root filesystem for the Redis Enterprise software containers. Note that certain filesystem paths remain writable through mounted volumes to ensure proper functionality.
| Name | Type | Description | Required |
|---|---|---|---|
| enabled | boolean |
Whether to enable read-only root filesystem for the Redis Enterprise software containers. Default is false. |
true |
spec.securityContext.resourceLimits
Settings pertaining to resource limits management by the Redis Enterprise Node container.
| Name | Type | Description | Required |
|---|---|---|---|
| allowAutoAdjustment | boolean |
Allow Redis Enterprise to adjust resource limits, like max open file descriptors, of its data plane processes. When this option is enabled, the SYS_RESOURCE capability is added to the Redis Enterprise pods, and their allowPrivilegeEscalation field is set. Turned off by default. |
false |
spec.services
Customization options for operator-managed service resources created for Redis Enterprise clusters and databases
| Name | Type | Description | Required |
|---|---|---|---|
| apiService | object |
Customization options for the REC API service. |
false |
| servicesAnnotations | map[string]string |
Global additional annotations to set on service resources created by the operator. The specified annotations will not override annotations that already exist and didn't originate from the operator. |
false |
spec.services.apiService
Customization options for the REC API service.
| Name | Type | Description | Required |
|---|---|---|---|
| type | enum |
Type of service to create for the REC API service. Defaults to ClusterIP service, if not specified otherwise. Enum: ClusterIP, NodePort, LoadBalancer |
false |
spec.servicesRiggerSpec
Specification for service rigger
| Name | Type | Description | Required |
|---|---|---|---|
| databaseServicePortPolicy | enum |
databaseServicePortPolicy instructs how to determine the service ports for REDB services. Defaults to DatabasePortForward, if not specified otherwise. Note - Regardless whether this flag is set or not, if an REDB/REAADB configured with databaseServicePort that would be the port exposed by the Service. DatabasePortForward - The service port will be the same as the database port. RedisDefaultPort - The service port will be the default Redis port (6379). Enum: DatabasePortForward, RedisDefaultPort |
false |
| databaseServiceType | string |
Service types for access to databases. should be a comma separated list. The possible values are cluster_ip, headless and load_balancer. |
false |
| extraEnvVars | []object |
|
false |
| podAnnotations | map[string]string |
annotations for the service rigger pod |
false |
| serviceNaming | enum |
Used to determine how to name the services created automatically when a database is created. When bdb_name is used, the database name will be also used for the service name. When redis-port is used, the service will be named redis- Enum: bdb_name, redis-port |
false |
| servicesRiggerAdditionalPodSpecAttributes | object |
ADVANCED USAGE USE AT YOUR OWN RISK - specify pod attributes that are required for the rigger deployment pod. Pod attributes managed by the operator might override these settings (Containers, serviceAccountName, podTolerations, ImagePullSecrets, nodeSelector, PriorityClassName, PodSecurityContext). Also make sure the attributes are supported by the K8s version running on the cluster - the operator does not validate that. |
false |
spec.servicesRiggerSpec.extraEnvVars[]
EnvVar represents an environment variable present in a Container. More info: https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name of the environment variable. |
true |
| value | string |
|
false |
| valueFrom | object |
Source for the environment variable's value. Cannot be used if value is not empty. |
false |
spec.servicesRiggerSpec.extraEnvVars[].valueFrom
Source for the environment variable's value. Cannot be used if value is not empty.
| Name | Type | Description | Required |
|---|---|---|---|
| configMapKeyRef | object |
Selects a key of a ConfigMap. |
false |
| fieldRef | object |
Selects a field of the pod |
false |
| resourceFieldRef | object |
Selects a resource of the container: only resources limits and requests are currently supported. |
false |
| secretKeyRef | object |
Selects a key of a secret in the pod's namespace |
false |
spec.servicesRiggerSpec.extraEnvVars[].valueFrom.configMapKeyRef
Selects a key of a ConfigMap.
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
The key to select. |
true |
| name | string |
Name of the referent |
false |
| optional | boolean |
Specify whether the ConfigMap or its key must be defined |
false |
spec.servicesRiggerSpec.extraEnvVars[].valueFrom.fieldRef
Selects a field of the pod
| Name | Type | Description | Required |
|---|---|---|---|
| fieldPath | string |
Path of the field to select in the specified API version. |
true |
| apiVersion | string |
Version of the schema the FieldPath is written in terms of, defaults to "v1". |
false |
spec.servicesRiggerSpec.extraEnvVars[].valueFrom.resourceFieldRef
Selects a resource of the container: only resources limits and requests are currently supported.
| Name | Type | Description | Required |
|---|---|---|---|
| resource | string |
Required: resource to select |
true |
| containerName | string |
Container name: required for volumes, optional for env vars |
false |
| divisor | int or string |
Specifies the output format of the exposed resources, defaults to "1" |
false |
spec.servicesRiggerSpec.extraEnvVars[].valueFrom.secretKeyRef
Selects a key of a secret in the pod's namespace
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
The key of the secret to select from. Must be a valid secret key. |
true |
| name | string |
Name of the referent |
false |
| optional | boolean |
Specify whether the Secret or its key must be defined |
false |
spec.servicesRiggerSpec.servicesRiggerAdditionalPodSpecAttributes
ADVANCED USAGE USE AT YOUR OWN RISK - specify pod attributes that are required for the rigger deployment pod. Pod attributes managed by the operator might override these settings (Containers, serviceAccountName, podTolerations, ImagePullSecrets, nodeSelector, PriorityClassName, PodSecurityContext). Also make sure the attributes are supported by the K8s version running on the cluster - the operator does not validate that.
| Name | Type | Description | Required |
|---|---|---|---|
| activeDeadlineSeconds | integer |
Format: int64 |
false |
| affinity | object |
|
false |
| automountServiceAccountToken | boolean |
|
false |
| dnsConfig | object |
|
false |
| dnsPolicy | string |
|
false |
| enableServiceLinks | boolean |
|
false |
| ephemeralContainers | []object |
|
false |
| hostAliases | []object |
|
false |
| hostIPC | boolean |
|
false |
| hostNetwork | boolean |
|
false |
| hostPID | boolean |
|
false |
| hostUsers | boolean |
|
false |
| hostname | string |
|
false |
| imagePullSecrets | []object |
|
false |
| initContainers | []object |
|
false |
| nodeName | string |
|
false |
| nodeSelector | map[string]string |
|
false |
| os | object |
|
false |
| overhead | map[string]int or string |
|
false |
| preemptionPolicy | string |
|
false |
| priority | integer |
Format: int32 |
false |
| priorityClassName | string |
|
false |
| readinessGates | []object |
|
false |
| resourceClaims | []object |
|
false |
| restartPolicy | string |
|
false |
| runtimeClassName | string |
|
false |
| schedulerName | string |
|
false |
| schedulingGates | []object |
|
false |
| securityContext | object |
|
false |
| serviceAccount | string |
|
false |
| serviceAccountName | string |
|
false |
| setHostnameAsFQDN | boolean |
|
false |
| shareProcessNamespace | boolean |
|
false |
| subdomain | string |
|
false |
| terminationGracePeriodSeconds | integer |
Format: int64 |
false |
| tolerations | []object |
|
false |
| topologySpreadConstraints | []object |
|
false |
| volumes | []object |
|
false |
spec.sideContainersSpec[]
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
|
true |
| args | []string |
|
false |
| command | []string |
|
false |
| env | []object |
|
false |
| envFrom | []object |
|
false |
| image | string |
|
false |
| imagePullPolicy | string |
|
false |
| lifecycle | object |
|
false |
| livenessProbe | object |
|
false |
| ports | []object |
|
false |
| readinessProbe | object |
|
false |
| resources | object |
|
false |
| securityContext | object |
|
false |
| startupProbe | object |
|
false |
| stdin | boolean |
|
false |
| stdinOnce | boolean |
|
false |
| terminationMessagePath | string |
|
false |
| terminationMessagePolicy | string |
|
false |
| tty | boolean |
|
false |
| volumeDevices | []object |
|
false |
| volumeMounts | []object |
|
false |
| workingDir | string |
|
false |
spec.slaveHA
Slave high availability mechanism configuration.
| Name | Type | Description | Required |
|---|---|---|---|
| slaveHAGracePeriod | integer |
Time in seconds between when a node fails, and when slave high availability mechanism starts relocating shards. If set to 0, will not affect cluster configuration. Format: int32 |
true |
spec.upgradeSpec
Specification for upgrades of Redis Enterprise
| Name | Type | Description | Required |
|---|---|---|---|
| autoUpgradeRedisEnterprise | boolean |
Whether to upgrade Redis Enterprise automatically when operator is upgraded |
true |
spec.usageMeter
The configuration of the usage meter.
| Name | Type | Description | Required |
|---|---|---|---|
| callHomeClient | object |
|
false |
spec.usageMeter.callHomeClient
| Name | Type | Description | Required |
|---|---|---|---|
| disabled | boolean |
Whether to disable the call home client. Enabled by default. |
false |
| imageSpec | object |
Image specification |
false |
| proxySecretName | string |
if needed, add proxy details in secret. the name of the proxy secret in the secret, can send the following keys: proxy-url, proxy-username, proxy-password (the url includes the proxy port). |
false |
| resources | object |
Compute resource requirements for Call Home Client pod |
false |
spec.usageMeter.callHomeClient.imageSpec
Image specification
| Name | Type | Description | Required |
|---|---|---|---|
| digestHash | string |
The digest hash of the container image to pull. When specified, the container image is pulled according to the digest hash instead of the image tag. The versionTag field must also be specified with the image tag matching this digest hash. Note: This field is only supported for OLM deployments. |
false |
| imagePullPolicy | string |
The image pull policy to be applied to the container image. One of Always, Never, IfNotPresent. |
false |
| repository | string |
The repository (name) of the container image to be deployed. |
false |
| versionTag | string |
The tag of the container image to be deployed. |
false |
spec.usageMeter.callHomeClient.resources
Compute resource requirements for Call Home Client pod
| Name | Type | Description | Required |
|---|---|---|---|
| claims | []object |
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
This is an alpha field and requires enabling the DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers. |
false |
| limits | map[string]int or string |
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
false |
| requests | map[string]int or string |
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ |
false |
spec.usageMeter.callHomeClient.resources.claims[]
ResourceClaim references one entry in PodSpec.ResourceClaims.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. |
true |
spec.volumes[]
Volume represents a named volume in a pod that may be accessed by any container in the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
|
true |
| awsElasticBlockStore | object |
|
false |
| azureDisk | object |
|
false |
| azureFile | object |
|
false |
| cephfs | object |
|
false |
| cinder | object |
|
false |
| configMap | object |
|
false |
| csi | object |
|
false |
| downwardAPI | object |
|
false |
| emptyDir | object |
|
false |
| fc | object |
|
false |
| flexVolume | object |
|
false |
| flocker | object |
|
false |
| gcePersistentDisk | object |
|
false |
| gitRepo | object |
|
false |
| glusterfs | object |
|
false |
| hostPath | object |
|
false |
| iscsi | object |
|
false |
| nfs | object |
|
false |
| persistentVolumeClaim | object |
|
false |
| photonPersistentDisk | object |
|
false |
| portworxVolume | object |
|
false |
| projected | object |
|
false |
| quobyte | object |
|
false |
| rbd | object |
|
false |
| scaleIO | object |
|
false |
| secret | object |
|
false |
| storageos | object |
|
false |
| vsphereVolume | object |
|
false |
status
| Name | Type | Description | Required |
|---|---|---|---|
| bundledDatabaseVersions | []object |
Versions of open source databases bundled by Redis Enterprise Software - please note that in order to use a specific version it should be supported by the ‘upgradePolicy’ - ‘major’ or ‘latest’ according to the desired version (major/minor) |
false |
| certificatesStatus | object |
Stores information about cluster certificates and their update process. In Active-Active databases, this is used to detect updates to the certificates, and trigger synchronization across the participating clusters. |
false |
| ingressOrRouteMethodStatus | string |
The ingressOrRouteSpec/ActiveActive spec method that exist |
false |
| licenseStatus | object |
|
false |
| managedAPIs | object |
Indicates cluster APIs that are being managed by the operator. This only applies to cluster APIs which are optionally-managed by the operator, such as cluster LDAP configuration. Most other APIs are automatically managed by the operator, and are not listed here. |
false |
| modules | []object |
|
false |
| ocspStatus | object |
An API object that represents the cluster's OCSP status |
false |
| persistenceStatus | object |
The status of the Persistent Volume Claims that are used for Redis Enterprise Cluster persistence. The status will correspond to the status of one or more of the PVCs (failed/resizing if one of them is in resize or failed to resize) |
false |
| redisEnterpriseIPFamily | string |
|
false |
| specStatus | string |
|
false |
| state | string |
|
false |
status.bundledDatabaseVersions[]
| Name | Type | Description | Required |
|---|---|---|---|
| dbType | string |
|
true |
| version | string |
|
true |
| major | boolean |
|
false |
status.certificatesStatus
Stores information about cluster certificates and their update process. In Active-Active databases, this is used to detect updates to the certificates, and trigger synchronization across the participating clusters.
| Name | Type | Description | Required |
|---|---|---|---|
| generation | integer |
Generation stores the version of the cluster's Proxy and Syncer certificate secrets. In Active-Active databases, when a user updates the proxy or syncer certificate, a crdb-update command needs to be triggered to avoid potential sync issues. This helps the REAADB controller detect a change in a certificate and trigger a crdb-update. The version of the cluster's Proxy certificate secret. Format: int64 |
false |
| updateStatus | string |
The status of the cluster's certificates update |
false |
status.licenseStatus
| Name | Type | Description | Required |
|---|---|---|---|
| activationDate | string |
|
false |
| expirationDate | string |
|
false |
| features | []string |
|
false |
| flashShards | integer |
Format: int32 |
false |
| flashShardsLimit | integer |
Format: int32 |
false |
| licenseState | string |
|
false |
| owner | string |
|
false |
| ramShards | integer |
Format: int32 |
false |
| ramShardsLimit | integer |
Format: int32 |
false |
| shardsLimit | integer |
|
false |
| shardsUsage | string |
|
false |
status.managedAPIs
Indicates cluster APIs that are being managed by the operator. This only applies to cluster APIs which are optionally-managed by the operator, such as cluster LDAP configuration. Most other APIs are automatically managed by the operator, and are not listed here.
| Name | Type | Description | Required |
|---|---|---|---|
| ldap | boolean |
Indicate whether cluster LDAP configuration is managed by the operator. When this is enabled, the operator will reconcile the cluster LDAP configuration according to the '.spec.ldap' field in the RedisEnterpriseCluster resource. |
false |
status.modules[]
| Name | Type | Description | Required |
|---|---|---|---|
| displayName | string |
|
false |
| name | string |
|
false |
| versions | []string |
|
false |
status.ocspStatus
An API object that represents the cluster's OCSP status
| Name | Type | Description | Required |
|---|---|---|---|
| certStatus | string |
Indicates the proxy certificate status - GOOD/REVOKED/UNKNOWN. |
false |
| nextUpdate | string |
The time at or before which newer information will be available about the status of the certificate (if available) |
false |
| producedAt | string |
The time at which the OCSP responder signed this response. |
false |
| responderUrl | string |
The OCSP responder url from which this status came from. |
false |
| revocationTime | string |
The time at which the certificate was revoked or placed on hold. |
false |
| thisUpdate | string |
The most recent time at which the status being indicated is known by the responder to have been correct. |
false |
status.persistenceStatus
The status of the Persistent Volume Claims that are used for Redis Enterprise Cluster persistence. The status will correspond to the status of one or more of the PVCs (failed/resizing if one of them is in resize or failed to resize)
| Name | Type | Description | Required |
|---|---|---|---|
| status | string |
The current status of the PVCs |
false |
| succeeded | string |
The number of PVCs that are provisioned with the expected size |
false |