Promote 7.8.2-6 (#1)

RedisLabs · Nov 25, 2024 · f722734 · f722734
1 parent 00dce20
commit f722734
Show file tree

Hide file tree

Showing 17 changed files with 389 additions and 177 deletions.
diff --git a/README.md b/README.md
@@ -1,4 +1,2 @@
-# sample-charts
-
-My sample charts
-small change
+# Redis Enterprise Operator Helm Chart
+# IMPORTANT preview version - don't use in production.
diff --git a/charts/redis-enterprise-operator/CHANGELOG.md b/charts/redis-enterprise-operator/CHANGELOG.md
diff --git a/charts/redis-enterprise-operator/Chart.yaml b/charts/redis-enterprise-operator/Chart.yaml
@@ -4,14 +4,14 @@ type: application
 name: redis-enterprise-operator
 description: A Helm chart for Redis Enterprise Operator for Kubernetes
 
-version: 0.2.6
-appVersion: 7.4.2-2
+version: 7.8.2-6
+appVersion: 7.8.2-6
 
-home: https://redis.io
-icon: https://redis.io/wp-content/uploads/2024/04/Logotype.svg
+home: https://redis.com
+icon: https://redis.com/wp-content/themes/wpx/assets/images/logo-redis.svg
 keywords:
-- redis
-- database
+  - redis
+  - database
 maintainers:
-- name: Redis
-  url: https://redis.com/company/contact/
+  - name: Redis
+    url: https://redis.com/company/contact/
diff --git a/charts/redis-enterprise-operator/README.md b/charts/redis-enterprise-operator/README.md
@@ -9,7 +9,7 @@ Official Helm chart for installing, configuring and upgrading **Redis Enterprise
 
 - Kubernetes 1.23+  
   Supported Kubernetes versions can vary according to the Kubernetes distribution being used.  
-  Please consult the [release notes](https://docs.redis.com/latest/kubernetes/release-notes/) for detailed supported distributions information per operator version.
+  Please consult the [release notes](https://redis.io/docs/latest/operate/kubernetes/release-notes/) for detailed supported distributions information per operator version.
 - Helm 3.10+
 
 ## Installing the Chart
@@ -22,11 +22,11 @@ helm install [RELEASE_NAME] [PATH_TO_CHART]
 
 The `[PATH_TO_CHART]` may be a path to the chart root directory, or a chart archive on the local filesystem.  
 
-To install the chart on **OpenShift**, set the `isOpenshift=true` value:
+To install the chart on **OpenShift**, set the `openshift.mode=true` value:
 
 ```sh
 helm install [RELEASE_NAME] [PATH_TO_CHART] \
-     --set isOpenshift=true
+     --set openshift.mode=true
 ```
 
 To create and select a namespace for the installation, specify the `--namespace` and `--create-namespace` flags:
@@ -109,7 +109,7 @@ spec:
 kubectl apply -f rec.yaml -n [NAMESPACE]
 ```
 
-See [Create a Redis Enterprise cluster](https://docs.redis.com/latest/kubernetes/deployment/quick-start/#create-a-redis-enterprise-cluster-rec) and [Redis Enterprise Cluster API](https://github.com/RedisLabs/redis-enterprise-k8s-docs/blob/master/redis_enterprise_cluster_api.md) for more information and options for creating a Redis Enterprise Cluster.
+See [Create a Redis Enterprise cluster](https://redis.io/docs/latest/operate/kubernetes/deployment/quick-start/#create-a-redis-enterprise-cluster-rec) and [Redis Enterprise Cluster API](https://github.com/RedisLabs/redis-enterprise-k8s-docs/blob/master/redis_enterprise_cluster_api.md) for more information and options for creating a Redis Enterprise Cluster.
 
 ## Configuration
 
@@ -138,14 +138,12 @@ See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_h
 This is a preliminary release of this Helm chart, and as of now some if its functionality is still limited:
 
 - The chart only installs the Redis Enterprise Operator, but doesn't create a Redis Enterprise Cluster. See [Creating a Redis Enterprise Cluster](#creating-a-redis-enterprise-cluster) section for instructions on how to directly create a Redis Enterprise Cluster.
-- Several configuration options for the operator are still unsupported, including multiple REDB namespaces, rack-aware, and vault integration. These options can be enabled by following the relevant instructions in the [product documentation](https://docs.redis.com/latest/kubernetes/).
+- Several configuration options for the operator are still unsupported, including multiple REDB namespaces, rack-aware, and vault integration. These options can be enabled by following the relevant instructions in the [product documentation](https://redis.io/docs/latest/operate/kubernetes/).
 - CRDs installed by the chart are not removed upon chart uninstallation. These could be manually removed when the chart is uninstalled and are no longer needed, using the following command:
   ```sh
   kubectl delete crds -l app=redis-enterprise
   ```
 - Helm chart upgrades are not supported, nor migrations from a non-Helm deployment to a Helm deployment.
 - Limited testing in advanced setups such as Active-Active configurations, airgapped deployments, IPv6/dual-stack environments.
 - The chart is still unpublished in a "helm repo" or ArtifactHub, and thus can only be installed from a local source (chart directory/archive).
-- While not really a limitation, please note that this chart also installs the [admission controller](https://docs.redis.com/latest/kubernetes/deployment/quick-start/#enable-the-admission-controller) by default, and there's no option to disable it (as opposed to the non-Helm deployment).
-
-small change
+- While not really a limitation, please note that this chart also installs the [admission controller](https://redis.io/docs/latest/operate/kubernetes/deployment/quick-start/#enable-the-admission-controller) by default, and there's no option to disable it (as opposed to the non-Helm deployment).
diff --git a/charts/redis-enterprise-operator/templates/_helpers.tpl b/charts/redis-enterprise-operator/templates/_helpers.tpl
@@ -1,11 +1,39 @@
 {{- define "redis-enterprise-operator.operator.image" }}
-{{- if and .Values.global .Values.global.azure .Values.global.azure.images .Values.global.azure.images.operator }}
+{{- if (.Values.global).azure }}
 {{- with .Values.global.azure.images.operator }}
 {{ .registry }}/{{ .image }}@{{ .digest }}
 {{- end }}
 {{- else }}
-{{- $defaultRepository := ternary "registry.connect.redhat.com/redislabs/redis-enterprise-operator" "redislabs/operator" .Values.isOpenshift }}
+{{- $defaultRepository := ternary "registry.connect.redhat.com/redislabs/redis-enterprise-operator" "redislabs/operator-internal" .Values.openshift.mode }}
 {{- $repository := default $defaultRepository .Values.operator.image.repository }}
 {{ $repository }}:{{ .Values.operator.image.tag }}
 {{- end }}
 {{- end }}
+
+{{- define "redis-enterprise-operator.annotations" }}
+{{- if ne .Values.versionAnnotations false -}}
+redis.io/helm-chart-ver: {{ .Chart.Version }}
+redis.io/operator-ver: {{ .Values.operator.image.tag }}
+{{- end }}
+{{- end }}
+
+{{/*
+Evaluates to a TLS configuration for the admission webhook, either by retrieving an
+existing configuration from the "admission-tls" Secret, or by generating a new one.
+Returns a TLS configuration YAML object with a "cert" and "privateKey" keys.
+*/}}
+{{- define "redis-enterprise-operator.admissionTLSConfig" }}
+  {{- $tlsConfig := dict }}
+  {{- $secret := (lookup "v1" "Secret" .Release.Namespace "admission-tls") }}
+  {{- if $secret }}
+    {{ $tlsConfig = $secret.data }}
+  {{- else}}
+    {{ $cna := printf "admission.%s" .Release.Namespace }}
+    {{ $cnb := printf "admission.%s.svc" .Release.Namespace }}
+    {{ $cnc := printf "admission.%s.svc.cluster.local" .Release.Namespace }}
+    {{ $cert := genSelfSignedCert $cnb nil (list $cna $cnb $cnc) (int (mul 365 5)) }}
+    {{ $_ := set $tlsConfig "cert" ($cert.Cert | b64enc) }}
+    {{ $_ := set $tlsConfig "privateKey" ($cert.Key | b64enc) }}
+  {{- end }}
+  {{ $tlsConfig | toYaml | nindent 2 }}
+{{- end }}
diff --git a/charts/redis-enterprise-operator/templates/admission-service.yaml b/charts/redis-enterprise-operator/templates/admission-service.yaml
@@ -4,10 +4,12 @@ metadata:
   name: admission
   labels:
     app: redis-enterprise
+  annotations:
+    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
 spec:
   ports:
-  - port: 443
-    protocol: TCP
-    targetPort: 8443
+    - port: 443
+      protocol: TCP
+      targetPort: 8443
   selector:
     name: redis-enterprise-operator
diff --git a/...ator/templates/jobs/install_crds_job.yaml → ...operator/templates/jobs/install-crds.yaml b/...ator/templates/jobs/install_crds_job.yaml → ...operator/templates/jobs/install-crds.yaml
@@ -17,7 +17,6 @@ spec:
       labels:
         app: redis-enterprise
     spec:
-      serviceAccountName: redis-enterprise-crds
       containers:
         - name: gatekeeper-crds
           image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }}
@@ -35,9 +34,15 @@ spec:
             - "-crdPaths=/crds/rec_crd.yaml,/crds/redb_crd.yaml,/crds/reaadb_crd.yaml,/crds/rerc_crd.yaml"
           resources:
             limits:
-              cpu: 500m
-              memory: 256Mi
+              cpu: 100m
+              memory: 100Mi
+      serviceAccountName: redis-enterprise-crds
       restartPolicy: OnFailure
+      imagePullSecrets:
+      {{- range .Values.imagePullSecrets }}
+        - name: {{ . }}
+      {{- end }}
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole

diff --git a/charts/redis-enterprise-operator/templates/jobs/patch-namespace-label.yaml b/charts/redis-enterprise-operator/templates/jobs/patch-namespace-label.yaml
@@ -0,0 +1,146 @@
+{{- if .Values.admission.limitToNamespace }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: redis-enterprise-namespace-labels
+  labels:
+    app: redis-enterprise
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade,post-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: redis-enterprise-namespace-labels
+  labels:
+    app: redis-enterprise
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade,post-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
+rules:
+- apiGroups: [""]
+  resources: ["namespaces"]
+  verbs: ["patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: redis-enterprise-namespace-labels
+  labels:
+    app: redis-enterprise
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade,post-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
+subjects:
+- kind: ServiceAccount
+  name: redis-enterprise-namespace-labels
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: redis-enterprise-namespace-labels
+  apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: redis-enterprise-namespace-labels
+  labels:
+    app: redis-enterprise
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
+spec:
+  backoffLimit: 6
+  completions: 1
+  parallelism: 1
+  template:
+    metadata:
+      labels:
+        app: redis-enterprise
+    spec:
+      containers:
+        - name: redis-enterprise-namespace-labels
+          resources:
+            limits:
+              cpu: 100m
+              memory: 100Mi
+          image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }}
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            runAsNonRoot: true
+            seccompProfile:
+              type: "RuntimeDefault"
+          command:
+            - crd-installer
+          args:
+            - "-action=patchNamespace"
+            - -namespace={{ .Release.Namespace }}
+      restartPolicy: OnFailure
+      serviceAccountName: redis-enterprise-namespace-labels
+      imagePullSecrets:
+      {{- range .Values.imagePullSecrets }}
+        - name: {{ . }}
+      {{- end }}
+---
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: redis-enterprise-namespace-labels-cleanup
+  labels:
+    app: redis-enterprise
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
+spec:
+  backoffLimit: 6
+  completions: 1
+  parallelism: 1
+  template:
+    metadata:
+      labels:
+        app: redis-enterprise
+    spec:
+      containers:
+        - name: redis-enterprise-namespace-labels-cleanup
+          resources:
+            limits:
+              cpu: 100m
+              memory: 100Mi
+          image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }}
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            runAsNonRoot: true
+            seccompProfile:
+              type: "RuntimeDefault"
+          command:
+            - crd-installer
+          args:
+            - "-action=unpatchNamespace"
+            - -namespace={{ .Release.Namespace }}
+      restartPolicy: OnFailure
+      serviceAccountName: redis-enterprise-namespace-labels
+      imagePullSecrets:
+      {{- range .Values.imagePullSecrets }}
+        - name: {{ . }}
+      {{- end }}
+{{- end }}{{- /* if limitToNamespace */ -}}