The Redis Enterprise K8s 6.4.2-6 release supports Redis Enterprise Software 6.4.2 and contains new features and feature improvements.

The key features, bug fixes, and known limitations are described below.


  • Redis Enterprise: redislabs/redis:6.4.2-81
  • Operator: redislabs/operator:6.4.2-6
  • Services Rigger: redislabs/k8s-controller:6.4.2-6

OpenShift images

  • Redis Enterprise: registry.connect.redhat.com/redislabs/redis-enterprise:6.4.2-81.rhel8-openshift (or redislabs/redis-enterprise:6.4.2-81.rhel7-openshift if upgrading from RHEL 7)
  • Operator: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.4.2-6
  • Services Rigger: registry.connect.redhat.com/redislabs/services-manager:6.4.2-6

OpenShift OLM bundles

  • Redis Enterprise operator bundle version: v6.4.2-6

New features

  • General availability of the Active-Active database controller for declarative configuration support

Feature improvements

  • Active-Active controller improvements include adding support for the following:
    • Configuration via OLM
    • Certificates in globalConfiguration
    • Backups in globalConfiguration
    • Modules (preview)
    • Hashicorp Vault secrets
    • indication of sync failures to REAADB
  • Added support for separate podAnnotations for Redis Enterprise pods to allow setting appArmor exceptions
  • Timezone can be passed as environment variable into Redis Enterprise pods
  • REDB namespaces can be labelled without the operator going into CrashLoopBackoff
  • Added support for K8s 1.27
  • Added support for K8s 1.25 for EKS
  • Added support for K8s 1.26 for AKS and GKE
  • Improved log collector execution log, filtering out empty files, capturing volume attachments, option to disable RS capture debug info package
  • Added extraEnvVars field in REC to support environment variables for RS pods
  • Changed RKE2 to the default for Rancher distributions

Fixed bugs

  • REC in invalid state can’t be deleted (RED-78124)
  • OpenShift route not deleted after REC is deleted (RED-94121)
  • REAADB secret status not being updated in source cluster (RED-96296)
  • Invalid REAADB that is not rejected by admission might be deleted after apply (RED-96300)
  • Operator logs an error about missing permissions to nodes on startup (RED-98227)
  • Operator continues to update REC certificates in a loop (RED-98586)
  • Log collector script may crash when trying to write multi-byte characters to file (RED-99869)
  • Log collector fails to include RS debuginfo when old kubectl is used (RED-101170)
  • REC creation fails due to required LDAP configuration in OLM form view (RED-100517)
  • Upgrading to 6.4.2 (or 6.2.18) on OpenShift will fail if pod 0 is not the master node when upgrade starts (RED-102100)
  • Upgrading from 6.2.8-15 (and below) to 6.2.12-1 (and above) may break the databases (RED-102241)

API changes

The following fields were changed in the RedisEnterpriseCluster (REC) API:

  • containerTimezoneSpec.timezoneName added to configure timezones on the Redis Enterprise pods

  • hostAliases added for adding an entry to the Redis Enterprise pods' /etc/hosts

  • redisEnteprisePodAnnotations added to specify annotations that should only be set on the Redis Enterprise pods

  • ingressOrRouteSpec enabled to use without alpha features enabled

  • extraEnvVars added for advanced users to add environment variables to the Redis Enterprise pods

  • ServicesRiggerConfigurationSpec.podAnnotations added to specify annotations that should only be set on the service rigger pods

  • The following custom resources definitions were added:

Compatibility notes

Deprecated features

  • Support for Gesher, the advanced admission control configuration, is deprecated.

Supported distributions

The following table shows supported distributions at the time of this release. You can also find this list in Supported Kubernetes distributions.

Kubernetes version 1.22 1.23 1.24 1.25 1.26 1.27
Community Kubernetes deprecated supported supported supported supported*
Amazon EKS deprecated deprecated supported supported*
Azure AKS deprecated supported supported supported*
Google GKE deprecated deprecated supported supported supported*
Rancher 2.6 deprecated deprecated supported
Rancher 2.7 deprecated supported
VMware TKG 1.6 deprecated deprecated
OpenShift version 4.9 4.10 4.11 4.12
deprecated supported supported
VMware TKGI version 1.13 1.14 1.15
deprecated deprecated supported

* Support added in this release

Redis Enterprise for Kubernetes now uses RKE2 as the default for Rancher distributions.

Before upgrading

Be aware the following changes included in this release affect the upgrade process. Please read carefully before upgrading to 6.4.2-6.

  • ValidatingWebhookConfiguration

    This release uses a new ValidatingWebhookConfiguration resource to replace the redb-admission webhook resource. To use releases 6.4.2-4 or later, delete the old webhook resource and apply the new file. See upgrade Redis cluster for instructions.

  • OpenShift SCC

    This release includes a new SCC (redis-enterprise-scc-v2) that you need to bind to your service account before upgrading. OpenShift clusters running version 6.2.12 or earlier upgrading to version 6.2.18 or later might get stuck if you skip this step. See upgrade a Redis Enterprise cluster (REC) for details.

Known limitations

New limitations

  • Admission controller may not alert when patching the REAADB with missing secret or RERC (RED-104463) Remove the secret from the spec and create the missing secret, and then re-patch the REAADB again.

  • REAADB changes might fail with “gateway timeout” errors, mostly on OpenShift (RED-103048) Retry the operation.

  • Misleading error appears when a service creation has failed due to service already existing “provided IP is already allocated” (RED-100669) Delete the service manually.

  • Existing OpenShift route during REC creation might prevent REC from starting (RED-100668) Delete the route manually.

  • Creating two databases with the same name directly on Redis Enterprise software will cause the service to be deleted and the database will not be available (RED-99997) Avoid duplicating database names. Database creation via K8s has validation in place to prevent this.

  • Installing the operator bundle produces warning: Warning: would violate PodSecurity "restricted: v1.24" (RED-97381) Ignore the warning. This issue is documented as benign on official Red Hat documentation.

Existing limitations

  • RERC resources must have a unique name (<rec-name>/<rec-namespace>) (RED-96302)

  • Admission is not blocking REAADB with shardCount which exceeds license quota. (RED-96301) Fix the problems with the REAADB and reapply.

  • Active-Active setup removal might keep services or routes undeleted (RED-77752) Delete services or routes manually if you encounter this problem.

  • autoUpgrade set to true can cause unexpected bdb upgrades when redisUpgradePolicy is set to true (RED-72351) Contact support if your deployment is impacted.

  • Following the previous quick start guide version causes issues with creating an REDB due to unrecognized memory field name (RED-69515) The workaround is to use the newer (current) revision of the quick start.

  • PVC size issues when using decimal value in spec (RED-62132) Make sure you use integer values for the PVC size.

  • REC might report error states on initial startup (RED-61707) There is no workaround at this time except to ignore the errors.

  • Hashicorp Vault integration - no support for Gesher (RED-55080) There is no workaround for this issue. Gesher support has been deprecated.

  • REC clusters fail to start on Kubernetes clusters with unsynchronized clocks (RED-47254) When REC clusters are deployed on Kubernetes clusters with unsynchronized clocks, the REC cluster does not start correctly. The fix is to use NTP to synchronize the underlying K8s nodes.

  • Deleting an OpenShift project with an REC deployed may hang (RED-47192) When an REC cluster is deployed in a project (namespace) and has REDB resources, the REDB resources must be deleted first before the REC can be deleted. Therefore, until the REDB resources are deleted, the project deletion will hang. The fix is to delete the REDB resources first and the REC second. Then, you can delete the project.

  • Clusters must be named “rec” in OLM-based deployments (RED-39825) In OLM-deployed operators, the deployment of the cluster will fail if the name is not “rec”. When the operator is deployed via the OLM, the security context constraints (scc) are bound to a specific service account name (namely, “rec”). The workaround is to name the cluster “rec”.

  • Readiness probe incorrect on failures (RED-39300) STS Readiness probe does not mark a node as “not ready” when running rladmin status on node failure.

  • Internal DNS and Kubernetes DNS may have conflicts (RED-37462) DNS conflicts are possible between the cluster mdns_server and the K8s DNS. This only impacts DNS resolution from within cluster nodes for Kubernetes DNS names.

  • 5.4.10 negatively impacts 5.4.6 (RED-37233) Kubernetes-based 5.4.10 deployments seem to negatively impact existing 5.4.6 deployments that share a Kubernetes cluster.

  • Node CPU usage is reported instead of pod CPU usage (RED-36884) In Kubernetes, the reported node CPU usage is the usage of the Kubernetes worker node hosting the REC pod.

  • An unreachable cluster has status running (RED-32805) When a cluster is in unreachable state, the state remains running instead of triggering an error.

  • Long cluster names cause routes to be rejected (RED-25871) A cluster name longer than 20 characters will result in a rejected route configuration because the host part of the domain name exceeds 63 characters. The workaround is to limit the cluster name to 20 characters or fewer.

  • Cluster CR (REC) errors are not reported after invalid updates (RED-25542) A cluster CR specification error is not reported if two or more invalid CR resources are updated in sequence.