Redis Enterprise for Kubernetes release notes 6.4.2-4 (March 2023)

The Redis Enterprise K8s 6.4.2-4 release supports Redis Enterprise Software 6.4.2 and contains new features and feature improvements.

Overview

The Redis Enterprise K8s 6.4.2-4 release supports Redis Enterprise Software 6.4.2 and contains new features and feature improvements.

The key features, bug fixes, and known limitations are described below.

Images

  • Redis Enterprise: redislabs/redis:6.4.2-43
  • Operator: redislabs/operator:6.4.2-4
  • Services Rigger: redislabs/k8s-controller:6.4.2-4

OpenShift images

  • Redis Enterprise: registry.connect.redhat.com/redislabs/redis-enterprise:6.4.2-43.rhel8-openshift (or redislabs/redis-enterprise:6.4.2-43.rhel7-openshift if upgrading from RHEL 7)
  • Operator: registry.connect.redhat.com/redislabs/redis-enterprise-operator:6.4.2-4s
  • Services Rigger: registry.connect.redhat.com/redislabs/services-manager:6.4.2-4

OpenShift OLM bundles

  • Redis Enterprise operator bundle version: v6.4.2-4.0

New features

  • Cluster-level LDAP configuration support in REC (RED-83533)
  • Public preview support for declarative Active-Active configuration (RED-86470)(RED-86470)

Feature improvements

  • New labeling method for multi-namespace REDB (RED-83102)
  • Operator deployment uses built-in SCC in OpenShift (RED-90524)
  • Support for Redis Enterprise 6.4.2-43
  • Support added for K8s 1.26, EKS 1.24, AKS 1.25, Rancher 2.7/1.23-24
  • Improved log collector display and error handling

Bug fixes

  • Deployment manifests referenced non-existent redis-enterprise-admission ServiceAccount (RED-90469)
  • CVE-2022-1996 (RED-93026)
  • CVE-2022-28948 (RED-93027)
  • CVE-2021-44716 & CVE-2022-27664 (RED-93028)
  • CVE-2018-20225

API changes

The following fields were changed in the Redis Enterprise cluster (REC) API:

  • Added .spec.ldap for configuring cluster-level LDAP settings

  • Added .spec.certificates.ldapClientCertificateSecretName for configuring LDAP client certificate

  • Added .status.managedAPIs to track APIs managed by the operator

  • The following custom resources definitions were added:

    • RedisEnterpriseRemoteCluster (RERC)
    • RedisEnterpriseActiveActiveDatabase (REAADB)

Compatibility notes

Deprecated features

  • Support for Gesher, the advanced admission control configuration, is deprecated.
  • The app.redislabs.com/v1alpha1 API version of the RedisEnterpriseCluster (REC) custom resource is deprecated and will be removed in a subsequent release. Customers should switch to use the app.redislabs.com/v1 API version instead.

Supported distributions

The following table shows supported distributions at the time of this release. You can also find this list in Supported Kubernetes distributions.

Kubernetes version 1.21 1.22 1.23 1.24 1.25 1.26
Community Kubernetes deprecated supported supported supported supported*
Amazon EKS supported supported supported*
Azure AKS deprecated supported supported*
Google GKE supported supported supported supported
Rancher 2.6 deprecated supported supported supported
Rancher 2.7 supported* supported*
VMware TKG 1.6 supported supported
OpenShift version 4.8 4.9 4.10 4.11 4.12
deprecated deprecated supported supported supported*
VMware TKGI version 1.12 1.13 1.14 1.15
deprecated supported supported

* Support added in this release

Before upgrading

Be aware the following changes included in this release affect the upgrade process. Please read carefully before upgrading.

  • Supported upgrade paths

    If you are using a version earlier than 6.2.10-45, you cannot upgrade directly to this release. You must upgrade to 6.2.10-45 before you can upgrade to versions 6.2.18 or later.

  • ValidatingWebhookConfiguration

    This release uses a new ValidatingWebhookConfiguration resource to replace the redb-admission webhook resource. To use releases 6.4.2-4 or later, delete the old webhook resource and apply the new file. See upgrade Redis cluster for instructions.

Active-Active preview known limitations

  • No support for Hashicorp Vault for storing secrets (RED-95805)

  • No module support (RED-95153)

  • No support for client certificates in secrets (RED-95724)

  • No support for backup configuration (RED-95724)

  • No support for upgrading the database Redis version

  • REAADB secret status isn't updated in source cluster (RED-96296)

    The workaround is to view the secret status in one of the remote clusters.

  • Invalid REAADB is not rejected by admission might get deleted after apply. (RED-96300)

    Fix the problems with the REAADB and reapply. Contact support if you aren't sure why the REAADB is invalid.

  • Admission is not blocking REAADB with shardCount which exceeds license quota. (RED-96301)

    Fix the problems with the REAADB and reapply.

  • RERC resources must have a unique name (<rec-name>/<rec-namespace>). (RED-96302)

  • Only global database options are supported, not support for specifying configuration per location.

  • Can't automatically update the cluster secret via the operator (can be updated manually).

  • No support for migration from old (manual) Active-Active database method to new Active-Active controller.

Known limitations

  • REC creation might fail using form view on OpenShift. (RED-100517)

    To avoid this, use the YAML view. This will be fixed in the next release.

Large clusters

On clusters with more than 9 REC nodes, a Kubernetes upgrade can render the Redis cluster unresponsive in some cases. A fix is available in the 6.4.2-5 release. Upgrade your operator version to 6.4.2-5 or later before upgrading your Kubernetes cluster. (RED-93025)

  • Resharding fails for rack-aware databases with no replication (RED-97971)

    When a database is configured as rack-aware and replication is turned off, the resharding operation fails.

    Workaround: Before resharding your database, turn off rack awareness. Set the spec.rackAware field in your REDB custom resource to false. After the resharding process is complete, you can re-enable rack awareness.

  • Long cluster names cause routes to be rejected (RED-25871)

    A cluster name longer than 20 characters will result in a rejected route configuration because the host part of the domain name exceeds 63 characters. The workaround is to limit the cluster name to 20 characters or fewer.

  • Cluster CR (REC) errors are not reported after invalid updates (RED-25542)

    A cluster CR specification error is not reported if two or more invalid CR resources are updated in sequence.

  • An unreachable cluster has status running (RED-32805)

    When a cluster is in unreachable state, the state remains running instead of triggering an error.

  • Readiness probe incorrect on failures (RED-39300)

    STS Readiness probe does not mark a node as "not ready" when running rladmin status on node failure.

  • Internal DNS and Kubernetes DNS may have conflicts (RED-37462)

    DNS conflicts are possible between the cluster mdns_server and the K8s DNS. This only impacts DNS resolution from within cluster nodes for Kubernetes DNS names.

  • 5.4.10 negatively impacts 5.4.6 (RED-37233)

    Kubernetes-based 5.4.10 deployments seem to negatively impact existing 5.4.6 deployments that share a Kubernetes cluster.

  • Node CPU usage is reported instead of pod CPU usage (RED-36884)

    In Kubernetes, the reported node CPU usage is the usage of the Kubernetes worker node hosting the REC pod.

  • Clusters must be named "rec" in OLM-based deployments (RED-39825)

    In OLM-deployed operators, the deployment of the cluster will fail if the name is not "rec". When the operator is deployed via the OLM, the security context constraints (scc) are bound to a specific service account name (namely, "rec"). The workaround is to name the cluster "rec".

  • REC clusters fail to start on Kubernetes clusters with unsynchronized clocks (RED-47254)

    When REC clusters are deployed on Kubernetes clusters with unsynchronized clocks, the REC cluster does not start correctly. The fix is to use NTP to synchronize the underlying K8s nodes.

  • Deleting an OpenShift project with an REC deployed may hang (RED-47192)

    When an REC cluster is deployed in a project (namespace) and has REDB resources, the REDB resources must be deleted first before the REC can be deleted. Therefore, until the REDB resources are deleted, the project deletion will hang. The fix is to delete the REDB resources first and the REC second. Then, you can delete the project.

  • Hashicorp Vault integration - no support for Gesher (RED-55080)

    There is no workaround at this time.

  • REC might report error states on initial startup (RED-61707)

    There is no workaround at this time except to ignore the errors.

  • PVC size issues when using decimal value in spec (RED-62132)

    The workaround for this issue is to make sure you use integer values for the PVC size.

  • Following the previous quick start guide version causes issues with creating an REDB due to unrecognized memory field name (RED-69515)

    The workaround is to use the newer (current) revision of the quick start.

  • autoUpgrade set to true can cause unexpected bdb upgrades when redisUpgradePolicy is set to true (RED-72351)

    Contact support if your deployment is impacted.

RATE THIS PAGE
Back to top ↑