diff --git a/bundle.yaml b/bundle.yaml index f885bb4..f31b372 100644 --- a/bundle.yaml +++ b/bundle.yaml @@ -16721,7 +16721,7 @@ spec: - configMapRef: name: "operator-environment-config" optional: true - image: redislabs/operator:7.4.6-6 + image: redislabs/operator:7.4.6-7 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -16769,7 +16769,7 @@ spec: - configMapRef: name: "operator-environment-config" optional: true - image: redislabs/operator:7.4.6-6 + image: redislabs/operator:7.4.6-7 imagePullPolicy: Always livenessProbe: failureThreshold: 3 diff --git a/log_collector/log_collector.py b/log_collector/log_collector.py index 7cb6937..69de360 100644 --- a/log_collector/log_collector.py +++ b/log_collector/log_collector.py @@ -37,7 +37,7 @@ logger.setLevel(logging.INFO) LOGGER_FORMAT = '%(asctime)s - %(levelname)s - %(message)s' logging.basicConfig(format=LOGGER_FORMAT) -VERSION_LOG_COLLECTOR = "7.4.6-6" +VERSION_LOG_COLLECTOR = "7.4.6-7" TIME_FORMAT = time.strftime("%Y%m%d-%H%M%S") @@ -1420,40 +1420,44 @@ def check_not_negative(value): if __name__ == "__main__": # pylint: disable=locally-disabled, invalid-name - parser = argparse.ArgumentParser(description='Redis Enterprise' - ' K8s log collector') + parser = argparse.ArgumentParser(description='Redis Enterprise Log Collector for Kubernetes\n\n' + 'For additional details and usage instructions, see ' + 'https://redis.io/docs/latest/operate/kubernetes/logs/collect-logs/', + formatter_class=argparse.RawTextHelpFormatter) parser.add_argument('-n', '--namespace', action="store", type=str, - help="pass namespace name or comma separated list or 'all' " - "when left empty will use namespace from kube config") - parser.add_argument('-o', '--output_dir', action="store", type=str) + help="Sets the namespace(s) to collect from.\n" + "Can be set to a single namespace, multiple namespaces (comma-separated), or 'all'.\n" + "When left empty, will use the current context's namespace from kubeconfig.") + parser.add_argument('-o', '--output_dir', action="store", type=str, + help="Sets the output directory.\n" + "Defaults to current working directory.") parser.add_argument('-a', '--logs_from_all_pods', action="store_true", - help="collect logs from all pods, not only the operator and pods run by the operator") + help="Collect logs from all pods in the selected namespace(s),\n" + "and otherwise collect only from the operator and pods run by the operator.") parser.add_argument('-t', '--timeout', action="store", type=check_not_negative, default=TIMEOUT, - help="time to wait for external commands to " - "finish execution " - "(default: 180s, specify 0 to not timeout) " - "(Linux only)") + help="Time to wait for external commands to finish execution (Linux only).\n" + "Default to 180s. Specify 0 to disable timeout.") parser.add_argument('--k8s_cli', action="store", type=str, - help="Which K8s cli client to use (kubectl/oc/auto-detect). " - "Defaults to auto-detect (chooses between \"kubectl\" and \"oc\"). " + help="The K8s cli client to use (kubectl/oc/auto-detect).\n" + "Defaults to auto-detect (chooses between 'kubectl' and 'oc').\n" "Full paths can also be used.") parser.add_argument('-m', '--mode', action="store", type=str, choices=[MODE_RESTRICTED, MODE_ALL], - help="Which mode to run the log collector. The options are:" - "1. restricted (default for clusters of version 6.2.18 and newer) - " - "collect only resources that are related to the operator," - " and has the label \"app=redis-enterprise\". " - "2. all - collect all resources") + help="Controls which resources are collected:\n" + "In 'restricted' mode, only resources associated with the operator " + "and have the label 'app=redis-enterprise' are collected.\n" + "In 'all' mode, all resources are collected.\n" + "Defaults to 'restricted' mode.") parser.add_argument('--collect_istio', action="store_true", - help="collect data from istio-system namespace to debug potential " - "problems related to istio ingress method") + help="Collect data from istio-system namespace to debug potential\n" + "problems related to istio ingress method.") parser.add_argument('--skip_support_package', action="store_true", - help="not collect RS support package") + help="Disable collection of RS support package from Redis Enterprise nodes.") parser.add_argument('--collect_empty_files', action="store_true", - help='collect empty log files for missing resources') + help='Collect empty log files for missing resources.') parser.add_argument('--helm_release_name', action="store", type=str, - help='collect resources related to helm release name') + help='Collect resources related to the given Helm release name.') parser.set_defaults(collect_istio=False) run(parser.parse_args()) diff --git a/log_collector/role-all-mode.yaml b/log_collector/role-all-mode.yaml new file mode 100644 index 0000000..fae67dc --- /dev/null +++ b/log_collector/role-all-mode.yaml @@ -0,0 +1,175 @@ +# The minimal Role and ClusterRole required for running the log collector in 'all' mode. +# The roles should be bound to the user executing the log collector, in each of the namespaces to be collected. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: logcollector-role +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get + - list +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +- apiGroups: + - "" + resources: + - events + - services + - endpoints + - configmaps + - secrets + - resourcequotas + - limitranges + - persistentvolumeclaims + - replicationcontrollers + verbs: + - get + - list +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - get + - list +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - list +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list +- apiGroups: + - app.redislabs.com + resources: + - "*" + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - get + - list +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - get + - list +- apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + - subscriptions + - installplans + - catalogsources + verbs: + - get + - list +- apiGroups: + - networking.istio.io + resources: + - gateways + - virtualservices + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: logcollector-clusterrole +rules: +- apiGroups: + - "" + resources: + - nodes + - namespaces + - persistentvolumes + verbs: + - get + - list +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - get + - list +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + - storageclasses + verbs: + - get + - list +- apiGroups: + - policy + resources: + - podsecuritypolicy + verbs: + - get + - list +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - get + - list diff --git a/log_collector/role-restricted-mode.yaml b/log_collector/role-restricted-mode.yaml new file mode 100644 index 0000000..438f6fb --- /dev/null +++ b/log_collector/role-restricted-mode.yaml @@ -0,0 +1,147 @@ +# The minimal Role and ClusterRole required for running the log collector in 'restricted' mode. +# The roles should be bound to the user executing the log collector, in each of the namespaces to be collected. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: logcollector-role +rules: +- apiGroups: + - "" + resources: + - pods + - pods/log + verbs: + - get + - list +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +- apiGroups: + - "" + resources: + - events + - services + - endpoints + - configmaps + - secrets + - limitranges + - persistentvolumeclaims + - replicationcontrollers + verbs: + - get + - list +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - get + - list +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - list +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - list +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list +- apiGroups: + - app.redislabs.com + resources: + - "*" + verbs: + - get + - list +- apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - get + - list +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: logcollector-clusterrole +rules: +- apiGroups: + - "" + resources: + - nodes + - namespaces + - persistentvolumes + verbs: + - get + - list +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - get + - list +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - list +- apiGroups: + - storage.k8s.io + resources: + - volumeattachments + verbs: + - get + - list +- apiGroups: + - policy + resources: + - podsecuritypolicy + verbs: + - get + - list diff --git a/multi-namespace-redb/operator.yaml b/multi-namespace-redb/operator.yaml index dd017ec..bf7f734 100644 --- a/multi-namespace-redb/operator.yaml +++ b/multi-namespace-redb/operator.yaml @@ -41,7 +41,7 @@ spec: - configMapRef: name: "operator-environment-config" optional: true - image: redislabs/operator:7.4.6-6 + image: redislabs/operator:7.4.6-7 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -89,7 +89,7 @@ spec: - configMapRef: name: "operator-environment-config" optional: true - image: redislabs/operator:7.4.6-6 + image: redislabs/operator:7.4.6-7 imagePullPolicy: Always livenessProbe: failureThreshold: 3 diff --git a/openshift.bundle.yaml b/openshift.bundle.yaml index 875a54f..2a2f847 100644 --- a/openshift.bundle.yaml +++ b/openshift.bundle.yaml @@ -16776,7 +16776,7 @@ spec: - configMapRef: name: "operator-environment-config" optional: true - image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.6-6 + image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.6-7 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -16824,7 +16824,7 @@ spec: - configMapRef: name: "operator-environment-config" optional: true - image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.6-6 + image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.6-7 imagePullPolicy: Always livenessProbe: failureThreshold: 3 diff --git a/openshift/operator_rhel.yaml b/openshift/operator_rhel.yaml index 2527bbe..8109f92 100644 --- a/openshift/operator_rhel.yaml +++ b/openshift/operator_rhel.yaml @@ -43,7 +43,7 @@ spec: - configMapRef: name: "operator-environment-config" optional: true - image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.6-6 + image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.6-7 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -91,7 +91,7 @@ spec: - configMapRef: name: "operator-environment-config" optional: true - image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.6-6 + image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.6-7 imagePullPolicy: Always livenessProbe: failureThreshold: 3 diff --git a/openshift/rec_rhel.yaml b/openshift/rec_rhel.yaml index d90a70a..eae1586 100644 --- a/openshift/rec_rhel.yaml +++ b/openshift/rec_rhel.yaml @@ -9,7 +9,7 @@ spec: nodes: 3 redisEnterpriseImageSpec: repository: registry.connect.redhat.com/redislabs/redis-enterprise - versionTag: 7.4.6-102.rhel8-openshift + versionTag: 7.4.6-272.rhel8-openshift redisEnterpriseServicesRiggerImageSpec: repository: registry.connect.redhat.com/redislabs/services-manager bootstrapperImageSpec: diff --git a/operator.yaml b/operator.yaml index dd017ec..bf7f734 100644 --- a/operator.yaml +++ b/operator.yaml @@ -41,7 +41,7 @@ spec: - configMapRef: name: "operator-environment-config" optional: true - image: redislabs/operator:7.4.6-6 + image: redislabs/operator:7.4.6-7 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -89,7 +89,7 @@ spec: - configMapRef: name: "operator-environment-config" optional: true - image: redislabs/operator:7.4.6-6 + image: redislabs/operator:7.4.6-7 imagePullPolicy: Always livenessProbe: failureThreshold: 3