From 77672afd91d3f69316aee231bce6101616d58024 Mon Sep 17 00:00:00 2001
From: Ubuntu <ubuntu@ip-172-31-58-35.eu-central-1.compute.internal>
Date: Thu, 25 Sep 2025 15:44:32 +0000
Subject: [PATCH 1/2] promoting version 7.4.6-7

---
 .gitignore                                    |   2 +-
 bundle.yaml                                   |   4 +-
 helm/redis-enterprise-operator/.helmignore    |   1 +
 helm/redis-enterprise-operator/Chart.yaml     |  17 ++
 helm/redis-enterprise-operator/README.md      | 149 +++++++++++++
 .../templates/_helpers.tpl                    |  49 +++++
 .../templates/admission-service.yaml          |  13 ++
 .../templates/jobs/install_crds_job.yaml      |  92 ++++++++
 .../jobs/patch-namespaces-redis-label.yaml    | 143 +++++++++++++
 .../jobs/patch-webhook-configuration.yaml     | 130 ++++++++++++
 .../templates/openshift/scc.yaml              |  35 ++++
 .../operator-environment-config.yaml          |  13 ++
 .../templates/operator.yaml                   | 145 +++++++++++++
 .../templates/role.yaml                       | 197 ++++++++++++++++++
 .../templates/role_binding.yaml               |  15 ++
 .../templates/service_account.yaml            |   8 +
 .../templates/webhook.yaml                    |  69 ++++++
 helm/redis-enterprise-operator/values.yaml    |  48 +++++
 log_collector/log_collector.py                |  50 +++--
 log_collector/role-all-mode.yaml              | 175 ++++++++++++++++
 log_collector/role-restricted-mode.yaml       | 147 +++++++++++++
 multi-namespace-redb/operator.yaml            |   4 +-
 openshift.bundle.yaml                         |   4 +-
 openshift/operator_rhel.yaml                  |   4 +-
 openshift/rec_rhel.yaml                       |   2 +-
 operator.yaml                                 |   4 +-
 26 files changed, 1485 insertions(+), 35 deletions(-)
 create mode 100644 helm/redis-enterprise-operator/.helmignore
 create mode 100644 helm/redis-enterprise-operator/Chart.yaml
 create mode 100644 helm/redis-enterprise-operator/README.md
 create mode 100644 helm/redis-enterprise-operator/templates/_helpers.tpl
 create mode 100644 helm/redis-enterprise-operator/templates/admission-service.yaml
 create mode 100644 helm/redis-enterprise-operator/templates/jobs/install_crds_job.yaml
 create mode 100644 helm/redis-enterprise-operator/templates/jobs/patch-namespaces-redis-label.yaml
 create mode 100644 helm/redis-enterprise-operator/templates/jobs/patch-webhook-configuration.yaml
 create mode 100644 helm/redis-enterprise-operator/templates/openshift/scc.yaml
 create mode 100644 helm/redis-enterprise-operator/templates/operator-environment-config.yaml
 create mode 100644 helm/redis-enterprise-operator/templates/operator.yaml
 create mode 100644 helm/redis-enterprise-operator/templates/role.yaml
 create mode 100644 helm/redis-enterprise-operator/templates/role_binding.yaml
 create mode 100644 helm/redis-enterprise-operator/templates/service_account.yaml
 create mode 100644 helm/redis-enterprise-operator/templates/webhook.yaml
 create mode 100644 helm/redis-enterprise-operator/values.yaml
 create mode 100644 log_collector/role-all-mode.yaml
 create mode 100644 log_collector/role-restricted-mode.yaml

diff --git a/.gitignore b/.gitignore
index 485dee6..5c3bdbb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-.idea
+*bundle.yaml
diff --git a/bundle.yaml b/bundle.yaml
index f885bb4..f31b372 100644
--- a/bundle.yaml
+++ b/bundle.yaml
@@ -16721,7 +16721,7 @@ spec:
             - configMapRef:
                 name: "operator-environment-config"
                 optional: true
-          image: redislabs/operator:7.4.6-6
+          image: redislabs/operator:7.4.6-7
           imagePullPolicy: Always
           livenessProbe:
             failureThreshold: 3
@@ -16769,7 +16769,7 @@ spec:
             - configMapRef:
                 name: "operator-environment-config"
                 optional: true
-          image: redislabs/operator:7.4.6-6
+          image: redislabs/operator:7.4.6-7
           imagePullPolicy: Always
           livenessProbe:
             failureThreshold: 3
diff --git a/helm/redis-enterprise-operator/.helmignore b/helm/redis-enterprise-operator/.helmignore
new file mode 100644
index 0000000..6b8c0ab
--- /dev/null
+++ b/helm/redis-enterprise-operator/.helmignore
@@ -0,0 +1 @@
+.helmignore
diff --git a/helm/redis-enterprise-operator/Chart.yaml b/helm/redis-enterprise-operator/Chart.yaml
new file mode 100644
index 0000000..c5075ce
--- /dev/null
+++ b/helm/redis-enterprise-operator/Chart.yaml
@@ -0,0 +1,17 @@
+apiVersion: v2
+type: application
+
+name: redis-enterprise-operator
+description: A Helm chart for Redis Enterprise Operator for Kubernetes
+
+version: 0.1.0
+appVersion: 7.4.6-7
+
+home: https://redis.com
+icon: https://redis.com/wp-content/themes/wpx/assets/images/logo-redis.svg
+keywords:
+  - redis
+  - database
+maintainers:
+  - name: Redis
+    url: https://redis.com/company/contact/
diff --git a/helm/redis-enterprise-operator/README.md b/helm/redis-enterprise-operator/README.md
new file mode 100644
index 0000000..c99765c
--- /dev/null
+++ b/helm/redis-enterprise-operator/README.md
@@ -0,0 +1,149 @@
+# Redis Enterprise Operator Helm Chart
+
+Official Helm chart for installing, configuring and upgrading **Redis Enterprise Operator for Kubernetes**.
+
+[Redis Enterprise](https://redis.com/redis-enterprise-software/overview/) is a self-managed data platform that unlocks the full potential of Redis at enterprise scale - on premises or in the cloud.  
+[Redis Enterprise Operator for Kubernetes](https://redis.com/redis-enterprise-software/redis-enterprise-on-kubernetes/) provides a simple, Kubernetes-native way for deploying and managing Redis Enterprise on Kubernetes.
+
+## Prerequisites
+
+- Kubernetes 1.23+  
+  Supported Kubernetes versions can vary according to the Kubernetes distribution being used.  
+  Please consult the [release notes](https://docs.redis.com/latest/kubernetes/release-notes/) for detailed supported distributions information per operator version.
+- Helm 3.10+
+
+## Installing the Chart
+
+To install the chart:
+
+```sh
+helm install [RELEASE_NAME] [PATH_TO_CHART]
+```
+
+The `[PATH_TO_CHART]` may be a path to the chart root directory, or a chart archive on the local filesystem.  
+  
+To install the chart on **OpenShift**, set the `isOpenshift=true` value:
+
+```sh
+helm install [RELEASE_NAME] [PATH_TO_CHART] \
+     --set isOpenshift=true
+```
+
+To create and select a namespace for the installation, specify the `--namespace` and `--create-namespace` flags:
+
+```sh
+helm install [RELEASE_NAME] [PATH_TO_CHART] \
+     --namespace [NAMESPACE] \
+     --create-namespace
+```
+
+For example, to install the chart with release name "my-redis-enterprise" from within the chart's root directory:
+
+```sh
+helm install my-redis-enterprise . \
+     --namespace redis-enterprise \
+     --create-namespace
+```
+
+Note: the chart installation includes several jobs that configure the CRDs and admission controller used by the operator.  
+These jobs run synchronously during the execution of `helm install` command, and may take around 1 minute to complete.  
+To view additional progress information during the `helm install` execution, use the `--debug` flag:
+
+```sh
+helm install [RELEASE_NAME] [PATH_TO_CHART] \
+     --debug
+```
+
+See [Configuration](#configuration) section below for various configuration options.  
+See [Creating a Redis Enterprise Cluster](#creating-a-redis-enterprise-cluster) section below for instructions for creating a Redis Enterprise Cluster.  
+See [helm install](https://helm.sh/docs/helm/helm_install/) and [Using Helm](https://helm.sh/docs/intro/using_helm/#helm-install-installing-a-package) for more information and options when installing charts.
+
+## Uninstalling the Chart
+
+Before uninstalling the chart, delete any custom resources managed by the Redis Enterprise Operator:
+
+```sh
+kubectl delete redb <name>
+kubectl delete rerc <name>
+kubectl delete reaadb <name>
+kubectl delete rec <name>
+```
+
+To uninstall a previously installed chart:
+
+```sh
+helm uninstall [RELEASE_NAME]
+```
+
+This removes all the Kubernetes resources associated with the chart and deletes the release.
+
+See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for more information and options when uninstalling charts.
+
+## Creating a Redis Enterprise Cluster
+
+Once the chart is installed and the Redis Enterprise Operator is running, a Redis Enterprise Cluster can be created.  
+As of now, the Redis Enterprise Cluster is created directly via custom resources, and not via Helm.
+
+To create a Redis Enterprise Cluster:
+
+1. Validate that the `redis-enterprise-operator` pod is in `RUNNING` state:
+
+```sh
+kubectl get pods -n [NAMESPACE]
+```
+
+2. Create a file for the `RedisEnterpriseCluster` custom resource:
+
+```yaml
+apiVersion: app.redislabs.com/v1
+kind: RedisEnterpriseCluster
+metadata:
+  name: rec
+spec:
+  nodes: 3
+```
+
+3. Apply the custom resource:
+
+```sh
+kubectl apply -f rec.yaml -n [NAMESPACE]
+```
+
+See [Create a Redis Enterprise cluster](https://docs.redis.com/latest/kubernetes/deployment/quick-start/#create-a-redis-enterprise-cluster-rec) and [Redis Enterprise Cluster API](https://github.com/RedisLabs/redis-enterprise-k8s-docs/blob/master/redis_enterprise_cluster_api.md) for more information and options for creating a Redis Enterprise Cluster.
+
+## Configuration
+
+The chart supports several configuration options that allows to customize the behavior and capabilities of the Redis Enterprise Operator.  
+For a list of configurable options and their descriptions, please refer to the `values.yaml` file at the root of the chart.
+
+To install the chart with a customized values file:
+
+```sh
+helm install [RELEASE_NAME] [PATH_TO_CHART] \
+     --values [PATH_TO_VALUES_FILE]
+```
+
+To install the chart with the default values files but with some specific values overriden:
+
+```sh
+helm install [RELEASE_NAME] [PATH_TO_CHART] \
+     --set key1=value1 \
+     --set key2=value2
+```
+
+See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing) for additional information on how to customize the chart installation.
+
+## Known Limitations
+
+This is a preliminary release of this Helm chart, and as of now some if its functionality is still limited:
+
+- The chart only installs the Redis Enterprise Operator, but doesn't create a Redis Enterprise Cluster. See [Creating a Redis Enterprise Cluster](#creating-a-redis-enterprise-cluster) section for instructions on how to directly create a Redis Enterprise Cluster.
+- Several configuration options for the operator are still unsupported, including multiple REDB namespaces, rack-aware, and vault integration. These options can be enabled by following the relevant instructions in the [product documentation](https://docs.redis.com/latest/kubernetes/).
+- CRDs installed by the chart are not removed upon chart uninstallation. These could be manually removed when the chart is uninstalled and are no longer needed, using the following command:
+  ```sh
+  kubectl delete crds -l app=redis-enterprise
+  ```
+- Helm chart upgrades are not supported, nor migrations from a non-Helm deployment to a Helm deployment.
+- Limited testing in advanced setups such as Active-Active configurations, airgapped deployments, IPv6/dual-stack environments.
+- The chart is still unpublished in a "helm repo" or ArtifactHub, and thus can only be installed from a local source (chart directory/archive).
+- While not really a limitation, please note that this chart also installs the [admission controller](https://docs.redis.com/latest/kubernetes/deployment/quick-start/#enable-the-admission-controller) by default, and there's no option to disable it (as opposed to the non-Helm deployment).
\ No newline at end of file
diff --git a/helm/redis-enterprise-operator/templates/_helpers.tpl b/helm/redis-enterprise-operator/templates/_helpers.tpl
new file mode 100644
index 0000000..ddc6f72
--- /dev/null
+++ b/helm/redis-enterprise-operator/templates/_helpers.tpl
@@ -0,0 +1,49 @@
+{{- define "redis-enterprise-operator.operator.image" }}
+{{- if (.Values.global).azure }}
+{{- with .Values.global.azure.images.operator }}
+{{ .registry }}/{{ .image }}@{{ .digest }}
+{{- end }}
+{{- else }}
+{{- $defaultRepository := ternary "registry.connect.redhat.com/redislabs/redis-enterprise-operator" "redislabs/operator-internal" .Values.isOpenshift }}
+{{- $repository := default $defaultRepository .Values.operator.image.repository }}
+{{ $repository }}:{{ .Values.operator.image.tag }}
+{{- end }}
+{{- end }}
+
+
+{{- define "redis-enterprise-operator.annotations" }}
+{{- if ne .Values.versionAnnotations false }}
+redis.io/helm-chart-ver: {{ .Chart.Version }}
+redis.io/operator-ver: {{ .Values.operator.image.tag }}
+{{- end }}
+{{- end }}
+
+{{- define "redis-enterprise-operator.caComment" }}
+"" # Fill in with BASE64 encoded signed cert
+{{- end }}
+
+{{/*
+"redis-enterprise-operator.getCa" generates or retrieves CA certificates. It
+checks for a Secret "admission-tls" in each namespace, generates new
+certificates if needed, and returns a dictionary of all certificates.
+*/}}
+{{- define "redis-enterprise-operator.getCa" }}
+  {{ $CERTS := dict }}
+  {{- range $ns := . }}
+    {{- $secret := (lookup "v1" "Secret" $ns "admission-tls")}}
+    {{- if $secret }}
+      {{ $_ := set $CERTS $ns $secret.data }}
+    {{- else}}
+      {{ $cna := printf "admission.%s" $ns }}
+      {{ $cnb := printf "admission.%s.svc" $ns }}
+      {{ $cnc := printf "admission.%s.svc.cluster.local" $ns }}
+      {{ $ca := genCA $cnb 365 }}
+      {{ $_cert := genSignedCert $cnb nil (list $cna $cnb $cnc) 365 $ca }}
+      {{ $cert := dict }}
+      {{ $_ := set $cert "cert" ($_cert.Cert | b64enc) }}
+      {{ $_ := set $cert "privateKey" ($_cert.Key | b64enc) }}
+      {{ $_ := set $CERTS $ns $cert }}
+    {{- end }}
+  {{- end }}
+  {{ $CERTS | toYaml | nindent 2 }}
+{{- end }}
diff --git a/helm/redis-enterprise-operator/templates/admission-service.yaml b/helm/redis-enterprise-operator/templates/admission-service.yaml
new file mode 100644
index 0000000..91007fe
--- /dev/null
+++ b/helm/redis-enterprise-operator/templates/admission-service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: admission
+  labels:
+    app: redis-enterprise
+spec:
+  ports:
+    - port: 443
+      protocol: TCP
+      targetPort: 8443
+  selector:
+    name: redis-enterprise-operator
diff --git a/helm/redis-enterprise-operator/templates/jobs/install_crds_job.yaml b/helm/redis-enterprise-operator/templates/jobs/install_crds_job.yaml
new file mode 100644
index 0000000..01fd106
--- /dev/null
+++ b/helm/redis-enterprise-operator/templates/jobs/install_crds_job.yaml
@@ -0,0 +1,92 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: redis-enterprise-crds
+  annotations:
+    "redis/operator-ver": {{ .Values.operator.image.tag }}
+    "redis/helm-chart-ver": {{ .Chart.Version }}
+    "helm.sh/hook": pre-install, pre-upgrade
+    "helm.sh/hook-weight": "-4"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+  labels:
+    app: redis-enterprise
+spec:
+  template:
+    metadata:
+      labels:
+        app: redis-enterprise
+    spec:
+      serviceAccountName: redis-enterprise-crds
+      containers:
+        - name: gatekeeper-crds
+          image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            runAsNonRoot: true
+            seccompProfile:
+              type: "RuntimeDefault"
+          command:
+            - crd-installer
+          args:
+            - "-action=applyCRD"
+            - "-crdPaths=/crds/rec_crd.yaml,/crds/redb_crd.yaml,/crds/reaadb_crd.yaml,/crds/rerc_crd.yaml"
+          resources:
+            limits:
+              cpu: 100m
+              memory: 100Mi
+      restartPolicy: OnFailure
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: redis-enterprise-crds
+  annotations:
+    "redis/operator-ver": {{ .Values.operator.image.tag }}
+    "redis/helm-chart-ver": {{ .Chart.Version }}
+    "helm.sh/hook": pre-install, pre-upgrade
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+  labels:
+    app: redis-enterprise
+rules:
+  - apiGroups: ["apiextensions.k8s.io"]
+    resources: ["customresourcedefinitions"]
+    verbs: ["create", "get", "list", "watch", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: redis-enterprise-crds
+  annotations:
+    "redis/operator-ver": {{ .Values.operator.image.tag }}
+    "redis/helm-chart-ver": {{ .Chart.Version }}
+    "helm.sh/hook": pre-install, pre-upgrade
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+  labels:
+    app: redis-enterprise
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: redis-enterprise-crds
+subjects:
+  - kind: ServiceAccount
+    name: redis-enterprise-crds
+    namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: redis-enterprise-crds
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "redis/operator-ver": {{ .Values.operator.image.tag }}
+    "redis/helm-chart-ver": {{ .Chart.Version }}
+    "helm.sh/hook": pre-install, pre-upgrade
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+  labels:
+    app: redis-enterprise
diff --git a/helm/redis-enterprise-operator/templates/jobs/patch-namespaces-redis-label.yaml b/helm/redis-enterprise-operator/templates/jobs/patch-namespaces-redis-label.yaml
new file mode 100644
index 0000000..6c809c8
--- /dev/null
+++ b/helm/redis-enterprise-operator/templates/jobs/patch-namespaces-redis-label.yaml
@@ -0,0 +1,143 @@
+{{- if .Values.admission.limitToNamespace }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: redis-enterprise-namespace-labels
+  labels:
+    app: redis-enterprise
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade,post-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: redis-enterprise-namespace-labels
+  labels:
+    app: redis-enterprise
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade,post-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
+rules:
+- apiGroups: [""]
+  resources: ["namespaces"]
+  verbs: ["patch", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: redis-enterprise-namespace-labels
+  labels:
+    app: redis-enterprise
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade,post-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
+subjects:
+- kind: ServiceAccount
+  name: redis-enterprise-namespace-labels
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: redis-enterprise-namespace-labels
+  apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: redis-enterprise-namespace-labels
+  labels:
+    app: redis-enterprise
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
+spec:
+  backoffLimit: 6
+  completions: 1
+  parallelism: 1
+  template:
+    metadata:
+      labels:
+        app: redis-enterprise
+    spec:
+      containers:
+        - name: redis-enterprise-namespace-labels
+          resources:
+            limits:
+              cpu: 100m
+              memory: 100Mi
+          image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }}
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            runAsNonRoot: true
+            seccompProfile:
+              type: "RuntimeDefault"
+          command:
+            - crd-installer
+          args:
+            - "-action=patchNamespace"
+            - -namespace={{ .Release.Namespace }}
+            {{- if .Values.admission.namespaces }}
+            - --admissionNamespaces={{ .Values.admission.namespaces | join "," }}
+            {{- end }}
+      restartPolicy: OnFailure
+      serviceAccountName: redis-enterprise-namespace-labels
+
+---
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: redis-enterprise-namespace-labels-cleanup
+  labels:
+    app: redis-enterprise
+  annotations:
+    "helm.sh/hook": post-delete
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
+spec:
+  backoffLimit: 6
+  completions: 1
+  parallelism: 1
+  template:
+    metadata:
+      labels:
+        app: redis-enterprise
+    spec:
+      containers:
+        - name: redis-enterprise-namespace-labels-cleanup
+          resources:
+            limits:
+              cpu: 100m
+              memory: 100Mi
+          image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }}
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            runAsNonRoot: true
+            seccompProfile:
+              type: "RuntimeDefault"
+          command:
+            - crd-installer
+          args:
+            # passing the same action without any namespaces to remove the label
+            - "-action=patchNamespace"
+      restartPolicy: OnFailure
+      serviceAccountName: redis-enterprise-namespace-labels
+
+{{- end }}
\ No newline at end of file
diff --git a/helm/redis-enterprise-operator/templates/jobs/patch-webhook-configuration.yaml b/helm/redis-enterprise-operator/templates/jobs/patch-webhook-configuration.yaml
new file mode 100644
index 0000000..07d81aa
--- /dev/null
+++ b/helm/redis-enterprise-operator/templates/jobs/patch-webhook-configuration.yaml
@@ -0,0 +1,130 @@
+{{- if not .Values.admission.setCABundle }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: redis-admission-configuration
+  labels:
+    app: redis-enterprise
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: redis-admission-configuration
+  labels:
+    app: redis-enterprise
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["validatingwebhookconfigurations"]
+  verbs: ["patch", "get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: redis-admission-configuration
+  labels:
+    app: redis-enterprise
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
+subjects:
+- kind: ServiceAccount
+  name: redis-admission-configuration
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: redis-admission-configuration
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: redis-admission-configuration
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
+  labels:
+    app: redis-enterprise
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "secrets" ]
+    verbs: [ "get"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: redis-admission-configuration
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
+  labels:
+    app: redis-enterprise
+subjects:
+- kind: ServiceAccount
+  name: redis-admission-configuration
+roleRef:
+  kind: Role
+  name: redis-admission-configuration
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: redis-webhook-configuration
+  labels:
+    app: redis-enterprise
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
+spec:
+  backoffLimit: 6
+  completions: 1
+  parallelism: 1
+  template:
+    metadata:
+      labels:
+        app: redis-enterprise
+    spec:
+      containers:
+        - name: patch-admission-webhook-configuration
+          resources:
+            limits:
+              cpu: 100m
+              memory: 100Mi
+          image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }}
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            runAsNonRoot: true
+            seccompProfile:
+              type: "RuntimeDefault"
+          command:
+            - crd-installer
+          args:
+            - "-action=patchWebhook"
+            - "-webhookName=redis-enterprise-admission"
+            - -namespace={{ .Release.Namespace }}
+      restartPolicy: OnFailure
+      serviceAccountName: redis-admission-configuration
+{{- end }}
\ No newline at end of file
diff --git a/helm/redis-enterprise-operator/templates/openshift/scc.yaml b/helm/redis-enterprise-operator/templates/openshift/scc.yaml
new file mode 100644
index 0000000..dd0fc45
--- /dev/null
+++ b/helm/redis-enterprise-operator/templates/openshift/scc.yaml
@@ -0,0 +1,35 @@
+{{- if .Values.isOpenshift -}}
+apiVersion: security.openshift.io/v1
+kind: SecurityContextConstraints
+metadata:
+  name: redis-enterprise-scc-v2
+  annotations:
+    kubernetes.io/description: redis-enterprise-scc is the minimal SCC needed to run Redis Enterprise nodes on Kubernetes.
+      It provides the same features as restricted-v2 SCC, but allows pods to enable the SYS_RESOURCE capability,
+      which is required by Redis Enterprise nodes to manage file descriptor limits and OOM scores for database shards.
+      Additionally, it requires pods to run as UID/GID 1001, which are the UID/GID used within the Redis Enterprise node containers.
+allowedCapabilities:
+- SYS_RESOURCE
+allowHostDirVolumePlugin: false
+allowHostIPC : false
+allowHostNetwork: false
+allowHostPID: false
+allowHostPorts: false
+allowPrivilegeEscalation: false
+allowPrivilegedContainer: false
+readOnlyRootFilesystem: false
+runAsUser:
+  type: MustRunAs
+  uid: 1001
+fsGroup:
+  type: MustRunAs
+  ranges:
+  - min: 1001
+    max: 1001
+seLinuxContext:
+  type: MustRunAs
+seccompProfiles:
+- runtime/default
+supplementalGroups:
+  type: RunAsAny
+{{- end -}}
diff --git a/helm/redis-enterprise-operator/templates/operator-environment-config.yaml b/helm/redis-enterprise-operator/templates/operator-environment-config.yaml
new file mode 100644
index 0000000..0047021
--- /dev/null
+++ b/helm/redis-enterprise-operator/templates/operator-environment-config.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: redis-enterprise
+  name: operator-environment-config
+  namespace: {{ $.Release.Namespace }}
+  annotations:
+    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
+data:
+  {{- with .Values.operator }}
+  ACTIVE_ACTIVE_DATABASE_CONTROLLER_ENABLED: {{ .activeActiveDatabaseControllerEnabled | quote }}
+  {{- end }}
\ No newline at end of file
diff --git a/helm/redis-enterprise-operator/templates/operator.yaml b/helm/redis-enterprise-operator/templates/operator.yaml
new file mode 100644
index 0000000..31c4316
--- /dev/null
+++ b/helm/redis-enterprise-operator/templates/operator.yaml
@@ -0,0 +1,145 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+    annotations:
+        {{- include "redis-enterprise-operator.annotations" . | nindent 8}}
+    labels:
+        app: redis-enterprise
+    name: redis-enterprise-operator
+spec:
+    replicas: 1
+    selector:
+        matchLabels:
+            name: redis-enterprise-operator
+    strategy:
+        type: Recreate
+    template:
+        metadata:
+            labels:
+                app: redis-enterprise
+                name: redis-enterprise-operator
+        spec:
+            containers:
+                - command:
+                    - operator-root
+                    - operator
+                  env:
+                    - name: POD_NAMESPACE
+                      valueFrom:
+                        fieldRef:
+                            fieldPath: metadata.namespace
+                    - name: WATCH_NAMESPACE
+                      valueFrom:
+                        fieldRef:
+                            fieldPath: metadata.namespace
+                    - name: POD_NAME
+                      valueFrom:
+                        fieldRef:
+                            fieldPath: metadata.name
+                    - name: OPERATOR_NAME
+                      value: redis-enterprise-operator
+                    {{- if .Values.isOpenshift }}
+                    - name: DEPLOY_RHEL
+                      value: "true"
+                    {{- end }}
+                  envFrom:
+                    - configMapRef:
+                        name: {{ "operator-environment-config" | quote }}
+                        optional: true
+                  image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }}
+                  imagePullPolicy: Always
+                  livenessProbe:
+                    failureThreshold: 3
+                    httpGet:
+                        path: /healthz
+                        port: 8080
+                        scheme: HTTP
+                    periodSeconds: 10
+                    successThreshold: 1
+                    timeoutSeconds: 5
+                  name: redis-enterprise-operator
+                  ports:
+                    - containerPort: 8080
+                  resources:
+                    limits:
+                        cpu: 4000m
+                        memory: 512Mi
+                    requests:
+                        cpu: 500m
+                        memory: 256Mi
+                  securityContext:
+                    allowPrivilegeEscalation: false
+                    capabilities:
+                        drop:
+                            - ALL
+                    privileged: false
+                    readOnlyRootFilesystem: true
+                - command:
+                    - operator-root
+                    - admission
+                  env:
+                    - name: POD_NAMESPACE
+                      valueFrom:
+                        fieldRef:
+                            fieldPath: metadata.namespace
+                    - name: WATCH_NAMESPACE
+                      valueFrom:
+                        fieldRef:
+                            fieldPath: metadata.namespace
+                    - name: POD_NAME
+                      valueFrom:
+                        fieldRef:
+                            fieldPath: metadata.name
+                  envFrom:
+                    - configMapRef:
+                        name: {{ "operator-environment-config" | quote }}
+                        optional: true
+                  image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }}
+                  imagePullPolicy: Always
+                  livenessProbe:
+                    failureThreshold: 3
+                    httpGet:
+                        path: /liveness
+                        port: 8443
+                        scheme: HTTPS
+                    initialDelaySeconds: 15
+                    periodSeconds: 10
+                    successThreshold: 1
+                    timeoutSeconds: 5
+                  name: admission
+                  ports:
+                    - containerPort: 8443
+                  readinessProbe:
+                    failureThreshold: 3
+                    httpGet:
+                        path: /healthz
+                        port: 8443
+                        scheme: HTTPS
+                    periodSeconds: 10
+                    successThreshold: 1
+                    timeoutSeconds: 5
+                  resources:
+                    limits:
+                        cpu: 1000m
+                        memory: 512Mi
+                    requests:
+                        cpu: 250m
+                        memory: 256Mi
+                  securityContext:
+                    allowPrivilegeEscalation: false
+                    capabilities:
+                        drop:
+                            - ALL
+                    privileged: false
+                    readOnlyRootFilesystem: true
+            securityContext: 
+                {{- if not .Values.isOpenshift}}
+              seccompProfile:
+                type: RuntimeDefault
+                {{- end }}
+              runAsNonRoot: true
+            serviceAccountName: redis-enterprise-operator
+              {{- if .Values.imagePullSecret }}
+            imagePullSecrets:
+              - name: {{ .Values.imagePullSecret }}
+              {{- end }}
diff --git a/helm/redis-enterprise-operator/templates/role.yaml b/helm/redis-enterprise-operator/templates/role.yaml
new file mode 100644
index 0000000..720c74d
--- /dev/null
+++ b/helm/redis-enterprise-operator/templates/role.yaml
@@ -0,0 +1,197 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+    annotations:
+        {{- include "redis-enterprise-operator.annotations" . | nindent 8}}
+    labels:
+        app: redis-enterprise
+    name: redis-enterprise-operator
+rules:
+    - apiGroups:
+        - rbac.authorization.k8s.io
+        - ""
+      resources:
+        - roles
+        - serviceaccounts
+        - rolebindings
+      verbs:
+        - create
+        - get
+        - update
+        - patch
+        - delete
+    - apiGroups:
+        - app.redislabs.com
+      resources:
+        - redisenterpriseclusters
+        - redisenterpriseclusters/status
+        - redisenterpriseclusters/finalizers
+        - redisenterprisedatabases
+        - redisenterprisedatabases/status
+        - redisenterprisedatabases/finalizers
+        - redisenterpriseremoteclusters
+        - redisenterpriseremoteclusters/status
+        - redisenterpriseremoteclusters/finalizers
+        - redisenterpriseactiveactivedatabases
+        - redisenterpriseactiveactivedatabases/status
+        - redisenterpriseactiveactivedatabases/finalizers
+      verbs:
+        - delete
+        - get
+        - list
+        - patch
+        - create
+        - update
+        - watch
+    - apiGroups:
+        - ""
+      resources:
+        - secrets
+      verbs:
+        - update
+        - get
+        - create
+        - patch
+        - delete
+        - list
+        - watch
+    - apiGroups:
+        - ""
+      resources:
+        - endpoints
+      verbs:
+        - get
+        - list
+        - watch
+    - apiGroups:
+        - ""
+      resources:
+        - events
+      verbs:
+        - create
+        - patch
+    - apiGroups:
+        - apps
+      resources:
+        - deployments
+        - statefulsets
+        - replicasets
+      verbs:
+        - create
+        - delete
+        - get
+        - patch
+        - update
+        - list
+        - watch
+    - apiGroups:
+        - policy
+      resources:
+        - poddisruptionbudgets
+      verbs:
+        - create
+        - delete
+        - get
+        - list
+        - watch
+    - apiGroups:
+        - ""
+      resources:
+        - configmaps
+      verbs:
+        - create
+        - delete
+        - get
+        - update
+        - watch
+        - list
+    - apiGroups:
+        - ""
+      resources:
+        - persistentvolumeclaims
+      verbs:
+        - create
+        - delete
+        - get
+        - update
+        - list
+        - watch
+    - apiGroups:
+        - ""
+      resources:
+        - pods
+      verbs:
+        - get
+        - list
+        - update
+        - patch
+        - delete
+        - watch
+    - apiGroups:
+        - ""
+      resources:
+        - services
+      verbs:
+        - get
+        - list
+        - update
+        - patch
+        - create
+        - delete
+        - watch
+    - apiGroups:
+        - policy
+      resourceNames:
+        - redis-enterprise-psp
+      resources:
+        - podsecuritypolicies
+      verbs:
+        - use
+    - apiGroups:
+        - networking.k8s.io
+      resources:
+        - ingresses
+      verbs:
+        - create
+        - patch
+        - delete
+        - list
+        - update
+        - get
+        - watch
+    - apiGroups:
+        - networking.istio.io
+      resources:
+        - gateways
+        - virtualservices
+      verbs:
+        - get
+        - list
+        - update
+        - patch
+        - create
+        - delete
+        - watch
+	{{- if .Values.isOpenshift }}
+    - apiGroups:
+        - route.openshift.io
+      resources:
+        - routes
+        - routes/custom-host
+      verbs:
+        - create
+        - delete
+        - get
+        - list
+        - patch
+        - update
+        - watch
+    - apiGroups:
+        - security.openshift.io
+      resourceNames:
+        - nonroot
+      resources:
+        - securitycontextconstraints
+      verbs:
+        - use
+	{{- end }}
diff --git a/helm/redis-enterprise-operator/templates/role_binding.yaml b/helm/redis-enterprise-operator/templates/role_binding.yaml
new file mode 100644
index 0000000..06d4231
--- /dev/null
+++ b/helm/redis-enterprise-operator/templates/role_binding.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+    annotations:
+        {{- include "redis-enterprise-operator.annotations" . | nindent 8}}
+    labels:
+        app: redis-enterprise
+    name: redis-enterprise-operator
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: Role
+    name: redis-enterprise-operator
+subjects:
+    - kind: ServiceAccount
+      name: redis-enterprise-operator
diff --git a/helm/redis-enterprise-operator/templates/service_account.yaml b/helm/redis-enterprise-operator/templates/service_account.yaml
new file mode 100644
index 0000000..0a1972c
--- /dev/null
+++ b/helm/redis-enterprise-operator/templates/service_account.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+    annotations:
+        {{- include "redis-enterprise-operator.annotations" . | nindent 8}}
+    labels:
+        app: redis-enterprise
+    name: redis-enterprise-operator
diff --git a/helm/redis-enterprise-operator/templates/webhook.yaml b/helm/redis-enterprise-operator/templates/webhook.yaml
new file mode 100644
index 0000000..ba371ba
--- /dev/null
+++ b/helm/redis-enterprise-operator/templates/webhook.yaml
@@ -0,0 +1,69 @@
+
+{{ $admissionNamespaces := append (default list .Values.admission.namespaces) .Release.Namespace | uniq}}
+
+{{- $namespaceToCA := dict }}
+
+{{- if .Values.admission.setCABundle }}
+  {{- $namespaceToCA = include "redis-enterprise-operator.getCa" $admissionNamespaces | fromYaml }}
+  {{- range $ns := $admissionNamespaces }}
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    {{- include "redis-enterprise-operator.annotations" $ | nindent 4}}
+  name: admission-tls
+  namespace: {{ $ns }}
+type: Opaque
+data:
+  cert: {{ dig $ns "cert" "# Missing cert" $namespaceToCA }}
+  privateKey: {{ dig $ns "privateKey" "# Missing privateKey" $namespaceToCA}}
+
+---
+  {{- end }}
+{{- end }}
+
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  annotations:
+    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
+  labels:
+    app: redis-enterprise
+  name: redis-enterprise-admission
+webhooks:
+{{- range $ns := $admissionNamespaces }}
+  - admissionReviewVersions:
+      - v1beta1
+    clientConfig:
+      service:
+        name: admission
+        path: /admission
+        namespace: {{ $ns }}
+      {{- if $.Values.admission.setCABundle }}
+      caBundle: {{ dig $ns "cert" "# Missing cert" $namespaceToCA}}
+      {{- else }}
+      caBundle: {{ include "redis-enterprise-operator.caComment" $ | trimAll "\n" }}
+      {{- end }}
+    failurePolicy: Fail
+    matchPolicy: Exact
+    name: redisenterprise.admission.redislabs-{{ $ns }}
+    {{ if $.Values.admission.limitToNamespace }}
+    namespaceSelector:
+      matchLabels:
+        redis.io/redisenterprise.admission.enable: {{ $ns }}
+    {{ end }}
+    rules:
+      - apiGroups:
+          - app.redislabs.com
+        apiVersions:
+          - v1alpha1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - redisenterprisedatabases
+          - redisenterpriseactiveactivedatabases
+          - redisenterpriseremoteclusters
+    sideEffects: None
+    timeoutSeconds: 30
+{{- end}}
diff --git a/helm/redis-enterprise-operator/values.yaml b/helm/redis-enterprise-operator/values.yaml
new file mode 100644
index 0000000..afc6536
--- /dev/null
+++ b/helm/redis-enterprise-operator/values.yaml
@@ -0,0 +1,48 @@
+# This file includes the values that can be customized for the chart.
+#
+# For instructions how to override these default values,
+# see https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing
+
+# Set to true if deploying to an OpenShift cluster
+isOpenshift: false
+
+
+# Image pull secret to use for registry authentication
+imagePullSecret: ""
+
+
+# Configuration options for the admission webhook
+admission:
+  # List of namespaces to enable the admission webhook for.
+  # If left blank, defaults to enabling the admission in the
+  # installation namespace. i.e. `[ Release.Namespace ]`
+  namespaces: null
+
+  # Whether to create a new CA key and certificate for the admission webhook
+  setCABundle: true
+
+  # If true, the operator will be deployed with namespaceSelector in the webhook configuration
+  # In this case, helm will patch the Namespace resource with the label
+  # redis.io/redisenterprise.admission.enable: <namespace>
+  limitToNamespace: true
+
+# Configuration options for the operator
+operator:
+
+  # Configuration options for the operator image
+  image:
+
+    # Image repository for the operator image.
+    # Leave blank to use the default image repository,
+    # which is `redislabs/operator` for non-OpenShift deployments,
+    # and `registry.connect.redhat.com/redislabs/redis-enterprise-operator` for OpenShift deployments.
+    repository: ""
+
+    # Image tag for the operator image.
+    # This typically represents the operator version.
+    tag: 7.4.6-7
+
+  # Whether to enable the Active-Active database controller within the operator.
+  # When disabled, RedisEnterpriseActiveActiveDatabase custom resources are not reconciled.
+  activeActiveDatabaseControllerEnabled: true
+
diff --git a/log_collector/log_collector.py b/log_collector/log_collector.py
index 7cb6937..69de360 100644
--- a/log_collector/log_collector.py
+++ b/log_collector/log_collector.py
@@ -37,7 +37,7 @@
 logger.setLevel(logging.INFO)
 LOGGER_FORMAT = '%(asctime)s - %(levelname)s - %(message)s'
 logging.basicConfig(format=LOGGER_FORMAT)
-VERSION_LOG_COLLECTOR = "7.4.6-6"
+VERSION_LOG_COLLECTOR = "7.4.6-7"
 
 TIME_FORMAT = time.strftime("%Y%m%d-%H%M%S")
 
@@ -1420,40 +1420,44 @@ def check_not_negative(value):
 if __name__ == "__main__":
 
     # pylint: disable=locally-disabled, invalid-name
-    parser = argparse.ArgumentParser(description='Redis Enterprise'
-                                                 ' K8s log collector')
+    parser = argparse.ArgumentParser(description='Redis Enterprise Log Collector for Kubernetes\n\n'
+                                                 'For additional details and usage instructions, see '
+                                                 'https://redis.io/docs/latest/operate/kubernetes/logs/collect-logs/',
+                                     formatter_class=argparse.RawTextHelpFormatter)
 
     parser.add_argument('-n', '--namespace', action="store", type=str,
-                        help="pass namespace name or comma separated list or 'all' "
-                             "when left empty will use namespace from kube config")
-    parser.add_argument('-o', '--output_dir', action="store", type=str)
+                        help="Sets the namespace(s) to collect from.\n"
+                             "Can be set to a single namespace, multiple namespaces (comma-separated), or 'all'.\n"
+                             "When left empty, will use the current context's namespace from kubeconfig.")
+    parser.add_argument('-o', '--output_dir', action="store", type=str,
+                        help="Sets the output directory.\n"
+                             "Defaults to current working directory.")
     parser.add_argument('-a', '--logs_from_all_pods', action="store_true",
-                        help="collect logs from all pods, not only the operator and pods run by the operator")
+                        help="Collect logs from all pods in the selected namespace(s),\n"
+                             "and otherwise collect only from the operator and pods run by the operator.")
     parser.add_argument('-t', '--timeout', action="store",
                         type=check_not_negative, default=TIMEOUT,
-                        help="time to wait for external commands to "
-                             "finish execution "
-                             "(default: 180s, specify 0 to not timeout) "
-                             "(Linux only)")
+                        help="Time to wait for external commands to finish execution (Linux only).\n"
+                             "Default to 180s. Specify 0 to disable timeout.")
     parser.add_argument('--k8s_cli', action="store", type=str,
-                        help="Which K8s cli client to use (kubectl/oc/auto-detect). "
-                             "Defaults to auto-detect (chooses between \"kubectl\" and \"oc\"). "
+                        help="The K8s cli client to use (kubectl/oc/auto-detect).\n"
+                             "Defaults to auto-detect (chooses between 'kubectl' and 'oc').\n"
                              "Full paths can also be used.")
     parser.add_argument('-m', '--mode', action="store", type=str,
                         choices=[MODE_RESTRICTED, MODE_ALL],
-                        help="Which mode to run the log collector. The options are:"
-                             "1. restricted (default for clusters of version 6.2.18 and newer) - "
-                             "collect only resources that are related to the operator,"
-                             " and has the label \"app=redis-enterprise\". "
-                             "2. all - collect all resources")
+                        help="Controls which resources are collected:\n"
+                             "In 'restricted' mode, only resources associated with the operator "
+                             "and have the label 'app=redis-enterprise' are collected.\n"
+                             "In 'all' mode, all resources are collected.\n"
+                             "Defaults to 'restricted' mode.")
     parser.add_argument('--collect_istio', action="store_true",
-                        help="collect data from istio-system namespace to debug potential "
-                        "problems related to istio ingress method")
+                        help="Collect data from istio-system namespace to debug potential\n"
+                             "problems related to istio ingress method.")
     parser.add_argument('--skip_support_package', action="store_true",
-                        help="not collect RS support package")
+                        help="Disable collection of RS support package from Redis Enterprise nodes.")
     parser.add_argument('--collect_empty_files', action="store_true",
-                        help='collect empty log files for missing resources')
+                        help='Collect empty log files for missing resources.')
     parser.add_argument('--helm_release_name', action="store", type=str,
-                        help='collect resources related to helm release name')
+                        help='Collect resources related to the given Helm release name.')
     parser.set_defaults(collect_istio=False)
     run(parser.parse_args())
diff --git a/log_collector/role-all-mode.yaml b/log_collector/role-all-mode.yaml
new file mode 100644
index 0000000..fae67dc
--- /dev/null
+++ b/log_collector/role-all-mode.yaml
@@ -0,0 +1,175 @@
+# The minimal Role and ClusterRole required for running the log collector in 'all' mode.
+# The roles should be bound to the user executing the log collector, in each of the namespaces to be collected.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: logcollector-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/log
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - pods/exec
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - events
+  - services
+  - endpoints
+  - configmaps
+  - secrets
+  - resourcequotas
+  - limitranges
+  - persistentvolumeclaims
+  - replicationcontrollers
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - daemonsets
+  - replicasets
+  - statefulsets
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - batch
+  resources:
+  - cronjobs
+  - jobs
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - roles
+  - rolebindings
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - autoscaling
+  resources:
+  - horizontalpodautoscalers
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - app.redislabs.com
+  resources:
+  - "*"
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  - networkpolicies
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - route.openshift.io
+  resources:
+  - routes
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - operators.coreos.com
+  resources:
+  - clusterserviceversions
+  - subscriptions
+  - installplans
+  - catalogsources
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - networking.istio.io
+  resources:
+  - gateways
+  - virtualservices
+  verbs:
+  - get
+  - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: logcollector-clusterrole
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  - namespaces
+  - persistentvolumes
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles
+  - clusterrolebindings
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - volumeattachments
+  - storageclasses
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - policy
+  resources:
+  - podsecuritypolicy
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - certificatesigningrequests
+  verbs:
+  - get
+  - list
diff --git a/log_collector/role-restricted-mode.yaml b/log_collector/role-restricted-mode.yaml
new file mode 100644
index 0000000..438f6fb
--- /dev/null
+++ b/log_collector/role-restricted-mode.yaml
@@ -0,0 +1,147 @@
+# The minimal Role and ClusterRole required for running the log collector in 'restricted' mode.
+# The roles should be bound to the user executing the log collector, in each of the namespaces to be collected.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: logcollector-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/log
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - pods/exec
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - events
+  - services
+  - endpoints
+  - configmaps
+  - secrets
+  - limitranges
+  - persistentvolumeclaims
+  - replicationcontrollers
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - daemonsets
+  - replicasets
+  - statefulsets
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - batch
+  resources:
+  - cronjobs
+  - jobs
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - roles
+  - rolebindings
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - autoscaling
+  resources:
+  - horizontalpodautoscalers
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - app.redislabs.com
+  resources:
+  - "*"
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  - networkpolicies
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - route.openshift.io
+  resources:
+  - routes
+  verbs:
+  - get
+  - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: logcollector-clusterrole
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  - namespaces
+  - persistentvolumes
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles
+  - clusterrolebindings
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - list
+  - get
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  verbs:
+  - list
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - volumeattachments
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - policy
+  resources:
+  - podsecuritypolicy
+  verbs:
+  - get
+  - list
diff --git a/multi-namespace-redb/operator.yaml b/multi-namespace-redb/operator.yaml
index dd017ec..bf7f734 100644
--- a/multi-namespace-redb/operator.yaml
+++ b/multi-namespace-redb/operator.yaml
@@ -41,7 +41,7 @@ spec:
             - configMapRef:
                 name: "operator-environment-config"
                 optional: true
-          image: redislabs/operator:7.4.6-6
+          image: redislabs/operator:7.4.6-7
           imagePullPolicy: Always
           livenessProbe:
             failureThreshold: 3
@@ -89,7 +89,7 @@ spec:
             - configMapRef:
                 name: "operator-environment-config"
                 optional: true
-          image: redislabs/operator:7.4.6-6
+          image: redislabs/operator:7.4.6-7
           imagePullPolicy: Always
           livenessProbe:
             failureThreshold: 3
diff --git a/openshift.bundle.yaml b/openshift.bundle.yaml
index 875a54f..2a2f847 100644
--- a/openshift.bundle.yaml
+++ b/openshift.bundle.yaml
@@ -16776,7 +16776,7 @@ spec:
             - configMapRef:
                 name: "operator-environment-config"
                 optional: true
-          image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.6-6
+          image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.6-7
           imagePullPolicy: Always
           livenessProbe:
             failureThreshold: 3
@@ -16824,7 +16824,7 @@ spec:
             - configMapRef:
                 name: "operator-environment-config"
                 optional: true
-          image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.6-6
+          image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.6-7
           imagePullPolicy: Always
           livenessProbe:
             failureThreshold: 3
diff --git a/openshift/operator_rhel.yaml b/openshift/operator_rhel.yaml
index 2527bbe..8109f92 100644
--- a/openshift/operator_rhel.yaml
+++ b/openshift/operator_rhel.yaml
@@ -43,7 +43,7 @@ spec:
             - configMapRef:
                 name: "operator-environment-config"
                 optional: true
-          image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.6-6
+          image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.6-7
           imagePullPolicy: Always
           livenessProbe:
             failureThreshold: 3
@@ -91,7 +91,7 @@ spec:
             - configMapRef:
                 name: "operator-environment-config"
                 optional: true
-          image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.6-6
+          image: registry.connect.redhat.com/redislabs/redis-enterprise-operator:7.4.6-7
           imagePullPolicy: Always
           livenessProbe:
             failureThreshold: 3
diff --git a/openshift/rec_rhel.yaml b/openshift/rec_rhel.yaml
index d90a70a..eae1586 100644
--- a/openshift/rec_rhel.yaml
+++ b/openshift/rec_rhel.yaml
@@ -9,7 +9,7 @@ spec:
   nodes: 3
   redisEnterpriseImageSpec:
     repository: registry.connect.redhat.com/redislabs/redis-enterprise
-    versionTag: 7.4.6-102.rhel8-openshift
+    versionTag: 7.4.6-272.rhel8-openshift
   redisEnterpriseServicesRiggerImageSpec:
     repository: registry.connect.redhat.com/redislabs/services-manager
   bootstrapperImageSpec:
diff --git a/operator.yaml b/operator.yaml
index dd017ec..bf7f734 100644
--- a/operator.yaml
+++ b/operator.yaml
@@ -41,7 +41,7 @@ spec:
             - configMapRef:
                 name: "operator-environment-config"
                 optional: true
-          image: redislabs/operator:7.4.6-6
+          image: redislabs/operator:7.4.6-7
           imagePullPolicy: Always
           livenessProbe:
             failureThreshold: 3
@@ -89,7 +89,7 @@ spec:
             - configMapRef:
                 name: "operator-environment-config"
                 optional: true
-          image: redislabs/operator:7.4.6-6
+          image: redislabs/operator:7.4.6-7
           imagePullPolicy: Always
           livenessProbe:
             failureThreshold: 3

From 03f440185ebd9604b8958ac84e4bf72f6965b5fe Mon Sep 17 00:00:00 2001
From: Almog Gueta <almog.gueta@redislabs.com>
Date: Thu, 25 Sep 2025 18:50:31 +0300
Subject: [PATCH 2/2] fix

---
 .gitignore                                    |   2 +-
 helm/redis-enterprise-operator/.helmignore    |   1 -
 helm/redis-enterprise-operator/Chart.yaml     |  17 --
 helm/redis-enterprise-operator/README.md      | 149 -------------
 .../templates/_helpers.tpl                    |  49 -----
 .../templates/admission-service.yaml          |  13 --
 .../templates/jobs/install_crds_job.yaml      |  92 --------
 .../jobs/patch-namespaces-redis-label.yaml    | 143 -------------
 .../jobs/patch-webhook-configuration.yaml     | 130 ------------
 .../templates/openshift/scc.yaml              |  35 ----
 .../operator-environment-config.yaml          |  13 --
 .../templates/operator.yaml                   | 145 -------------
 .../templates/role.yaml                       | 197 ------------------
 .../templates/role_binding.yaml               |  15 --
 .../templates/service_account.yaml            |   8 -
 .../templates/webhook.yaml                    |  69 ------
 helm/redis-enterprise-operator/values.yaml    |  48 -----
 17 files changed, 1 insertion(+), 1125 deletions(-)
 delete mode 100644 helm/redis-enterprise-operator/.helmignore
 delete mode 100644 helm/redis-enterprise-operator/Chart.yaml
 delete mode 100644 helm/redis-enterprise-operator/README.md
 delete mode 100644 helm/redis-enterprise-operator/templates/_helpers.tpl
 delete mode 100644 helm/redis-enterprise-operator/templates/admission-service.yaml
 delete mode 100644 helm/redis-enterprise-operator/templates/jobs/install_crds_job.yaml
 delete mode 100644 helm/redis-enterprise-operator/templates/jobs/patch-namespaces-redis-label.yaml
 delete mode 100644 helm/redis-enterprise-operator/templates/jobs/patch-webhook-configuration.yaml
 delete mode 100644 helm/redis-enterprise-operator/templates/openshift/scc.yaml
 delete mode 100644 helm/redis-enterprise-operator/templates/operator-environment-config.yaml
 delete mode 100644 helm/redis-enterprise-operator/templates/operator.yaml
 delete mode 100644 helm/redis-enterprise-operator/templates/role.yaml
 delete mode 100644 helm/redis-enterprise-operator/templates/role_binding.yaml
 delete mode 100644 helm/redis-enterprise-operator/templates/service_account.yaml
 delete mode 100644 helm/redis-enterprise-operator/templates/webhook.yaml
 delete mode 100644 helm/redis-enterprise-operator/values.yaml

diff --git a/.gitignore b/.gitignore
index 5c3bdbb..485dee6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-*bundle.yaml
+.idea
diff --git a/helm/redis-enterprise-operator/.helmignore b/helm/redis-enterprise-operator/.helmignore
deleted file mode 100644
index 6b8c0ab..0000000
--- a/helm/redis-enterprise-operator/.helmignore
+++ /dev/null
@@ -1 +0,0 @@
-.helmignore
diff --git a/helm/redis-enterprise-operator/Chart.yaml b/helm/redis-enterprise-operator/Chart.yaml
deleted file mode 100644
index c5075ce..0000000
--- a/helm/redis-enterprise-operator/Chart.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-apiVersion: v2
-type: application
-
-name: redis-enterprise-operator
-description: A Helm chart for Redis Enterprise Operator for Kubernetes
-
-version: 0.1.0
-appVersion: 7.4.6-7
-
-home: https://redis.com
-icon: https://redis.com/wp-content/themes/wpx/assets/images/logo-redis.svg
-keywords:
-  - redis
-  - database
-maintainers:
-  - name: Redis
-    url: https://redis.com/company/contact/
diff --git a/helm/redis-enterprise-operator/README.md b/helm/redis-enterprise-operator/README.md
deleted file mode 100644
index c99765c..0000000
--- a/helm/redis-enterprise-operator/README.md
+++ /dev/null
@@ -1,149 +0,0 @@
-# Redis Enterprise Operator Helm Chart
-
-Official Helm chart for installing, configuring and upgrading **Redis Enterprise Operator for Kubernetes**.
-
-[Redis Enterprise](https://redis.com/redis-enterprise-software/overview/) is a self-managed data platform that unlocks the full potential of Redis at enterprise scale - on premises or in the cloud.  
-[Redis Enterprise Operator for Kubernetes](https://redis.com/redis-enterprise-software/redis-enterprise-on-kubernetes/) provides a simple, Kubernetes-native way for deploying and managing Redis Enterprise on Kubernetes.
-
-## Prerequisites
-
-- Kubernetes 1.23+  
-  Supported Kubernetes versions can vary according to the Kubernetes distribution being used.  
-  Please consult the [release notes](https://docs.redis.com/latest/kubernetes/release-notes/) for detailed supported distributions information per operator version.
-- Helm 3.10+
-
-## Installing the Chart
-
-To install the chart:
-
-```sh
-helm install [RELEASE_NAME] [PATH_TO_CHART]
-```
-
-The `[PATH_TO_CHART]` may be a path to the chart root directory, or a chart archive on the local filesystem.  
-  
-To install the chart on **OpenShift**, set the `isOpenshift=true` value:
-
-```sh
-helm install [RELEASE_NAME] [PATH_TO_CHART] \
-     --set isOpenshift=true
-```
-
-To create and select a namespace for the installation, specify the `--namespace` and `--create-namespace` flags:
-
-```sh
-helm install [RELEASE_NAME] [PATH_TO_CHART] \
-     --namespace [NAMESPACE] \
-     --create-namespace
-```
-
-For example, to install the chart with release name "my-redis-enterprise" from within the chart's root directory:
-
-```sh
-helm install my-redis-enterprise . \
-     --namespace redis-enterprise \
-     --create-namespace
-```
-
-Note: the chart installation includes several jobs that configure the CRDs and admission controller used by the operator.  
-These jobs run synchronously during the execution of `helm install` command, and may take around 1 minute to complete.  
-To view additional progress information during the `helm install` execution, use the `--debug` flag:
-
-```sh
-helm install [RELEASE_NAME] [PATH_TO_CHART] \
-     --debug
-```
-
-See [Configuration](#configuration) section below for various configuration options.  
-See [Creating a Redis Enterprise Cluster](#creating-a-redis-enterprise-cluster) section below for instructions for creating a Redis Enterprise Cluster.  
-See [helm install](https://helm.sh/docs/helm/helm_install/) and [Using Helm](https://helm.sh/docs/intro/using_helm/#helm-install-installing-a-package) for more information and options when installing charts.
-
-## Uninstalling the Chart
-
-Before uninstalling the chart, delete any custom resources managed by the Redis Enterprise Operator:
-
-```sh
-kubectl delete redb <name>
-kubectl delete rerc <name>
-kubectl delete reaadb <name>
-kubectl delete rec <name>
-```
-
-To uninstall a previously installed chart:
-
-```sh
-helm uninstall [RELEASE_NAME]
-```
-
-This removes all the Kubernetes resources associated with the chart and deletes the release.
-
-See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for more information and options when uninstalling charts.
-
-## Creating a Redis Enterprise Cluster
-
-Once the chart is installed and the Redis Enterprise Operator is running, a Redis Enterprise Cluster can be created.  
-As of now, the Redis Enterprise Cluster is created directly via custom resources, and not via Helm.
-
-To create a Redis Enterprise Cluster:
-
-1. Validate that the `redis-enterprise-operator` pod is in `RUNNING` state:
-
-```sh
-kubectl get pods -n [NAMESPACE]
-```
-
-2. Create a file for the `RedisEnterpriseCluster` custom resource:
-
-```yaml
-apiVersion: app.redislabs.com/v1
-kind: RedisEnterpriseCluster
-metadata:
-  name: rec
-spec:
-  nodes: 3
-```
-
-3. Apply the custom resource:
-
-```sh
-kubectl apply -f rec.yaml -n [NAMESPACE]
-```
-
-See [Create a Redis Enterprise cluster](https://docs.redis.com/latest/kubernetes/deployment/quick-start/#create-a-redis-enterprise-cluster-rec) and [Redis Enterprise Cluster API](https://github.com/RedisLabs/redis-enterprise-k8s-docs/blob/master/redis_enterprise_cluster_api.md) for more information and options for creating a Redis Enterprise Cluster.
-
-## Configuration
-
-The chart supports several configuration options that allows to customize the behavior and capabilities of the Redis Enterprise Operator.  
-For a list of configurable options and their descriptions, please refer to the `values.yaml` file at the root of the chart.
-
-To install the chart with a customized values file:
-
-```sh
-helm install [RELEASE_NAME] [PATH_TO_CHART] \
-     --values [PATH_TO_VALUES_FILE]
-```
-
-To install the chart with the default values files but with some specific values overriden:
-
-```sh
-helm install [RELEASE_NAME] [PATH_TO_CHART] \
-     --set key1=value1 \
-     --set key2=value2
-```
-
-See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing) for additional information on how to customize the chart installation.
-
-## Known Limitations
-
-This is a preliminary release of this Helm chart, and as of now some if its functionality is still limited:
-
-- The chart only installs the Redis Enterprise Operator, but doesn't create a Redis Enterprise Cluster. See [Creating a Redis Enterprise Cluster](#creating-a-redis-enterprise-cluster) section for instructions on how to directly create a Redis Enterprise Cluster.
-- Several configuration options for the operator are still unsupported, including multiple REDB namespaces, rack-aware, and vault integration. These options can be enabled by following the relevant instructions in the [product documentation](https://docs.redis.com/latest/kubernetes/).
-- CRDs installed by the chart are not removed upon chart uninstallation. These could be manually removed when the chart is uninstalled and are no longer needed, using the following command:
-  ```sh
-  kubectl delete crds -l app=redis-enterprise
-  ```
-- Helm chart upgrades are not supported, nor migrations from a non-Helm deployment to a Helm deployment.
-- Limited testing in advanced setups such as Active-Active configurations, airgapped deployments, IPv6/dual-stack environments.
-- The chart is still unpublished in a "helm repo" or ArtifactHub, and thus can only be installed from a local source (chart directory/archive).
-- While not really a limitation, please note that this chart also installs the [admission controller](https://docs.redis.com/latest/kubernetes/deployment/quick-start/#enable-the-admission-controller) by default, and there's no option to disable it (as opposed to the non-Helm deployment).
\ No newline at end of file
diff --git a/helm/redis-enterprise-operator/templates/_helpers.tpl b/helm/redis-enterprise-operator/templates/_helpers.tpl
deleted file mode 100644
index ddc6f72..0000000
--- a/helm/redis-enterprise-operator/templates/_helpers.tpl
+++ /dev/null
@@ -1,49 +0,0 @@
-{{- define "redis-enterprise-operator.operator.image" }}
-{{- if (.Values.global).azure }}
-{{- with .Values.global.azure.images.operator }}
-{{ .registry }}/{{ .image }}@{{ .digest }}
-{{- end }}
-{{- else }}
-{{- $defaultRepository := ternary "registry.connect.redhat.com/redislabs/redis-enterprise-operator" "redislabs/operator-internal" .Values.isOpenshift }}
-{{- $repository := default $defaultRepository .Values.operator.image.repository }}
-{{ $repository }}:{{ .Values.operator.image.tag }}
-{{- end }}
-{{- end }}
-
-
-{{- define "redis-enterprise-operator.annotations" }}
-{{- if ne .Values.versionAnnotations false }}
-redis.io/helm-chart-ver: {{ .Chart.Version }}
-redis.io/operator-ver: {{ .Values.operator.image.tag }}
-{{- end }}
-{{- end }}
-
-{{- define "redis-enterprise-operator.caComment" }}
-"" # Fill in with BASE64 encoded signed cert
-{{- end }}
-
-{{/*
-"redis-enterprise-operator.getCa" generates or retrieves CA certificates. It
-checks for a Secret "admission-tls" in each namespace, generates new
-certificates if needed, and returns a dictionary of all certificates.
-*/}}
-{{- define "redis-enterprise-operator.getCa" }}
-  {{ $CERTS := dict }}
-  {{- range $ns := . }}
-    {{- $secret := (lookup "v1" "Secret" $ns "admission-tls")}}
-    {{- if $secret }}
-      {{ $_ := set $CERTS $ns $secret.data }}
-    {{- else}}
-      {{ $cna := printf "admission.%s" $ns }}
-      {{ $cnb := printf "admission.%s.svc" $ns }}
-      {{ $cnc := printf "admission.%s.svc.cluster.local" $ns }}
-      {{ $ca := genCA $cnb 365 }}
-      {{ $_cert := genSignedCert $cnb nil (list $cna $cnb $cnc) 365 $ca }}
-      {{ $cert := dict }}
-      {{ $_ := set $cert "cert" ($_cert.Cert | b64enc) }}
-      {{ $_ := set $cert "privateKey" ($_cert.Key | b64enc) }}
-      {{ $_ := set $CERTS $ns $cert }}
-    {{- end }}
-  {{- end }}
-  {{ $CERTS | toYaml | nindent 2 }}
-{{- end }}
diff --git a/helm/redis-enterprise-operator/templates/admission-service.yaml b/helm/redis-enterprise-operator/templates/admission-service.yaml
deleted file mode 100644
index 91007fe..0000000
--- a/helm/redis-enterprise-operator/templates/admission-service.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: admission
-  labels:
-    app: redis-enterprise
-spec:
-  ports:
-    - port: 443
-      protocol: TCP
-      targetPort: 8443
-  selector:
-    name: redis-enterprise-operator
diff --git a/helm/redis-enterprise-operator/templates/jobs/install_crds_job.yaml b/helm/redis-enterprise-operator/templates/jobs/install_crds_job.yaml
deleted file mode 100644
index 01fd106..0000000
--- a/helm/redis-enterprise-operator/templates/jobs/install_crds_job.yaml
+++ /dev/null
@@ -1,92 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
-  namespace: {{ .Release.Namespace }}
-  name: redis-enterprise-crds
-  annotations:
-    "redis/operator-ver": {{ .Values.operator.image.tag }}
-    "redis/helm-chart-ver": {{ .Chart.Version }}
-    "helm.sh/hook": pre-install, pre-upgrade
-    "helm.sh/hook-weight": "-4"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-  labels:
-    app: redis-enterprise
-spec:
-  template:
-    metadata:
-      labels:
-        app: redis-enterprise
-    spec:
-      serviceAccountName: redis-enterprise-crds
-      containers:
-        - name: gatekeeper-crds
-          image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }}
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop: ["ALL"]
-            runAsNonRoot: true
-            seccompProfile:
-              type: "RuntimeDefault"
-          command:
-            - crd-installer
-          args:
-            - "-action=applyCRD"
-            - "-crdPaths=/crds/rec_crd.yaml,/crds/redb_crd.yaml,/crds/reaadb_crd.yaml,/crds/rerc_crd.yaml"
-          resources:
-            limits:
-              cpu: 100m
-              memory: 100Mi
-      restartPolicy: OnFailure
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: redis-enterprise-crds
-  annotations:
-    "redis/operator-ver": {{ .Values.operator.image.tag }}
-    "redis/helm-chart-ver": {{ .Chart.Version }}
-    "helm.sh/hook": pre-install, pre-upgrade
-    "helm.sh/hook-weight": "-5"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-  labels:
-    app: redis-enterprise
-rules:
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions"]
-    verbs: ["create", "get", "list", "watch", "patch"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: redis-enterprise-crds
-  annotations:
-    "redis/operator-ver": {{ .Values.operator.image.tag }}
-    "redis/helm-chart-ver": {{ .Chart.Version }}
-    "helm.sh/hook": pre-install, pre-upgrade
-    "helm.sh/hook-weight": "-5"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-  labels:
-    app: redis-enterprise
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: redis-enterprise-crds
-subjects:
-  - kind: ServiceAccount
-    name: redis-enterprise-crds
-    namespace: {{ .Release.Namespace }}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: redis-enterprise-crds
-  namespace: {{ .Release.Namespace }}
-  annotations:
-    "redis/operator-ver": {{ .Values.operator.image.tag }}
-    "redis/helm-chart-ver": {{ .Chart.Version }}
-    "helm.sh/hook": pre-install, pre-upgrade
-    "helm.sh/hook-weight": "-5"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-  labels:
-    app: redis-enterprise
diff --git a/helm/redis-enterprise-operator/templates/jobs/patch-namespaces-redis-label.yaml b/helm/redis-enterprise-operator/templates/jobs/patch-namespaces-redis-label.yaml
deleted file mode 100644
index 6c809c8..0000000
--- a/helm/redis-enterprise-operator/templates/jobs/patch-namespaces-redis-label.yaml
+++ /dev/null
@@ -1,143 +0,0 @@
-{{- if .Values.admission.limitToNamespace }}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: redis-enterprise-namespace-labels
-  labels:
-    app: redis-enterprise
-  namespace: {{ .Release.Namespace }}
-  annotations:
-    "helm.sh/hook": post-install,post-upgrade,post-delete
-    "helm.sh/hook-weight": "1"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: redis-enterprise-namespace-labels
-  labels:
-    app: redis-enterprise
-  annotations:
-    "helm.sh/hook": post-install,post-upgrade,post-delete
-    "helm.sh/hook-weight": "1"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
-rules:
-- apiGroups: [""]
-  resources: ["namespaces"]
-  verbs: ["patch", "list"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: redis-enterprise-namespace-labels
-  labels:
-    app: redis-enterprise
-  annotations:
-    "helm.sh/hook": post-install,post-upgrade,post-delete
-    "helm.sh/hook-weight": "1"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
-subjects:
-- kind: ServiceAccount
-  name: redis-enterprise-namespace-labels
-  namespace: {{ .Release.Namespace }}
-roleRef:
-  kind: ClusterRole
-  name: redis-enterprise-namespace-labels
-  apiGroup: rbac.authorization.k8s.io
-
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: redis-enterprise-namespace-labels
-  labels:
-    app: redis-enterprise
-  annotations:
-    "helm.sh/hook": post-install,post-upgrade
-    "helm.sh/hook-weight": "1"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
-spec:
-  backoffLimit: 6
-  completions: 1
-  parallelism: 1
-  template:
-    metadata:
-      labels:
-        app: redis-enterprise
-    spec:
-      containers:
-        - name: redis-enterprise-namespace-labels
-          resources:
-            limits:
-              cpu: 100m
-              memory: 100Mi
-          image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }}
-          imagePullPolicy: IfNotPresent
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop: ["ALL"]
-            runAsNonRoot: true
-            seccompProfile:
-              type: "RuntimeDefault"
-          command:
-            - crd-installer
-          args:
-            - "-action=patchNamespace"
-            - -namespace={{ .Release.Namespace }}
-            {{- if .Values.admission.namespaces }}
-            - --admissionNamespaces={{ .Values.admission.namespaces | join "," }}
-            {{- end }}
-      restartPolicy: OnFailure
-      serviceAccountName: redis-enterprise-namespace-labels
-
----
-
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: redis-enterprise-namespace-labels-cleanup
-  labels:
-    app: redis-enterprise
-  annotations:
-    "helm.sh/hook": post-delete
-    "helm.sh/hook-weight": "1"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
-spec:
-  backoffLimit: 6
-  completions: 1
-  parallelism: 1
-  template:
-    metadata:
-      labels:
-        app: redis-enterprise
-    spec:
-      containers:
-        - name: redis-enterprise-namespace-labels-cleanup
-          resources:
-            limits:
-              cpu: 100m
-              memory: 100Mi
-          image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }}
-          imagePullPolicy: IfNotPresent
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop: ["ALL"]
-            runAsNonRoot: true
-            seccompProfile:
-              type: "RuntimeDefault"
-          command:
-            - crd-installer
-          args:
-            # passing the same action without any namespaces to remove the label
-            - "-action=patchNamespace"
-      restartPolicy: OnFailure
-      serviceAccountName: redis-enterprise-namespace-labels
-
-{{- end }}
\ No newline at end of file
diff --git a/helm/redis-enterprise-operator/templates/jobs/patch-webhook-configuration.yaml b/helm/redis-enterprise-operator/templates/jobs/patch-webhook-configuration.yaml
deleted file mode 100644
index 07d81aa..0000000
--- a/helm/redis-enterprise-operator/templates/jobs/patch-webhook-configuration.yaml
+++ /dev/null
@@ -1,130 +0,0 @@
-{{- if not .Values.admission.setCABundle }}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: redis-admission-configuration
-  labels:
-    app: redis-enterprise
-  namespace: {{ .Release.Namespace }}
-  annotations:
-    "helm.sh/hook": post-install
-    "helm.sh/hook-weight": "1"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: redis-admission-configuration
-  labels:
-    app: redis-enterprise
-  annotations:
-    "helm.sh/hook": post-install
-    "helm.sh/hook-weight": "1"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
-rules:
-- apiGroups: ["admissionregistration.k8s.io"]
-  resources: ["validatingwebhookconfigurations"]
-  verbs: ["patch", "get"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: redis-admission-configuration
-  labels:
-    app: redis-enterprise
-  annotations:
-    "helm.sh/hook": post-install
-    "helm.sh/hook-weight": "1"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
-subjects:
-- kind: ServiceAccount
-  name: redis-admission-configuration
-  namespace: {{ .Release.Namespace }}
-roleRef:
-  kind: ClusterRole
-  name: redis-admission-configuration
-  apiGroup: rbac.authorization.k8s.io
----
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: redis-admission-configuration
-  namespace: {{ .Release.Namespace }}
-  annotations:
-    "helm.sh/hook": post-install
-    "helm.sh/hook-weight": "1"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
-  labels:
-    app: redis-enterprise
-rules:
-  - apiGroups: [ "" ]
-    resources: [ "secrets" ]
-    verbs: [ "get"]
----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: redis-admission-configuration
-  annotations:
-    "helm.sh/hook": post-install
-    "helm.sh/hook-weight": "1"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
-  labels:
-    app: redis-enterprise
-subjects:
-- kind: ServiceAccount
-  name: redis-admission-configuration
-roleRef:
-  kind: Role
-  name: redis-admission-configuration
-  apiGroup: rbac.authorization.k8s.io
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: redis-webhook-configuration
-  labels:
-    app: redis-enterprise
-  annotations:
-    "helm.sh/hook": post-install
-    "helm.sh/hook-weight": "1"
-    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
-    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
-spec:
-  backoffLimit: 6
-  completions: 1
-  parallelism: 1
-  template:
-    metadata:
-      labels:
-        app: redis-enterprise
-    spec:
-      containers:
-        - name: patch-admission-webhook-configuration
-          resources:
-            limits:
-              cpu: 100m
-              memory: 100Mi
-          image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }}
-          imagePullPolicy: IfNotPresent
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop: ["ALL"]
-            runAsNonRoot: true
-            seccompProfile:
-              type: "RuntimeDefault"
-          command:
-            - crd-installer
-          args:
-            - "-action=patchWebhook"
-            - "-webhookName=redis-enterprise-admission"
-            - -namespace={{ .Release.Namespace }}
-      restartPolicy: OnFailure
-      serviceAccountName: redis-admission-configuration
-{{- end }}
\ No newline at end of file
diff --git a/helm/redis-enterprise-operator/templates/openshift/scc.yaml b/helm/redis-enterprise-operator/templates/openshift/scc.yaml
deleted file mode 100644
index dd0fc45..0000000
--- a/helm/redis-enterprise-operator/templates/openshift/scc.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
-{{- if .Values.isOpenshift -}}
-apiVersion: security.openshift.io/v1
-kind: SecurityContextConstraints
-metadata:
-  name: redis-enterprise-scc-v2
-  annotations:
-    kubernetes.io/description: redis-enterprise-scc is the minimal SCC needed to run Redis Enterprise nodes on Kubernetes.
-      It provides the same features as restricted-v2 SCC, but allows pods to enable the SYS_RESOURCE capability,
-      which is required by Redis Enterprise nodes to manage file descriptor limits and OOM scores for database shards.
-      Additionally, it requires pods to run as UID/GID 1001, which are the UID/GID used within the Redis Enterprise node containers.
-allowedCapabilities:
-- SYS_RESOURCE
-allowHostDirVolumePlugin: false
-allowHostIPC : false
-allowHostNetwork: false
-allowHostPID: false
-allowHostPorts: false
-allowPrivilegeEscalation: false
-allowPrivilegedContainer: false
-readOnlyRootFilesystem: false
-runAsUser:
-  type: MustRunAs
-  uid: 1001
-fsGroup:
-  type: MustRunAs
-  ranges:
-  - min: 1001
-    max: 1001
-seLinuxContext:
-  type: MustRunAs
-seccompProfiles:
-- runtime/default
-supplementalGroups:
-  type: RunAsAny
-{{- end -}}
diff --git a/helm/redis-enterprise-operator/templates/operator-environment-config.yaml b/helm/redis-enterprise-operator/templates/operator-environment-config.yaml
deleted file mode 100644
index 0047021..0000000
--- a/helm/redis-enterprise-operator/templates/operator-environment-config.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  labels:
-    app: redis-enterprise
-  name: operator-environment-config
-  namespace: {{ $.Release.Namespace }}
-  annotations:
-    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
-data:
-  {{- with .Values.operator }}
-  ACTIVE_ACTIVE_DATABASE_CONTROLLER_ENABLED: {{ .activeActiveDatabaseControllerEnabled | quote }}
-  {{- end }}
\ No newline at end of file
diff --git a/helm/redis-enterprise-operator/templates/operator.yaml b/helm/redis-enterprise-operator/templates/operator.yaml
deleted file mode 100644
index 31c4316..0000000
--- a/helm/redis-enterprise-operator/templates/operator.yaml
+++ /dev/null
@@ -1,145 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-    annotations:
-        {{- include "redis-enterprise-operator.annotations" . | nindent 8}}
-    labels:
-        app: redis-enterprise
-    name: redis-enterprise-operator
-spec:
-    replicas: 1
-    selector:
-        matchLabels:
-            name: redis-enterprise-operator
-    strategy:
-        type: Recreate
-    template:
-        metadata:
-            labels:
-                app: redis-enterprise
-                name: redis-enterprise-operator
-        spec:
-            containers:
-                - command:
-                    - operator-root
-                    - operator
-                  env:
-                    - name: POD_NAMESPACE
-                      valueFrom:
-                        fieldRef:
-                            fieldPath: metadata.namespace
-                    - name: WATCH_NAMESPACE
-                      valueFrom:
-                        fieldRef:
-                            fieldPath: metadata.namespace
-                    - name: POD_NAME
-                      valueFrom:
-                        fieldRef:
-                            fieldPath: metadata.name
-                    - name: OPERATOR_NAME
-                      value: redis-enterprise-operator
-                    {{- if .Values.isOpenshift }}
-                    - name: DEPLOY_RHEL
-                      value: "true"
-                    {{- end }}
-                  envFrom:
-                    - configMapRef:
-                        name: {{ "operator-environment-config" | quote }}
-                        optional: true
-                  image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }}
-                  imagePullPolicy: Always
-                  livenessProbe:
-                    failureThreshold: 3
-                    httpGet:
-                        path: /healthz
-                        port: 8080
-                        scheme: HTTP
-                    periodSeconds: 10
-                    successThreshold: 1
-                    timeoutSeconds: 5
-                  name: redis-enterprise-operator
-                  ports:
-                    - containerPort: 8080
-                  resources:
-                    limits:
-                        cpu: 4000m
-                        memory: 512Mi
-                    requests:
-                        cpu: 500m
-                        memory: 256Mi
-                  securityContext:
-                    allowPrivilegeEscalation: false
-                    capabilities:
-                        drop:
-                            - ALL
-                    privileged: false
-                    readOnlyRootFilesystem: true
-                - command:
-                    - operator-root
-                    - admission
-                  env:
-                    - name: POD_NAMESPACE
-                      valueFrom:
-                        fieldRef:
-                            fieldPath: metadata.namespace
-                    - name: WATCH_NAMESPACE
-                      valueFrom:
-                        fieldRef:
-                            fieldPath: metadata.namespace
-                    - name: POD_NAME
-                      valueFrom:
-                        fieldRef:
-                            fieldPath: metadata.name
-                  envFrom:
-                    - configMapRef:
-                        name: {{ "operator-environment-config" | quote }}
-                        optional: true
-                  image: {{ include "redis-enterprise-operator.operator.image" . | printf "%s" | trim }}
-                  imagePullPolicy: Always
-                  livenessProbe:
-                    failureThreshold: 3
-                    httpGet:
-                        path: /liveness
-                        port: 8443
-                        scheme: HTTPS
-                    initialDelaySeconds: 15
-                    periodSeconds: 10
-                    successThreshold: 1
-                    timeoutSeconds: 5
-                  name: admission
-                  ports:
-                    - containerPort: 8443
-                  readinessProbe:
-                    failureThreshold: 3
-                    httpGet:
-                        path: /healthz
-                        port: 8443
-                        scheme: HTTPS
-                    periodSeconds: 10
-                    successThreshold: 1
-                    timeoutSeconds: 5
-                  resources:
-                    limits:
-                        cpu: 1000m
-                        memory: 512Mi
-                    requests:
-                        cpu: 250m
-                        memory: 256Mi
-                  securityContext:
-                    allowPrivilegeEscalation: false
-                    capabilities:
-                        drop:
-                            - ALL
-                    privileged: false
-                    readOnlyRootFilesystem: true
-            securityContext: 
-                {{- if not .Values.isOpenshift}}
-              seccompProfile:
-                type: RuntimeDefault
-                {{- end }}
-              runAsNonRoot: true
-            serviceAccountName: redis-enterprise-operator
-              {{- if .Values.imagePullSecret }}
-            imagePullSecrets:
-              - name: {{ .Values.imagePullSecret }}
-              {{- end }}
diff --git a/helm/redis-enterprise-operator/templates/role.yaml b/helm/redis-enterprise-operator/templates/role.yaml
deleted file mode 100644
index 720c74d..0000000
--- a/helm/redis-enterprise-operator/templates/role.yaml
+++ /dev/null
@@ -1,197 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-    annotations:
-        {{- include "redis-enterprise-operator.annotations" . | nindent 8}}
-    labels:
-        app: redis-enterprise
-    name: redis-enterprise-operator
-rules:
-    - apiGroups:
-        - rbac.authorization.k8s.io
-        - ""
-      resources:
-        - roles
-        - serviceaccounts
-        - rolebindings
-      verbs:
-        - create
-        - get
-        - update
-        - patch
-        - delete
-    - apiGroups:
-        - app.redislabs.com
-      resources:
-        - redisenterpriseclusters
-        - redisenterpriseclusters/status
-        - redisenterpriseclusters/finalizers
-        - redisenterprisedatabases
-        - redisenterprisedatabases/status
-        - redisenterprisedatabases/finalizers
-        - redisenterpriseremoteclusters
-        - redisenterpriseremoteclusters/status
-        - redisenterpriseremoteclusters/finalizers
-        - redisenterpriseactiveactivedatabases
-        - redisenterpriseactiveactivedatabases/status
-        - redisenterpriseactiveactivedatabases/finalizers
-      verbs:
-        - delete
-        - get
-        - list
-        - patch
-        - create
-        - update
-        - watch
-    - apiGroups:
-        - ""
-      resources:
-        - secrets
-      verbs:
-        - update
-        - get
-        - create
-        - patch
-        - delete
-        - list
-        - watch
-    - apiGroups:
-        - ""
-      resources:
-        - endpoints
-      verbs:
-        - get
-        - list
-        - watch
-    - apiGroups:
-        - ""
-      resources:
-        - events
-      verbs:
-        - create
-        - patch
-    - apiGroups:
-        - apps
-      resources:
-        - deployments
-        - statefulsets
-        - replicasets
-      verbs:
-        - create
-        - delete
-        - get
-        - patch
-        - update
-        - list
-        - watch
-    - apiGroups:
-        - policy
-      resources:
-        - poddisruptionbudgets
-      verbs:
-        - create
-        - delete
-        - get
-        - list
-        - watch
-    - apiGroups:
-        - ""
-      resources:
-        - configmaps
-      verbs:
-        - create
-        - delete
-        - get
-        - update
-        - watch
-        - list
-    - apiGroups:
-        - ""
-      resources:
-        - persistentvolumeclaims
-      verbs:
-        - create
-        - delete
-        - get
-        - update
-        - list
-        - watch
-    - apiGroups:
-        - ""
-      resources:
-        - pods
-      verbs:
-        - get
-        - list
-        - update
-        - patch
-        - delete
-        - watch
-    - apiGroups:
-        - ""
-      resources:
-        - services
-      verbs:
-        - get
-        - list
-        - update
-        - patch
-        - create
-        - delete
-        - watch
-    - apiGroups:
-        - policy
-      resourceNames:
-        - redis-enterprise-psp
-      resources:
-        - podsecuritypolicies
-      verbs:
-        - use
-    - apiGroups:
-        - networking.k8s.io
-      resources:
-        - ingresses
-      verbs:
-        - create
-        - patch
-        - delete
-        - list
-        - update
-        - get
-        - watch
-    - apiGroups:
-        - networking.istio.io
-      resources:
-        - gateways
-        - virtualservices
-      verbs:
-        - get
-        - list
-        - update
-        - patch
-        - create
-        - delete
-        - watch
-	{{- if .Values.isOpenshift }}
-    - apiGroups:
-        - route.openshift.io
-      resources:
-        - routes
-        - routes/custom-host
-      verbs:
-        - create
-        - delete
-        - get
-        - list
-        - patch
-        - update
-        - watch
-    - apiGroups:
-        - security.openshift.io
-      resourceNames:
-        - nonroot
-      resources:
-        - securitycontextconstraints
-      verbs:
-        - use
-	{{- end }}
diff --git a/helm/redis-enterprise-operator/templates/role_binding.yaml b/helm/redis-enterprise-operator/templates/role_binding.yaml
deleted file mode 100644
index 06d4231..0000000
--- a/helm/redis-enterprise-operator/templates/role_binding.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-    annotations:
-        {{- include "redis-enterprise-operator.annotations" . | nindent 8}}
-    labels:
-        app: redis-enterprise
-    name: redis-enterprise-operator
-roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: Role
-    name: redis-enterprise-operator
-subjects:
-    - kind: ServiceAccount
-      name: redis-enterprise-operator
diff --git a/helm/redis-enterprise-operator/templates/service_account.yaml b/helm/redis-enterprise-operator/templates/service_account.yaml
deleted file mode 100644
index 0a1972c..0000000
--- a/helm/redis-enterprise-operator/templates/service_account.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-    annotations:
-        {{- include "redis-enterprise-operator.annotations" . | nindent 8}}
-    labels:
-        app: redis-enterprise
-    name: redis-enterprise-operator
diff --git a/helm/redis-enterprise-operator/templates/webhook.yaml b/helm/redis-enterprise-operator/templates/webhook.yaml
deleted file mode 100644
index ba371ba..0000000
--- a/helm/redis-enterprise-operator/templates/webhook.yaml
+++ /dev/null
@@ -1,69 +0,0 @@
-
-{{ $admissionNamespaces := append (default list .Values.admission.namespaces) .Release.Namespace | uniq}}
-
-{{- $namespaceToCA := dict }}
-
-{{- if .Values.admission.setCABundle }}
-  {{- $namespaceToCA = include "redis-enterprise-operator.getCa" $admissionNamespaces | fromYaml }}
-  {{- range $ns := $admissionNamespaces }}
-apiVersion: v1
-kind: Secret
-metadata:
-  annotations:
-    {{- include "redis-enterprise-operator.annotations" $ | nindent 4}}
-  name: admission-tls
-  namespace: {{ $ns }}
-type: Opaque
-data:
-  cert: {{ dig $ns "cert" "# Missing cert" $namespaceToCA }}
-  privateKey: {{ dig $ns "privateKey" "# Missing privateKey" $namespaceToCA}}
-
----
-  {{- end }}
-{{- end }}
-
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
-  annotations:
-    {{- include "redis-enterprise-operator.annotations" . | nindent 4}}
-  labels:
-    app: redis-enterprise
-  name: redis-enterprise-admission
-webhooks:
-{{- range $ns := $admissionNamespaces }}
-  - admissionReviewVersions:
-      - v1beta1
-    clientConfig:
-      service:
-        name: admission
-        path: /admission
-        namespace: {{ $ns }}
-      {{- if $.Values.admission.setCABundle }}
-      caBundle: {{ dig $ns "cert" "# Missing cert" $namespaceToCA}}
-      {{- else }}
-      caBundle: {{ include "redis-enterprise-operator.caComment" $ | trimAll "\n" }}
-      {{- end }}
-    failurePolicy: Fail
-    matchPolicy: Exact
-    name: redisenterprise.admission.redislabs-{{ $ns }}
-    {{ if $.Values.admission.limitToNamespace }}
-    namespaceSelector:
-      matchLabels:
-        redis.io/redisenterprise.admission.enable: {{ $ns }}
-    {{ end }}
-    rules:
-      - apiGroups:
-          - app.redislabs.com
-        apiVersions:
-          - v1alpha1
-        operations:
-          - CREATE
-          - UPDATE
-        resources:
-          - redisenterprisedatabases
-          - redisenterpriseactiveactivedatabases
-          - redisenterpriseremoteclusters
-    sideEffects: None
-    timeoutSeconds: 30
-{{- end}}
diff --git a/helm/redis-enterprise-operator/values.yaml b/helm/redis-enterprise-operator/values.yaml
deleted file mode 100644
index afc6536..0000000
--- a/helm/redis-enterprise-operator/values.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-# This file includes the values that can be customized for the chart.
-#
-# For instructions how to override these default values,
-# see https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing
-
-# Set to true if deploying to an OpenShift cluster
-isOpenshift: false
-
-
-# Image pull secret to use for registry authentication
-imagePullSecret: ""
-
-
-# Configuration options for the admission webhook
-admission:
-  # List of namespaces to enable the admission webhook for.
-  # If left blank, defaults to enabling the admission in the
-  # installation namespace. i.e. `[ Release.Namespace ]`
-  namespaces: null
-
-  # Whether to create a new CA key and certificate for the admission webhook
-  setCABundle: true
-
-  # If true, the operator will be deployed with namespaceSelector in the webhook configuration
-  # In this case, helm will patch the Namespace resource with the label
-  # redis.io/redisenterprise.admission.enable: <namespace>
-  limitToNamespace: true
-
-# Configuration options for the operator
-operator:
-
-  # Configuration options for the operator image
-  image:
-
-    # Image repository for the operator image.
-    # Leave blank to use the default image repository,
-    # which is `redislabs/operator` for non-OpenShift deployments,
-    # and `registry.connect.redhat.com/redislabs/redis-enterprise-operator` for OpenShift deployments.
-    repository: ""
-
-    # Image tag for the operator image.
-    # This typically represents the operator version.
-    tag: 7.4.6-7
-
-  # Whether to enable the Active-Active database controller within the operator.
-  # When disabled, RedisEnterpriseActiveActiveDatabase custom resources are not reconciled.
-  activeActiveDatabaseControllerEnabled: true
-