使用 OpenShift CLI 升级 Redis Enterprise

此任务介绍如何通过 OpenShift CLI 升级 Redis Enterprise 集群。

适用于 Kubernetes 的 Redis Enterprise

Redis 在 Kubernetes 部署中为软件升级实施滚动更新。升级过程包括更新三个组件:

  1. 升级 Redis Enterprise operator
  2. 升级 Redis Enterprise 集群 (REC)
  3. 升级 Redis Enterprise 数据库 (REDB)

升级前

  1. 检查支持的 Kubernetes 发行版,确保您的 Kubernetes 发行版受支持。

  2. oc get rec并验证LICENSE STATE在您的 REC 上有效,然后再开始升级过程。

  3. 验证您是从 Redis Enterprise作员版本 6.2.10-45 或更高版本升级的。否则,必须先升级到 6.2.10-45,然后再升级到版本 6.2.18 或更高版本。

  4. 升级在基于 RHEL7 的映像上运行的现有集群时,请确保为新版本选择基于 RHEL7 的映像。有关更多信息,请参阅发行说明

  5. 如果要从基于 RHEL7 的映像迁移到基于 RHEL8 的映像,则需要使用基于 RHEL7 的映像升级到版本 7.2.4-2,然后才能在升级到 7.2.4-TBD 时迁移到基于 RHEL8 的映像。

升级 Operator

下载捆绑包

确保提取 bundle 的正确版本。您可以找到版本标签 通过在 GitHub 上查看 operator releases 或使用 GitHub API 来获取。

对于 OpenShift 环境,捆绑包的名称为openshift.bundle.yaml,因此curl要运行的命令是:

curl --silent -O https://raw.githubusercontent.com/RedisLabs/redis-enterprise-k8s-docs/$VERSION/openshift.bundle.yaml

If you need a different release, replace VERSION in the above with a specific release tag.

Apply the bundle

Apply the bundle to deploy the new operator binary. This will also apply any changes in the new release to custom resource definitions, roles, role binding, or operator service accounts.

Note:
If you are not pulling images from Docker Hub, update the operator image spec to point to your private repository. If you have made changes to the role, role binding, RBAC, or custom resource definition (CRD) in the previous version, merge them with the updated declarations in the new version files.

If you are using OpenShift, run this instead:

oc apply -f openshift.bundle.yaml

After running this command, you should see a result similar to this:

role.rbac.authorization.k8s.io/redis-enterprise-operator configured
serviceaccount/redis-enterprise-operator configured
rolebinding.rbac.authorization.k8s.io/redis-enterprise-operator configured
customresourcedefinition.apiextensions.k8s.io/redisenterpriseclusters.app.redislabs.com configured
customresourcedefinition.apiextensions.k8s.io/redisenterprisedatabases.app.redislabs.com configured
deployment.apps/redis-enterprise-operator configured

Reapply the admission controller webhook

If you have the admission controller enabled, you need to manually reapply the ValidatingWebhookConfiguration.

Note:

Versions 6.4.2 and later uses a new ValidatingWebhookConfiguration resource to replace redb-admission. To use newer releases, delete the old webhook resource and apply the new file.

  1. Delete the existing ValidatingWebhookConfiguration on the Kubernetes cluster (named redb-admission).

     ```sh
 kubectl delete ValidatingWebhookConfiguration redb-admission
 ```

  2. Apply the resource from the new file.

     ```sh
 kubectl apply -f deploy/admission/webhook.yaml
 ```

  1. Verify the admission-tls secret exists.

    kubectl get secret admission-tls

    The output should look similar to

    NAME            TYPE     DATA   AGE
admission-tls   Opaque   2      2m43s

  2. Save the certificate to a local environment variable.

    CERT=`kubectl get secret admission-tls -o jsonpath='{.data.cert}'`

  3. Create a Kubernetes validating webhook, replacing <namespace> with the namespace where the REC was installed.

    The webhook.yaml template can be found in redis-enterprise-k8s-docs/admission

    sed 's/OPERATOR_NAMESPACE/<namespace>/g' webhook.yaml | kubectl create -f -

  4. Create a patch file for the Kubernetes validating webhook.

    cat > modified-webhook.yaml <<EOF
webhooks:
- name: redisenterprise.admission.redislabs
  clientConfig:
   caBundle: $CERT
EOF

  5. Patch the webhook with the certificate.

    kubectl patch ValidatingWebhookConfiguration \
    redis-enterprise-admission --patch "$(cat modified-webhook.yaml)"

Verify the operator is running

You can check your deployment to verify the operator is running in your namespace.

oc get deployment/redis-enterprise-operator

You should see a result similar to this:

NAME                        READY   UP-TO-DATE   AVAILABLE   AGE
redis-enterprise-operator   1/1     1            1           0m36s
Warning:
We recommend upgrading the REC as soon as possible after updating the operator. After the operator upgrade completes, the operator suspends the management of the REC and its associated REDBs, until the REC upgrade completes.

Reapply the SCC

If you are using OpenShift, you will also need to manually reapply the security context constraints file (scc.yaml) and bind it to your service account.

oc apply -f openshift/scc.yaml

oc adm policy add-scc-to-user redis-enterprise-scc-v2 \
  system:serviceaccount:<my-project>:<rec-name>

If you are upgrading from operator version 6.4.2-6 or before, see the "after upgrading" section to delete the old SCC and role binding after all clusters are running 6.4.2-6 or later.

Upgrade the RedisEnterpriseCluster (REC)

Warning:

Verify your license is valid before upgrading. Invalid licenses will cause the upgrade to fail.

Use oc get rec and verify the LICENSE STATE is valid on your REC before you start the upgrade process.

The Redis Enterprise cluster (REC) can be updated automatically or manually. To trigger automatic upgrade of the REC after the operator upgrade completes, specify autoUpgradeRedisEnterprise: true in your REC spec. If you don't have automatic upgrade enabled, follow the below steps for the manual upgrade.

Before beginning the upgrade of the Redis Enterprise cluster, check the K8s operator release notes to find the Redis Enterprise image tag. For example, in Redis Enterprise K8s operator release 6.0.12-5, the Images section shows the Redis Enterprise tag is 6.0.12-57.

After the operator upgrade is complete, you can upgrade Redis Enterprise cluster (REC).

Edit redisEnterpriseImageSpec in the REC spec

  1. Edit the REC custom resource YAML file.

    oc edit rec <your-rec.yaml>

  2. Replace the versionTag: declaration under redisEnterpriseImageSpec with the new version tag.

    spec:
  redisEnterpriseImageSpec:
    imagePullPolicy:  IfNotPresent
    repository:       redislabs/redis
    versionTag:       <new-version-tag>

  3. Save the changes to apply.

Reapply roles and role bindings

If your operator is monitoring multiple namespaces, you'll need to reapply your role and role bindings for each managed namespace. See Manage databases in multiple namespaces for more details.

Monitor the upgrade

You can view the state of the REC with oc get rec.

During the upgrade, the state should be Upgrade. When the upgrade is complete and the cluster is ready to use, the state will change to Running. If the state is InvalidUpgrade, there is an error (usually relating to configuration) in the upgrade.

$ oc get rec
NAME   NODES   VERSION      STATE     SPEC STATUS   LICENSE STATE   SHARDS LIMIT   LICENSE EXPIRATION DATE   AGE
rec    3       6.2.10-107   Upgrade   Valid         Valid           4              2022-07-16T13:59:00Z      92m

To see the status of the current rolling upgrade, run:

oc rollout status sts <REC_name>

After upgrading

For OpenShift users, operator version 6.4.2-6 introduced a new SCC (redis-enterprise-scc-v2). If any of your OpenShift RedisEnterpriseClusters are running versions earlier than 6.2.4-6, you need to keep both the new and old versions of the SCC.

If all of your clusters have been upgraded to operator version 6.4.2-6 or later, you can delete the old version of the SCC (redis-enterprise-scc) and remove the binding to your service account.

  1. Delete the old version of the SCC

    oc delete scc redis-enterprise-scc

    The output should look similar to the following:

    securitycontextconstraints.security.openshift.io "redis-enterprise-scc" deleted

  2. Remove the binding to your service account.

    oc adm policy remove-scc-from-user redis-enterprise-scc system:serviceaccount:<my-project>:<rec-name>

Upgrade databases

Warning:
In version 7.2.4, old module versions and manually uploaded modules are not persisted. If databases are not upgraded after cluster upgrade, and require cluster recovery afterwards, you'll need to contact Redis support. This issue will be fixed in the next maintenance release by moving the stored location of the modules.

After the cluster is upgraded, you can upgrade your databases. The process for upgrading databases is the same for both Kubernetes and non-Kubernetes deployments. For more details on how to upgrade a database, see the Upgrade an existing Redis Enterprise Software deployment documentation.

Note that if your cluster redisUpgradePolicy or your database redisVersion are set to major, you won't be able to upgrade those databases to minor versions. See Redis upgrade policy for more details.

RATE THIS PAGE
Back to top ↑