diff --git a/content/commands/cluster-slot-stats.md b/content/commands/cluster-slot-stats.md index 3883ef0603..146353d586 100644 --- a/content/commands/cluster-slot-stats.md +++ b/content/commands/cluster-slot-stats.md @@ -105,9 +105,14 @@ The command reports on the following statistics: * `KEY-COUNT`: Number of keys stored in the slot. * `CPU-USEC`: CPU time (in microseconds) spent handling the slot. +* `MEMORY-BYTES`: Number of bytes allocated by the slot. * `NETWORK-BYTES-IN`: Total inbound network traffic (in bytes) received by the slot. * `NETWORK-BYTES-OUT`: Total outbound network traffic (in bytes) sent from the slot. +{{< note>}} +`MEMORY-BYTES` requires that you set `cluster-slot-stats-enabled` to `yes` in your `redis.conf` file. +{{< /note >}} + ## Redis Enterprise and Redis Cloud compatibility | Redis
Enterprise | Redis
Cloud | Notes | diff --git a/content/develop/tools/cli.md b/content/develop/tools/cli.md index e976413881..65c59a8d23 100644 --- a/content/develop/tools/cli.md +++ b/content/develop/tools/cli.md @@ -64,6 +64,8 @@ even on the terminal with the `--raw` option: You can force human readable output when writing to a file or in pipe to other commands by using `--no-raw`. +For complete command line usage, see [below](#usage). + ## String quoting and escaping When `redis-cli` parses a command, whitespace characters automatically delimit the arguments. @@ -964,3 +966,128 @@ minutes the output stabilizes to the following figures: 140500 Gets/sec | Hits: 135947 (96.76%) | Misses: 4553 (3.24%) With 500MB there is sufficient space for the key quantity (10 million) and distribution (80-20 style). + +## Usage + +``` +Usage: redis-cli [OPTIONS] [cmd [arg [arg ...]]] + -h Server hostname (default: 127.0.0.1). + -p Server port (default: 6379). + -t Server connection timeout in seconds (decimals allowed). + Default timeout is 0, meaning no limit, depending on the OS. + -s Server socket (overrides hostname and port). + -a Password to use when connecting to the server. + You can also use the REDISCLI_AUTH environment + variable to pass this password more safely + (if both are used, this argument takes precedence). + --user Used to send ACL style 'AUTH username pass'. Needs -a. + --pass Alias of -a for consistency with the new --user option. + --askpass Force user to input password with mask from STDIN. + If this argument is used, '-a' and REDISCLI_AUTH + environment variable will be ignored. + -u Server URI on format redis://user:password@host:port/dbnum + User, password and dbnum are optional. For authentication + without a username, use username 'default'. For TLS, use + the scheme 'rediss'. + -r Execute specified command N times. + -i When -r is used, waits seconds per command. + It is possible to specify sub-second times like -i 0.1. + This interval is also used in --scan and --stat per cycle. + and in --bigkeys, --memkeys, --keystats, and --hotkeys per 100 cycles. + -n Database number. + -2 Start session in RESP2 protocol mode. + -3 Start session in RESP3 protocol mode. + -x Read last argument from STDIN (see example below). + -X Read argument from STDIN (see example below). + -d Delimiter between response bulks for raw formatting (default: \n). + -D Delimiter between responses for raw formatting (default: \n). + -c Enable cluster mode (follow -ASK and -MOVED redirections). + -e Return exit error code when command execution fails. + -4 Prefer IPv4 over IPv6 on DNS lookup. + -6 Prefer IPv6 over IPv4 on DNS lookup. + --raw Use raw formatting for replies (default when STDOUT is + not a tty). + --no-raw Force formatted output even when STDOUT is not a tty. + --quoted-input Force input to be handled as quoted strings. + --csv Output in CSV format. + --json Output in JSON format (default RESP3, use -2 if you want to use with RESP2). + --quoted-json Same as --json, but produce ASCII-safe quoted strings, not Unicode. + --show-pushes Whether to print RESP3 PUSH messages. Enabled by default when + STDOUT is a tty but can be overridden with --show-pushes no. + --stat Print rolling stats about server: mem, clients, ... + --latency Enter a special mode continuously sampling latency. + If you use this mode in an interactive session it runs + forever displaying real-time stats. Otherwise if --raw or + --csv is specified, or if you redirect the output to a non + TTY, it samples the latency for 1 second (you can use + -i to change the interval), then produces a single output + and exits. + --latency-history Like --latency but tracking latency changes over time. + Default time interval is 15 sec. Change it using -i. + --latency-dist Shows latency as a spectrum, requires xterm 256 colors. + Default time interval is 1 sec. Change it using -i. + --lru-test Simulate a cache workload with an 80-20 distribution. + --replica Simulate a replica showing commands received from the master. + --rdb Transfer an RDB dump from remote server to local file. + Use filename of "-" to write to stdout. + --functions-rdb Like --rdb but only get the functions (not the keys) + when getting the RDB dump file. + --pipe Transfer raw Redis protocol from stdin to server. + --pipe-timeout In --pipe mode, abort with error if after sending all data. + no reply is received within seconds. + Default timeout: 30. Use 0 to wait forever. + --bigkeys Sample Redis keys looking for keys with many elements (complexity). + --memkeys Sample Redis keys looking for keys consuming a lot of memory. + --memkeys-samples Sample Redis keys looking for keys consuming a lot of memory. + And define number of key elements to sample + --keystats Sample Redis keys looking for keys memory size and length (combine bigkeys and memkeys). + --keystats-samples Sample Redis keys looking for keys memory size and length. + And define number of key elements to sample (only for memory usage). + --cursor Start the scan at the cursor (usually after a Ctrl-C). + Optionally used with --keystats and --keystats-samples. + --top To display top key sizes (default: 10). + Optionally used with --keystats and --keystats-samples. + --hotkeys Sample Redis keys looking for hot keys. + only works when maxmemory-policy is *lfu. + --scan List all keys using the SCAN command. + --pattern Keys pattern when using the --scan, --bigkeys, --memkeys, + --keystats or --hotkeys options (default: *). + --count Count option when using the --scan, --bigkeys, --memkeys, + --keystats or --hotkeys (default: 10). + --quoted-pattern Same as --pattern, but the specified string can be + quoted, in order to pass an otherwise non binary-safe string. + --intrinsic-latency Run a test to measure intrinsic system latency. + The test will run for the specified amount of seconds. + --eval Send an EVAL command using the Lua script at . + --ldb Used with --eval enable the Redis Lua debugger. + --ldb-sync-mode Like --ldb but uses the synchronous Lua debugger, in + this mode the server is blocked and script changes are + not rolled back from the server memory. + --cluster [args...] [opts...] + Cluster Manager command and arguments (see below). + --verbose Verbose mode. + --no-auth-warning Don't show warning message when using password on command + line interface. + --help Output this help and exit. + --version Output version and exit. + +Cluster Manager Commands: + Use --cluster help to list all available cluster manager commands. + +Examples: + redis-cli -u redis://default:PASSWORD@localhost:6379/0 + cat /etc/passwd | redis-cli -x set mypasswd + redis-cli -D "" --raw dump key > key.dump && redis-cli -X dump_tag restore key2 0 dump_tag replace < key.dump + redis-cli -r 100 lpush mylist x + redis-cli -r 100 -i 1 info | grep used_memory_human: + redis-cli --quoted-input set '"null-\x00-separated"' value + redis-cli --eval myscript.lua key1 key2 , arg1 arg2 arg3 + redis-cli --scan --pattern '*:12345*' + redis-cli --scan --pattern '*:12345*' --count 100 + + (Note: when using --eval the comma separates KEYS[] from ARGV[] items) + +When no command is given, redis-cli starts in interactive mode. +Type "help" in interactive mode for information on available commands +and settings. +``` \ No newline at end of file diff --git a/content/embeds/k8s/openshift_rec.md b/content/embeds/k8s/openshift_rec.md index ca18746c11..815a5e544a 100644 --- a/content/embeds/k8s/openshift_rec.md +++ b/content/embeds/k8s/openshift_rec.md @@ -27,7 +27,7 @@ spec: redisEnterpriseImageSpec: repository: registry.connect.redhat.com/redislabs/redis-enterprise - versionTag: 8.0.2-17 + versionTag: 8.0.6-50 redisEnterpriseServicesRiggerImageSpec: repository: registry.connect.redhat.com/redislabs/services-manager bootstrapperImageSpec: diff --git a/content/embeds/k8s/openshift_role.md b/content/embeds/k8s/openshift_role.md index 3584d68974..ed4e6925ad 100644 --- a/content/embeds/k8s/openshift_role.md +++ b/content/embeds/k8s/openshift_role.md @@ -8,10 +8,8 @@ metadata: rules: - apiGroups: - rbac.authorization.k8s.io - - "" resources: - roles - - serviceaccounts - rolebindings verbs: - create @@ -19,6 +17,16 @@ rules: - update - patch - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - update + - patch + - delete - apiGroups: - app.redislabs.com resources: diff --git a/content/embeds/k8s/role.md b/content/embeds/k8s/role.md index 74063d03a8..bed109ae99 100644 --- a/content/embeds/k8s/role.md +++ b/content/embeds/k8s/role.md @@ -8,10 +8,8 @@ metadata: rules: - apiGroups: - rbac.authorization.k8s.io - - "" resources: - roles - - serviceaccounts - rolebindings verbs: - create @@ -19,6 +17,16 @@ rules: - update - patch - delete + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get + - update + - patch + - delete - apiGroups: - app.redislabs.com resources: diff --git a/content/operate/kubernetes/reference/api/redis_enterprise_active_active_database_api.md b/content/operate/kubernetes/reference/api/redis_enterprise_active_active_database_api.md index 9ba26f3b56..9e371b868e 100644 --- a/content/operate/kubernetes/reference/api/redis_enterprise_active_active_database_api.md +++ b/content/operate/kubernetes/reference/api/redis_enterprise_active_active_database_api.md @@ -171,7 +171,14 @@ The Active-Active database global configurations, contains the global properties alertSettings object - Settings for database alerts. Note - Alert settings are not supported for Active-Active database.
+ Settings for database alerts.
+ + false + + auditing + object + + Database auditing configuration.
false @@ -323,6 +330,16 @@ The Active-Active database global configurations, contains the global properties Whether this database supports RESP3 protocol. Note - Deleting this property after explicitly setting its value shall have no effect. Please view the corresponding field in RS doc for more info.
false + + rofRamRatio + integer + + RAM allocation ratio for Redis Flex (v2) databases as a percentage of total data size. Valid range 0-100. When omitted, RS uses the default value of 50%. Controls how much RAM is allocated per unit of data (e.g., 30% means 3MB RAM per 10MB data). RAM grows proportionally with data until rofRamSize limit is reached (if specified). Only applicable when isRof=true and Redis version >= 8.0 (BigStore v2 - Redis Flex).
+
+ Minimum: 0
+ Maximum: 100
+ + false rofRamSize string @@ -422,7 +439,7 @@ Connection/ association to the Active-Active database. ### spec.globalConfigurations.alertSettings [↩ Parent](#specglobalconfigurations) -Settings for database alerts. Note - Alert settings are not supported for Active-Active database. +Settings for database alerts. @@ -1022,6 +1039,31 @@ Dataset size has reached the threshold value [% of the memory limit]
+### spec.globalConfigurations.auditing +[↩ Parent](#specglobalconfigurations) + +Database auditing configuration. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
dbConnsAuditingboolean + Enables auditing of database connection and authentication events. When enabled, connection, authentication, and disconnection events are tracked and sent to the configured audit listener (configured at the cluster level). The cluster-level auditing configuration must be set before enabling this on a database.
+ 		false
+ + ### spec.globalConfigurations.backup [↩ Parent](#specglobalconfigurations) diff --git a/content/operate/kubernetes/reference/api/redis_enterprise_cluster_api.md b/content/operate/kubernetes/reference/api/redis_enterprise_cluster_api.md index 4cc62e587a..4c3c0f626f 100644 --- a/content/operate/kubernetes/reference/api/redis_enterprise_cluster_api.md +++ b/content/operate/kubernetes/reference/api/redis_enterprise_cluster_api.md @@ -96,6 +96,13 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster Additional antiAffinity terms in order to support installation on different zones/vcenters
false + + auditing + object + + Cluster-level configuration for auditing database connection and authentication events. Includes both the audit listener connection parameters and the default policy for new databases.
+ + false backup object @@ -128,7 +135,7 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster clusterCredentialSecretName string - Secret Name/Path to use for Cluster Credentials. To be used only if ClusterCredentialSecretType is vault. If left blank, will use cluster name.
+ Name or path of the secret containing cluster credentials. Defaults to the cluster name if left blank. For Kubernetes secrets (default): Must be set to the cluster name or left blank. The secret can be pre-created with 'username' and 'password' fields, or otherwise it will be automatically created with a default username and auto-generated password. For Vault secrets: Can be customized with the path of the secret within Vault. The secret must be pre-created in Vault before REC creation.
false @@ -165,7 +172,7 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster createServiceAccount boolean - Whether to create service account
+ Creates a service account for Redis Enterprise.
false @@ -214,7 +221,7 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster ingressOrRouteSpec object - Access configurations for the Redis Enterprise Cluster and Databases. At most one of ingressOrRouteSpec or activeActive fields can be set at the same time.
+ Access configurations for the Redis Enterprise cluster and databases. At most one of ingressOrRouteSpec or activeActive fields can be set at the same time.
false @@ -265,7 +272,7 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster persistentSpec object - Specification for Redis Enterprise Cluster persistence
+ Persistent storage configuration for Redis Enterprise cluster.
false @@ -395,14 +402,14 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster redisOnFlashSpec object - Stores configurations specific to redis on flash. If provided, the cluster will be capable of creating redis on flash databases.
+ Auto Tiering (Redis on Flash) configuration. When provided, the cluster can create Auto Tiering databases.
false redisUpgradePolicy enum - Redis upgrade policy to be set on the Redis Enterprise Cluster. Possible values: major/latest This value is used by the cluster to choose the Redis version of the database when an upgrade is performed. The Redis Enterprise Cluster includes multiple versions of OSS Redis that can be used for databases.
+ Redis upgrade policy to be set on the Redis Enterprise cluster. Possible values: major/latest This value is used by the cluster to choose the Redis version of the database when an upgrade is performed. The Redis Enterprise cluster includes multiple versions of OSS Redis that can be used for databases.

Enum: major, latest
@@ -425,7 +432,7 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster serviceAccountName string - Name of the service account to use
+ Name of the service account to use for Redis Enterprise.
false @@ -456,18 +463,25 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster Slave high availability mechanism configuration.
false + + sso + object + + Cluster-level SSO configuration for authentication to the Cluster Manager UI.
+ + false uiAnnotations map[string]string - Annotations for Redis Enterprise UI service. This annotations will override the overlapping global annotations set under spec.services.servicesAnnotations The specified annotations will not override annotations that already exist and didn't originate from the operator, except for the 'redis.io/last-keys' annotation which is reserved.
+ Additional annotations for the Redis Enterprise UI service. These annotations override overlapping global annotations set under spec.services.servicesAnnotations. The specified annotations will not override annotations that already exist and didn't originate from the operator, except for the 'redis.io/last-keys' annotation which is reserved.
false uiServiceType enum - Type of service used to expose Redis Enterprise UI (https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types)
+ Service type for exposing the Redis Enterprise UI (https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types).

Enum: ClusterIP, NodePort, LoadBalancer, ExternalName
@@ -476,7 +490,7 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster upgradeSpec object - Specification for upgrades of Redis Enterprise
+ Redis Enterprise upgrade configuration
false @@ -486,6 +500,13 @@ RedisEnterpriseClusterSpec defines the desired state of RedisEnterpriseCluster The configuration of the usage meter.
false + + userDefinedModules + []object + + List of user-defined modules to be downloaded and installed during cluster bootstrap The modules on the list will be downloaded on cluster creation, upgrade, scale-out and recovery and installed on all nodes. Note that changing this field for a running cluster will trigger a rolling update.
+ + false username string @@ -559,6 +580,93 @@ Specification for ActiveActive setup. At most one of ingressOrRouteSpec or activ +### spec.auditing +[↩ Parent](#spec) + +Cluster-level configuration for auditing database connection and authentication events. Includes both the audit listener connection parameters and the default policy for new databases. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
configobject + Configuration for the audit listener connection
+ 		false
dbConnsAuditingboolean + Cluster-wide default policy for database connection auditing. When set to true, connection auditing will be enabled by default for all new databases. Existing databases are not affected and can override this setting individually.
+ 		false
+ + +### spec.auditing.config +[↩ Parent](#specauditing) + +Configuration for the audit listener connection + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
auditAddressstring + TCP/IP address or file path where audit notifications will be sent. For TCP protocol: IP address of the audit listener. For local protocol: file path for audit output (development/testing only).
+ 		true
auditProtocolenum + Protocol used to send audit notifications. Valid values: "TCP" or "local". For production systems, use "TCP". "local" is for development/testing only.
+
+ Enum: TCP, local
+ 		true
auditPortinteger + Port number where audit notifications will be sent (TCP protocol only).
+ 		false
auditReconnectIntervalinteger + Interval in seconds between attempts to reconnect to the audit listener.
+ 		false
auditReconnectMaxAttemptsinteger + Maximum number of attempts to reconnect to the audit listener. Set to 0 for infinite attempts.
+ 		false
+ + ### spec.backup [↩ Parent](#spec) @@ -744,55 +852,70 @@ RS Cluster Certificates. Used to modify the certificates used by the cluster. Se apiCertificateSecretName string - Secret name to use for cluster's API certificate. If left blank, a cluster-provided certificate will be used.
+ Secret name to use for cluster's API certificate. The secret must contain the following structure - A key 'name' with the value 'api'. - A key 'certificate' with the value of the certificate in PEM format. - A key 'key' with the value of the private key. If left blank, a cluster-provided certificate will be used.
false cmCertificateSecretName string - Secret name to use for cluster's CM (Cluster Manager) certificate. If left blank, a cluster-provided certificate will be used.
+ Secret name to use for cluster's CM (Cluster Manager) certificate. The secret must contain the following structure - A key 'name' with the value 'cm'. - A key 'certificate' with the value of the certificate in PEM format. - A key 'key' with the value of the private key. If left blank, a cluster-provided certificate will be used.
false cpInternodeEncryptionCertificateSecretName string - Secret name to use for control plane internode encryption certificate. If left blank, a cluster-provided certificate will be used.
+ Secret name to use for cluster's Control Plane Internode Encryption (CPINE) certificate. The secret must contain the following structure - A key 'name' with the value 'ccs_internode_encryption'. - A key 'certificate' with the value of the certificate in PEM format. - A key 'key' with the value of the private key. If left blank, a cluster-provided certificate will be used.
false dpInternodeEncryptionCertificateSecretName string - Secret name to use for data plane internode encryption certificate. If left blank, a cluster-provided certificate will be used.
+ Secret name to use for cluster's Data Plane Internode Encryption (DPINE) certificate. The secret must contain the following structure - A key 'name' with the value 'data_internode_encryption'. - A key 'certificate' with the value of the certificate in PEM format. - A key 'key' with the value of the private key. If left blank, a cluster-provided certificate will be used.
false ldapClientCertificateSecretName string - Secret name to use for cluster's LDAP client certificate. If left blank, LDAP client certificate authentication will be disabled.
+ + Secret name to use for cluster's LDAP client certificate. The secret must contain the following structure - A key 'name' with the value 'ldap_client'. - A key 'certificate' with the value of the certificate in PEM format. - A key 'key' with the value of the private key. If left blank, LDAP client certificate authentication will be disabled.
false metricsExporterCertificateSecretName string - Secret name to use for cluster's Metrics Exporter certificate. If left blank, a cluster-provided certificate will be used.
+ Secret name to use for cluster's Metrics Exporter certificate. The secret must contain the following structure - A key 'name' with the value 'metrics_exporter'. - A key 'certificate' with the value of the certificate in PEM format. - A key 'key' with the value of the private key. If left blank, a cluster-provided certificate will be used.
false proxyCertificateSecretName string - Secret name to use for cluster's Proxy certificate. If left blank, a cluster-provided certificate will be used.
+ Secret name to use for cluster's Proxy certificate. The secret must contain the following structure - A key 'name' with the value 'proxy'. - A key 'certificate' with the value of the certificate in PEM format. - A key 'key' with the value of the private key. If left blank, a cluster-provided certificate will be used.
+ + false + + ssoIssuerCertificateSecretName + string + + Secret name to use for the SSO Identity Provider (IdP) certificate. This is the public certificate from your SAML Identity Provider used to verify SAML assertions. The secret must contain 'name' and 'certificate' fields (no 'key' field needed for IdP cert). This is optional - if using IdP metadata XML, the IdP certificate is included in the metadata.
+ + false + + ssoServiceCertificateSecretName + string + + Secret name to use for cluster's SSO service certificate. Used for SAML-based SSO authentication to the Cluster Manager. The secret must contain 'name', 'certificate', and 'key' fields (same format as other cluster certificates). If left blank, SSO will not be configured.
false syncerCertificateSecretName string - Secret name to use for cluster's Syncer certificate. If left blank, a cluster-provided certificate will be used.
+ Secret name to use for cluster's Syncer certificate. The secret must contain the following structure - A key 'name' with the value 'syncer'. - A key 'certificate' with the value of the certificate in PEM format. - A key 'key' with the value of the private key. If left blank, a cluster-provided certificate will be used.
false @@ -905,7 +1028,7 @@ HostAlias holds the mapping between IP and hostnames that will be injected as an ### spec.ingressOrRouteSpec [↩ Parent](#spec) -Access configurations for the Redis Enterprise Cluster and Databases. At most one of ingressOrRouteSpec or activeActive fields can be set at the same time. +Access configurations for the Redis Enterprise cluster and databases. At most one of ingressOrRouteSpec or activeActive fields can be set at the same time. @@ -1276,7 +1399,7 @@ An API object that represents the cluster's OCSP configuration. To enable OCSP, ### spec.persistentSpec [↩ Parent](#spec) -Specification for Redis Enterprise Cluster persistence +Persistent storage configuration for Redis Enterprise cluster.
@@ -1369,14 +1492,14 @@ Mitigation setting for STS pods stuck in "ContainerCreating" @@ -2269,7 +2392,7 @@ Compute resource requirements for Services Rigger pod ### spec.redisOnFlashSpec [↩ Parent](#spec) -Stores configurations specific to redis on flash. If provided, the cluster will be capable of creating redis on flash databases. +Auto Tiering (Redis on Flash) configuration. When provided, the cluster can create Auto Tiering databases.
enabled boolean - Whether to detect and attempt to mitigate pod startup issues
+ Enables detection and mitigation of pod startup issues.
 true
startingThresholdSeconds integer - Time in seconds to wait for a pod to be stuck while starting up before action is taken. If set to 0, will be treated as if disabled.
+ Time in seconds to wait before taking action on a pod stuck during startup. Set to 0 to disable.

Format: int32
@@ -2348,7 +2471,7 @@ The security configuration that will be applied to RS pods. @@ -2383,7 +2506,7 @@ Policy controlling whether to enable read-only root filesystem for the Redis Ent ### spec.securityContext.resourceLimits [↩ Parent](#specsecuritycontext) -Settings pertaining to resource limits management by the Redis Enterprise Node container. +Settings pertaining to resource limits management by the Redis Enterprise node container.
resourceLimits object - Settings pertaining to resource limits management by the Redis Enterprise Node container.
+ Settings pertaining to resource limits management by the Redis Enterprise node container.
 false
@@ -3242,7 +3365,7 @@ Slave high availability mechanism configuration. @@ -3251,10 +3374,159 @@ Slave high availability mechanism configuration.
slaveHAGracePeriod integer - Time in seconds between when a node fails, and when slave high availability mechanism starts relocating shards. If set to 0, will not affect cluster configuration.
+ Grace period in seconds between node failure and when the high availability mechanism starts relocating shards. Set to 0 to not affect cluster configuration.

Format: int32
+### spec.sso +[↩ Parent](#spec) + +Cluster-level SSO configuration for authentication to the Cluster Manager UI. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Enables SSO for Cluster Manager authentication. SSO requires the following configuration - Service Provider certificate (spec.certificates.ssoServiceCertificateSecretName), Identity Provider certificate (spec.certificates.ssoIssuerCertificateSecretName), IdP metadata or manual issuer configuration (spec.sso.saml.idpMetadataSecretName or spec.sso.saml.issuer), and Base address for Service Provider URLs (auto-determined from UI service or set via spec.sso.saml.serviceProvider.baseAddress).
+ 		true
samlobject + SAML-based SSO configuration. Currently,SAML is the only supported SSO protocol.
+ 		true
enforceSSOboolean + Enforces SSO-only authentication for the Cluster Manager. When true, local username/password authentication is disabled for non-admin users. When false (default), both SSO and local authentication are available.
+ 		false
+ + +### spec.sso.saml +[↩ Parent](#specsso) + +SAML-based SSO configuration. Currently,SAML is the only supported SSO protocol. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
idpMetadataSecretNamestring + Name of a secret in the same namespace that contains the Identity Provider (IdP) metadata XML. The secret must contain a key named 'idp_metadata' with the IdP metadata XML content. The XML can be plain text or base64-encoded; the operator handles encoding as needed. Obtain this metadata from your SAML Identity Provider (e.g., Okta or Azure AD). This is the recommended configuration method, as it's less error-prone. Either idpMetadataSecretName or issuer must be specified. If both are provided, idpMetadataSecretName takes precedence and issuer is ignored.
+ 		false
issuerobject + Manual Identity Provider (IdP) configuration. Use this when IdP metadata XML is unavailable. Either idpMetadataSecretName or issuer must be specified. If both are provided, idpMetadataSecretName takes precedence and issuer is ignored.
+ 		false
serviceProviderobject + Service Provider (SP) configuration.
+ 		false
spMetadataSecretNamestring + Name of a secret where the operator stores the Service Provider (SP) metadata XML. The operator creates this secret with a key named 'sp_metadata' that contains the base64-encoded SP metadata XML. Upload this metadata to your Identity Provider. If not specified, defaults to "-sso-sp-metadata". If not specified, the Service Provider metadata isn't stored in a K8s secret, but can still be obtained directly from the cluster's UI and/or API. Note: This secret is only created when the cluster is configured to use Kubernetes secrets (spec.clusterCredentialSecretType is unset or set to "kubernetes"). When using Vault secrets, the operator does not create this secret. Users can obtain the SP metadata directly from the Redis Enterprise Server API endpoint: GET /v1/cluster/sso/saml/metadata/sp and store it in Vault themselves if needed.
+ 		false
+ + +### spec.sso.saml.issuer +[↩ Parent](#specssosaml) + +Manual Identity Provider (IdP) configuration. Use this when IdP metadata XML is unavailable. Either idpMetadataSecretName or issuer must be specified. If both are provided, idpMetadataSecretName takes precedence and issuer is ignored. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
entityIDstring + Identity Provider entity ID (issuer identifier). Example: "urn:sso:example:idp" or "https://idp.example.com".
+ 		true
loginURLstring + Identity Provider SSO login URL where SAML authentication requests are sent. Example: "https://idp.example.com/sso/saml".
+ 		true
logoutURLstring + Identity Provider single logout URL where SAML logout requests are sent.
+ 		false
+ + +### spec.sso.saml.serviceProvider +[↩ Parent](#specssosaml) + +Service Provider (SP) configuration. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
baseAddressstring + Base address used to construct Service Provider (SP) URLs, such as the ACS URL and SLO URL. Format: [://][:]. Examples: "https://redis-ui.example.com:9443" (recommended - explicit scheme), "redis-ui.example.com:9443" (defaults to https://), "http://redis-ui.example.com:9443" (NOT recommended for production). If the scheme is not specified, the operator automatically prepends "https://". WARNING: Using "http://" is NOT recommended for production environments as it transmits sensitive SAML assertions in plaintext. Only use "http://" for testing/development purposes. If set, this value is used to construct the SP URLs. If unset, the base address is automatically determined from the REC Cluster Manager UI service: - If the UI service type is LoadBalancer (configured via spec.uiServiceType), the load balancer address is used. - Otherwise, the cluster-internal DNS name is used (e.g., rec-ui.svc.cluster.local). - The port defaults to 8443 if not specified. Usage guidelines: - For LoadBalancer services: Leave this field blank to use the default REC UI service, or set it explicitly to the LoadBalancer address for custom services. - For Ingress: Set this to the ingress hostname and port (typically 443), e.g., "https://redis-ui.example.com:443".
+ 		false
+ + ### spec.upgradeSpec [↩ Parent](#spec) -Specification for upgrades of Redis Enterprise +Redis Enterprise upgrade configuration @@ -3269,7 +3541,7 @@ Specification for upgrades of Redis Enterprise @@ -3459,6 +3731,134 @@ ResourceClaim references one entry in PodSpec.ResourceClaims.
autoUpgradeRedisEnterprise boolean - Whether to upgrade Redis Enterprise automatically when operator is upgraded
+ Enables automatic Redis Enterprise upgrades when the operator is upgraded.
 true
+### spec.userDefinedModules[] +[↩ Parent](#spec) + +UserDefinedModule represents a user-defined Redis module to be downloaded and installed during bootstrap + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the module
+ 		true
sourceobject + Source location for downloading the module
+ 		true
+ + +### spec.userDefinedModules[].source +[↩ Parent](#specuserdefinedmodules) + +Source location for downloading the module + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
httpobject + HTTP source configuration for downloading the module via HTTP
+ 		false
httpsobject + HTTPS source configuration for downloading the module via HTTPS
+ 		false
+ + +### spec.userDefinedModules[].source.http +[↩ Parent](#specuserdefinedmodulessource) + +HTTP source configuration for downloading the module via HTTP + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
urlstring + URL to download the module from (must use http:// scheme)
+ 		true
credentialsSecretstring + Name of the Kubernetes secret containing credentials for downloading the module, if needed. The secret must contain 'username' and 'password' keys.
+ 		false
+ + +### spec.userDefinedModules[].source.https +[↩ Parent](#specuserdefinedmodulessource) + +HTTPS source configuration for downloading the module via HTTPS + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
urlstring + URL to download the module from (must use https:// scheme)
+ 		true
credentialsSecretstring + Name of the Kubernetes secret containing credentials for downloading the module, if needed. The secret must contain 'username' and 'password' keys.
+ 		false
+ + ### spec.volumes[] [↩ Parent](#spec) @@ -3747,7 +4147,7 @@ Volume represents a named volume in a pod that may be accessed by any container persistenceStatus object - The status of the Persistent Volume Claims that are used for Redis Enterprise Cluster persistence. The status will correspond to the status of one or more of the PVCs (failed/resizing if one of them is in resize or failed to resize)
+ The status of the Persistent Volume Claims that are used for Redis Enterprise cluster persistence. The status will correspond to the status of one or more of the PVCs (failed/resizing if one of them is in resize or failed to resize)
false @@ -4078,7 +4478,7 @@ An API object that represents the cluster's OCSP status ### status.persistenceStatus [↩ Parent](#status) -The status of the Persistent Volume Claims that are used for Redis Enterprise Cluster persistence. The status will correspond to the status of one or more of the PVCs (failed/resizing if one of them is in resize or failed to resize) +The status of the Persistent Volume Claims that are used for Redis Enterprise cluster persistence. The status will correspond to the status of one or more of the PVCs (failed/resizing if one of them is in resize or failed to resize) diff --git a/content/operate/kubernetes/reference/api/redis_enterprise_database_api.md b/content/operate/kubernetes/reference/api/redis_enterprise_database_api.md index 3ccb0ea0bb..3d3d075310 100644 --- a/content/operate/kubernetes/reference/api/redis_enterprise_database_api.md +++ b/content/operate/kubernetes/reference/api/redis_enterprise_database_api.md @@ -96,6 +96,13 @@ RedisEnterpriseDatabaseSpec defines the desired state of RedisEnterpriseDatabase Settings for database alerts
+ + + + + @@ -245,6 +252,16 @@ RedisEnterpriseDatabaseSpec defines the desired state of RedisEnterpriseDatabase Whether this database supports RESP3 protocol. Note - Deleting this property after explicitly setting its value shall have no effect. Please view the corresponding field in RS doc for more info.
+ + + + + @@ -841,6 +858,34 @@ Dataset size has reached the threshold value [% of the memory limit] expected fi
false
auditingobject + Database auditing configuration.
+ 		false
backup object false
rofRamRatiointeger + RAM allocation ratio for Redis Flex (v2) databases as a percentage of total data size. Valid range 0-100. When omitted, RS uses the default value of 50%. Controls how much RAM is allocated per unit of data (e.g., 30% means 3MB RAM per 10MB data). RAM grows proportionally with data until rofRamSize limit is reached (if specified). Only applicable when isRof=true and Redis version >= 8.0 (BigStore v2 - Redis Flex).
+
+ Minimum: 0
+ Maximum: 100
+ 		false
rofRamSize string
+### spec.auditing +[↩ Parent](#spec) + +Database auditing configuration. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
dbConnsAuditingboolean + Enables auditing of database connection and authentication events. +When enabled, connection, authentication, and disconnection events are tracked and sent +to the configured audit listener (configured at the cluster level). +The cluster-level auditing configuration must be set before enabling this on a database.
+ 		false
+ + ### spec.backup [↩ Parent](#spec) @@ -1379,6 +1424,13 @@ RedisEnterpriseDatabaseStatus defines the observed state of RedisEnterpriseDatab Information on the database's periodic backup
false + + bigstoreVersion + integer + + BigStore version for Redis on Flash databases (1 for Auto Tiering, 2 for Redis Flex). Read-only field populated from RS.
+ + false createdTime string diff --git a/content/operate/rc/langcache/create-service.md b/content/operate/rc/langcache/create-service.md index 24b96a2489..16dfdb7cb8 100644 --- a/content/operate/rc/langcache/create-service.md +++ b/content/operate/rc/langcache/create-service.md @@ -32,19 +32,39 @@ LangCache does not support the following databases during public preview: From the [Redis Cloud console](https://cloud.redis.io/), select **LangCache** from the left-hand menu. -When you access the LangCache page for the first time, you will see a page with an introduction to LangCache. Select **Let's create a service** to create your first service. +If you have not already created a LangCache service, you'll see a page with an introduction to LangCache. Otherwise, select **New service** to go to the LangCache introduction page. -{{The Let's create a service button.}} +{{The New service button.}} -If you have already created a LangCache service, select **New service** to create another one. +From here: -{{The New service button.}} +- Select **Quick create** to create a LangCache service with default settings using your Free 30MB database. If you haven't created a Free database yet, Redis Cloud will create one and set up the LangCache service for you. + + {{The Quick create button.}} + + After Redis Cloud creates your LangCache service, a window containing your LangCache service key will appear. Select **Copy** to copy the key to your clipboard. + + {{The LangCache service key window. Use the Copy button to save the service key to the clipboard.}} + + {{}} +This is the only time the value of the user key is available. Save it to a secure location before closing the dialog box.

-This takes you to the **Create LangCache service** page. The page is divided into the following sections: +If you lose the service key value, you will need to [generate a new service key]({{< relref "/operate/rc/langcache/view-edit-cache#replace-service-api-key" >}}) to be able to use the LangCache API. + {{}} + + After your cache is created, you can [use the LangCache API]({{< relref "/operate/rc/langcache/use-langcache" >}}) from your client app. + + You can also [view and edit the cache]({{< relref "/operate/rc/langcache/view-edit-cache" >}}) and [monitor the cache's performance]({{< relref "/operate/rc/langcache/monitor-cache" >}}). + +- If you want to customize your LangCache service, select **Create custom service**. -1. The [General settings](#general-settings) section defines basic properties of your service. -1. The [Embedding settings](#embedding-settings) section defines the embedding model used by your service. -1. The [Attributes settings](#attributes-settings) section allows you to define attributes for your service. + {{The Create custom service button.}} + + This takes you to the **Create LangCache service** page. The page is divided into the following sections: + + 1. The [General settings](#general-settings) section defines basic properties of your service. + 1. The [Embedding settings](#embedding-settings) section defines the embedding model used by your service. + 1. The [Attributes settings](#attributes-settings) section allows you to define attributes for your service. ### General settings @@ -57,7 +77,7 @@ The **General settings** section defines basic properties of your service. | **Service name** | Enter a name for your LangCache service. We recommend you use a name that describes your service's purpose. | | **Select database** | Select the Redis Cloud database to use for this service from the list. | | **TTL** | The time to live (TTL) for cache entries, in milliseconds. Default: `No expiration` - items in the cache will remain until manually removed. | -| **User** | The [database access user]({{< relref "/operate/rc/security/access-control/data-access-control/role-based-access-control" >}}) to use for this service. LangCache only supports the [`default` user]({{< relref "/operate/rc/security/access-control/data-access-control/default-user" >}}) during public preview. | +| **User for this service** | The [database access user]({{< relref "/operate/rc/security/access-control/data-access-control/role-based-access-control" >}}) to use for this service. LangCache only supports the [`default` user]({{< relref "/operate/rc/security/access-control/data-access-control/default-user" >}}) during public preview. | ### Embedding settings @@ -65,11 +85,14 @@ The **Embedding settings** section defines the embedding model used by your serv {{The Embedding settings section.}} +Required settings depend on the embedding provider you select. + | Setting name |Description| |:----------------------|:----------| -| **Embedding Provider** | The embedding provider to use for your service. Select between `Redis` and `OpenAI`. | -| **Embedding provider API key** | Enter your embedding provider's API key if not using the default Redis embedding provider. | -| **Model** | Select the embedding model to use for your service. | +| **Embedding Provider** | The embedding provider to use for your service. Select between `Redis`, `OpenAI`, and `Bring your own`.
Any embedding provider you use must support the [OpenAI embeddings API](https://platform.openai.com/docs/api-reference/embeddings). | +| **Embedding provider API key** | Enter your embedding provider's API key *(`OpenAI` and `Bring your own` embedding providers only)* | +| **Embedding provider URL** | Enter your embedding provider's API URL *(`Bring your own` embedding provider only)* | +| **Model** | Select or enter the embedding model to use for your service. | | **Similarity threshold** | Set the minimum similarity score required to consider a cached response a match. Range: `0.5` to `1.0`. Default: `0.85`

A higher value means more precise matches, but if it's too high, you will compromise on the number of matches and may lose relevant matches. A lower value means more matches, but may include less relevant matches. We recommend starting between `0.8` and `0.9` and then fine-tuning based on your results. | ### Attributes settings @@ -78,7 +101,7 @@ Attributes provide powerful scoping capabilities for your LangCache operations. The **Attributes settings** section allows you to define attributes for your service. It is collapsed by default. -{{The Attributes settings section, expanded.}} +{{The Attributes settings section.}} LangCache allows you to define up to 5 custom attributes that align with your specific use case. To add a new attribute: @@ -92,7 +115,7 @@ LangCache allows you to define up to 5 custom attributes that align with your sp After you save your custom attribute, it will appear in the list of custom attributes. Use the **Delete** button to remove it. -{{Select the Delete button to delete the selected attribute.}} +{{Select the Delete button to delete the selected attribute.}} You can also select **Add attribute** again to add an additional attribute. diff --git a/content/operate/rc/langcache/monitor-cache.md b/content/operate/rc/langcache/monitor-cache.md index a250230751..0970200652 100644 --- a/content/operate/rc/langcache/monitor-cache.md +++ b/content/operate/rc/langcache/monitor-cache.md @@ -17,7 +17,7 @@ You can monitor a LangCache service's performance from the **Metrics** tab of th The **Metrics** tab provides a series of graphs showing performance data for your LangCache service. -You can switch between daily and weekly stats using the **Day** and **Week** buttons at the top of the page. Each graph also includes minimum, average, maximum, and latest values. +You can switch between hourly, daily, and weekly stats using the **Hour**, **Day**, and **Week** buttons at the top of the page. Each graph also includes minimum, average, maximum, and latest values. ## LangCache metrics reference @@ -48,8 +48,4 @@ High cache latency may indicate one of the following: - Inefficient embedding generation from the embedding provider - Large cache requiring longer comparison times - Network latency between the cache and embedding provider -- Resource constraints - -### Cache items - -The total number of entries stores in your cache. Each item includes the query string, embedding, response, and other metadata. \ No newline at end of file +- Resource constraints \ No newline at end of file diff --git a/content/operate/rc/langcache/view-edit-cache.md b/content/operate/rc/langcache/view-edit-cache.md index a60b66ec40..836bd45335 100644 --- a/content/operate/rc/langcache/view-edit-cache.md +++ b/content/operate/rc/langcache/view-edit-cache.md @@ -37,7 +37,7 @@ The **Connectivity** section provides the connection details for your LangCache |:----------------------|:----------| | **API Key** | The Bearer token for your LangCache API requests. | | **Cache ID** | The unique ID of your LangCache service. | -| **API Base URL** | The base URL for LangCache API requests. | +| **URL List** | A list of base URLs for LangCache API requests. Use the closest URL for the best performance. | Select the **Copy** button next to the Cache ID and API Base URL to copy them to the clipboard. If you lost the API key value or need to rotate the key, you can [generate a new service API key](#replace-service-api-key) at any time. @@ -51,7 +51,7 @@ To generate a new service key: 1. Select **Generate key**. - {{The Replace Key button.}} + {{The Generate Key button.}} 1. A confirmation dialog will appear. Select **Confirm** to confirm. diff --git a/static/images/rc/button-access-management-user-key-create.png b/static/images/rc/button-access-management-user-key-create.png index d5ca94a7ed..18f59510d0 100644 Binary files a/static/images/rc/button-access-management-user-key-create.png and b/static/images/rc/button-access-management-user-key-create.png differ diff --git a/static/images/rc/langcache-add-attribute.png b/static/images/rc/langcache-add-attribute.png index bb8b2fd060..f3fb24d246 100644 Binary files a/static/images/rc/langcache-add-attribute.png and b/static/images/rc/langcache-add-attribute.png differ diff --git a/static/images/rc/langcache-attribute-settings.png b/static/images/rc/langcache-attribute-settings.png index 150038c267..eb9aeb0508 100644 Binary files a/static/images/rc/langcache-attribute-settings.png and b/static/images/rc/langcache-attribute-settings.png differ diff --git a/static/images/rc/langcache-custom-attributes.png b/static/images/rc/langcache-custom-attributes.png index e11dee8542..503fb6cc6b 100644 Binary files a/static/images/rc/langcache-custom-attributes.png and b/static/images/rc/langcache-custom-attributes.png differ diff --git a/static/images/rc/langcache-custom-service.png b/static/images/rc/langcache-custom-service.png new file mode 100644 index 0000000000..81a2928a23 Binary files /dev/null and b/static/images/rc/langcache-custom-service.png differ diff --git a/static/images/rc/langcache-embedding-settings.png b/static/images/rc/langcache-embedding-settings.png index 4d5b9c7e59..e5d0f58400 100644 Binary files a/static/images/rc/langcache-embedding-settings.png and b/static/images/rc/langcache-embedding-settings.png differ diff --git a/static/images/rc/langcache-general-settings.png b/static/images/rc/langcache-general-settings.png index 45ede217a1..6d38f0a3da 100644 Binary files a/static/images/rc/langcache-general-settings.png and b/static/images/rc/langcache-general-settings.png differ diff --git a/static/images/rc/langcache-metrics.png b/static/images/rc/langcache-metrics.png index 8d662be82f..9e7a089407 100644 Binary files a/static/images/rc/langcache-metrics.png and b/static/images/rc/langcache-metrics.png differ diff --git a/static/images/rc/langcache-new-service.png b/static/images/rc/langcache-new-service.png index 303b07d215..5e97b2298e 100644 Binary files a/static/images/rc/langcache-new-service.png and b/static/images/rc/langcache-new-service.png differ diff --git a/static/images/rc/langcache-quick-create.png b/static/images/rc/langcache-quick-create.png new file mode 100644 index 0000000000..f39ed118cb Binary files /dev/null and b/static/images/rc/langcache-quick-create.png differ diff --git a/static/images/rc/langcache-replace-key.png b/static/images/rc/langcache-replace-key.png index ada2f37e1c..b3e69cab65 100644 Binary files a/static/images/rc/langcache-replace-key.png and b/static/images/rc/langcache-replace-key.png differ diff --git a/static/images/rc/langcache-service-key.png b/static/images/rc/langcache-service-key.png index 29e645f24e..6188b7e960 100644 Binary files a/static/images/rc/langcache-service-key.png and b/static/images/rc/langcache-service-key.png differ diff --git a/static/images/rc/langcache-service-list.png b/static/images/rc/langcache-service-list.png index 84242e00e7..5cf6076015 100644 Binary files a/static/images/rc/langcache-service-list.png and b/static/images/rc/langcache-service-list.png differ diff --git a/static/images/rc/langcache-view-actions.png b/static/images/rc/langcache-view-actions.png index f9927b8905..a472747948 100644 Binary files a/static/images/rc/langcache-view-actions.png and b/static/images/rc/langcache-view-actions.png differ diff --git a/static/images/rc/langcache-view-attributes.png b/static/images/rc/langcache-view-attributes.png index 8658320897..0efca57e92 100644 Binary files a/static/images/rc/langcache-view-attributes.png and b/static/images/rc/langcache-view-attributes.png differ diff --git a/static/images/rc/langcache-view-connectivity.png b/static/images/rc/langcache-view-connectivity.png index 2ee3d143d4..2b36f20a26 100644 Binary files a/static/images/rc/langcache-view-connectivity.png and b/static/images/rc/langcache-view-connectivity.png differ diff --git a/static/images/rc/langcache-view-general.png b/static/images/rc/langcache-view-general.png index 1e2ccc40e8..889896176f 100644 Binary files a/static/images/rc/langcache-view-general.png and b/static/images/rc/langcache-view-general.png differ