diff --git a/modules/ROOT/nav.adoc b/modules/ROOT/nav.adoc index bda2f674c..33b380111 100644 --- a/modules/ROOT/nav.adoc +++ b/modules/ROOT/nav.adoc @@ -66,7 +66,6 @@ ** xref:deploy:redpanda/index.adoc[Redpanda] *** xref:deploy:redpanda/kubernetes/index.adoc[Kubernetes] **** xref:deploy:redpanda/kubernetes/k-deployment-overview.adoc[Overview] -**** xref:deploy:redpanda/kubernetes/k-25.2-beta.adoc[Try v25.2] **** xref:deploy:redpanda/kubernetes/get-started-dev.adoc[Get Started] ***** xref:deploy:redpanda/kubernetes/aks-guide.adoc[Azure AKS] ***** xref:deploy:redpanda/kubernetes/eks-guide.adoc[Amazon EKS] diff --git a/modules/deploy/pages/redpanda/kubernetes/k-25.2-beta.adoc b/modules/deploy/pages/redpanda/kubernetes/k-25.2-beta.adoc deleted file mode 100644 index 6002d8efa..000000000 --- a/modules/deploy/pages/redpanda/kubernetes/k-25.2-beta.adoc +++ /dev/null @@ -1,332 +0,0 @@ -= Try the 25.2 Beta of the Redpanda Operator -:page-beta: true -:description: Deploy the 25.2 beta release of the Redpanda Operator. This version of the Redpanda Operator is cluster scope so a single instance of the Operator can manage multiple Redpanda resources in different namespaces. - -{description} - -This beta version is available for testing and feedback. It is not supported by Redpanda and should not be used in production environments. To give feedback on beta releases, reach out to the Redpanda team in https://redpanda.com/slack[Redpanda Community Slack^]. - -== Prerequisites - -Make sure that your Kubernetes cluster meets the xref:./k-requirements.adoc[requirements]. - -== Deploy Redpanda Operator v25.2.1-beta1 in cluster scope - -To deploy the Redpanda Operator in cluster scope (managing Redpanda resources across all namespaces), do the following: - -. Make sure that you have permission to install custom resource definitions (CRDs): -+ -```bash -kubectl auth can-i create CustomResourceDefinition --all-namespaces -``` -+ -You should see `yes` in the output. -+ -You need these cluster-level permissions to install glossterm:cert-manager[^] and Redpanda Operator CRDs in the next steps. - -. Install cert-manager: -+ -```bash -helm repo add jetstack https://charts.jetstack.io -helm repo update -helm install cert-manager jetstack/cert-manager \ - --set crds.enabled=true \ - --namespace cert-manager \ - --create-namespace -``` -+ -TLS is enabled by default and cert-manager is used to manage TLS certificates. - -. Deploy the Redpanda Operator: -+ -[,bash,subs="attributes+"] ----- -helm repo add redpanda https://charts.redpanda.com -helm upgrade --install redpanda-controller redpanda/operator \ - --namespace \ - --create-namespace \ - --version {operator-beta-tag} \ - --set crds.enabled=true ----- - -. Ensure that the Deployment is successfully rolled out: -+ -```bash -kubectl --namespace rollout status --watch deployment/redpanda-controller-operator -``` -+ -[.no-copy] ----- -deployment "redpanda-controller-operator" successfully rolled out ----- - -. Define a xref:reference:k-crd.adoc[Redpanda custom resource] to deploy a Redpanda cluster. -+ -.`redpanda-cluster.yaml` -[,yaml,subs="attributes+"] ----- -apiVersion: cluster.redpanda.com/v1alpha2 -kind: Redpanda -metadata: - name: redpanda - namespace: <1> ----- -+ -<1> Add your namespace. - -. If you want to use enterprise features in Redpanda, add the details of a Secret that stores your Enterprise Edition license key. -+ -.`redpanda-cluster.yaml` -[,yaml,subs="attributes+"] ----- -apiVersion: cluster.redpanda.com/v1alpha2 -kind: Redpanda -metadata: - name: redpanda - namespace: -spec: - clusterSpec: - enterprise: - licenseSecretRef: - name: - key: ----- -+ -For details, see xref:get-started:licensing/add-license-redpanda/kubernetes.adoc[]. - -. Apply the Redpanda resource: -+ -```bash -kubectl apply -f redpanda-cluster.yaml -``` - -. Wait for the Redpanda Operator to deploy the cluster: -+ -```bash -kubectl get redpanda --namespace --watch -``` -+ -[.no-copy] ----- -NAME READY STATUS -redpanda True Redpanda reconciliation succeeded ----- -+ -This step may take a few minutes. You can watch for new Pods to make sure that the deployment is progressing: -+ -```bash -kubectl get pod --namespace -``` -+ -If it's taking too long, see xref:manage:kubernetes/troubleshooting/k-troubleshoot.adoc[Troubleshooting]. - -=== Deploy multiple Redpanda clusters - -You can deploy more than one Redpanda cluster in the same Kubernetes cluster by using a different namespace and unique node ports. - -. Define a new Redpanda resource in a unique namespace. -+ -NOTE: Make sure to also use unique node ports for the listeners in your Redpanda resource so that they don't conflict with any existing node ports in your other Redpanda clusters. -+ -.`redpanda-cluster-two.yaml` -[source,yaml,subs="attributes+"] ----- -apiVersion: cluster.redpanda.com/v1alpha2 -kind: Redpanda -metadata: - name: redpanda-two - namespace: -spec: - clusterSpec: - listeners: - kafka: - external: - default: - advertisedPorts: [31093] - admin: - external: - default: - advertisedPorts: [31645] - http: - external: - default: - advertisedPorts: [30083] - rpc: - port: 33146 - schemaRegistry: - external: - default: - advertisedPorts: [30084] ----- - -. Apply the Redpanda resource: -+ -```bash -kubectl apply -f redpanda-cluster-two.yaml -``` - -== Deploy Redpanda Operator v25.2.1-beta1 in namespace scope - -To deploy the Redpanda Operator in namespace scope (managing only resources within its deployment namespace), do the following: - -. Make sure that you have permission to install custom resource definitions (CRDs): -+ -```bash -kubectl auth can-i create CustomResourceDefinition --all-namespaces -``` -+ -You should see `yes` in the output. -+ -You need these cluster-level permissions to install glossterm:cert-manager[^] and Redpanda Operator CRDs in the next steps. - -. Install cert-manager: -+ -```bash -helm repo add jetstack https://charts.jetstack.io -helm repo update -helm install cert-manager jetstack/cert-manager \ - --set crds.enabled=true \ - --namespace cert-manager \ - --create-namespace -``` -+ -TLS is enabled by default and cert-manager is used to manage TLS certificates. - -. Deploy the Redpanda Operator: -+ -[,bash,subs="attributes+"] ----- -helm upgrade --install redpanda-controller redpanda/operator \ - --namespace \ - --create-namespace \ - --version {latest-operator-version} \ - --set crds.enabled=true \ - --set 'additionalCmdFlags=["--namespace="]' <1> ----- -+ -<1> This flag restricts the Redpanda Operator to manage resources only within the specified namespace. -+ -WARNING: Do not run multiple Redpanda Operators in different scopes (cluster and namespace scope) in the same cluster as this can cause resource conflicts. - -. Ensure that the Deployment is successfully rolled out: -+ -```bash -kubectl --namespace rollout status --watch deployment/redpanda-controller-operator -``` -+ -[.no-copy] ----- -deployment "redpanda-controller-operator" successfully rolled out ----- - -. Define a xref:reference:k-crd.adoc[Redpanda custom resource] to deploy a Redpanda cluster in the same namespace as the namespace-scoped Redpanda Operator. -+ -.`redpanda-cluster.yaml` -[,yaml,subs="attributes+"] ----- -apiVersion: cluster.redpanda.com/v1alpha2 -kind: Redpanda -metadata: - name: redpanda - namespace: ----- - -. Apply the Redpanda resource: -+ -```bash -kubectl apply -f redpanda-cluster.yaml -``` - -. Wait for the Redpanda Operator to deploy the cluster: -+ -```bash -kubectl get redpanda --namespace --watch -``` -+ -[.no-copy] ----- -NAME READY STATUS -redpanda True Redpanda reconciliation succeeded ----- -+ -This step may take a few minutes. You can watch for new Pods to make sure that the deployment is progressing: -+ -```bash -kubectl get pod --namespace -``` -+ -If it's taking too long, see xref:manage:kubernetes/troubleshooting/k-troubleshoot.adoc[Troubleshooting]. - -== Uninstall Redpanda - -When you finish testing Redpanda, you can uninstall it from your Kubernetes cluster. - -Follow the steps in **exact order** to avoid race conditions between -the Redpanda Operator's reconciliation loop and Kubernetes garbage collection. - -. Delete all Redpanda-related custom resources: -+ -[,bash,role="no-wrap"] ----- -kubectl delete users --namespace --all -kubectl delete topics --namespace --all -kubectl delete schemas --namespace --all -kubectl delete redpanda --namespace --all ----- - -. Make sure requests for those resources return no results. For example, if you had a Redpanda cluster named `redpanda` in the namespace ``, run: -+ -[,bash] ----- -kubectl get redpanda --namespace ----- - -. Uninstall the Redpanda Operator Helm release: -+ -[,bash] ----- -helm uninstall redpanda-controller --namespace ----- -+ -Helm does not uninstall CRDs by default when using `helm uninstall` to avoid accidentally deleting existing custom resources. - -. Remove the CRDs. -.. List all Redpanda CRDs installed by the operator: -+ -[,bash] ----- -kubectl api-resources --api-group='cluster.redpanda.com' ----- -+ -This command displays all CRDs defined by the Redpanda Operator. For example: -+ -[,bash,role="no-wrap"] ----- -NAME SHORTNAMES APIVERSION NAMESPACED KIND -redpandas rp cluster.redpanda.com/v1alpha2 true Redpanda -schemas sc cluster.redpanda.com/v1alpha2 true Schema -topics cluster.redpanda.com/v1alpha2 true Topic -users rpu cluster.redpanda.com/v1alpha2 true User ----- - -.. Delete the CRDs: -+ -[,bash] ----- -kubectl get crds -o name | grep cluster.redpanda.com | xargs kubectl delete ----- -+ -This command lists all CRDs with the `cluster.redpanda.com` domain suffix and deletes them, ensuring only Redpanda CRDs are removed. Helm does not delete CRDs automatically to prevent data loss, so you must run this step manually. - -. (Optional) Delete any leftover PVCs or Secrets in the namespace: -+ -CAUTION: The following command deletes all PVCs and Secrets in the namespace, which may remove unrelated resources if the namespace is shared with other applications. -+ -[,bash] ----- -kubectl delete pvc,secret --all --namespace ----- - -== Next steps - -To give feedback about this beta version, reach out to the Redpanda team in https://redpanda.com/slack[Redpanda Community Slack^]. diff --git a/modules/deploy/pages/redpanda/kubernetes/k-deployment-overview.adoc b/modules/deploy/pages/redpanda/kubernetes/k-deployment-overview.adoc index a88163774..43d827022 100644 --- a/modules/deploy/pages/redpanda/kubernetes/k-deployment-overview.adoc +++ b/modules/deploy/pages/redpanda/kubernetes/k-deployment-overview.adoc @@ -41,7 +41,7 @@ To deploy Redpanda in Kubernetes, you can choose between Helm for its simplicity | Multi-tenancy management | ✅ | ⚠️ -| Helm requires separate releases to manage multiple clusters, making management more complex. The Redpanda Operator simplifies this through declarative custom resources. +| Helm requires separate releases to manage multiple clusters, making management more complex. The Redpanda Operator simplifies multi-tenancy by managing clusters across different namespaces from a single operator instance. |=== @@ -50,7 +50,7 @@ TIP: If you are already using the Redpanda Helm chart and want to migrate to the [[helm-and-redpanda-operator]] === Redpanda Operator -The Redpanda Operator is designed for production-grade Redpanda deployments, offering enhanced lifecycle management, automation, and GitOps compatibility. +The Redpanda Operator is designed for production-grade Redpanda deployments, offering enhanced lifecycle management, automation, and GitOps compatibility. The Redpanda Operator defaults to cluster scope, enabling it to manage multiple Redpanda clusters across different namespaces from a single operator instance. The Redpanda Operator directly reconciles Redpanda resources, performing tasks such as installations, updates, and cleanup. diff --git a/modules/deploy/pages/redpanda/kubernetes/k-production-deployment.adoc b/modules/deploy/pages/redpanda/kubernetes/k-production-deployment.adoc index c8b14db92..393ac8894 100644 --- a/modules/deploy/pages/redpanda/kubernetes/k-production-deployment.adoc +++ b/modules/deploy/pages/redpanda/kubernetes/k-production-deployment.adoc @@ -1,7 +1,7 @@ = Deploy Redpanda for Production in Kubernetes :description: Deploy a Redpanda cluster in Kubernetes. :tags: ["Kubernetes"] -:page-aliases: deploy:deployment-option/self-hosted/kubernetes/kubernetes-best-practices.adoc, deploy:deployment-option/self-hosted/kubernetes/redpanda-cluster-recommendations.adoc, deploy:deployment-option/self-hosted/kubernetes/kubernetes-deploy.adoc, deploy:deployment-option/self-hosted/kubernetes/k-25.1-beta.adoc, deploy:deployment-option/self-hosted/kubernetes/k-production-deployment.adoc +:page-aliases: deploy:deployment-option/self-hosted/kubernetes/kubernetes-best-practices.adoc, deploy:deployment-option/self-hosted/kubernetes/redpanda-cluster-recommendations.adoc, deploy:deployment-option/self-hosted/kubernetes/kubernetes-deploy.adoc, deploy:deployment-option/self-hosted/kubernetes/k-25.1-beta.adoc, deploy:deployment-option/self-hosted/kubernetes/k-production-deployment.adoc, deploy:redpanda/kubernetes/k-25.2-beta.adoc :page-toclevels: 1 :env-kubernetes: true :page-categories: Deployment, GitOps @@ -18,7 +18,7 @@ You must already have a ConfigMap that stores your `io-config.yaml` file. See xr To deploy Redpanda and Redpanda Console, you can use the following tools: -- *Redpanda Operator*: The Redpanda Operator extends Kubernetes with custom resource definitions (CRDs), allowing you to define Redpanda clusters as native Kubernetes resources. The resource that the Redpanda Operator uses to represent a Redpanda cluster is the Redpanda resource. +- *Redpanda Operator*: The Redpanda Operator extends Kubernetes with custom resource definitions (CRDs), allowing you to define Redpanda clusters as native Kubernetes resources. The resource that the Redpanda Operator uses to represent a Redpanda cluster is the Redpanda resource. The Redpanda Operator can be deployed in either cluster scope (managing resources across all namespaces) or namespace scope (managing resources within a single namespace). - *Helm*: https://helm.sh/docs[Helm^] is a package manager for Kubernetes, which simplifies the process of defining, installing, and upgrading Kubernetes applications. Helm uses charts, a collection of files that describe a related set of Kubernetes resources, to deploy applications in a Kubernetes cluster. TIP: For more details about the differences between these two methods, see xref:deploy:redpanda/kubernetes/k-deployment-overview.adoc[]. @@ -29,7 +29,12 @@ Operator:: + -- -NOTE: The Redpanda Operator is namespace scoped. You must install the Redpanda Operator in the same namespace as your Redpanda resource (Redpanda cluster). +The Redpanda Operator can be deployed in two different scopes: + +- *Cluster scope* (recommended): The Redpanda Operator manages Redpanda resources across all namespaces in your Kubernetes cluster. This provides centralized management and is ideal for production environments. +- *Namespace scope*: The Redpanda Operator manages Redpanda resources only within a specific namespace. This provides better isolation and is suitable when you need strict namespace boundaries. + +WARNING: Do not run multiple Redpanda Operators in different scopes (cluster and namespace scope) in the same cluster as this can cause resource conflicts. . Make sure that you have permission to install custom resource definitions (CRDs): + @@ -54,7 +59,7 @@ helm install cert-manager jetstack/cert-manager \ + The Redpanda Helm chart enables TLS by default and uses cert-manager to manage TLS certificates. -. Deploy the Redpanda Operator. +. Deploy the Redpanda Operator in your chosen scope: + include::deploy:partial$kubernetes/deploy-operator.adoc[] @@ -78,6 +83,7 @@ apiVersion: cluster.redpanda.com/v1alpha2 kind: Redpanda metadata: name: redpanda + namespace: spec: clusterSpec: #enterprise: @@ -99,6 +105,7 @@ spec: ---- + - `metadata.name`: Name to assign the Redpanda cluster. +- `metadata.namespace`: For cluster-scoped deployment, specify any namespace. For namespace-scoped deployment, must be the same namespace where the Redpanda Operator is deployed. - xref:reference:k-crd.adoc#k8s-api-github-com-redpanda-data-redpanda-operator-api-redpanda-v1alpha2-redpandaclusterspec[`spec.clusterSpec`]: This is where you can override default values in the Redpanda Helm chart. Here, you mount the <> to the Pods that run Redpanda. For other configuration details, see <>. - `spec.clusterSpec.enterprise`: If you want to use enterprise features in Redpanda, uncomment this section and add the details of a Secret that stores your Enterprise Edition license key. For details, see xref:get-started:licensing/index.adoc[]. - `spec.clusterSpec.image.tag`: Deploys the latest version of Redpanda. @@ -107,15 +114,13 @@ spec: . Apply the Redpanda resource: + ```bash -kubectl apply -f redpanda-cluster.yaml --namespace +kubectl apply -f redpanda-cluster.yaml ``` -+ -NOTE: The Redpanda resource must be deployed in the same namespace as the Redpanda Operator. Each new deployment of Redpanda requires a separate namespace. . Wait for the Redpanda Operator to deploy Redpanda using the Helm chart: + ```bash -kubectl get redpanda --namespace --watch +kubectl get redpanda --namespace --watch ``` + [.no-copy] @@ -127,7 +132,7 @@ redpanda True Redpanda reconciliation succeeded This step may take a few minutes. You can watch for new Pods to make sure that the deployment is progressing: + ```bash -kubectl get pod --namespace +kubectl get pod --namespace ``` + If it's taking too long, see xref:manage:kubernetes/troubleshooting/k-troubleshoot.adoc[Troubleshooting]. @@ -135,7 +140,7 @@ If it's taking too long, see xref:manage:kubernetes/troubleshooting/k-troublesho . Verify that each Redpanda broker is scheduled on only one Kubernetes node: + ```bash -kubectl get pod --namespace \ +kubectl get pod --namespace \ -o=custom-columns=NODE:.spec.nodeName,NAME:.metadata.name -l \ app.kubernetes.io/component=redpanda-statefulset ``` @@ -250,6 +255,160 @@ example-worker redpanda-2 -- ==== +== Deploy multiple Redpanda clusters + +You can deploy multiple Redpanda clusters in the same Kubernetes cluster. This is useful for creating separate environments (such as production, staging, and development) or for organizing clusters by application or team. + +[tabs] +==== +Operator:: ++ +-- + +When using the Redpanda Operator, you can deploy multiple Redpanda clusters by creating separate Redpanda custom resources. + +*Requirements:* + +- Use a cluster-scoped Redpanda Operator deployment (recommended) or separate namespace-scoped operators in different namespaces +- Each cluster must be deployed in a unique namespace +- Configure unique external port numbers for each cluster to avoid conflicts + +. Create a second Redpanda cluster in a different namespace: ++ +.`redpanda-cluster-two.yaml` +[,yaml,subs="attributes+"] +---- +apiVersion: cluster.redpanda.com/v1alpha2 +kind: Redpanda +metadata: + name: redpanda-staging + namespace: redpanda-staging +spec: + clusterSpec: + image: + tag: {latest-redpanda-tag} + listeners: + kafka: + external: + default: + advertisedPorts: [31093] <1> + admin: + external: + default: + advertisedPorts: [31645] <1> + http: + external: + default: + advertisedPorts: [30083] <1> + rpc: + port: 33146 <1> + schemaRegistry: + external: + default: + advertisedPorts: [30084] <1> + statefulset: + extraVolumes: |- + - name: redpanda-io-config + configMap: + name: redpanda-io-config + extraVolumeMounts: |- + - name: redpanda-io-config + mountPath: /etc/redpanda-io-config + additionalRedpandaCmdFlags: + - "--io-properties-file=/etc/redpanda-io-config/io-config.yaml" +---- ++ +<1> Configure unique port numbers for each cluster to avoid conflicts. Ensure these ports don't conflict with your first cluster's configuration. + +. Apply the second Redpanda resource: ++ +```bash +kubectl apply -f redpanda-cluster-two.yaml +``` + +. Wait for the second cluster to be ready: ++ +```bash +kubectl get redpanda --namespace redpanda-staging --watch +``` + +-- +Helm:: ++ +-- + +When using Helm, deploy multiple Redpanda clusters by using separate namespaces and unique release names for each deployment. + +*Requirements:* + +- Each cluster must be deployed in a unique namespace +- Use unique Helm release names for each deployment +- Configure unique external port numbers for each cluster to avoid conflicts + +. Create configuration values for your second cluster: ++ +.`redpanda-staging-values.yaml` +[,yaml,subs="attributes+"] +---- +image: + tag: {latest-redpanda-tag} +nameOverride: 'redpanda-staging' +fullnameOverride: 'redpanda-staging' +listeners: + kafka: + external: + default: + advertisedPorts: [31093] <1> + admin: + external: + default: + advertisedPorts: [31645] <1> + http: + external: + default: + advertisedPorts: [30083] <1> + rpc: + port: 33146 <1> + schemaRegistry: + external: + default: + advertisedPorts: [30084] <1> +statefulset: + extraVolumes: |- + - name: redpanda-io-config + configMap: + name: redpanda-io-config + extraVolumeMounts: |- + - name: redpanda-io-config + mountPath: /etc/redpanda-io-config + additionalRedpandaCmdFlags: + - "--io-properties-file=/etc/redpanda-io-config/io-config.yaml" +---- ++ +<1> Configure unique port numbers for each cluster to avoid conflicts. Ensure these ports don't conflict with your first cluster's configuration. + +. Install the second Redpanda cluster using a unique release name and namespace: ++ +[source,bash,subs="attributes+"] +---- +helm install redpanda-staging redpanda/redpanda \ + --version {latest-redpanda-helm-chart-version} \ + --namespace redpanda-staging \ + --create-namespace \ + --values redpanda-staging-values.yaml +---- + +. Wait for the second cluster to be ready: ++ +```bash +kubectl --namespace redpanda-staging rollout status statefulset redpanda-staging --watch +``` + +-- +==== + +IMPORTANT: When deploying multiple clusters, ensure that external listener ports are unique across all clusters to prevent conflicts. Also consider resource allocation and node capacity when planning multiple cluster deployments. + [[config]] == Production considerations @@ -593,7 +752,6 @@ rbac: annotations: {} ---- -NOTE: If you use the Redpanda Operator, you must also deploy the Redpanda Operator Helm chart with `rbac.createRPKBundleCRs` set to `true` to give it the required roles. See also: xref:manage:kubernetes/k-rack-awareness.adoc[] diff --git a/modules/deploy/partials/kubernetes/deploy-operator.adoc b/modules/deploy/partials/kubernetes/deploy-operator.adoc index 314f94489..dfb841991 100644 --- a/modules/deploy/partials/kubernetes/deploy-operator.adoc +++ b/modules/deploy/partials/kubernetes/deploy-operator.adoc @@ -1,4 +1,7 @@ +:latest-operator-version: 25.2.0 ifdef::latest-operator-version[] +.. To deploy in cluster scope, use: ++ [,bash,subs="attributes+"] ---- helm repo add redpanda https://charts.redpanda.com @@ -13,15 +16,21 @@ helm upgrade --install redpanda-controller redpanda/operator \ <1> This flag specifies the exact version of the Redpanda Operator Helm chart to use for deployment. By setting this value, you pin the chart to a specific version, which prevents automatic updates that might introduce breaking changes or new features that have not been tested in your environment. <2> This flag ensures that the CRDs are installed as part of the Redpanda Operator deployment. + -:note-caption: Older versions of the Redpanda Operator -+ -[NOTE] -======== -The `--set crds.enabled=true` flag is only supported in Redpanda Operator **v25.1.1 and later**. +This command deploys the Redpanda Operator in cluster scope (default in v25.2+), allowing it to manage Redpanda clusters across multiple namespaces. -If you deploy an earlier version (such as v2.4.x), you must install the CRDs separately. See the xref:25.1@ROOT:deploy:deployment-option/self-hosted/kubernetes/k-production-deployment.adoc[v2.4.x deployment documentation] for more information. -======== -:note-caption: Note +.. To deploy in namespace scope (managing only resources within its deployment namespace), use: ++ +[,bash,subs="attributes+"] +---- +helm upgrade --install redpanda-controller redpanda/operator \ + --namespace \ + --create-namespace \ + --version {latest-operator-version} \ + --set crds.enabled=true \ + --set 'additionalCmdFlags=["--namespace="]' <1> +---- ++ +<1> This flag restricts the Redpanda Operator to manage resources only within the specified namespace. endif::[] ifndef::latest-operator-version[] [,bash,subs="attributes+"] diff --git a/modules/get-started/pages/release-notes/operator.adoc b/modules/get-started/pages/release-notes/operator.adoc index 18cede941..603031032 100644 --- a/modules/get-started/pages/release-notes/operator.adoc +++ b/modules/get-started/pages/release-notes/operator.adoc @@ -9,11 +9,11 @@ See also: * xref:upgrade:k-compatibility.adoc[] * xref:upgrade:k-rolling-upgrade.adoc[] -== Redpanda Operator v25.2.x (beta) +NOTE: Redpanda Console v3 is **not yet available when deploying with the Redpanda Operator**. The Redpanda Operator continues to deploy Redpanda Console v2. To try Redpanda Console v3, you can deploy the link:https://artifacthub.io/packages/helm/redpanda-data/console[standalone Redpanda Console Helm chart^] or xref:deploy:deployment-option/self-hosted/kubernetes/k-production-deployment.adoc[deploy Redpanda using the Redpanda Helm chart] instead of the Redpanda Operator. -link:https://github.com/redpanda-data/redpanda-operator/blob/release/v25.2.x/operator/CHANGELOG.md[Changelog^]. +== Redpanda Operator v25.2.x -See also: xref:deploy:redpanda/kubernetes/k-25.2-beta.adoc[]. +link:https://github.com/redpanda-data/redpanda-operator/blob/release/v25.2.x/operator/CHANGELOG.md[Changelog^] === Cluster scope by default @@ -25,15 +25,28 @@ Starting in v25.2, the Redpanda Operator defaults to cluster scope instead of na * **Cross-namespace management**: Deploy the operator in a dedicated namespace (such as `redpanda-system`) while managing clusters in application namespaces. * **Simplified RBAC for debug bundles**: The Redpanda Operator now provides all required permissions for `rpk` debug bundle collection by default. The `rbac.createRPKBundleCRs` flag is no longer needed. -== Redpanda Operator v25.1.x (GA) +==== Migration considerations -link:https://github.com/redpanda-data/redpanda-operator/blob/release/v25.1.x/operator/CHANGELOG.md[Changelog^] +If you're upgrading from a previous version that used namespace-scoped operators: + +* **No manual steps required**: The Redpanda Operator automatically reconciles existing Redpanda clusters across namespaces. +* **New deployments default to cluster scope**: Regardless of which namespace you deploy the Redpanda Operator to (including `default`). +* **Delete extra Redpanda Operator deployments**: After upgrading, ensure only one Redpanda Operator remains in the cluster (the one running in cluster scope). Use `helm uninstall` to remove any other Redpanda Operator deployments from previous namespace-scoped installations. + +To maintain namespace scope, use the `--set 'additionalCmdFlags=["--namespace="]'` flag when installing or upgrading the Redpanda Operator. The `--namespace` flag in the helm command only specifies which namespace to deploy the Redpanda Operator into and does not affect its operational scope. + +WARNING: Do not run multiple Redpanda Operators in different scopes (cluster and namespace scope) in the same cluster as this can cause resource conflicts. -=== Redpanda Console v3 +==== RBAC requirements -Redpanda Console v3 is **not yet available when deploying with the Redpanda Operator**, due to pending CRD updates. The Redpanda Operator continues to deploy Redpanda Console v2. xref:24.3@ROOT:console:index.adoc[View the Redpanda Console v2 documentation]. +Important RBAC considerations for v25.2+: -To try Redpanda Console v3 in Kubernetes, you can xref:deploy:redpanda/kubernetes/k-production-deployment.adoc[deploy Redpanda using the Redpanda Helm chart] instead of the Redpanda Operator. Redpanda Console v3 introduces support for unified authentication and authorization with Redpanda, including user impersonation. +* **ClusterRole permissions always required**: Regardless of whether you use cluster or namespace scope, the Redpanda Operator always needs ClusterRole permissions. +* **Automatic configuration**: These permissions are automatically configured when you install the Redpanda Operator. + +== Redpanda Operator v25.1.x (GA) + +link:https://github.com/redpanda-data/redpanda-operator/blob/release/v25.1.x/operator/CHANGELOG.md[Changelog^] === Multiple Operator instances (deprecated) diff --git a/modules/manage/pages/kubernetes/k-rack-awareness.adoc b/modules/manage/pages/kubernetes/k-rack-awareness.adoc index ab7377dee..65eb182b1 100644 --- a/modules/manage/pages/kubernetes/k-rack-awareness.adoc +++ b/modules/manage/pages/kubernetes/k-rack-awareness.adoc @@ -17,7 +17,6 @@ You must have the following: * https://kubernetes.io/docs/tasks/tools/#kubectl[Kubectl^]: Ensure you have the `kubectl` command-line tool installed and configured to communicate with your cluster. -* If you use the xref:deploy:deployment-option/self-hosted/kubernetes/kubernetes-deploy.adoc[Redpanda Operator], you must deploy it with the `--set rbac.createRPKBundleCRs=true` flag to give it the required ClusterRoles to read node labels and annotations. == Annotate or label Node resources diff --git a/modules/migrate/pages/kubernetes/helm-to-operator.adoc b/modules/migrate/pages/kubernetes/helm-to-operator.adoc index 5b59da8b8..e3a46521e 100644 --- a/modules/migrate/pages/kubernetes/helm-to-operator.adoc +++ b/modules/migrate/pages/kubernetes/helm-to-operator.adoc @@ -88,7 +88,7 @@ You should see `yes` in the output. + You need these cluster-level permissions to install the Redpanda Operator CRDs in the next steps. -. Install the Redpanda Operator *in the same namespace as your Redpanda Helm chart*: +. Install the Redpanda Operator. Starting in v25.2, the Redpanda Operator can manage Redpanda clusters in any namespace: + include::deploy:partial$kubernetes/deploy-operator.adoc[] @@ -138,7 +138,7 @@ spec: TIP: The Redpanda CRD is compatible with the version of the Helm chart defined in the operator. For details on the structure and configuration options of the Redpanda custom resource, refer to the xref:reference:k-crd.adoc#redpandaclusterspec[Redpanda Operator CRD reference]. -- -. Adopt the Redpanda cluster by creating an instance of the Redpanda custom resource in the same namespace as the Redpanda Operator: +. Adopt the Redpanda cluster by creating an instance of the Redpanda custom resource: + ```bash kubectl apply -f redpanda-cluster.yaml --namespace diff --git a/modules/troubleshoot/partials/debug-bundle/generate-rpk.adoc b/modules/troubleshoot/partials/debug-bundle/generate-rpk.adoc index 246a6db53..ad103dc9c 100644 --- a/modules/troubleshoot/partials/debug-bundle/generate-rpk.adoc +++ b/modules/troubleshoot/partials/debug-bundle/generate-rpk.adoc @@ -48,7 +48,7 @@ spec: kubectl apply -f redpanda-cluster.yaml --namespace ``` -NOTE: You must deploy the Redpanda Operator with the `--set rbac.createRPKBundleCRs=true` flag to give it the required ClusterRoles. + -- Helm:: diff --git a/modules/troubleshoot/partials/errors-and-solutions.adoc b/modules/troubleshoot/partials/errors-and-solutions.adoc index a06ea4f0c..cce84a11e 100644 --- a/modules/troubleshoot/partials/errors-and-solutions.adoc +++ b/modules/troubleshoot/partials/errors-and-solutions.adoc @@ -245,18 +245,7 @@ helm repo update //end::deployment-name-exists[] -//tag::deployment-forbidden-debug-bundle[] -=== redpanda-rpk-debug-bundle is forbidden -If you see this error, your Redpanda Operator's RBAC settings are out of sync with the Pod-level RBAC in the Redpanda resource: - -[.no-copy] ----- -… forbidden: user "…-operator" … attempting to grant RBAC permissions not currently held … ----- - -To fix this error, make sure you haven't disabled xref:reference:k-operator-helm-spec.adoc#rbac-createrpkbundlecrs[`rbac.createRPKBundleCRs`] in the Redpanda Operator chart while still leaving xref:reference:k-crd.adoc#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-rbac[`spec.clusterSpec.rbac.rpkDebugBundle`] enabled in your Redpanda resource. Either enable both or disable both. -//end::deployment-forbidden-debug-bundle[] //tag::deployment-data-dir-not-writable[] === Fatal error during checker "Data directory is writable" execution diff --git a/modules/upgrade/pages/k-compatibility.adoc b/modules/upgrade/pages/k-compatibility.adoc index 9196c021f..5807fe079 100644 --- a/modules/upgrade/pages/k-compatibility.adoc +++ b/modules/upgrade/pages/k-compatibility.adoc @@ -13,7 +13,7 @@ The Redpanda Helm chart and Redpanda Operator are versioned and tested alongside Starting from version 25.1.1, the Redpanda Operator and Redpanda Helm chart follow a new versioning scheme aligned with Redpanda core releases: -- `v25.1` refers to the Redpanda core feature release deployed by default. +- `25.1` refers to the Redpanda core feature release deployed by default. - The patch version denotes the patch version for either the operator or Helm chart. It is not the patch version of Redpanda core. @@ -37,7 +37,13 @@ Redpanda Core has no direct dependency on Kubernetes. Compatibility is influence |=== |Redpanda Core / `rpk` |Helm Chart |Operator Helm Chart |Operator |Helm CLI |Kubernetes -.1+|25.2.x +.2+|25.2.x + +|25.2.x +|25.2.x +|25.2.x +|3.12+ +d|1.30.x - 1.33.x{fn-k8s-compatibility} |25.1.x |25.2-beta1, 25.1.x @@ -123,12 +129,12 @@ Upgrading the Helm chart may also upgrade Redpanda Console. Because of this buil |Redpanda Console |Helm Chart |Operator |v3.x.x -|25.1.x +|25.2.x, 25.1.x |Not yet supported |v2.x.x |5.10.1, 5.9.x, 5.8.x -|25.1.x, 2.4.x, 2.3.x, 2.2.x +|25.2.x, 25.1.x, 2.4.x, 2.3.x, 2.2.x |=== diff --git a/modules/upgrade/pages/k-upgrade-operator.adoc b/modules/upgrade/pages/k-upgrade-operator.adoc index 5c28bcf83..8ff194ac8 100644 --- a/modules/upgrade/pages/k-upgrade-operator.adoc +++ b/modules/upgrade/pages/k-upgrade-operator.adoc @@ -7,7 +7,7 @@ . Make sure to https://github.com/redpanda-data/redpanda-operator/releases[review the release notes^] to understand any significant changes, bug fixes, or potential disruptions that could affect your existing deployment. -. xref:upgrade:k-compatibility.adoc[Review the Kubernetes compatibility matrix] and determine the version of the Redpanda Operator that is compatible with the Helm chart version you plan to use. The Redpanda Operator must be able to understand and manage the Helm chart and the Redpanda version you are deploying. +. xref:upgrade:k-compatibility.adoc[Review the Kubernetes compatibility matrix]. . Back up your current Helm values for the Redpanda Operator Helm chart: +