redis
diff --git a/‎content/operate/kubernetes/logs/_index.md‎
Lines changed: 1 addition & 0 deletions b/‎content/operate/kubernetes/logs/_index.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎content/operate/kubernetes/logs/log-collector-rbac.md‎
Lines changed: 203 additions & 0 deletions b/‎content/operate/kubernetes/logs/log-collector-rbac.md‎
Lines changed: 203 additions & 0 deletions
diff --git a/‎content/operate/kubernetes/reference/_index.md‎
Lines changed: 13 additions & 0 deletions b/‎content/operate/kubernetes/reference/_index.md‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎content/operate/kubernetes/reference/yaml-examples/_index.md‎
Lines changed: 111 additions & 0 deletions b/‎content/operate/kubernetes/reference/yaml-examples/_index.md‎
Lines changed: 111 additions & 0 deletions
@@ -18,6 +18,7 @@ Access and manage Redis Enterprise logs on Kubernetes for monitoring, troublesho
 Learn how to collect and access logs from your Redis Enterprise deployment:
 
 - [Collect logs]({{< relref "/operate/kubernetes/logs/collect-logs" >}}) - Methods for collecting logs from Redis Enterprise pods and containers
+- [Log collector RBAC]({{< relref "/operate/kubernetes/logs/log-collector-rbac" >}}) - RBAC configurations for log collection in restricted and all modes
 
 ## Log storage and access
 
 
@@ -0,0 +1,203 @@
+---
+Title: Log collector RBAC
+alwaysopen: false
+categories:
+- docs
+- operate
+- kubernetes
+description: RBAC configurations for Redis Enterprise log collector in all and restricted modes.
+linkTitle: Log collector RBAC
+weight: 20
+---
+
+This page provides YAML examples for configuring RBAC permissions for the Redis Enterprise log collector tool. The log collector requires different permission levels depending on the collection mode you choose.
+
+## Overview
+
+The Redis Enterprise log collector script helps gather diagnostic information for troubleshooting. It has two collection modes that require different RBAC permissions:
+
+- **Restricted mode**: Collects only Redis Enterprise-related resources and logs (default for versions 6.2.18-3+)
+- **All mode**: Collects comprehensive cluster information including non-Redis resources (default for versions 6.2.12-1 and earlier)
+
+## When to use each mode
+
+### Restricted mode (recommended)
+
+Use restricted mode when:
+- You want to minimize security exposure
+- Your organization has strict RBAC policies
+- You only need Redis Enterprise-specific troubleshooting data
+- You're running version 6.2.18-3 or later (default mode)
+
+### All mode
+
+Use all mode when:
+- You need comprehensive cluster diagnostics
+- Redis Support specifically requests additional cluster information
+- You're troubleshooting complex issues that may involve non-Redis resources
+- You're running version 6.2.12-1 or earlier (default mode)
+
+## Permission differences
+
+The key differences between the two modes:
+
+| Resource Category | Restricted Mode | All Mode |
+|------------------|----------------|----------|
+| **Cluster-level resources** | Limited | Full access |
+| **Node information** | ❌ No access | ✅ Full access |
+| **Storage classes** | ❌ No access | ✅ Full access |
+| **Volume attachments** | ❌ No access | ✅ Full access |
+| **Certificate signing requests** | ❌ No access | ✅ Full access |
+| **Operator resources** | ❌ No access | ✅ Full access |
+| **Istio resources** | ❌ No access | ✅ Full access |
+
+## Restricted mode RBAC
+
+Use restricted mode for minimal security exposure while still collecting essential Redis Enterprise diagnostics.
+
+**File: `log-collector-restricted-rbac.yaml`**
+
+{{<embed-md "k8s/log_collector_role_restricted_mode.md">}}
+
+### Restricted mode permissions
+
+The restricted mode provides access to:
+
+**Role permissions (namespace-scoped):**
+- **Pods and logs**: Read pod information and access container logs
+- **Pod exec**: Execute commands inside containers for diagnostics
+- **Core resources**: Access to services, endpoints, ConfigMaps, secrets, and storage resources
+- **Workload resources**: Read deployments, StatefulSets, DaemonSets, and jobs
+- **Redis Enterprise resources**: Full read access to all Redis Enterprise custom resources
+- **Networking**: Read ingress and network policy configurations
+- **OpenShift routes**: Read route configurations (for OpenShift environments)
+
+**ClusterRole permissions (cluster-scoped):**
+- **Persistent volumes**: Read cluster-wide storage information
+- **Namespaces**: Read namespace information
+- **RBAC**: Read cluster roles and bindings
+- **Custom resource definitions**: Read Redis Enterprise CRDs
+- **Admission controllers**: Read ValidatingWebhook configurations
+
+## All mode RBAC
+
+Use all mode when you need comprehensive cluster diagnostics or when specifically requested by Redis Support.
+
+**File: `log-collector-all-rbac.yaml`**
+
+{{<embed-md "k8s/log_collector_role_all_mode.md">}}
+
+### All mode additional permissions
+
+In addition to all restricted mode permissions, all mode provides:
+
+**Additional ClusterRole permissions:**
+- **Nodes**: Read cluster node information and status
+- **Storage classes**: Read storage class configurations
+- **Volume attachments**: Read volume attachment status
+- **Certificate signing requests**: Read certificate management information
+- **Operator resources**: Read OLM (Operator Lifecycle Manager) resources
+- **Istio resources**: Read Istio service mesh configurations
+
+## Role binding
+
+Bind the Role to your service account in each namespace where you want to collect logs.
+
+**File: `log-collector-role-binding.yaml`**
+
+```yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: redis-enterprise-log-collector
+  namespace: <target-namespace>
+subjects:
+- kind: ServiceAccount
+  name: redis-enterprise-log-collector
+  namespace: <service-account-namespace>
+roleRef:
+  kind: Role
+  name: redis-enterprise-log-collector
+  apiGroup: rbac.authorization.k8s.io
+```
+
+## Cluster role binding
+
+Bind the ClusterRole to your service account for cluster-wide permissions.
+
+**File: `log-collector-cluster-role-binding.yaml`**
+
+```yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: redis-enterprise-log-collector
+subjects:
+- kind: ServiceAccount
+  name: redis-enterprise-log-collector
+  namespace: <service-account-namespace>
+roleRef:
+  kind: ClusterRole
+  name: redis-enterprise-log-collector
+  apiGroup: rbac.authorization.k8s.io
+```
+
+## Usage
+
+Apply the appropriate RBAC configuration and role bindings, then run the log collector with the desired mode:
+
+```bash
+# Restricted mode (default for 6.2.18-3+)
+python log_collector.py -m restricted -n <namespace>
+
+# All mode
+python log_collector.py -m all -n <namespace>
+```
+
+## Security considerations
+
+### Principle of least privilege
+
+- **Start with restricted mode**: Use restricted mode unless you specifically need additional cluster information
+- **Limit namespace access**: Only grant permissions in namespaces where log collection is needed
+- **Time-bound access**: Consider creating temporary RBAC resources for log collection activities
+
+### Sensitive data handling
+
+Both modes collect:
+- **Secrets metadata**: Names and types of secrets (not the actual secret values)
+- **ConfigMap data**: Configuration information that may contain sensitive settings
+- **Pod logs**: Application logs that may contain sensitive information
+
+Ensure collected logs are handled according to your organization's data security policies.
+
+## Troubleshooting
+
+### Permission denied errors
+
+If you encounter permission errors:
+
+1. **Verify RBAC resources**: Ensure roles and bindings are applied correctly
+2. **Check service account**: Confirm the service account has the necessary bindings
+3. **Validate namespace access**: Ensure role bindings exist in target namespaces
+4. **Review mode requirements**: Verify you're using the correct mode for your needs
+
+### Missing resources
+
+If the log collector reports missing resources:
+
+1. **Check cluster role permissions**: Ensure ClusterRole is applied and bound
+2. **Verify CRD access**: Confirm access to Redis Enterprise custom resource definitions
+3. **Review mode selection**: Consider switching to all mode if additional resources are needed
+
+## Next steps
+
+- [Learn about log collection]({{< relref "/operate/kubernetes/logs/collect-logs" >}})
+- [Explore YAML deployment examples]({{< relref "/operate/kubernetes/reference/yaml-examples" >}})
+- [Configure monitoring]({{< relref "/operate/kubernetes/re-clusters/connect-prometheus-operator" >}})
+
+## Related documentation
+
+- [Collect logs guide]({{< relref "/operate/kubernetes/logs/collect-logs" >}})
+- [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
+- [Redis Enterprise troubleshooting]({{< relref "/operate/kubernetes/logs" >}})
@@ -72,6 +72,19 @@ kubectl delete rec my-cluster
 
 **Important:** Always delete databases (REDB) before deleting the cluster (REC) to ensure proper cleanup.
 
+## YAML examples
+
+Complete YAML examples for common deployment scenarios:
+
+- [YAML examples]({{< relref "/operate/kubernetes/reference/yaml-examples" >}}) - Ready-to-use YAML configurations for different deployment types
+
+### Example categories
+
+- [Basic deployment]({{< relref "/operate/kubernetes/reference/yaml-examples/basic-deployment" >}}) - Essential YAML files for simple Redis Enterprise deployment
+- [Rack awareness]({{< relref "/operate/kubernetes/reference/yaml-examples/rack-awareness" >}}) - YAML examples for rack-aware deployments across availability zones
+- [Active-Active]({{< relref "/operate/kubernetes/reference/yaml-examples/active-active" >}}) - YAML examples for Active-Active databases across multiple clusters
+- [Multi-namespace]({{< relref "/operate/kubernetes/reference/yaml-examples/multi-namespace" >}}) - YAML examples for deploying across multiple namespaces
+
 ## API reference
 
 Complete API specifications for all Redis Enterprise custom resources:
 
@@ -0,0 +1,111 @@
+---
+Title: YAML examples
+alwaysopen: false
+categories:
+- docs
+- operate
+- kubernetes
+description: Example YAML files for deploying Redis Enterprise on Kubernetes with different configurations.
+hideListLinks: true
+linkTitle: YAML examples
+weight: 85
+---
+
+This section provides complete YAML examples for common Redis Enterprise for Kubernetes deployment scenarios. Each example includes the necessary configuration files and step-by-step instructions for editing and applying them.
+
+## How to use these examples
+
+### Download and customize
+
+1. Copy the YAML content from the examples below
+2. Save each YAML block to a separate file with a descriptive name
+3. Edit the configuration values to match your environment
+4. Apply the files in the correct order using `kubectl apply`
+
+### Configuration storage
+
+Redis Enterprise for Kubernetes stores configuration in several places:
+
+- **Custom resources**: Cluster and database specifications are stored as Kubernetes custom resources (REC, REDB, REAADB, RERC)
+- **Secrets**: Sensitive data like passwords and certificates are stored in Kubernetes secrets
+- **ConfigMaps**: Non-sensitive configuration data is stored in ConfigMaps
+- **RBAC resources**: Permissions are defined through Roles, ClusterRoles, and their bindings
+
+### Applying YAML files
+
+Apply YAML files using `kubectl apply`:
+
+```bash
+# Apply a single file
+kubectl apply -f my-config.yaml
+
+# Apply multiple files
+kubectl apply -f rbac/ -f cluster/ -f database/
+
+# Apply with validation
+kubectl apply --dry-run=client -f my-config.yaml
+```
+
+### Monitoring deployment
+
+Check the status of your resources after applying:
+
+```bash
+# Check operator deployment
+kubectl get deployment redis-enterprise-operator
+
+# Check cluster status
+kubectl get rec
+kubectl describe rec <cluster-name>
+
+# Check database status
+kubectl get redb
+kubectl describe redb <database-name>
+
+# View events for troubleshooting
+kubectl get events --sort-by=.metadata.creationTimestamp
+```
+
+## Example categories
+
+### Basic deployment
+
+Essential YAML files for a simple Redis Enterprise deployment:
+
+- [Basic deployment examples]({{< relref "/operate/kubernetes/reference/yaml-examples/basic-deployment" >}}) - Service account, RBAC, cluster, and database configurations
+
+### Rack awareness
+
+YAML examples for rack-aware deployments that distribute Redis Enterprise nodes across availability zones:
+
+- [Rack awareness examples]({{< relref "/operate/kubernetes/reference/yaml-examples/rack-awareness" >}}) - Rack-aware cluster configuration and required RBAC
+
+### Active-Active
+
+YAML examples for Active-Active database deployments across multiple clusters:
+
+- [Active-Active examples]({{< relref "/operate/kubernetes/reference/yaml-examples/active-active" >}}) - Multi-cluster Active-Active database setup
+
+### Multi-namespace
+
+YAML examples for deploying Redis Enterprise across multiple namespaces:
+
+- [Multi-namespace examples]({{< relref "/operate/kubernetes/reference/yaml-examples/multi-namespace" >}}) - Cross-namespace operator and cluster configurations
+
+## Best practices
+
+When working with these YAML examples:
+
+- **Start simple**: Begin with basic deployment examples before moving to advanced configurations
+- **Validate syntax**: Use `kubectl apply --dry-run=client` to check YAML syntax before applying
+- **Version control**: Store your customized YAML files in version control
+- **Environment-specific values**: Use separate YAML files or tools like Kustomize for environment-specific configurations
+- **Resource naming**: Use consistent, descriptive names for all resources
+- **Documentation**: Add annotations to describe the purpose of each resource
+
+## Related documentation
+
+- [API reference]({{< relref "/operate/kubernetes/reference" >}}) - Complete API specifications for all custom resources
+- [Quick start deployment]({{< relref "/operate/kubernetes/deployment/quick-start" >}}) - Step-by-step deployment guide
+- [Multi-namespace deployment]({{< relref "/operate/kubernetes/re-clusters/multi-namespace" >}}) - Detailed multi-namespace setup guide
+- [Active-Active databases]({{< relref "/operate/kubernetes/active-active" >}}) - Active-Active configuration and management