K8s: fix ingress doc bugs#3351
Conversation
🛡️ Jit Security Scan Results
✅ No security findings were detected in this PR
Security scan by Jit
|
| An Ingress is an API resource that provides a standardized and flexible way to manage external access to services running within a Kubernetes cluster. | ||
|
|
||
| {{<warning>}} | ||
| The community [Ingress-NGINX controller](https://github.com/kubernetes/ingress-nginx) (`kubernetes/ingress-nginx`) is retired. Best-effort maintenance ended in March 2026 and the project no longer ships releases, bug fixes, or security updates. If you are not already using it, use HAProxy or Istio, or migrate to a [Gateway API](https://gateway-api.sigs.k8s.io/) implementation. |
There was a problem hiding this comment.
The mention of Gateway API here is not really relevant, because the RE operator doesn't yet support Gateway API; Specifically in the context of this page, which is about how to configure the operator to automatically set up Ingress objects for DBs/RS API - we don't have such automation for Gateway API setup.
| We recommend using a wildcard (`*`) in place of the database name, followed by the hostname suffix. | ||
| The operator appends each database name to `dbFqdnSuffix` to build the per-database hostname. For example, a database named `mydb` with the suffix above resolves to `mydb-db-<rec-name>-<rec-namespace>.<subdomain>`. For the wildcard DNS record, use `*` in place of the database name followed by the suffix. |
There was a problem hiding this comment.
Our suggestion to use wildcards, combined with the example suffixes (-db-<rec-name>-<rec-namespace>.<subdomain>), yield DNS records which are generally invalid - wildcards can only be full labels. This may work with some DNS providers, but is still invalid per the RFC.
So:
- Invalid:
*-db-<rec-name>-<rec-namespace>.<subdomain> - Valid:
*.db-<rec-name>-<rec-namespace>.<subdomain>
We should probably revise our example suffixes to be .db-<rec-name>-<rec-namespace>.<subdomain>.
You already addressed something kinda similar in #2327, but that was in the context of Istio ingress only.
This appears both in the old and new phrasing, so not directly related to this PR ==> can be handled later.
3 participants
Note
Low Risk
Documentation-only changes with no application code; risk is limited to readers following updated hostname or ingress configuration examples.
Overview
This PR updates Redis Enterprise for Kubernetes networking and Active-Active documentation across versioned (
7.4.6,7.8.x,7.22) and unversioned paths, plus embedded RERC YAML samples.Ingress-NGINX: Adds prominent warnings that the community
kubernetes/ingress-nginxcontroller is retired (maintenance ended March 2026). Docs now steer new deployments toward HAProxy or Istio (and mention Gateway API on some pages), while listing Ingress-NGINX only for existing deployments with--enable-ssl-passthroughcalled out.Ingress resource examples: Sample
Ingressmanifests now usespec.ingressClassNameinstead of documentingkubernetes.io/ingress.classon the Ingress rule; HAProxy/NGINX examples drop redundantingress.classannotations and keep ssl-passthrough annotations only.Istio:
Gatewayexamples change portprotocol/namefrom HTTPS to TLS for passthrough on 443, and the default gateway selector is documented asistio: ingressgateway.Active-Active / RERC:
dbFqdnSuffixin embeds and several Active-Active guides switches from a leading hyphen (e.g.-db-...) to a leading dot (e.g..db-...). Unversionedingressorroutespecaligns REC patch examples and hostname explanation with.db-<rec>-<ns>.<domain>and how the operator concatenates database names.ingressOrRouteSpec: Clarifies DNS naming, fixeskubectl patchJSON (includingkubernetes.io/ingress.classin examples), and notes operator validation for that annotation key.Minor: Networking index blurbs and database-connectivity controller lists updated; previous K8s release-notes index weight
91→100.Reviewed by Cursor Bugbot for commit 0dfb7c1. Bugbot is set up for automated code reviews on this repo. Configure here.