diff --git a/modules/ROOT/nav.adoc b/modules/ROOT/nav.adoc index 24b490af7..2b6f8c7fd 100644 --- a/modules/ROOT/nav.adoc +++ b/modules/ROOT/nav.adoc @@ -5,7 +5,12 @@ ** xref:get-started:architecture.adoc[How Redpanda Works] ** xref:get-started:install-beta.adoc[Install Beta] ** xref:get-started:quick-start.adoc[Quickstart] -** xref:get-started:licenses.adoc[Redpanda Licensing] +** xref:get-started:licensing/index.adoc[Redpanda Licensing] +*** xref:get-started:licensing/overview.adoc[Editions and Enterprise Features] +*** xref:get-started:licensing/add-license-redpanda/index.adoc[Add an Enterprise License] +**** xref:get-started:licensing/add-license-redpanda/linux.adoc[Linux] +**** xref:get-started:licensing/add-license-redpanda/kubernetes.adoc[Kubernetes] +*** xref:get-started:licensing/monitor-license-status.adoc[Monitor Enterprise Licenses] ** xref:get-started:rpk/index.adoc[Redpanda CLI] *** xref:get-started:intro-to-rpk.adoc[Introduction to rpk] *** xref:get-started:rpk-install.adoc[] @@ -167,6 +172,7 @@ *** xref:console:quickstart.adoc[Quickstart] *** xref:console:config/index.adoc[Configuration] **** xref:console:config/configure-console.adoc[Configure Console] +**** xref:console:config/enterprise-license.adoc[Add an Enterprise License] **** xref:console:config/connect-to-redpanda.adoc[Connect to Redpanda] **** xref:console:config/security/index.adoc[Security] ***** xref:console:config/security/authentication.adoc[Authentication] @@ -183,6 +189,7 @@ **** xref:console:config/deserialization.adoc[Deserialization] **** xref:console:config/kafka-connect.adoc[Kafka Connect] **** xref:console:config/topic-documentation.adoc[Topic Documentation] +*** xref:console:ui/add-license.adoc[Add an Enterprise License] *** xref:console:ui/schema-reg.adoc[Schema Registry] *** xref:console:ui/data-transforms.adoc[Data Transforms] *** xref:console:ui/programmable-push-filters.adoc[Filter Messages] diff --git a/modules/console/images/license.png b/modules/console/images/license.png new file mode 100644 index 000000000..261ca723d Binary files /dev/null and b/modules/console/images/license.png differ diff --git a/modules/console/pages/config/connect-to-redpanda.adoc b/modules/console/pages/config/connect-to-redpanda.adoc index dafc393fc..15b683269 100644 --- a/modules/console/pages/config/connect-to-redpanda.adoc +++ b/modules/console/pages/config/connect-to-redpanda.adoc @@ -63,6 +63,7 @@ kafka: enableFast: true ---- +[[admin]] == Configure access to the Redpanda Admin API Configuring a connection to the Redpanda Admin API enables additional Redpanda-specific features in Redpanda Console, such as viewing the Redpanda version, managing data transforms, and SASL-SCRAM users. diff --git a/modules/console/pages/config/enterprise-license.adoc b/modules/console/pages/config/enterprise-license.adoc new file mode 100644 index 000000000..c327dafe0 --- /dev/null +++ b/modules/console/pages/config/enterprise-license.adoc @@ -0,0 +1,72 @@ += Add a License Key to Redpanda Console +:description: Learn how to apply or update a license key to Redpanda Console. + +To enable xref:get-started:licensing/overview.adoc#console[enterprise features for Redpanda Console], you must have an Enterprise Edition license to load at startup. This guide explains how to configure Redpanda Console to load the license key from its local configuration. + +TIP: Redpanda Console can also load the license key from a connected Redpanda cluster. To add a license key to Redpanda, see xref:get-started:licensing/add-license-redpanda/index.adoc[]. + +== Prerequisites + +You must have an Enterprise Edition license. If you don't have a license yet, https://www.redpanda.com/contact[request one^]. + +If Redpanda Console has enterprise features enabled and cannot find a valid license locally or in the connected Redpanda cluster, it shuts down. See xref:get-started:licensing/overview.adoc[]. + +== Add a new license to Redpanda Console + +To add a new license to Redpanda Console, you have two options: + +- <>. +- <>. + +[[file]] +=== Use a license file + +Specify the path to the license file in one of the following ways: + +- Set the `licenseFilepath` property in the `/etc/redpanda/redpanda-console-config.yaml` configuration file: ++ +```yaml +licenseFilepath: +``` +- Set the `REDPANDA_LICENSE_FILEPATH` environment variable: ++ +```bash +export REDPANDA_LICENSE_FILEPATH= +``` + +[[inline]] +=== Use the license key contents directly + +If you don't want to provide a path to the license file, you can use the contents of the license key directly in one of the following ways: + +- Set the `license` property in the `/etc/redpanda/redpanda-console-config.yaml` configuration file: ++ +```yaml +license: +``` + +- Set the `REDPANDA_LICENSE` environment variable: ++ +```yaml +export REDPANDA_LICENSE= +``` + +== Update an existing license + +To update an existing license: + +. Update your configuration file or environment variables with one of the following: + +- <> +- <> + +. Restart Redpanda Console to make the changes take effect. + +== Next steps + +xref:get-started:licensing/monitor-license-status.adoc[]. + +== Suggested reading + +- xref:get-started:licensing/index.adoc[] +- xref:console:ui/add-license.adoc[] diff --git a/modules/console/pages/quickstart.adoc b/modules/console/pages/quickstart.adoc index 7230491e1..4cd670770 100644 --- a/modules/console/pages/quickstart.adoc +++ b/modules/console/pages/quickstart.adoc @@ -286,6 +286,10 @@ See also: - xref:console:ui/data-transforms.adoc[] - xref:develop:data-transforms/index.adoc[] +// (step {"action":"goTo", "url": "http://localhost:8080/admin/upload-license"}) +// (step {"action":"wait"}) +// (step {"action":"saveScreenshot", "path": "license.png", "directory": "../images", "overwrite": "byVariation"}) + // (step {"action":"runShell", "command": "docker compose down -v", "workingDirectory": "../test-resources"}) // (test end) diff --git a/modules/console/pages/ui/add-license.adoc b/modules/console/pages/ui/add-license.adoc new file mode 100644 index 000000000..75cc38364 --- /dev/null +++ b/modules/console/pages/ui/add-license.adoc @@ -0,0 +1,61 @@ += Manage Enterprise Edition Licenses through Redpanda Console +:description: Learn how to manage Enterprise Edition licenses in Redpanda Console. + +You can add, update and check your xref:get-started:licensing/overview.adoc#console[Enterprise Edition license] for both Redpanda and Redpanda Console directly through the Redpanda Console UI. + +== Prerequisites + +- You must have an Enterprise Edition license. https://www.redpanda.com/contact[Request a license^] if you don't have one already. ++ +If Redpanda Console has enterprise features enabled and it cannot find a valid license either locally or in the connected Redpanda cluster, it shuts down. +- Redpanda Console must be xref:console:config/connect-to-redpanda.adoc[connected to a Redpanda cluster]. +- Redpanda Console must be xref:console:config/connect-to-redpanda.adoc#admin[configured to connect to the Redpanda Admin API]. + +TIP: You can also xref:console:config/enterprise-license.adoc[configure Redpanda Console to load the license key from its local configuration]. + +== Check the license status in Redpanda Console + +You can check the expiration date of a license on the **Cluster Overview** page in Redpanda Console, under the **Licensing** section. + +If the license is due to expire within 30 days, a warning banner is displayed on all pages of Redpanda Console. + +See also: xref:get-started:licensing/monitor-license-status.adoc[]. + +== Upload a new license + +When a new license is uploaded through Redpanda Console, it is replicated across the cluster and stored persistently in Redpanda's internal metadata, ensuring it is retained across restarts. + +[CAUTION] +==== +include::console:partial$licensing/kubernetes-note.adoc[] +==== + +To upload a new license directly through the Console UI: + +. Open the *Upload License* page, using one of the following methods: ++ +- *Cluster Overview* page: ++ +Navigate to the *Cluster Overview* page in Redpanda Console. +Under the *Licensing* section, click on the *Upload new license* link to upload a new license key. + +- Expiration warning banner: ++ +If the existing license expires soon, you can click the *Upload license* button in the expiration warning banner. + +. Upload your license. You can drag and drop a license file into the box or copy and paste the license string into the text input. ++ +image::console:license.png[] ++ +When a new license is uploaded, enterprise features in Redpanda Self-Managed are unlocked immediately without requiring a cluster restart. However, to unlock enterprise features in Redpanda Console, you must restart the Redpanda Console instance. + +After restarting Redpanda Console, enterprise features such as RBAC are unlocked. However, to enable and use these features, you must configure them. See xref:console:config/index.adoc[]. + +== Next steps + +xref:get-started:licensing/monitor-license-status.adoc[]. + +== Suggested reading + +- xref:get-started:licensing/index.adoc[] +- xref:get-started:licensing/overview.adoc[] \ No newline at end of file diff --git a/modules/console/partials/licensing/kubernetes-note.adoc b/modules/console/partials/licensing/kubernetes-note.adoc new file mode 100644 index 000000000..040ab531d --- /dev/null +++ b/modules/console/partials/licensing/kubernetes-note.adoc @@ -0,0 +1,3 @@ +ifndef::env-kubernetes[If you use Kubernetes to deploy Redpanda, do] +ifdef::env-kubernetes[Do] +not use Redpanda Console to update the license if it's already set in your Kubernetes resources. During upgrades or redeployments, license values in your Kubernetes resources will override the license set using Redpanda Console. For consistent license management, set the license using either Redpanda Console or Kubernetes resources, but not both. \ No newline at end of file diff --git a/modules/deploy/pages/deployment-option/self-hosted/kubernetes/k-production-deployment.adoc b/modules/deploy/pages/deployment-option/self-hosted/kubernetes/k-production-deployment.adoc index 2fef4d7e5..aeeb82b78 100644 --- a/modules/deploy/pages/deployment-option/self-hosted/kubernetes/k-production-deployment.adoc +++ b/modules/deploy/pages/deployment-option/self-hosted/kubernetes/k-production-deployment.adoc @@ -69,22 +69,6 @@ include::deploy:partial$kubernetes/install-crds.adoc[] image: tag: {latest-operator-version} ---- -+ -[NOTE] -===== -If you already have Flux installed and you want it to continue managing resources across the entire cluster, use the following: - -.`redpanda-operator-values.yaml` -[,yaml] ----- -additionalCmdFlags: - - --enable-helm-controllers=false ----- - -This flag prevents the Redpanda Operator from deploying its own set of Flux controllers that may conflict with existing ones. - -WARNING: Your existing versions of Flux controllers and Flux CRDs must match the versions that come with the Redpanda Operator. You can find these versions on https://github.com/redpanda-data/redpanda-operator/blob/main/src/go/k8s/go.mod#L12-L17[GitHub]. -===== . Deploy the Redpanda Operator. + @@ -121,6 +105,10 @@ spec: chartRef: chartVersion: {latest-redpanda-helm-chart-version} clusterSpec: + #enterprise: + #licenseSecretRef: + #name: + #key: statefulset: extraVolumes: |- - name: redpanda-io-config @@ -221,6 +209,19 @@ statefulset: ---- + Redpanda reads from this file at startup to optimize itself for the given I/O parameters. ++ +If you want to use enterprise features in Redpanda, add the details of a Secret that stores your Enterprise Edition license key. ++ +.`redpanda-values.yaml` +[,yaml] +---- +enterprise: + licenseSecretRef: + name: + key: +---- ++ +For details, see xref:get-started:licensing/add-license-redpanda/kubernetes.adoc[]. . Install the Redpanda Helm chart to deploy a Redpanda cluster and Redpanda Console. + diff --git a/modules/get-started/pages/licenses.adoc b/modules/get-started/pages/licenses.adoc deleted file mode 100644 index aee2e4aeb..000000000 --- a/modules/get-started/pages/licenses.adoc +++ /dev/null @@ -1,163 +0,0 @@ -= Redpanda Licensing -:description: Redpanda Self-Managed is free and source-available at the Redpanda GitHub repo. Additional features are included with an Enterprise license. -:page-aliases: introduction:licenses.adoc - -You can deploy Redpanda in a self-hosted environment (Redpanda Self-Managed) or as a fully-managed cloud service (Redpanda Cloud). For Redpanda Self-Managed, select either the Community Edition or the Enterprise Edition: - -* Redpanda Community Edition is free and source-available at the https://github.com/redpanda-data/redpanda[Redpanda GitHub repository^]. -* Redpanda Enterprise Edition requires a license key and includes additional features. - -[NOTE] -==== -To learn about Redpanda Cloud deployments, see the xref:redpanda-cloud:get-started:cloud-overview.adoc[]. -==== - -== Redpanda Community Edition - -Redpanda Community Edition is licensed with the Redpanda https://github.com/redpanda-data/redpanda/blob/dev/licenses/bsl.md[Business Source License^] (BSL). These core features are free and source-available. - -[NOTE] -==== -* Users cannot provide Redpanda as a commercial streaming or queuing service to others. -* The BSL code converts to Apache 2.0 licensing four years after each code merge. -==== - -== Redpanda Enterprise Edition - -Redpanda Enterprise Edition is licensed with the https://github.com/redpanda-data/redpanda/blob/dev/licenses/rcl.md[Redpanda Community License^] (RCL). It includes the free features licensed under the Redpanda BSL, as well as the following features: - -* xref:manage:tiered-storage.adoc[Tiered Storage] -* xref:manage:cluster-maintenance/continuous-data-balancing.adoc[Continuous Data Balancing] -* xref:manage:remote-read-replicas.adoc[Remote Read Replicas] -* xref:manage:audit-logging.adoc[Audit Logging] -* xref:manage:security/fips-compliance.adoc[FIPS Compliance] -* xref:manage:schema-reg/schema-id-validation.adoc[Server-side Schema ID Validation] -* xref:manage:security/authentication.adoc#enable-kerberos[Kerberos Authentication] -* xref:manage:security/authentication.adoc#oidc [OAUTHBEARER/OIDC Authentication] -* xref:manage:security/authorization/rbac.adoc[Redpanda Role-Based Access Control (RBAC)] -* xref:manage:security/console/authorization.adoc[Redpanda Console Authorization (RBAC)] -* xref:manage:security/console/authentication.adoc[Redpanda Console Authentication] -* xref:redpanda-connect:components:outputs/snowflake_put.adoc[Snowflake connector for Redpanda Connect] -* xref:redpanda-connect:components:outputs/splunk_hec.adoc[Splunk connector for Redpanda Connect] - -Enterprise features require a license key. You can evaluate enterprise features with a free 30-day trial. Contact https://redpanda.com/try-redpanda?section=enterprise-trial[Redpanda Sales^] to request a trial license, to extend your trial period, or to purchase an Enterprise Edition license. - -=== Apply a license key to Redpanda - -A license key unlocks Redpanda Enterprise Edition features. - -[tabs] -====== -Linux or Docker:: -+ --- - -To apply the license key to your cluster, run: - -`rpk cluster license set` - -Either provide a path to a file containing the license or provide the license string inline. For example, assuming you use the default admin host/port of `10.0.0.1:9644`, run: - -```bash -rpk cluster license set --path -X admin.hosts=10.0.0.1:9644 -``` - -Or: - -```bash -rpk cluster license set -``` - -If neither the path nor the license string are provided, `rpk` looks for the license in `/etc/redpanda/redpanda.license`. - --- -Kubernetes:: -+ --- - -To apply the license key to your cluster using the Helm chart, -either provide a secret that contains the license or provide the license string inline: - -- Use a secret: -+ -[tabs] -==== ---values:: -+ -.`license-key.yaml` -[,yaml] ----- -enterprise: - licenseSecretRef: - name: - key: ----- -+ -```bash -helm upgrade --install redpanda redpanda/redpanda --namespace --create-namespace \ ---values license-key.yaml -``` - ---set:: -+ -```bash -helm upgrade --install redpanda redpanda/redpanda --namespace --create-namespace \ - --set enterprise.licenseSecretRef.name= \ - --set enterprise.licenseSecretRef.key= -``` -==== -+ -helm_ref:enterprise.licenseSecretRef[] - -- Use an inline string: -+ -[tabs] -==== ---values:: -+ -.`license-key.yaml` -[,yaml] ----- -enterprise: - license: ----- -+ -```bash -helm upgrade --install redpanda redpanda/redpanda --namespace --create-namespace \ ---values license-key.yaml -``` - ---set:: -+ -```bash -helm upgrade --install redpanda redpanda/redpanda --namespace --create-namespace \ - --set enterprise.license= -``` -==== -+ -helm_ref:enterprise.license[] - -If neither the path nor the license string are provided, Redpanda looks for the license in `/etc/redpanda/redpanda.license`. - --- -====== - -=== Check the status of a license - -To check the status of your current license, run: - -`rpk cluster license info -X admin.hosts=10.0.0.1:9644` - -Redpanda sends warning messages in the cluster logs if you enable enterprise features without a valid license key. - -=== Apply a license key to Redpanda Console - -To use an enterprise feature with Redpanda Console, you must provide Redpanda Console with a copy of your license key. -You have two options for providing the license: - -. Specify the path to the license key file either in the `redpanda.licenseFilepath` property of the `/etc/redpanda/redpanda-console-config.yaml` file or in the `REDPANDA_LICENSE_FILEPATH` environment variable. -. Specify the license key file contents directly either in the `redpanda.license` property of the YAML file or in the `REDPANDA_LICENSE` environment variable. - -Redpanda Console checks the license key status on startup and warns you 30 days before the license expires. You can view the license key's expiration date in the startup logs. -If the license key expires at runtime, Redpanda Console shuts down. If the license has already -expired at startup, Redpanda Console prints an error message and exits. diff --git a/modules/get-started/pages/licensing/add-license-redpanda/index.adoc b/modules/get-started/pages/licensing/add-license-redpanda/index.adoc new file mode 100644 index 000000000..2675ea38a --- /dev/null +++ b/modules/get-started/pages/licensing/add-license-redpanda/index.adoc @@ -0,0 +1,3 @@ += Add an Enterprise Edition License to Redpanda +:page-layout: index +:description: Learn how to add an Enterprise Edition license to Redpanda Self-Managed. diff --git a/modules/get-started/pages/licensing/add-license-redpanda/kubernetes.adoc b/modules/get-started/pages/licensing/add-license-redpanda/kubernetes.adoc new file mode 100644 index 000000000..f64dee904 --- /dev/null +++ b/modules/get-started/pages/licensing/add-license-redpanda/kubernetes.adoc @@ -0,0 +1,324 @@ += Add an Enterprise Edition License to Redpanda in Kubernetes +:description: Learn how to add or update a Redpanda Enterprise Edition license in a Kubernetes environment. +:env-kubernetes: true + +To enable xref:get-started:licensing/overview.adoc[enterprise features for Redpanda Self-Managed], you must have an Enterprise Edition license. This guide outlines how to apply or update an Enterprise Edition license for Redpanda Self-Managed in a Kubernetes environment. + +== Prerequisites + +You must have an Enterprise Edition license. https://www.redpanda.com/contact[Request a license^] if you don't have one already. + +== Add a new license + +Redpanda supports the following ways to apply a new license: + +- <>. +- <>. +- <>. + +[[secret]] +=== Use a Kubernetes Secret + +You can store the license in a Kubernetes Secret and reference it in your Helm values or manifest file. + +. Download your license file (`redpanda.license`) and create a Kubernetes Secret: ++ +[,bash] +---- +kubectl create secret generic redpanda-license +--from-file=license=./redpanda.license +--namespace +---- ++ +This command creates a Kubernetes Secret named `redpanda-license` in the specified namespace, containing the license file. + +. Reference the Secret: ++ +[tabs] +====== +Helm + Operator:: ++ +-- +.`redpanda-cluster.yaml` +[,yaml] +---- +apiVersion: cluster.redpanda.com/v1alpha2 +kind: Redpanda +metadata: + name: redpanda +spec: + chartRef: {} + clusterSpec: + enterprise: + licenseSecretRef: + name: redpanda-license + key: license +---- + +```bash +kubectl apply -f redpanda-cluster.yaml --namespace +``` + +-- +Helm:: ++ +-- + +[tabs] +==== +--values:: ++ +.`redpanda-license.yaml` +[source,yaml] +---- +enterprise: + licenseSecretRef: + name: redpanda-license + key: license +---- ++ +```bash +helm upgrade --install redpanda redpanda/redpanda --namespace --create-namespace \ + --values redpanda-license.yaml --reuse-values +``` + +--set:: ++ +[,bash] +---- +helm upgrade --install redpanda redpanda/redpanda \ + --namespace \ + --create-namespace \ + --set enterprise.licenseSecretRef.name=redpanda-license \ + --set enterprise.licenseSecretRef.key=license +---- + +==== +-- +====== + +[[inline]] +=== Provide the license inline + +If you prefer to provide the license string directly, you can do so as follows: + +[tabs] +====== +Helm + Operator:: ++ +-- +.`redpanda-cluster.yaml` +[,yaml] +---- +apiVersion: cluster.redpanda.com/v1alpha2 +kind: Redpanda +metadata: + name: redpanda +spec: + chartRef: {} + clusterSpec: + enterprise: + license: +---- + +```bash +kubectl apply -f redpanda-cluster.yaml --namespace +``` + +-- +Helm:: ++ +-- + +[tabs] +==== +--values:: ++ +.`redpanda-license.yaml` +[source,yaml] +---- +enterprise: + license: +---- ++ +```bash +helm upgrade --install redpanda redpanda/redpanda --namespace --create-namespace \ + --values redpanda-license.yaml --reuse-values +``` + +--set:: ++ +[,bash] +---- +helm upgrade --install redpanda redpanda/redpanda \ + --namespace \ + --create-namespace \ + --set enterprise.license= +---- + +==== +-- +====== + + +[[console]] +=== Use Redpanda Console + +You can upload a license directly through Redpanda Console. + +See xref:console:ui/add-license.adoc[]. + +== Verify a license + +After adding or updating a license, you can use `rpk` to verify that the license was set. + +include::get-started:partial$licensing/check-license.adoc[] + +== Update an existing license + +The process for updating a license depends on how it was originally applied: + +- <>. +- <>. +- xref:console:ui/add-license.adoc[Use Redpanda Console] + +When a new license is uploaded, enterprise features in Redpanda Self-Managed are unlocked immediately without requiring a cluster restart. However, to unlock enterprise features in Redpanda Console, you must restart the Redpanda Console instance. + +[[secret-update]] +=== Update the Kubernetes Secret + +If the license is provided through a Kubernetes Secret, follow these steps to update it: + +. Download the updated license file and overwrite the existing `redpanda.license` file. + +. Delete the existing Secret: ++ +[,bash] +---- +kubectl delete secret redpanda-license --namespace +---- + +. Create a new Secret with the updated license: ++ +[,bash] +---- +kubectl create secret generic redpanda-license \ + --from-file=license=./redpanda.license \ + --namespace +---- ++ + +. Check the status of new license to make sure it was successfully applied: ++ +[,bash] +---- +rpk cluster license info +---- ++ +The output displays the following details: ++ +---- +Organization: Organization the license was generated for. +Type: Type of license. +Expires: Expiration date of the license. +Version: License schema version. +---- + +. If you use Redpanda Console, delete the Redpanda Console Pods to force Redpanda Console to reload the updated license: ++ +[,bash] +---- +kubectl delete pod $(kubectl get pod --namespace | grep redpanda-console | awk '{print $1}') --namespace +---- + +[[inline-update]] +=== Update the license inline + +If you applied the license inline, follow these steps to update it: + +. Modify the `enterprise.license` value with the new license string: ++ +[tabs] +====== +Helm + Operator:: ++ +-- +.`redpanda-cluster.yaml` +[,yaml] +---- +apiVersion: cluster.redpanda.com/v1alpha2 +kind: Redpanda +metadata: + name: redpanda +spec: + chartRef: {} + clusterSpec: + enterprise: + license: +---- + +```bash +kubectl apply -f redpanda-cluster.yaml --namespace +``` + +-- +Helm:: ++ +-- + +[tabs] +==== +--values:: ++ +.`redpanda-license.yaml` +[source,yaml] +---- +enterprise: + license: +---- ++ +```bash +helm upgrade --install redpanda redpanda/redpanda --namespace --create-namespace \ + --values redpanda-license.yaml --reuse-values +``` + +--set:: ++ +[,bash] +---- +helm upgrade --install redpanda redpanda/redpanda \ + --namespace \ + --create-namespace \ + --set enterprise.license= +---- + +==== +-- +====== + +. Check the status of new license to make sure it was successfully applied: ++ +[,bash] +---- +rpk cluster license info +---- ++ +The output displays the following details: ++ +---- +Organization: Organization the license was generated for. +Type: Type of license:. +Expires: Expiration date of the license. +Version: License schema version. +---- + +. If you use Redpanda Console, delete the Redpanda Console Pods to force a reload of the updated license: ++ +[,bash] +---- +kubectl delete pod $(kubectl get pod --namespace | grep redpanda-console | awk '{print $1}') --namespace +---- + +== Next steps + +xref:get-started:licensing/monitor-license-status.adoc[]. \ No newline at end of file diff --git a/modules/get-started/pages/licensing/add-license-redpanda/linux.adoc b/modules/get-started/pages/licensing/add-license-redpanda/linux.adoc new file mode 100644 index 000000000..bd5d51b8d --- /dev/null +++ b/modules/get-started/pages/licensing/add-license-redpanda/linux.adoc @@ -0,0 +1,73 @@ += Add an Enterprise Edition License to Redpanda in Linux +:description: Learn how to add or update a Redpanda Enterprise Edition license in a Linux environment. + +To enable xref:get-started:licensing/overview.adoc[enterprise features for Redpanda Self-Managed], you must have an Enterprise Edition license. This guide outlines how to apply or update an Enterprise Edition license for Redpanda Self-Managed in a Linux environment. + +== Prerequisites + +- You must have xref:get-started:rpk-install.adoc[`rpk` installed] and configured to connect to your Redpanda cluster. + +- You must have an Enterprise Edition license. https://www.redpanda.com/contact[Request a license^] if you don't have one already. + +== Add a new license + +Redpanda supports the following ways to apply a new license: + +- <>. +- <>. +- <>. + +[[file]] +=== Apply the license using a license file + +If you have the license key stored in a file, you can apply it by specifying the file path: + +```bash +rpk cluster license set --path -X admin.hosts= +``` + +Replace the following placeholders: + +- `` with the path to your license file. +- `` the Redpanda admin host and port + +[[inline]] +=== Apply the license using an inline license string + +If you want to provide the license string directly, use the following command: + +```bash +rpk cluster license set +``` + +If neither the path nor the license string are provided, `rpk` looks for the license in `/etc/redpanda/redpanda.license`. + +[[console]] +=== Use Redpanda Console + +You can upload a license directly through Redpanda Console. + +See xref:console:ui/add-license.adoc[]. + +== Verify a license + +After adding or updating a license, you can use `rpk` to verify that the license was set. + +include::get-started:partial$licensing/check-license.adoc[] + +== Update an existing license + +To update an existing license, you can use one the following methods: + +- xref:reference:rpk/rpk-cluster/rpk-cluster-license-set.adoc[] +- xref:console:ui/add-license.adoc[Redpanda Console] + +When a new license is uploaded, enterprise features in Redpanda Self-Managed are unlocked immediately without requiring a cluster restart. However, to unlock enterprise features in Redpanda Console, you must restart the Redpanda Console instance. + +== Next steps + +xref:get-started:licensing/monitor-license-status.adoc[]. + +== Suggested reading + +xref:reference:rpk/rpk-cluster/rpk-cluster-license-set.adoc[] \ No newline at end of file diff --git a/modules/get-started/pages/licensing/index.adoc b/modules/get-started/pages/licensing/index.adoc new file mode 100644 index 000000000..945a07338 --- /dev/null +++ b/modules/get-started/pages/licensing/index.adoc @@ -0,0 +1,2 @@ += Redpanda Licensing +:page-layout: index \ No newline at end of file diff --git a/modules/get-started/pages/licensing/monitor-license-status.adoc b/modules/get-started/pages/licensing/monitor-license-status.adoc new file mode 100644 index 000000000..ee9dad3fe --- /dev/null +++ b/modules/get-started/pages/licensing/monitor-license-status.adoc @@ -0,0 +1,114 @@ += Monitor the Status of an Enterprise Edition License +:description: pass:q[Learn how to monitor the status of your Redpanda Enterprise Edition license using `rpk`, the Redpanda Console, the Admin API, and observability tools such as logs and metrics.] + +To track license expiration and ensure compliance with xref:get-started:licensing/overview.adoc[Redpanda licensing], you can monitor the status of your Enterprise Edition license using <>, the <>, <>, and observability tools such as <> and <>. + +[[rpk]] +== Check the status of a license with `rpk` + +To check the status of your current license, use the `rpk cluster license info` command. You can choose different output formats depending on your use case. + +. Make sure that xref:get-started:rpk-install.adoc[`rpk` is installed] and configured to connect to your cluster's Admin API endpoint. + +. Get the details about your cluster's license: ++ +```bash +rpk cluster license info +``` ++ +The output displays the following details: ++ +---- +Organization: Organization the license was generated for. +Type: Type of license. +Expires: Expiration date of the license. +Version: License schema version. +---- ++ +If the license is within 30 days of expiration, a warning is logged: ++ +---- +warning: your license will expire soon +---- + +=== Change the output format + +Different output formats can be useful depending on your scenario. The available formats include JSON, YAML, text, and wide (expanded). For example, if you are writing scripts or automating license monitoring, you may prefer the JSON format, as it's easily parsed by tools like `jq` or integrated into monitoring systems. + +To get the license information in another format, use the `--format` flag: + +```bash +rpk cluster license info --format +``` + +Replace `` with one of the available formats. See xref:reference:rpk/rpk-cluster/rpk-cluster-license-info.adoc[]. + +For more details, including the SHA-256 checksum and Unix timestamp for expiration, use the `wide` format. This format is useful when you need a deeper level of detail about the license for troubleshooting or verification. For example: + +---- +LICENSE INFORMATION +Organization: Your Organization +Type: enterprise +Expires: Jan 1 2025 +License Expired: false +Checksum: 3d2e5b4d07d294534d9b7e90d8f73e91d34f7b4a62c45b6dc1c1e6f9d0a12bcf +ExpiresUnix: 1735689600 +---- + +[[admin]] +== Check the status of a license with the Admin API + +You can retrieve the license status and information about in-use enterprise features using the Redpanda Admin API. This API provides JSON-formatted responses and is useful for programmatic access to the license details and feature status. + +To get the license status and features in use, make a `GET` request to the `/v1/features/enterprise` endpoint. For example: + +[,bash] +---- +curl -X GET http://:/v1/features/enterprise +---- + +Example response: + +[,json] +---- +{ + "license_status": "valid", + "violation": false, + "features": [ + { + "name": "audit_logging", + "enabled": true + }, + { + "name": "tiered_storage", + "enabled": false + } + ] +} +---- + +- `license_status`: The status of the license. Possible values are: +** `valid`: The license is valid. +** `expired`: The license has expired. +** `not_present`: No license is present. + +- `violation`: A boolean value that indicates whether there is a violation. For example, the license is not valid and one or more enterprise features are enabled. + +- `features`: An array of enterprise features that lists each feature by name and whether it is enabled (`true`) or not (`false`). + +NOTE: The returned enterprise features are specific to Redpanda Enterprise Edition. They do not include xref:get-started:licensing/overview.adoc#connect[enterprise features for Redpanda Connect] or xref:get-started:licensing/overview.adoc#console[enterprise features in Redpanda Console]. + +[[console]] +== Check the status of a license in Redpanda Console + +You can also check the status of your license in the Redpanda Console UI. See xref:console:ui/add-license.adoc[]. + +[[logs]] +== Monitor a license in the logs + +Logs are emitted on Redpanda brokers to help you understand how the license is being applied and when enforcement actions are triggered. + +[[metrics]] +== Monitor a license using metrics + +The xref:reference:public-metrics-reference.adoc#redpanda_cluster_features_enterprise_license_expiry_sec[`redpanda_cluster_features_enterprise_license_expiry_sec`] metric tells you how many seconds remain until the license expires. Use this metric to set up alerts or dashboards to track the license expiration status and ensure timely renewal. diff --git a/modules/get-started/pages/licensing/overview.adoc b/modules/get-started/pages/licensing/overview.adoc new file mode 100644 index 000000000..4dba69bd5 --- /dev/null +++ b/modules/get-started/pages/licensing/overview.adoc @@ -0,0 +1,87 @@ += Redpanda Licenses, Editions, and Enterprise Features +:description: Learn about Redpanda licensing for Self-Managed, Console, and Connect, available in both Community and Enterprise editions. Understand licensing requirements and how to access enterprise features with a valid license key. +:page-aliases: introduction:licenses.adoc, get-started:licenses.adoc + +Redpanda Self-Managed, Redpanda Console, and Redpanda Connect are available in community and enterprise editions. Each product has a single binary that supports both editions. + +* Redpanda Community Edition is free and source-available on GitHub: +** https://github.com/redpanda-data/redpanda[Redpanda Self-Managed^] +** https://github.com/redpanda-data/console[Redpanda Console^] +** https://github.com/redpanda-data/connect[Redpanda Connect^] +* Redpanda Enterprise Edition requires a license key and includes additional features. + +[NOTE] +==== +Redpanda Cloud is a managed deployment of Redpanda Enterprise Edition. To learn more about Redpanda Cloud, see the xref:redpanda-cloud:get-started:cloud-overview.adoc[]. +==== + +== Community Edition + +The Community Edition is licensed with the Redpanda https://github.com/redpanda-data/redpanda/blob/dev/licenses/bsl.md[Business Source License^] (BSL). These core features are free and source-available. + +[NOTE] +==== +* Users cannot provide Redpanda as a commercial streaming or queuing service to others. +* The BSL code converts to Apache 2.0 licensing four years after each code merge. +==== + +== Enterprise Edition + +The Enterprise Edition is licensed with the https://github.com/redpanda-data/redpanda/blob/dev/licenses/rcl.md[Redpanda Community License^] (RCL). It includes the free features licensed under the Redpanda BSL, as well as enterprise features. + +=== License keys + +Enterprise features require an Enterprise Edition license key, sometimes referred to as Enterprise license, license key, or license. You can evaluate enterprise features with a free 30-day trial. To request a trial license key, to extend your trial period, or to purchase a license, contact https://redpanda.com/try-redpanda?section=enterprise-trial[Redpanda Sales^]. + +[[self-managed]] +=== Enterprise features in Redpanda Self-Managed + +The following enterprise features for Redpanda Self-Managed are activated with a valid Enterprise Edition license key: + +include::get-started:partial$licensing/enterprise-features.adoc[tag=self-managed] + +[[console]] +=== Enterprise features in Redpanda Console + +The following enterprise features for Redpanda Console are activated with a valid Enterprise Edition license key: + +include::get-started:partial$licensing/enterprise-features.adoc[tag=console] + +[[connect]] +=== Enterprise features in Redpanda Connect + + +include::get-started:partial$licensing/enterprise-features.adoc[tag=connect] + +== How Redpanda Console handles licenses + +If Redpanda Console cannot find a valid license either locally or in the connected Redpanda cluster, it shuts down. Redpanda Console tries to load a valid license for community or enterprise features at startup in the following order: + +. From the local configuration file or environment variables. +. From the connected Redpanda cluster (if available). + +Redpanda Console displays warnings in the following scenarios: + +- *Upcoming license expiration*: Redpanda Console checks the license status at startup. If the license expires within 30 days, a warning is displayed in the UI. Redpanda Console also logs the license details at startup, including the expiration date. For example: ++ +[,json] +---- +{"level":"info","msg":"successfully loaded Redpanda Enterprise license","license_org":"redpanda","license_type":"enterprise","expires_at":"Oct 12 2024"} +---- + +- *Redpanda Self-Managed enterprise features are in use without a valid license*: If the Redpanda cluster is using enterprise features without a valid license, Redpanda Console displays a warning specifying the features in use without proper licensing. + +- *Redpanda Console enterprise features in use without a valid license*: If you configure enterprise features in Redpanda Console without a valid license, Redpanda Console shuts down and logs a warning. + +=== Ways to manage licenses for Redpanda Console + +Redpanda Console offers two methods for applying or updating a license, depending on your setup: + +- If you are using Redpanda Console without connecting it to a Redpanda cluster, you can xref:console:config/enterprise-license.adoc[configure the license through the local configuration file or environment variables]. This method allows you to add a license for Redpanda Console independently of the Redpanda cluster. + +- If Redpanda Console is connected to a Redpanda cluster, you can xref:console:ui/add-license.adoc[upload a license through the Redpanda Console UI]. This method allows you to manage and update licenses for both Redpanda Console and the connected Redpanda cluster. + +== Next steps + +- xref:get-started:licensing/add-license-redpanda/index.adoc[] +- xref:get-started:licensing/monitor-license-status.adoc[] \ No newline at end of file diff --git a/modules/get-started/pages/whats-new.adoc b/modules/get-started/pages/whats-new.adoc index 7c538c77b..6e4f07891 100644 --- a/modules/get-started/pages/whats-new.adoc +++ b/modules/get-started/pages/whats-new.adoc @@ -7,87 +7,15 @@ This topic includes new content added in version {page-component-version}. For a * xref:redpanda-cloud:get-started:whats-new-cloud.adoc[] * xref:redpanda-cloud:get-started:cloud-overview.adoc#redpanda-cloud-vs-self-managed-feature-compatibility[Redpanda Cloud vs Self-Managed feature compatibility] +== Licensing updates -== Declarative user and ACL management in Kubernetes +This release includes several updates to xref:get-started:licensing/overview.adoc[Redpanda's licensing system] to both improve transparency and make it easier to manage licenses across Redpanda clusters and Redpanda Console. -Starting with Redpanda Operator version v2.2.2-24.2.4, you can now manage users and access control lists (ACLs) with the new User resource. This feature allows you to: +- *Upgrade restriction for enterprise features*: You cannot upgrade your cluster to Redpanda 24.3 or later if any enterprise feature of Redpanda (excluding Console) is in use without a valid license. The upgrade is aborted immediately and cleanly before any broker is upgraded, minimizing disruption. -- Create and manage Redpanda users and their authentication settings. -- Define and manage ACLs to control access to Redpanda resources. -- Automatically reconcile changes to users and ACLs using the Redpanda Operator. +- *License reminder in `rpk`*: Every `rpk` command now includes a reminder if the cluster is using licensed features without a valid license. -To learn more, see the xref:manage:kubernetes/security/authentication/k-user-controller.adoc[User resource documentation]. +- *License warnings in Redpanda Console*: If you are using Redpanda Console and one or more enterprise features are active in the connected Redpanda cluster without a valid license, a banner specifies which enterprise features are in use without a license. -== FIPS compliance +- *Unified license management in Redpanda Console*: You can now upload and apply a single license key for both Redpanda Console and the connected Redpanda cluster through the Redpanda Console UI. Any existing license key is overridden by the new one. -Redpanda now provides a FIPS 140-compliant binary to support running Redpanda in environments requiring FIPS-compliant software and to meet certain requirements for organizations undergoing certification through government compliance programs, such as FedRAMP. When using the FIPS binary, both Redpanda and `rpk` leverage FIPS-compliant OpenSSL libraries and ciphers for all encryption activity inside Redpanda, including encryption of data in transit. Install the `redpanda-fips` package to xref:manage:security/fips-compliance.adoc[run Redpanda in FIPS-compliance mode]. - -== Schema Registry support for JSON - -Redpanda's xref:manage:schema-reg/schema-reg-overview.adoc[Schema Registry] now supports JSON serialization format, in addition to Avro and Protobuf. You can use a https://json-schema.org/[JSON Schema^] format to validate messages and ensure compatibility between schema versions. - -== Schema Registry read-only mode - -You can now put individual subjects or the entire Schema Registry into read-only or read-write mode with the xref:manage:schema-reg/schema-reg-api.adoc#use-readonly-mode-for-disaster-recovery[Schema Registry API] `/mode` endpoint or with xref:reference:rpk/rpk-registry/rpk-registry-mode-set.adoc[`rpk registry mode set`]. You can use the `READONLY` mode in an active/passive disaster recovery configuration. - -== TLS enhancements - -* *Minimum TLS version*: For enhanced security, Redpanda now has a cluster configuration property to xref:manage:security/encryption.adoc#manage-the-minimum-tls-version[control the minimum TLS version] to use for encryption. By default, xref:reference:properties/cluster-properties.adoc#tls_min_version[`tls_min_version`] is set to `v1.2`, which prevents client applications from using older TLS versions to connect to your clusters. - -* *Certificate revocation lists*: When enabling TLS encryption for the Kafka, Admin, HTTP Proxy or Schema Registry APIs, you can now xref:manage:security/encryption.adoc[add a certificate revocation list (CRL)] to your configuration. Redpanda uses the CRL to check and reject connections from entities using certificates already revoked by a certificate authority. - -== Data transforms enhancements - -Redpanda has a new xref:reference:data-transforms/js/index.adoc[JavaScript SDK] that you can use to build and deploy data transforms in Redpanda. To get started, see xref:develop:data-transforms/run-transforms-index.adoc[]. - -You can now deploy data transform functions that xref:develop:data-transforms/deploy.adoc#reprocess[reprocess existing records] from an input topic. Processing existing records can be useful, for example, to process historical data into a different format for a new consumer, to re-create lost data from an accidentally-deleted topic, or to resolve issues with a previous version of a transform that processed data incorrectly. - -The docs now also include an xref:develop:data-transforms/index.adoc[expanded guide] designed to help you master the creation, deployment, and management of data transforms in Redpanda. - -== Enhanced cache trimming - -Redpanda has two new properties that provide finer control over cache management. These settings allow you to define specific thresholds for triggering xref:manage:tiered-storage.adoc#cache-trimming[cache trimming] based on cache size and the number of objects, helping to optimize performance and prevent slow reads. - -- config_ref:cloud_storage_cache_trim_threshold_percent_size,true,properties/object-storage-properties[] -- config_ref:cloud_storage_cache_trim_threshold_percent_objects,true,properties/object-storage-properties[] - -== Client throughput management - -Redpanda now includes `rpk` and Redpanda Console support for managing xref:manage:cluster-maintenance/manage-throughput.adoc#client-throughput-limits[client throughput limits]. You can set client throughput quotas using `rpk` for an individual client based on client ID, as well as for a group of clients based on ID prefix matching. New xref:manage:cluster-maintenance/manage-throughput.adoc#monitor-client-throughput[metrics] are available for insights on client throughput utilization. - -Client throughput quotas, previously applied on a per-shard basis, now apply on a per-broker basis. Cluster configuration properties for managing client quotas are xref:upgrade:deprecated/index.adoc[deprecated], including `target_quota_byte_rate` which is disabled by default with the value `0`. - -== Self-test enhancements - -New tests are added to the xref:manage:cluster-maintenance/cluster-diagnostics.adoc[Redpanda self-test] suite: - -* Cloud storage tests to validate xref:manage:tiered-storage.adoc[Tiered Storage] configuration. -* 16K block size disk tests to better assess block storage performance, particularly in response to I/O depth changes. -* 4K block size disk test with dsync off to assess the impact of fdatasync on the storage layer. - -See the xref:reference:rpk/rpk-cluster/rpk-cluster-self-test-status.adoc[`rpk self test`] reference for usage and output examples. - -== Intra-broker partition balancing: beta - -xref:manage:cluster-maintenance/cluster-balancing.adoc#intra-broker-partition-balancing[Intra-broker partition balancing] is a new topic-aware partition balancer that balances partitions across cores within a Redpanda broker. This balancer considers core count changes as well as partition movement to rebalance partition replicas and improve performance. - -This is a beta feature for v24.2 and is not recommended for use for production clusters. - -== New commands - -The following `rpk` commands are new in this version: - -* xref:reference:rpk/rpk-cluster/rpk-cluster-quotas-alter.adoc[`rpk cluster quotas alter`] -* xref:reference:rpk/rpk-cluster/rpk-cluster-quotas-describe.adoc[`rpk cluster quotas describe`] -* xref:reference:rpk/rpk-cluster/rpk-cluster-quotas-import.adoc[`rpk cluster quotas import`] -* xref:reference:rpk/rpk-cluster/rpk-cluster-quotas.adoc[`rpk cluster quotas`] -* xref:reference:rpk/rpk-registry/rpk-registry-mode.adoc[`rpk registry mode`] -* xref:reference:rpk/rpk-registry/rpk-registry-mode-get.adoc[`rpk registry mode get`] -* xref:reference:rpk/rpk-registry/rpk-registry-mode-reset.adoc[`rpk registry mode reset`] -* xref:reference:rpk/rpk-registry/rpk-registry-mode-set.adoc[`rpk registry mode set`] -* xref:reference:rpk/rpk-transform/rpk-transform-pause.adoc[`rpk transform pause`] -* xref:reference:rpk/rpk-transform/rpk-transform-resume.adoc[`rpk transform resume`] - -== Doc enhancements - -The https://docs.redpanda.com/home/[Redpanda Docs home page] has been redesigned, so you can stay within the context of Redpanda Self-Managed, Redpanda Cloud, or Redpanda Connect docs. We hope that our docs help and inspire our users. Please share your feedback with the links at the bottom of any doc page. diff --git a/modules/get-started/partials/licensing/check-license.adoc b/modules/get-started/partials/licensing/check-license.adoc new file mode 100644 index 000000000..b87377337 --- /dev/null +++ b/modules/get-started/partials/licensing/check-license.adoc @@ -0,0 +1,23 @@ +ifdef::env-kubernetes[] +[,bash] +---- +kubectl exec --namespace -c redpanda -- \ + rpk cluster license info +---- +endif::[] +ifndef::env-kubernetes[] +[,bash] +---- +rpk cluster license info +---- +endif::[] + +This command will display the current license details, including the expiration date. For example: + +---- +LICENSE INFORMATION +=================== +Organization: redpanda +Type: enterprise +Expires: Oct 24 2027 +---- diff --git a/modules/get-started/partials/licensing/enterprise-features.adoc b/modules/get-started/partials/licensing/enterprise-features.adoc new file mode 100644 index 000000000..80529f170 --- /dev/null +++ b/modules/get-started/partials/licensing/enterprise-features.adoc @@ -0,0 +1,19 @@ +// tag::self-managed[] +* xref:manage:tiered-storage.adoc[Tiered Storage] +* xref:manage:cluster-maintenance/continuous-data-balancing.adoc[Continuous Data Balancing] +* xref:manage:cluster-maintenance/cluster-balancing.adoc#intra-broker-partition-balancing[Intra-broker partition balancing (`core_balancing_continuous`)] +* xref:manage:remote-read-replicas.adoc[Remote Read Replicas] +* xref:manage:audit-logging.adoc[Audit Logging] +* xref:manage:security/fips-compliance.adoc[FIPS Compliance] +* xref:manage:schema-reg/schema-id-validation.adoc[Server-side Schema ID Validation] +* xref:manage:security/authentication.adoc#kerberos[Kerberos Authentication] +* xref:manage:security/authentication.adoc#oidc [OAUTHBEARER/OIDC Authentication] +* xref:manage:security/authorization/rbac.adoc[Redpanda Role-Based Access Control (RBAC)] +// end::self-managed[] +// tag::console[] +* xref:console:config/security/authorization.adoc[Redpanda Console Authorization (RBAC)] +* xref:console:config/security/authentication.adoc[Redpanda Console Authentication] +// end::console[] +// tag::connect[] +The Enterprise Edition of Redpanda Connect includes additional connectors. For a list of all available connectors, see xref:redpanda-connect:components:catalog.adoc[]. +// end::connect[] \ No newline at end of file diff --git a/modules/manage/pages/kubernetes/troubleshooting/k-troubleshoot.adoc b/modules/manage/pages/kubernetes/troubleshooting/k-troubleshoot.adoc index 3f34483fb..5fd9b21ec 100644 --- a/modules/manage/pages/kubernetes/troubleshooting/k-troubleshoot.adoc +++ b/modules/manage/pages/kubernetes/troubleshooting/k-troubleshoot.adoc @@ -359,10 +359,20 @@ NOTE: Kubernetes retains logs only for the current and the previous instance of . Reset the crash counter to zero to allow Redpanda to restart. You can do any of the following to reset the counter: + -- Update the redpanda.yaml configuration file. You can make changes to any of the following sections in the Redpanda Helm chart to trigger an update: -* `config.cluster` +- Make changes to any of the following sections in the Redpanda Helm chart to trigger an update: ++ +-- * `config.node` * `config.tunable` +-- ++ +For example: ++ +```yaml +config: + node: + crash_loop_limit: +``` - Delete the `startup_log` file in the broker's data directory. + @@ -686,81 +696,20 @@ After clearing the `pending-rollback` state: * *Retry the upgrade*: Restart the upgrade process. You should investigate the initial failure to avoid getting into the `pending-rollback` state again. * *Perform a rollback*: If you need to roll back to a previous release, use `helm rollback ` to revert to a specific, stable release version. //end::pending-rollback[] -//end::deployment[] - -//tag::tls[] -=== Invalid large response size - -This error appears when your cluster is configured to use TLS, but you don't specify that you are connecting over TLS. - -[.no-copy] ----- -unable to request metadata: invalid large response size 352518912 > limit 104857600; the first three bytes received appear to be a tls alert record for TLS v1.2; is this a plaintext connection speaking to a tls endpoint? ----- - -If you're using rpk, ensure to add the `-X tls.enabled` flag, and any other necessary TLS flags such as the TLS certificate: - -[,bash] ----- -kubectl exec -c redpanda --namespace -- rpk cluster info -X brokers=.: -X tls.enabled=true ----- - -For all available flags, see the xref:reference:rpk/index.adoc[rpk command reference]. - -=== Malformed HTTP response - -This error appears when a cluster has TLS enabled, and you try to access the admin API without passing the required TLS parameters. - -[.no-copy] ----- -Retrying POST for error: Post "http://127.0.0.1:9644/v1/security/users": net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x03\x00\x02\x02" ----- - -If you're using rpk, ensure to include the TLS flags. -For all available flags, see the xref:reference:rpk/index.adoc[rpk command reference]. - -=== x509: certificate signed by unknown authority - -This error appears when the Certificate Authority (CA) that signed your certificates is not trusted by your system. - -Check the following: - -- Ensure you have installed the root CA certificate correctly on your local system. -- If using a self-signed certificate, ensure it is properly configured and included in your system's trust store. -- If you are using a certificate issued by a CA, ensure the issuing CA is included in your system's trust store. -- If you are using cert-manager, ensure it is correctly configured and running properly. -- Check the validity of your certificates. They might have expired. - -=== x509: certificate is not valid for any names - -This error indicates that the certificate you are using is not valid for the specific domain or IP address you are trying to use it with. This error typically occurs when there is a mismatch between the certificate's Subject Alternative Name (SAN) or Common Name (CN) field and the name being used to access the broker. - -To fix this error, you may need to obtain a new certificate that is valid for the specific domain or IP address you are using. Ensure that the certificate's SAN or CN entry matches the name being used, and that the certificate is not expired or revoked. - -=== cannot validate certificate for 127.0.0.1 - -This error appears if you are using a CA certificate when you try to establish an internal connection using localhost. For example: - -``` -unable to request metadata: unable to dial: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs -``` +include::manage:partial$troubleshooting.adoc[tags=deployment] +//end::deployment[] -To fix this error, you must either specify the public domain or use self-signed certificates: -```bash -kubectl exec redpanda-0 -c redpanda --namespace -- \ - rpk cluster info \ - -X brokers=.: \ - -X tls.enabled=true -``` +//tag::tls[] +include::manage:partial$troubleshooting.adoc[tags=tls] === Redpanda not applying TLS changes include::manage:partial$kubernetes/tls-update-note.adoc[] -//end::tls[] -//tag::networking[] +//end::tls[] +// tag::networking[] === I/O timeout This error appears when your worker nodes are unreachable through the given address. @@ -771,19 +720,9 @@ Check the following: * Your DNS records point to addresses that resolve to your worker nodes. //end::networking[] -//tag::sasl[] -=== Is SASL missing? - -This error appears when you try to interact with a cluster that has SASL enabled without passing a user's credentials. -[.no-copy] ----- -unable to request metadata: broker closed the connection immediately after a request was issued, which happens when SASL is required but not provided: is SASL missing? ----- - -If you're using rpk, ensure to specify the `-X user`, `-X pass`, and `-X sasl.mechanism` flags. - -For all available flags, see the xref:reference:rpk/index.adoc[rpk command reference]. +//tag::sasl[] +include::manage:partial$troubleshooting.adoc[tags=sasl] === Unable to continue with update: Secret diff --git a/modules/manage/partials/troubleshooting.adoc b/modules/manage/partials/troubleshooting.adoc new file mode 100644 index 000000000..192e73f15 --- /dev/null +++ b/modules/manage/partials/troubleshooting.adoc @@ -0,0 +1,111 @@ +//tag::deployment[] +=== A Redpanda Enterprise Edition license is required + +During a Redpanda upgrade, if enterprise features are enabled and a valid Enterprise Edition license is missing, Redpanda logs a warning and aborts the upgrade process on the affected broker. This issue prevents a successful upgrade. + +If you encounter this issue, follow these steps to recover: + +ifdef::env-kubernetes[] +. xref:upgrade:k-rolling-upgrade.adoc#roll-back[Roll back the affected broker to the original version]. +endif::[] +ifndef::env-kubernetes[] +. Roll back the affected broker to the original version. +endif::[] +. Do one of the following: +- xref:get-started:licensing/add-license-redpanda/index.adoc[Apply a valid Redpanda Enterprise Edition license] to the cluster. +- Disable enterprise features. ++ +If you do not have a valid license and want to proceed without using enterprise features, you can disable the enterprise features in your Redpanda configuration. + +. Retry the upgrade. + + +//end::deployment[] + +//tag::tls[] +=== Invalid large response size + +This error appears when your cluster is configured to use TLS, but you don't specify that you are connecting over TLS. + +[.no-copy] +---- +unable to request metadata: invalid large response size 352518912 > limit 104857600; the first three bytes received appear to be a tls alert record for TLS v1.2; is this a plaintext connection speaking to a tls endpoint? +---- + +If you're using rpk, ensure to add the `-X tls.enabled` flag, and any other necessary TLS flags such as the TLS certificate: + +[,bash] +---- +ifdef::env-kubernetes[kubectl exec -c redpanda --namespace -- \] +rpk cluster info -X tls.enabled=true +---- + +For all available flags, see the xref:reference:rpk/index.adoc[rpk command reference]. + +=== Malformed HTTP response + +This error appears when a cluster has TLS enabled, and you try to access the admin API without passing the required TLS parameters. + +[.no-copy] +---- +Retrying POST for error: Post "http://127.0.0.1:9644/v1/security/users": net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x03\x00\x02\x02" +---- + +If you're using rpk, ensure to include the TLS flags. + +For all available flags, see the xref:reference:rpk/index.adoc[rpk command reference]. + +=== x509: certificate signed by unknown authority + +This error appears when the Certificate Authority (CA) that signed your certificates is not trusted by your system. + +Check the following: + +- Ensure you have installed the root CA certificate correctly on your local system. +- If using a self-signed certificate, ensure it is properly configured and included in your system's trust store. +- If you are using a certificate issued by a CA, ensure the issuing CA is included in your system's trust store. +ifdef::env-kubernetes[] +- If you are using cert-manager, ensure it is correctly configured and running properly. +endif::[] +- Check the validity of your certificates. They might have expired. + +=== x509: certificate is not valid for any names + +This error indicates that the certificate you are using is not valid for the specific domain or IP address you are trying to use it with. This error typically occurs when there is a mismatch between the certificate's Subject Alternative Name (SAN) or Common Name (CN) field and the name being used to access the broker. + +To fix this error, you may need to obtain a new certificate that is valid for the specific domain or IP address you are using. Ensure that the certificate's SAN or CN entry matches the name being used, and that the certificate is not expired or revoked. + +=== cannot validate certificate for 127.0.0.1 + +This error appears if you are using a CA certificate when you try to establish an internal connection using localhost. For example: + +``` +unable to request metadata: unable to dial: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs +``` + +To fix this error, you must either specify the URL with a public domain or use self-signed certificates: + +[,bash] +---- +ifdef::env-kubernetes[kubectl exec redpanda-0 -c redpanda --namespace -- \] +rpk cluster info \ +-X brokers=: \ +-X tls.enabled=true +---- + +//end::tls[] + +//tag::sasl[] +=== Is SASL missing? + +This error appears when you try to interact with a cluster that has SASL enabled without passing a user's credentials. + +[.no-copy] +---- +unable to request metadata: broker closed the connection immediately after a request was issued, which happens when SASL is required but not provided: is SASL missing? +---- + +If you're using rpk, ensure to specify the `-X user`, `-X pass`, and `-X sasl.mechanism` flags. + +For all available flags, see the xref:reference:rpk/index.adoc[rpk command reference]. +//end::sasl[] \ No newline at end of file diff --git a/modules/reference/pages/internal-metrics-reference.adoc b/modules/reference/pages/internal-metrics-reference.adoc index 3f0d8ea28..84bd8c692 100644 --- a/modules/reference/pages/internal-metrics-reference.adoc +++ b/modules/reference/pages/internal-metrics-reference.adoc @@ -44,6 +44,12 @@ If this is the last record received by the cluster, then the cluster is up-to-da --- +=== vectorized_cluster_features_enterprise_license_expiry_sec + +Number of seconds remaining until the Enterprise Edition license expires. + +--- + === vectorized_cluster_partition_schema_id_validation_records_failed Number of records that failed schema ID validation. diff --git a/modules/reference/pages/monitor-metrics.adoc b/modules/reference/pages/monitor-metrics.adoc index 8645bc6ab..45373ff02 100644 --- a/modules/reference/pages/monitor-metrics.adoc +++ b/modules/reference/pages/monitor-metrics.adoc @@ -2,6 +2,6 @@ :description: Reference of monitoring metrics provided by Redpanda. :page-layout: index -Redpanda exports metrics through Prometheus endpoints, `/public_metrics` and `/metrics`. To learn how to monitor Redpanda, see xref:manage:monitoring.adoc[Monitor Redpanda]. +Redpanda exports metrics through Prometheus endpoints, `/public_metrics` and `/metrics`. To learn how to monitor Redpanda, see xref:manage:monitoring.adoc[Monitor Redpanda] or xref:manage:kubernetes/monitoring/index.adoc[]. include::shared:partial$metrics-usage-tip.adoc[] diff --git a/modules/reference/pages/public-metrics-reference.adoc b/modules/reference/pages/public-metrics-reference.adoc index 07ffe3330..30e11e7a0 100644 --- a/modules/reference/pages/public-metrics-reference.adoc +++ b/modules/reference/pages/public-metrics-reference.adoc @@ -19,7 +19,7 @@ Number of configured, fully commissioned brokers in a cluster. *Type*: gauge -*How to monitor*: Create an alert for when this gauge dips below a steady-state threshold, as a node(s) has become unresponsive. +*Usage*: Create an alert for when this gauge dips below a steady-state threshold, as a node(s) has become unresponsive. --- @@ -49,7 +49,17 @@ Number of requests dropped by a cluster controller log due to exceeding <