redis · kaitlynmichael · Jul 29, 2025 · Jul 24, 2025 · Jul 24, 2025 · Jul 24, 2025
diff --git a/assets/css/index.css b/assets/css/index.css
@@ -521,6 +521,41 @@ select {
   @apply w-10 h-10;
 }
 
+/* YAML embed download button styles */
+.download-yaml-btn {
+  @apply transition-colors;
+}
+
+.download-yaml-btn:disabled {
+  @apply opacity-75 cursor-not-allowed;
+}
+
+.download-yaml-btn svg {
+  @apply w-4 h-4;
+}
+
+/* Make long code blocks scrollable */
+.yaml-embed-container .highlight {
+  max-height: 800px;
+  overflow-y: auto;
+}
+
+.yaml-embed-container .highlight::-webkit-scrollbar {
+  width: 8px;
+}
+
+.yaml-embed-container .highlight::-webkit-scrollbar-track {
+  @apply bg-slate-700 rounded;
+}
+
+.yaml-embed-container .highlight::-webkit-scrollbar-thumb {
+  @apply bg-slate-500 rounded;
+}
+
+.yaml-embed-container .highlight::-webkit-scrollbar-thumb:hover {
+  @apply bg-slate-400;
+}
+
 #download-redis > h3,
 #download-redis-stack > h3 {
   @apply mt-2;

diff --git a/content/operate/kubernetes/logs/log-collector-rbac.md b/content/operate/kubernetes/logs/log-collector-rbac.md
@@ -0,0 +1,128 @@
+---
+Title: Log collector RBAC examples
+alwaysopen: false
+categories:
+- docs
+- operate
+- kubernetes
+description: YAML examples for configuring RBAC permissions for the Redis Enterprise log collector tool in restricted and all modes.
+linkTitle: Log collector RBAC
+weight: 50
+---
+
+This page provides YAML examples for configuring RBAC permissions for the Redis Enterprise log collector tool. The log collector requires different permission levels depending on the collection mode you choose.
+
+For complete log collection instructions, see [Collect logs]({{< relref "/operate/kubernetes/logs/collect-logs" >}}).
+
+## Prerequisites
+
+- [Deployment]({{< relref "/operate/kubernetes/deployment" >}}) must be installed
+- Appropriate permissions to create RBAC resources in target namespaces
+- Understanding of your deployment model (single namespace, multi-namespace, etc.)
+
+## Collection modes
+
+The log collector has two collection modes that require different RBAC permissions:
+
+- **Restricted mode** (recommended): Collects only Redis Enterprise resources with minimal security exposure. Default for versions 6.2.18-3 and later.
+- **All mode**: Collects comprehensive cluster information including nodes, storage classes, and operator resources. Use when specifically requested by Redis Support.
+
+## Restricted mode
+
+The restricted mode configuration provides minimal permissions for collecting Redis Enterprise resources only.
+
+{{<embed-yaml "k8s/log_collector_role_restricted_mode.md" "log-collector-restricted-rbac.yaml">}}
+
+Restricted mode configuration:
+- `Role`: Namespace-scoped permissions for Redis Enterprise resources
+- `ClusterRole`: Cluster-wide permissions for CRDs and basic cluster resources
+- `rules`: Minimal permissions for Redis Enterprise diagnostics
+
+Key permissions:
+- `pods, pods/log, pods/exec`: Access to pod information and logs
+- `app.redislabs.com/*`: All Redis Enterprise custom resources
+- `persistentvolumes`: Storage information for troubleshooting
+
+## All mode
+
+The all mode configuration provides comprehensive permissions for collecting detailed cluster information.
+
+{{<embed-yaml "k8s/log_collector_role_all_mode.md" "log-collector-all-rbac.yaml">}}
+
+All mode configuration:
+- `Role`: Extended namespace permissions including operator resources
+- `ClusterRole`: Additional cluster-wide permissions for nodes and storage
+- `rules`: Comprehensive permissions for full cluster diagnostics
+
+Additional permissions in all mode:
+- `nodes`: Node information and status
+- `storageclasses, volumeattachments`: Storage system details
+- `operators.coreos.com/*`: OpenShift operator information
+- `networking.istio.io/*`: Istio service mesh resources
+
+## Apply the configuration
+
+### Manual deployment
+
+To apply the RBAC configurations manually:
+
+```bash
+# Apply restricted mode RBAC
+kubectl apply -f log-collector-restricted-rbac.yaml --namespace <namespace>
+
+# Apply all mode RBAC
+kubectl apply -f log-collector-all-rbac.yaml --namespace <namespace>
+```
+### Namespace requirements
+
+The Role and RoleBinding must be created in every namespace where you need to collect logs:
+
+- **Single namespace**: Apply to the namespace where Redis Enterprise runs
+- **Multi-namespace with single REC**: Apply to the REC namespace plus each REDB namespace
+- **Multi-namespace with multiple RECs**: Apply to each REC namespace
+
+The ClusterRole and ClusterRoleBinding need to be created only once per cluster.
+
+Edit the values in the downloaded YAML file for your specific setup, updating the namespace references and role binding subjects to match your environment.
+
+## Security considerations
+
+### Best practices
+
+- Use restricted mode unless you specifically need additional cluster information
+- Limit namespace access to only where log collection is needed
+- Handle collected data according to your organization's security policies
+
+### Secrets permission explanation
+
+The RBAC configurations request read access to secrets in the collected namespaces. **Secrets are not collected or included in the log package sent to Redis Support.** This permission is required because:
+
+- The log collector uses Helm commands (`helm list`, `helm get all`) to gather Redis Enterprise Helm chart deployment information
+- Helm stores its deployment metadata in Kubernetes secrets
+- This metadata contains only deployment configuration (not sensitive data)
+
+If your security policies prohibit secrets access, you can remove the secrets permission from the Role, but this will limit the log collector's ability to gather Helm deployment information.
+
+## Troubleshooting
+
+### Permission errors
+
+- Verify that roles and bindings are applied correctly in the target namespaces
+- Check that the ClusterRole is applied cluster-wide
+- Ensure the service account has proper role bindings
+
+### Missing resources
+
+- Consider switching to all mode if additional cluster resources are needed
+- Verify that custom resource definitions are installed
+- Check that the operator has proper permissions
+
+## Next steps
+
+- [Collect logs]({{< relref "/operate/kubernetes/logs/collect-logs" >}})
+
+## Related documentation
+
+- [Kubernetes RBAC documentation](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
+- [Logs]({{< relref "/operate/kubernetes/logs" >}})
+- [Deployment]({{< relref "/operate/kubernetes/deployment" >}})
diff --git a/content/operate/kubernetes/reference/_index.md b/content/operate/kubernetes/reference/_index.md
@@ -5,30 +5,30 @@ categories:
 - docs
 - operate
 - kubernetes
-description: API reference and guides for managing Redis Enterprise custom resources on Kubernetes.
+description: Resources to help you manage Redis Enterprise custom resources on Kubernetes.
 hideListLinks: true
 linkTitle: Reference
 weight: 89
 ---
 
-Reference documentation for Redis Enterprise custom resources, including API specifications and practical guides for creating, configuring, and managing Redis Enterprise deployments on Kubernetes.
+This reference documentation covers Redis Enterprise custom resources, API specifications, and practical instructions for creating, configuring, and managing Redis Enterprise deployments on Kubernetes.
 
-## Working with custom resources
+## Work with custom resources
 
-Redis Enterprise for Kubernetes uses custom resources to manage clusters and databases. You can create, modify, and delete these resources using standard Kubernetes tools.
+Redis Enterprise for Kubernetes uses custom resources to manage clusters and databases. Use standard Kubernetes tools to create, modify, and delete these resources.
 
-### Creating custom resources
+### Create custom resources
 
-Create custom resources using `kubectl apply` with YAML manifests:
+Use `kubectl apply` with YAML manifests to create custom resources:
 
 ```bash
 kubectl apply -f my-redis-cluster.yaml
 kubectl apply -f my-redis-database.yaml
 ```
 
-### Viewing custom resources
+### View custom resources
 
-List and inspect existing custom resources:
+Use these commands to list and inspect existing custom resources:
 
 ```bash
 # List Redis Enterprise clusters
@@ -48,9 +48,9 @@ kubectl describe rec my-cluster
 kubectl describe redb my-database
 ```
 
-### Modifying custom resources
+### Modify custom resources
 
-Update custom resources by editing the YAML manifest and reapplying:
+Edit the YAML manifest and reapply to update custom resources:
 
 ```bash
 # Edit and apply updated manifest
@@ -61,20 +61,22 @@ kubectl edit rec my-cluster
 kubectl edit redb my-database
 ```
 
-### Deleting custom resources
+## YAML examples
 
-Remove custom resources when no longer needed:
+Find complete YAML examples for common deployment scenarios:
 
-```bash
-kubectl delete redb my-database
-kubectl delete rec my-cluster
-```
+- [YAML examples]({{< relref "/operate/kubernetes/reference/yaml-examples" >}}) - Ready-to-use YAML configurations for different deployment types
+
+### Example categories
 
-**Important:** Always delete databases (REDB) before deleting the cluster (REC) to ensure proper cleanup.
+- [Basic deployment]({{< relref "/operate/kubernetes/reference/yaml-examples/basic-deployment" >}}) - Essential YAML files for simple Redis Enterprise deployment
+- [Rack awareness]({{< relref "/operate/kubernetes/reference/yaml-examples/rack-awareness" >}}) - YAML examples for rack-aware deployments across availability zones
+- [Active-Active]({{< relref "/operate/kubernetes/reference/yaml-examples/active-active" >}}) - YAML examples for Active-Active databases across multiple clusters
+- [Multi-namespace]({{< relref "/operate/kubernetes/reference/yaml-examples/multi-namespace" >}}) - YAML examples for deploying across multiple namespaces
 
 ## API reference
 
-Complete API specifications for all Redis Enterprise custom resources:
+Review complete API specifications for all Redis Enterprise custom resources:
 
 ### Core resources
 
@@ -88,16 +90,16 @@ Complete API specifications for all Redis Enterprise custom resources:
 
 ## Compatibility
 
-Information about supported Kubernetes distributions and versions:
+Check supported Kubernetes distributions and versions:
 
 - [Supported Kubernetes distributions]({{< relref "/operate/kubernetes/reference/supported_k8s_distributions" >}}) - Compatible Kubernetes platforms and versions
 
 ## Best practices
 
-When working with custom resources:
+Follow these best practices when working with custom resources:
 
 - **Use version control**: Store your YAML manifests in version control systems
 - **Validate before applying**: Use `kubectl apply --dry-run=client` to validate changes
-- **Monitor resource status**: Check resource status after applying changes
+- **Monitor resource status**: Check resource status after you apply changes
 - **Follow naming conventions**: Use consistent naming for easier management
 - **Document configurations**: Add annotations and labels to describe resource purpose
diff --git a/content/operate/kubernetes/reference/api/_index.md b/content/operate/kubernetes/reference/api/_index.md
@@ -0,0 +1,56 @@
+---
+title: API reference
+categories:
+- docs
+- operate
+- kubernetes
+linkTitle: API reference
+description: Reference documentation for Redis Enterprise operator APIs
+weight: 30
+alwaysopen: false
+hideListLinks: true
+aliases:
+---
+
+The Redis Enterprise operator provides Kubernetes custom resource definitions (CRDs) that let you manage Redis Enterprise clusters and databases declaratively. This section contains the complete API reference for all operator resources.
+
+## API versions and stability
+
+The operator uses different API versions to indicate stability and feature maturity:
+
+- **`app.redislabs.com/v1`** - Stable APIs for production use
+- **`app.redislabs.com/v1alpha1`** - Alpha APIs that may change in future releases
+
+## Custom resources
+
+| Resource | API Version | Purpose |
+|----------|-------------|---------|
+| [RedisEnterpriseCluster (REC)](redis_enterprise_cluster_api) | `v1` | Manages Redis Enterprise cluster deployments |
+| [RedisEnterpriseDatabase (REDB)](redis_enterprise_database_api) | `v1alpha1` | Creates and configures Redis databases |
+| [RedisEnterpriseActiveActiveDatabase (REAADB)](redis_enterprise_active_active_database_api) | `v1alpha1` | Sets up active-active databases across clusters |
+| [RedisEnterpriseRemoteCluster (RERC)](redis_enterprise_remote_cluster_api) | `v1alpha1` | Defines remote cluster connections for active-active |
+
+## Working with the APIs
+
+### Using kubectl
+
+Manage all resources using standard `kubectl` commands:
+
+```bash
+# List all Redis Enterprise clusters
+kubectl get rec
+
+# Get detailed information about a specific database
+kubectl describe redb my-database
+
+# Apply a configuration from a YAML file
+kubectl apply -f my-redis-config.yaml
+```
+
+### Resource relationships
+
+- Create a `RedisEnterpriseCluster` (REC) first to provide the Redis Enterprise infrastructure
+- Create `RedisEnterpriseDatabase` (REDB) resources within a cluster to provision individual databases
+- Use `RedisEnterpriseActiveActiveDatabase` (REAADB) with `RedisEnterpriseRemoteCluster (RERC)` resources to define participating clusters
+
+For complete YAML configuration examples, see the [YAML examples](../yaml/) section.
diff --git a/...ubernetes-api-reference-frontmatter.patch → ...ubernetes-api-reference-frontmatter.patch b/...ubernetes-api-reference-frontmatter.patch → ...ubernetes-api-reference-frontmatter.patch
diff --git a/...ce/kubernetes-api-reference-template.tmpl → ...pi/kubernetes-api-reference-template.tmpl b/...ce/kubernetes-api-reference-template.tmpl → ...pi/kubernetes-api-reference-template.tmpl
diff --git a/..._enterprise_active_active_database_api.md → ..._enterprise_active_active_database_api.md b/..._enterprise_active_active_database_api.md → ..._enterprise_active_active_database_api.md
diff --git a/...reference/redis_enterprise_cluster_api.md → ...rence/api/redis_enterprise_cluster_api.md b/...reference/redis_enterprise_cluster_api.md → ...rence/api/redis_enterprise_cluster_api.md
diff --git a/...eference/redis_enterprise_database_api.md → ...ence/api/redis_enterprise_database_api.md b/...eference/redis_enterprise_database_api.md → ...ence/api/redis_enterprise_database_api.md
diff --git a/...ce/redis_enterprise_remote_cluster_api.md → ...pi/redis_enterprise_remote_cluster_api.md b/...ce/redis_enterprise_remote_cluster_api.md → ...pi/redis_enterprise_remote_cluster_api.md
diff --git a/content/operate/kubernetes/reference/supported_k8s_distributions.md b/content/operate/kubernetes/reference/supported_k8s_distributions.md
@@ -7,10 +7,10 @@ categories:
 - kubernetes
 description: Support matrix for the current Redis Enterprise K8s operator
 linkTitle: Supported distributions
-weight: 30
+weight: 10
 ---
 
-Each release of Redis Enterprise for Kubernetes is thoroughly tested against a set of Kubernetes distributions. The table below lists Redis Enterprise for Kubernetes versions and the Kubernetes distributions they support.
+We thoroughly test each release of Redis Enterprise for Kubernetes against a set of Kubernetes distributions. The table below lists Redis Enterprise for Kubernetes versions and the Kubernetes distributions they support.
 
 {{<note>}}x86 is currently the only computer architecture supported by Redis Enterprise for Kubernetes. Support for ARM architecture is coming in future releases.{{</note>}}