content/operate/kubernetes/active-active/global-config.md
The Redis Enterprise Active-Active database (REAADB) custom resource contains the field .spec.globalConfigurations. This field sets configurations for the Active-Active database across all participating clusters, such as memory size, shard count, and the global database secrets.
The [REAADB API reference]({{<relref "/operate/kubernetes/reference/api/redis_enterprise_active_active_database_api">}}) contains a full list of available fields.
Edit or patch the REAADB custom resource with your global configuration changes.
The example command below patches the REAADB named reaadb-boeing to set the global memory size to 200MB:
kubectl patch reaadb reaadb-boeing --type merge --patch \
'{"spec": {"globalConfigurations": {"memorySize": "200mb"}}}'
Verify the status is active and the spec status is Valid.
This example shows the status for the reaadb-boeing database.
kubectl get reaadb reaadb-boeing
NAME STATUS SPEC STATUS GLOBAL CONFIGURATIONS REDB LINKED REDBS
reaadb-boeing active Valid
View the global configurations on each participating cluster to verify they are synced.
kubectl get reaadb <reaadb-name> -o yaml
This section edits the secrets under the REAADB .spec.globalConfigurations section. For more information and all available fields, see the [REAADB API reference]({{<relref "/operate/kubernetes/reference/api/redis_enterprise_active_active_database_api">}}).
On an existing participating cluster, generate a YAML file containing the database secret with the relevant data.
This example shoes a secret named my-db-secret with the password my-password encoded in base 64.
apiVersion: v1
data:
password: bXktcGFzcw
kind: Secret
metadata:
name: my-db-secret
type: Opaque
Apply the secret file from the previous step, substituting your own value for <db-secret-file>.
kubectl apply -f <db-secret-file>
Patch the REAADB custom resource to specify the database secret, substituting your own values for <reaadb-name> and <secret-name>.
kubectl patch reaadb <reaadb-name> --type merge --patch \
'{"spec": {"globalConfigurations": {"databaseSecretName": "secret-name"}}}'
Check the REAADB status for an active status and Valid spec status.
kubectl get reaadb <reaadb-name>
NAME STATUS SPEC STATUS GLOBAL CONFIGURATIONS REDB LINKED REDBS
reaadb-boeing active Valid
On each other participating cluster, check the secret status.
kubectl get reaadb <reaadb-name> -o=jsonpath='{.status.secretsStatus}'
The output should show the status as Invalid.
[{"name":"my-db-secret","status":"Invalid"}]
Sync the secret on each participating cluster.
kubectl apply -f <db-secret-file>
Repeat the previous two steps on every participating cluster.
You can configure role-based access control (RBAC) permissions for Active-Active databases using the rolesPermissions field in the REAADB .spec.globalConfigurations section. The role permissions configuration is propagated across all participating clusters, but the underlying roles and Redis ACLs must be manually created on each cluster.
{{<note>}}You must manually create the specified roles and Redis ACLs on all participating clusters before configuring role permissions. The operator only propagates the role permissions configuration—it does not create the underlying roles and ACLs. If roles or ACLs are missing on any cluster, the operator will log errors and dispatch an Event associated with the REAADB object until they are manually created.{{</note>}}
Before configuring role permissions:
{{<warning>}}The operator does not automatically create or synchronize roles and ACLs across clusters. You are responsible for manually creating identical roles and ACLs on each participating cluster.{{</warning>}}
Create or update your REAADB custom resource to include rolesPermissions in the global configurations.
Example REAADB with role permissions:
apiVersion: app.redislabs.com/v1alpha1
kind: RedisEnterpriseActiveActiveDatabase
metadata:
name: reaadb-boeing
spec:
globalConfigurations:
databaseSecretName: <my-secret>
memorySize: 200MB
shardCount: 3
rolesPermissions:
- role: <role-name>
acl: <acl-name>
type: redis-enterprise
participatingClusters:
- name: rerc-ohare
- name: rerc-reagan
Replace <role-name> and <acl-name> with the exact names of your Redis Enterprise role and ACL.
Apply the REAADB custom resource:
kubectl apply -f <reaadb-file>
Alternatively, patch an existing REAADB to add role permissions:
kubectl patch reaadb <reaadb-name> --type merge --patch \
'{"spec": {"globalConfigurations": {"rolesPermissions": [{"role": "<role-name>", "acl": "<acl-name>", "type": "redis-enterprise"}]}}}'
After the REAADB is active and its replication status is "Up", verify role permissions are applied to the local database using the Redis Enterprise REST API. See [Database requests]({{<relref "/operate/rs/references/rest-api/requests/bdbs#get-bdbs">}}) for details.
If you encounter issues with role permissions:
For more details on the rolesPermissions field structure, see the [REAADB API reference]({{<relref "/operate/kubernetes/reference/api/redis_enterprise_active_active_database_api#specglobalconfigurationsrolespermissions">}}).