All notable changes to this project will be documented in this file.
The file is generated by Changie.
- #474 Allow use of GSM for superuser password secret
- #458 Allow use of GSM for communal credential secret
- #460 Fix the db existence check in the operator
- #418 Ensure vbr can find rsync. This will be available in server versions 23.3.0 and higher.
- #414 SSH secret mounting improvements
- #411 Fix timing that causes db add node before install
- #409 Enable EventTrigger webhook
- #408 Avoid infinite reconcile if subclusters share svc
- #390 Start http server if httpServerMode changes in the VerticaDB
- #392 Additional ports added to headless service. This is to support istio with TPROXY and strict mTLS.
- #385 Support emptyDir as a volume for the depot
- #377 New EventTrigger CRD to create Jobs for status changes in the VerticaDB
- #372 Allow any vertica server config parameter to be set in the CR
- #372 Support for s3 server side encryption
- #399 Uplift go-restful package to address security vulnerability
- #398 Reuse node names when installing new k8s pods
- #396 Avoid mounting dbadmin password if not needed
- #394 Allow app.kubernetes.io/name to be overridden
- #369 Fix helm install without cluster admin priv
- #362 Support subcluster names with underscores, such as default_subcluster.
- #360 Run rebalance shards on new subcluster created in a v11 database that was migrated from enterprise
- #353 Setup keys for client side agent access
- #349 Backdoor to run the Vertica agent. This is to be used for development purposes only.
- #342 The default value for spec.httpServerMode is to enable the http server in server versions 12.0.4 or newer.
- #343 Remove keys from the vertica-k8s container. This will be available in the first server version after 12.0.4.
- #345 Regression in 1.10.0 that prevents the operator from restarting vertica if the pod has sidecars.
- #337 Add config knob for pod-level securityContext of vertica pod's
- #328 Allow scheduling rules for operator pod
- #325 Add startupProbe and livenessProbe for the server
- #320 Add an init program to the vertica-k8s container to reap zombies. This will be available in server versions 12.0.4 and higher.
- #332 Allow revive when local paths aren't known
- #323 Use 12.0.3 as default vertica server image
- #320 Use fsGroup security policy so that mounted PVs have write access for dbadmin
- #320 Support for Vertica server 11.0.0. New minimum version it supports is 11.0.1.
- #309 Allow the readinessProbe to be configured
- #308 Allow posix path as communal path
- #300 Include a label in the operator's Prometheus metrics to identify the database uniquely
- #290 Exposed the http port in the service object
- #287 Allow authorization to /metrics endpoint with TLS certificates
- #304 Prometheus metrics for subcluster to include label for subcluster oid rather than subcluster name
- #296 Moved to operator-sdk v1.25.2
- #290 Renamed spec.httpServerSecret in VerticaDB to spec.httpServerTLSSecret
- #287 Default value for prometheus.createRBACProxy helm chart parameter is now true
- #287 prometheus.createServiceMonitor helm chart parameter
- #301 Don't start the metric endpoint if metrics are disabled
- #299 Remove metrics for subclusters when VerticaDB is deleted
- #292 Extend the internal timeout for admintools to allow a slow revive to succeed
- #291 vdb-gen to handle db's that don't have authentication parms for communal storage
- #257 Run the operator with readOnlyRootFilesystem set to true
- #265 Allow IAM authentication to communal storage
- #274 Allow catalog path to be specified in VerticaDB
- #282 Ability to skip package install during create db
- #254 Moved to operator-sdk v1.23.0
- #266 Helm install with serviceAccountNameOverride will add roles/rolebindings
- #268 Default TLS cert for webhook is now generated internally rather than through cert-manager.
- #273 Allow webhook CA bundle to be taken from secret instead of helm chart parameter
- #258 Don't interrupt a slow Vertica startup
- #259 Hide communal credentials from the operator log
- #262 The vdbgen tool should be able to set ksafety, image and requestSize, when needed, to appropriate values taken from the database
- #264 Allow environment variables to flow down to Vertica process
- #271 Some pods may fail to run for a server upgrade change
- #270 Upgrade operator and server together may cause admintools to fail in the container due to lack of EULA acceptance
- #275 Allow local paths to share the same mount point
- #280 Operator pod readiness probe to wait for webhook
- #283 Improve the stability of the operator in big clusters
- #230 Allow vstack and cores to be taken in the container
- #232 Ability to override the names of k8s objects in helm chart
- #244 Automated resize of the PV
- #246 Add feature gate to try out the experimental http server
- #248 Support for Java UDx's in the full Vertica image
- #250 Added e2e-udx testsuite to the CI
- #238 Moved to operator-sdk v1.22.2
- #239 GitHub CI overhaul
- #245 Update server container base image to Ubuntu focal-20220801
- #233 Allow Vertica upgrade from 11.x to 12.x.
- #234 Update app.kubernetes.io/version in all objects when upgrading the operator
- #234 Prevent the need to restart the pods when the operator is upgraded
- #234 Allow operator upgrade from <= 1.1.0
- #235 Helm chart parm 'prometheus.createProxyRBAC' missed a required manifest
- #247 Add webhook rule to prevent use of restricted paths for local paths (data or depot)
- #224 Allow spread communication encryption to be set in the VerticaDB CR
- #227 Warning message if v12.0.0 server and cgroups v2
- #218 Use limits for pod when running admintools
- #219 Include zlib dev package in vertica-k8s image
- #223 Renamed Prometheus metrics exposed through the operator
- #206 Push down more state into /etc/podinfo
- #202 Log events when shard/node ratio is not optimal
- #199 Add new prometheus metrics for the operator
- #198 Expose prometheus service for operator
- #195 Integrate autoscaler with VerticaDB
- #214 Move to operator-sdk v1.21.0
- #204 Prevent requeueTime/upgradeRequeueTime from being negative in the webhook
- #203 Don't clear out installed/dbadded state for pods when they are pending
- #202 When creating the db, we should also choose the first primary subcluster
- #201 Improved handling for pending pods
- #189 Additional subcluster options to better customize network load balancers
- #170 Helm parameters to allow deployment of the operator from private registries
- #183 Scale down will drain active connections before removing pod
- #171 Allow existing serviceaccount to be used
- #168 Added ability to configure RequeueAfter for upgrade reconciles. This delay can be specified through '.spec.upgradeRequeueTime' parameter. Prior to this, an online upgrade could wait upto 20 minutes before retrying.
- #187 Change server container base image to ubuntu
- #188 Set the minimum TLS version of the webhook to TLS 1.3
- #166 Batch 'admintools -t db_add_node' for faster scale up
- #165 Move to operator-sdk v1.18.0
- #191 Allow database names with uppercase characters
- #186 Handle the scenario when restart is needed because the StatefulSets were deleted. We ensure the necessary k8s objects are created before driving restart.
- #178 Avoid a second cluster restart after offline upgrade has completed successfully.
- #176 Upgrade path detection should allow skipping service packs
- #164 Order the environment variables that were converted from annotations. Prior to this fix, it was quite easy to get the statefulset controller to go into a repeated rolling upgrade. The order ensures the statefulset doesn't appear to change between reconcile cycles.
- #161 Tolerate slashes being at the end of the communal endpoint url
- #146 All annotations in the CR will be converted to environment variables in the containers.
- #150 Allow multiple subclusters to share the same Service object
- #150 Support for an online upgrade policy
- #143 New helm parameters to control the logging level and log path location for the operator pod
- #81 Support for RedHat OpenShift 4.8+
- #151 Subcluster names with hyphens were prevented from being the default subcluster. This caused issues when creating the database and removal of subclusters.
- #87 Support for Azure Blob Storage (azb://) as a communal endpoint.
- #87 Support for Google Cloud Storage (gs://) as a communal endpoint.
- #87 Support for HDFS (webhdfs://) as a communal endpoint.
- #88 Support for HDFS (swebhdfs://) as a communal endpoint.
- #89 Added the ability to specify custom volume mounts for use within the Vertica container.
- #91 Support for Kerberos authentication
- #94 Ability to specify custom ssh keys
- #59 New initPolicy called ScheduleOnly. Use this policy when you have a vertica cluster running outside of Kubernetes and you want to provision new nodes to run inside Kubernetes. Most of the automation is disabled when running in this mode.
- #88 Removed support for Vertica 10.1.1. The operator only supports Vertica 11.0.0 or higher.
- #90 Timing with scale down that can cause corruption in admintools.conf
- #99 The RollingUpdate strategy can kick-in after an image change causing pods in the cluster to restart again.
- #101 The image change can be marked complete before we finish the restart of the pods.
- #113 Restart of a cluster that has nodes in read-only state. This is needed to run the operator with Vertica version 11.0.2 or newer.
- #42 Added the ability to specify custom volumes for use within sidecars.
- #57 Added the ability to specify a custom CA file to authenticate s3 communal storage over https. Previously https was only allowed for AWS.
- #54 Added the ability to mount additional certs in the Vertica container. These certs can be specified through the new '.spec.certSecrets' parameter.
- #39 Calls to update_vertica are removed. The operator will modify admintools.conf for install/uninstall now. This speeds up the time it takes to scale out.
- #43 Start the admission controller webhook as part of the operator pod. This removes the helm chart and container for the webhook. To order to use the webhook with the namespace scoped operator, the NamespaceDefaultLabelName feature gate must be enabled (on by default in 1.21+) or the namespace must have the label 'kubernetes.io/metadata.name=' set.
- #46 Relax the dependency that the webhook requires cert-manager. The default behaviour is to continue to depend on cert-manager. But we now allow custom certs to be added through new helm chart parameters.
- #51 The operator automatically follows the upgrade procedure when the '.spec.image' is changed. This removes the upgrade-vertica.sh script that previously handled this outside of the operator.
- #47 Communal storage on AWS s3. The timeouts the operator had set were too low preventing a create DB from succeeding.
- #58 Increased the memory limit for the operator pod and made it configurable as a helm parameter.
- #61 Allow the AWS region to be specified in the CR.
- Kubernetes operator (verticadb-operator) added to manage the lifecycle of a Vertica cluster
- helm chart (verticadb-operator) added to install the operator
- helm chart (verticadb-webhook) added to install the admission controller webhook
- Standalone tool (vdb-gen) that can be used to create a CR from a database for the purpose of migrating it to Kubernetes.
- helm chart (vertica) was removed as it was made obsolete by the verticadb-operator
- Helm chart (vertica) for statefulset deployment