All notable changes to this project will be documented in this file.
The file is generated by Changie.
- #734 Make it easier to integrate custom containers with VerticaScrutinize
- #735 Ensure proper service account for webhook rolebindings
- #733 Collect system table information when scrutinize is run
- #728 New CRD, VerticaScrutinize, to run and collect scrutinize data for a VerticaDB
- #728 New CRD, VerticaRestorePointsQuery, that will show the restore points that exist for the database
- #728 Ability to specify a restore point in the VerticaDB to revive from
- #722 Experimental support to run the operator on arm64
- #719 Allow namespace scoped operator deployment
- #717 Reinstall packages during upgrade
- #725 Default value for prometheus.expose helm chart is now Disable
- #719 The logging helm chart parameters, except logging.level, are deprecated and will be removed in a future release.
- #714 Surface event message when admintools deployment is selected with a v24.2.0 server
- #691 Configure createdb timeout by annotation vertica.com/createdb-timeout
- #683 Allow NMA health probes to be overridden with annotations
- #674 Set resources for NMA sidecar container
- #667 Add health probes to the NMA sidecar container
- #689 Support restricted SCC in OpenShift (depends on v24.2.0 server)
- #689 Auto detect NMA sidecar deployment and remove vertica.com/run-nma-in-sidecar annotation
- #667 Don't run vertica as a deamon process when deployed with the NMA sidecar container
- #689 s6-overlay init process in v2 server container to be released in v24.2.0.
- #702 Resolves the issue when Istio proxy sidecar is injected as the first container.
- #701 Avoid deploying the operator with default label
- #698 Ensure httpstls.json is generated for databases migrating to v24.1.0
- #685 Restart node when we have lost cluster quorum may cause the operator to restart
- #654 Support for running the NMA as a sidecar in 24.2.0 or newer.
- #636 Allow use of Amazon Secrets Manager for secret store
- #662 Drop CRD write permissions for OLM style deployments
- #653 Upgrade path detection now only blocks downgrades.
- #655 Better handling when remove node is interrupted
- #652 Improve resilency of create db in low resource environments.
- #650 Requeue reconcile iteration if dependent object is removed in the middle of a reconcile
- #644 Allow upgrades across deployments when ignoring upgrade paths
- #646 Fix for CVE-2023-48795
- #519 Add new v1 API for VerticaDB
- #563 Make the default deployment type for VertiacDB v1 API is vclusterops
- #618 Allow annotations to be added to the serviceAccount created through the helm chart.
- #611 Deploy the operator with kubectl command
- #597 Added a feature to allow the source of secrets to be specified with a secret path reference
- #577 Redirect startup.log to stdout
- #578 Ability to control the name of the superuser
- #521 Ability to specify pre-existing serviceAccount in the VerticaDB CR
- #624 Switched server container from ubuntu to rockylinux 9
- #590 Made 'spread channel encryption' a default behavior for database creation
- #556 Allow any uid/gid to be set for vertica pods
- #536 Enabling spread encryption no longer requires a cluster restart on server versions 23.3.0+.
- #524 Removed linux capabilities for vclusterOps deployments to make it easier to deploy in OpenShift
- #514 Change scope of operator from namespace to cluster
- #519 v1beta1 version of VerticaDB. Use v1 version now.
- #515 Deprecate the httpServerMode parameter in the VerticaDB CR
- #597 Removed the annotation "vertica.com/use-gcp-secret-manager"
- #519 webhook.caBundle helm chart parameter
- #508 Removed backdoor support for the Vertica agent
- #633 Online upgrade to account for terminating pods
- #620 Add webhook validation to prevent subcluster service names that violate rfc 1035
- #619 Speed up revive when local paths in VerticaDB differ with communal storage
- #594 Webhook to calculate k-safety using primary nodes only
- #552 Timing hole that can skip the drain for scale down.
- #574 Fix go project security vulnerabilities(GHSA-m425-mq94-257g, CVE-2023-39325, CVE-2023-3978)
- #474 Allow use of GSM for superuser password secret
- #458 Allow use of GSM for communal credential secret
- #460 Fix the db existence check in the operator
- #418 Ensure vbr can find rsync. This will be available in server versions 23.3.0 and higher.
- #414 SSH secret mounting improvements
- #411 Fix timing that causes db add node before install
- #409 Enable EventTrigger webhook
- #408 Avoid infinite reconcile if subclusters share svc
- #390 Start http server if httpServerMode changes in the VerticaDB
- #392 Additional ports added to headless service. This is to support istio with TPROXY and strict mTLS.
- #385 Support emptyDir as a volume for the depot
- #377 New EventTrigger CRD to create Jobs for status changes in the VerticaDB
- #372 Allow any vertica server config parameter to be set in the CR
- #372 Support for s3 server side encryption
- #399 Uplift go-restful package to address security vulnerability
- #398 Reuse node names when installing new k8s pods
- #396 Avoid mounting dbadmin password if not needed
- #394 Allow app.kubernetes.io/name to be overridden
- #369 Fix helm install without cluster admin priv
- #362 Support subcluster names with underscores, such as default_subcluster.
- #360 Run rebalance shards on new subcluster created in a v11 database that was migrated from enterprise
- #353 Setup keys for client side agent access
- #349 Backdoor to run the Vertica agent. This is to be used for development purposes only.
- #342 The default value for spec.httpServerMode is to enable the http server in server versions 12.0.4 or newer.
- #343 Remove keys from the vertica-k8s container. This will be available in the first server version after 12.0.4.
- #345 Regression in 1.10.0 that prevents the operator from restarting vertica if the pod has sidecars.
- #337 Add config knob for pod-level securityContext of vertica pod's
- #328 Allow scheduling rules for operator pod
- #325 Add startupProbe and livenessProbe for the server
- #320 Add an init program to the vertica-k8s container to reap zombies. This will be available in server versions 12.0.4 and higher.
- #332 Allow revive when local paths aren't known
- #323 Use 12.0.3 as default vertica server image
- #320 Use fsGroup security policy so that mounted PVs have write access for dbadmin
- #320 Support for Vertica server 11.0.0. New minimum version it supports is 11.0.1.
- #309 Allow the readinessProbe to be configured
- #308 Allow posix path as communal path
- #300 Include a label in the operator's Prometheus metrics to identify the database uniquely
- #290 Exposed the http port in the service object
- #287 Allow authorization to /metrics endpoint with TLS certificates
- #304 Prometheus metrics for subcluster to include label for subcluster oid rather than subcluster name
- #296 Moved to operator-sdk v1.25.2
- #290 Renamed spec.httpServerSecret in VerticaDB to spec.httpServerTLSSecret
- #287 Default value for prometheus.createRBACProxy helm chart parameter is now true
- #287 prometheus.createServiceMonitor helm chart parameter
- #301 Don't start the metric endpoint if metrics are disabled
- #299 Remove metrics for subclusters when VerticaDB is deleted
- #292 Extend the internal timeout for admintools to allow a slow revive to succeed
- #291 vdb-gen to handle db's that don't have authentication parms for communal storage
- #257 Run the operator with readOnlyRootFilesystem set to true
- #265 Allow IAM authentication to communal storage
- #274 Allow catalog path to be specified in VerticaDB
- #282 Ability to skip package install during create db
- #254 Moved to operator-sdk v1.23.0
- #266 Helm install with serviceAccountNameOverride will add roles/rolebindings
- #268 Default TLS cert for webhook is now generated internally rather than through cert-manager.
- #273 Allow webhook CA bundle to be taken from secret instead of helm chart parameter
- #258 Don't interrupt a slow Vertica startup
- #259 Hide communal credentials from the operator log
- #262 The vdbgen tool should be able to set ksafety, image and requestSize, when needed, to appropriate values taken from the database
- #264 Allow environment variables to flow down to Vertica process
- #271 Some pods may fail to run for a server upgrade change
- #270 Upgrade operator and server together may cause admintools to fail in the container due to lack of EULA acceptance
- #275 Allow local paths to share the same mount point
- #280 Operator pod readiness probe to wait for webhook
- #283 Improve the stability of the operator in big clusters
- #230 Allow vstack and cores to be taken in the container
- #232 Ability to override the names of k8s objects in helm chart
- #244 Automated resize of the PV
- #246 Add feature gate to try out the experimental http server
- #248 Support for Java UDx's in the full Vertica image
- #250 Added e2e-udx testsuite to the CI
- #238 Moved to operator-sdk v1.22.2
- #239 GitHub CI overhaul
- #245 Update server container base image to Ubuntu focal-20220801
- #233 Allow Vertica upgrade from 11.x to 12.x.
- #234 Update app.kubernetes.io/version in all objects when upgrading the operator
- #234 Prevent the need to restart the pods when the operator is upgraded
- #234 Allow operator upgrade from <= 1.1.0
- #235 Helm chart parm 'prometheus.createProxyRBAC' missed a required manifest
- #247 Add webhook rule to prevent use of restricted paths for local paths (data or depot)
- #224 Allow spread communication encryption to be set in the VerticaDB CR
- #227 Warning message if v12.0.0 server and cgroups v2
- #218 Use limits for pod when running admintools
- #219 Include zlib dev package in vertica-k8s image
- #223 Renamed Prometheus metrics exposed through the operator
- #206 Push down more state into /etc/podinfo
- #202 Log events when shard/node ratio is not optimal
- #199 Add new prometheus metrics for the operator
- #198 Expose prometheus service for operator
- #195 Integrate autoscaler with VerticaDB
- #214 Move to operator-sdk v1.21.0
- #204 Prevent requeueTime/upgradeRequeueTime from being negative in the webhook
- #203 Don't clear out installed/dbadded state for pods when they are pending
- #202 When creating the db, we should also choose the first primary subcluster
- #201 Improved handling for pending pods
- #189 Additional subcluster options to better customize network load balancers
- #170 Helm parameters to allow deployment of the operator from private registries
- #183 Scale down will drain active connections before removing pod
- #171 Allow existing serviceaccount to be used
- #168 Added ability to configure RequeueAfter for upgrade reconciles. This delay can be specified through '.spec.upgradeRequeueTime' parameter. Prior to this, an online upgrade could wait upto 20 minutes before retrying.
- #187 Change server container base image to ubuntu
- #188 Set the minimum TLS version of the webhook to TLS 1.3
- #166 Batch 'admintools -t db_add_node' for faster scale up
- #165 Move to operator-sdk v1.18.0
- #191 Allow database names with uppercase characters
- #186 Handle the scenario when restart is needed because the StatefulSets were deleted. We ensure the necessary k8s objects are created before driving restart.
- #178 Avoid a second cluster restart after offline upgrade has completed successfully.
- #176 Upgrade path detection should allow skipping service packs
- #164 Order the environment variables that were converted from annotations. Prior to this fix, it was quite easy to get the statefulset controller to go into a repeated rolling upgrade. The order ensures the statefulset doesn't appear to change between reconcile cycles.
- #161 Tolerate slashes being at the end of the communal endpoint url
- #146 All annotations in the CR will be converted to environment variables in the containers.
- #150 Allow multiple subclusters to share the same Service object
- #150 Support for an online upgrade policy
- #143 New helm parameters to control the logging level and log path location for the operator pod
- #81 Support for RedHat OpenShift 4.8+
- #151 Subcluster names with hyphens were prevented from being the default subcluster. This caused issues when creating the database and removal of subclusters.
- #87 Support for Azure Blob Storage (azb://) as a communal endpoint.
- #87 Support for Google Cloud Storage (gs://) as a communal endpoint.
- #87 Support for HDFS (webhdfs://) as a communal endpoint.
- #88 Support for HDFS (swebhdfs://) as a communal endpoint.
- #89 Added the ability to specify custom volume mounts for use within the Vertica container.
- #91 Support for Kerberos authentication
- #94 Ability to specify custom ssh keys
- #59 New initPolicy called ScheduleOnly. Use this policy when you have a vertica cluster running outside of Kubernetes and you want to provision new nodes to run inside Kubernetes. Most of the automation is disabled when running in this mode.
- #88 Removed support for Vertica 10.1.1. The operator only supports Vertica 11.0.0 or higher.
- #90 Timing with scale down that can cause corruption in admintools.conf
- #99 The RollingUpdate strategy can kick-in after an image change causing pods in the cluster to restart again.
- #101 The image change can be marked complete before we finish the restart of the pods.
- #113 Restart of a cluster that has nodes in read-only state. This is needed to run the operator with Vertica version 11.0.2 or newer.
- #42 Added the ability to specify custom volumes for use within sidecars.
- #57 Added the ability to specify a custom CA file to authenticate s3 communal storage over https. Previously https was only allowed for AWS.
- #54 Added the ability to mount additional certs in the Vertica container. These certs can be specified through the new '.spec.certSecrets' parameter.
- #39 Calls to update_vertica are removed. The operator will modify admintools.conf for install/uninstall now. This speeds up the time it takes to scale out.
- #43 Start the admission controller webhook as part of the operator pod. This removes the helm chart and container for the webhook. To order to use the webhook with the namespace scoped operator, the NamespaceDefaultLabelName feature gate must be enabled (on by default in 1.21+) or the namespace must have the label 'kubernetes.io/metadata.name=' set.
- #46 Relax the dependency that the webhook requires cert-manager. The default behaviour is to continue to depend on cert-manager. But we now allow custom certs to be added through new helm chart parameters.
- #51 The operator automatically follows the upgrade procedure when the '.spec.image' is changed. This removes the upgrade-vertica.sh script that previously handled this outside of the operator.
- #47 Communal storage on AWS s3. The timeouts the operator had set were too low preventing a create DB from succeeding.
- #58 Increased the memory limit for the operator pod and made it configurable as a helm parameter.
- #61 Allow the AWS region to be specified in the CR.
- Kubernetes operator (verticadb-operator) added to manage the lifecycle of a Vertica cluster
- helm chart (verticadb-operator) added to install the operator
- helm chart (verticadb-webhook) added to install the admission controller webhook
- Standalone tool (vdb-gen) that can be used to create a CR from a database for the purpose of migrating it to Kubernetes.
- helm chart (vertica) was removed as it was made obsolete by the verticadb-operator
- Helm chart (vertica) for statefulset deployment