Helm chart parameters
The following list describes the available settings for the VerticaDB operator and admission controller Helm chart:
affinity
- Applies rules that constrain the VerticaDB operator to specific nodes. It is more expressive than
nodeSelector
. If this parameter is not set, then the operator uses no affinity setting. image.name
- Name of the image that runs the operator.
Default: vertica/verticadb-operator:
version
imagePullSecrets
- List of Secrets that store credentials to authenticate to the private container repository specified by
image.repo
andrbac_proxy_image
. For details, see Specifying ImagePullSecrets in the Kubernetes documentation. image.repo
- Server that hosts the repository that contains
image.name
. Use this parameter for deployments that require control over a private hosting server, such as an air-gapped operator.Use this parameter with
rbac_proxy_image.name
andrbac_proxy_image.repo
.Default: docker.io
logging.filePath
- Path to a log file in the VerticaDB operator filesystem. If this value is not specified, Vertica writes logs to standard output.
Default: Empty string (' ') that indicates standard output.
logging.level
- Minimum logging level. This parameter accepts the following values:
-
debug
-
info
-
warn
-
error
Default: info
-
logging.maxFileSize
- When
logging.filePath
is set, the maximum size in MB of the logging file before log rotation occurs.Default: 500
logging.maxFileAge
- When
logging.filePath
is set, the maximum age in days of the logging file before log rotation deletes the file.Default: 7
logging.maxFileRotation
- When
logging.filePath
is set, the maximum number of files that are kept in rotation before the old ones are removed.Default: 3
nameOverride
- Sets the prefix for the name assigned to all objects that the Helm chart creates.
If this parameter is not set, each object name begins with the name of the Helm chart,
verticadb-operator
. nodeSelector
- Controls which nodes are used to schedule the operator pod. If this is not set, the node selector is omitted from the operator pod when it is created. To set this parameter, provide a list of key/value pairs.
The following example schedules the operator only on nodes that have the
region=us-east
label:nodeSelector: region: us-east
priorityClassName
- PriorityClass name assigned to the operator pod. This affects where the pod is scheduled.
prometheus.createProxyRBAC
- When set to true, creates role-based access control (RBAC) rules that authorize access to the operator's
/metrics
endpoint for the Prometheus integration.Default: true
prometheus.createServiceMonitor
-
Deprecated
This parameter is deprecated and will be removed in a future release.When set to true, creates the ServiceMonitor custom resource for the Prometheus operator. You must install the Prometheus operator before you set this to true and install the Helm chart.
For details, see the Prometheus operator GitHub repository.
Default: false
prometheus.expose
- Configures the operator's
/metrics
endpoint for the Prometheus integration. The following options are valid:-
EnableWithAuthProxy: Creates a new service object that exposes an HTTPS
/metrics
endpoint. The RBAC proxy controls access to the metrics. -
EnableWithoutAuth: Creates a new service object that exposes an HTTP
/metrics
endpoint that does not authorize connections. Any client with network access can read the metrics. -
Disable: Prometheus metrics are not exposed.
Default: EnableWithAuthProxy
-
prometheus.tlsSecret
- Secret that contains the TLS certificates for the Prometheus
/metrics
endpoint. You must create this Secret in the same namespace that you deployed the Helm chart.The Secret requires the following values:
-
tls.key: TLS private key
-
tls.crt: TLS certificate for the private key
-
ca.crt: Certificate authority (CA) certificate
To ensure that the operator uses the certificates in this parameter, you must set
prometheus.expose
toEnableWithAuthProxy
.If
prometheus.expose
is not set toEnableWithAuthProxy
, then this parameter is ignored, and the RBAC proxy sidecar generates its own self-signed certificate. -
rbac_proxy_image.name
- Name of the Kubernetes RBAC proxy image that performs authorization. Use this parameter for deployments that require authorization by a proxy server, such as an air-gapped operator.
Use this parameter with
image.repo
andrbac_proxy_image.repo
.Default: kubebuilder/kube-rbac-proxy:v0.11.0
rbac_proxy_image.repo
- Server that hosts the repository that contains
rbac_proxy_image.name
. Use this parameter for deployments that perform authorization by a proxy server, such as an air-gapped operator.Use this parameter with
image.repo
andrbac_proxy_image.name
.Default: gcr.io
reconcileConcurrency.verticaautoscaler
- Number of concurrent reconciliation loops the operator runs for all VerticaAutoscaler CRs in the cluster.
reconcileConcurrency.verticadb
- Number of concurrent reconciliation loops the operator runs for all VerticaDB CRs in the cluster.
reconcileConcurrency.verticaeventtrigger
- Number of concurrent reconciliation loops the operator runs for all EventTrigger CRs in the cluster.
resources.limits
andresources.requests
- The resource requirements for the operator pod.
resources.limits
is the maximum amount of CPU and memory that an operator pod can consume from its host node.resources.requests
is the maximum amount of CPU and memory that an operator pod can request from its host node.Defaults:
resources: limits: cpu: 100m memory: 750Mi requests: cpu: 100m memory: 20Mi
serviceAccountAnnotations
- Map of annotations that is added to the service account created for the operator.
serviceAccountNameOverride
- Controls the name of the service account created for the operator.
tolerations
- Any taints and tolerations that influence where the operator pod is scheduled.
webhook.certSource
- How TLS certificates are provided for the admission controller webhook. This parameter accepts the following values:
-
internal: The VerticaDB operator internally generates a self-signed, 10-year expiry certificate before starting the managing controller. When the certificate expires, you must manually restart the operator pod to create a new certificate.
-
secret: You generate the custom certificates before you create the Helm chart and store them in a Secret. This option requires that you set
webhook.tlsSecret
.If
webhook.tlsSecret
is set, then this option is implicitly selected.
Default: internal
For details, see Installing the VerticaDB operator.
-
webhook.enable
-
Deprecated
This parameter is deprecated and will be removed in a future release. The VerticaDB and admission controller require cluster administrator privileges. For details, see Installing the VerticaDB operator.Whether the Helm chart installs the admission controller webhooks for the Custom resource definitions. If you do not have the privileges required to install the admission controller, set this value to false to deploy the operator only.
This parameter enables or disables both webhooks. You cannot enable one webhook and disable the other.
Caution
Webhooks prevent invalid state changes to the custom resource. Running Vertica on Kubernetes without webhook validations might result in invalid state transitions.Default: true
webhook.tlsSecret
- Secret that contains a PEM-encoded certificate authority (CA) bundle and its keys.
The CA bundle validates the webhook's server certificate. If this is not set, the webhook uses the system trust roots on the apiserver.
This Secret includes the following keys for the CA bundle:
-
tls.key
-
ca.crt
-
tls.crt
-