Containers and Kubernetes
v1 API version
The VerticaDB CRD uses the v1 API version. This API version manages deployments with vclusterops, a Go library that uses a high-level REST interface to administer the database with the Node Management Agent and HTTPS service. The v1beta1 API version is deprecated.
To upgrade your VerticaDB CRs to API version v1 with 24.1.0, you must migrate API versions. For details, see Upgrading Vertica on Kubernetes.
VerticaDB operator 2.0.0
The VerticaDB operator 2.0.0 is a cluster-scoped operator that can watch objects in any namespace within the cluster. This operator is compatible with both the v1 API version and the deprecated v1beta1 API version. In addition, the cluster administrator's workflow for granting user privileges with the 2.0.0 is streamlined.
For details about VerticaDB operator 2.0.0, see the following:
- Vertica images
- Installing the VerticaDB operator
- Upgrading the VerticaDB operator
- Upgrading Vertica on Kubernetes
- vertica/verticadb-operator Docker Hub repository.
Image updates
The minimal and full Vertica on Kubernetes images no longer include Administration tools (admintools) or static SSH keys that encrypt internal communications between pods.
For a list of all available images, see Vertica images and the Vertica Docker Hub repositories.
Changes to VerticaDB parameters
The following lists detail the changes to the VerticaDB custom resource definition parameters. For a complete list of the current parameters and annotations, see Custom resource definition parameters and Helm chart parameters.
New parameters
The following custom resource definition parameters were added:
tlsNMASecretserviceAccountName
The following Helm chart parameters were added:
serviceAccountAnnotationsserviceAccountNameOverridereconcileConcurrency.verticaautoscalerreconcileConcurrency.verticadbreconcileConcurrency.eventtrigger
Removed parameters
The following deprecated parameters were removed:
communal.kerberosServiceNamecommunal.kerberosRealm
You can use communal.additionalConfig in place of these parameters.
Renamed parameters
The following table describes the renamed parameters:
| Previous name | New name |
|---|---|
communal.hadoopConfig |
hadoopConfig |
httpNodePort |
verticaHTTPNodePort |
subclusters.isPrimary |
subclusters.type |
subclusters.nodePort |
subclusters.clientNodePort |
superuserPasswordSecret |
passwordSecret |
Converted to annotations
Some parameters were converted to annotations. The following table describes the annotation conversions:
| Parameter name | Annotation name |
|---|---|
ignoreClusterLease |
vertica.com/ignore-cluster-lease |
communal.includeUIDInPath |
vertica.com/include-uid-in-path |
restartTimeout |
vertica.com/restart-timeout |
New annotations
The following annotations were added:
vertica.com/run-nma-in-sidecarvertica.com/superuser-name
scrutinize diagnotics
You can run scrutinize to collect diagnostic information about your VerticaDB custom resource instance. This command creates a tar file that you can upload to Vertica support for troubleshooting assistance.
For details about scrutinize in a containerized environment, see scrutinize for VerticaDB.
Specify ServiceAccount in VerticaDB CR
The serviceAccountName parameter lets you associate a VerticaDB CR instance with a service account. For details, see Custom resource definition parameters.
Support Google Secret Manager
The VerticaDB operator can access Secrets that you store in Google Secret Manager. This lets you maintain a single location for the sensitive information that you use with Google Cloud and Vertica on Kubernetes.
For details, see Secrets management.
Support anyuid in RedHat OpenShift
Vertica supports the anyuid security context constraint (SCC) to enforce enhanced security measures. For details about Vertica and OpenShift, see Red Hat OpenShift integration.
Add custom UID and GID in VerticaDB CR
Set the runAsUser and runAsGroup parameters to use any value for the user ID (UID) or group ID (GID) with the VerticaDB CR. You must nest them under podSecurityContext.
For details, see Custom resource definition parameters.
Spread encryption enabled by default
The encryptSpreadComm custom resource definition (CRD) parameter was updated to enable Spread TLS by default. In addition, the parameter accepts new values to enable or clear spread encryption.
For details about the CRD parameter, see Custom resource definition parameters. For details about spread encryption, see Control channel Spread TLS.
Custom superuser name
You can set the superuser-name annotation to use a custom superuser name with your VerticaDB custom resource. For details, see Custom resource definition parameters.