Installing the VerticaDB Operator

The custom resource definition (CRD), operator, and admission controller work together to maintain the state of your environment and provide task automation:

The CRD extends the Kubernetes API to provide custom objects. It serves as a blueprint for custom resource (CR) instances that specify the desired state of your environment.
The operator is a namespace-scoped custom controller that monitors custom resource instances to maintain the desired state of the custom resource objects.
The admission controller is a webhook that queries a REST endpoint to verify changes to mutable states in a custom resource instance.

Install the operator and admission controller from OperatorHub.io or with the Helm chart.

Prerequisites

Kubernetes 1.21.1 and higher
Helm 3.5.0 and higher
kubectl command line tool

Installing the CRD

The Vertica CRD is included when you install the VerticaDB Helm chart. If you do not have the privileges required to install the CRD, it is available for download as a YAML manifest:

$ kubectl apply -f https://github.com/vertica/vertica-kubernetes/releases/download/v1.2.0/verticadbs.vertica.com-crd.yaml

Installing from OperatorHub.io

OperatorHub.io is a registry that allows vendors to share Kubernetes operators. Each vendor must adhere to packaging guidelines to simplify user adoption.

To install the VerticaDB operator from OperatorHub.io, navigate to the Vertica operator page and follow the install instructions.

Installing the VerticaDB with Helm Charts

Vertica packages VerticaDB operator and admission controller in a Helm chart. Vertica on Kubernetes allows one operator instance per namespace.

Vertica recommends that you use Kubernetes 1.21.1 or later. Earlier versions require that you add the kubernetes.io/metadata.name=namespace-name label to each namespace that contains an operator.

Configuring TLS for the Admission Controller

Before you an install the VerticaDB Helm chart, you must configure TLS for the admission controller. The admission controller uses a webhook that requires TLS certificates for data encryption. Choose one of the following data encryption options:

cert-manager to generate and manage certificates
Custom certificates

By default, the custom resource uses cert-manager unless you provide custom certificates. You cannot install the VerticaDB operator Helm chart if you do not install cert-manager or provide custom certificates.

Installing cert-manager

cert-manager is available as a YAML manifest in a GitHub repository.

Use kubectl to install cert-manager:

$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.yaml

Installation might take a few minutes.

Verify the cert-manager installation:

$ kubectl get pods --namespace cert-manager
NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-7dd5854bb4-skks7              1/1     Running   5          12d
cert-manager-cainjector-64c949654c-9nm2z   1/1     Running   5          12d
cert-manager-webhook-6bdffc7c9d-b7r2p      1/1     Running   5          12d

For additional details about cert-manager install verification, see the cert-manager documentation.

Defining Custom Certificates

When you install the VerticaDB operator and admission controller Helm chart, you can pass parameters that customize the Helm chart. Use the --set option to pass individual settings, and use the -f option to pass a YAML-formatted file that contains multiple values.

To pass confidential information, use Secrets. The following command creates a Secret that stores the TLS key, TLS, certificate, and certificate authority (CA) certificate:

$ kubectl create secret generic tls-secret --from-file=tls.key=/path/to/tls.key --from-file=tls.crt=/path/to/tls.crt --from-file=ca.crt=/path/to/ca.crt

Use tls-secret when you install the VerticaDB operator and admission controller Helm chart.

Installing the Helm Chart

You must have cluster administrator privileges to complete the following steps. In addition, you must complete one of the following to configure TLS for the admission controller before installation:

Installing cert-manager
Defining Custom Certificates

The following steps use the tls-secret created in Defining Custom Certificates.

Add the Vertica helm charts to you repository. The following command installs the CRD Helm chart and names it vertica-charts for future reference:
```
$ helm repo add vertica-charts https://vertica.github.io/charts
```
Update your Helm repository to ensure that you are using the latest version of your repository:
```
$ helm repo update
```
Install the operator Helm chart, providing a name for the operator. The following command names the operator vdb-op:
```
$ helm install vdb-op vertica-charts/verticadb-operator
```