Release notes for CloudNativePG 1.15

History of user-visible changes in the 1.15 minor release of CloudNativePG.

For a complete list of changes, please refer to the commits on the release branch in GitHub.

Warning

Version 1.15 has reached End-of-Life (EOL). Version 1.15.5 is the last that will be released for the 1.15 minor version.

Version 1.15.5

Release date: Oct 6, 2022

Enhancements:

  • Introduce leaseDuration and renewDeadline parameters in the controller manager to enhance configuration of the leader election in operator deployments (#759)
  • Improve the mechanism that checks that the backup object store is empty before archiving a WAL file for the first time: a new file called .check-empty-wal-archive is placed in the PGDATA immediately after the cluster is bootstrapped and it is then removed after the first WAL file is successfully archived

Security:

  • Explicitly set permissions of the instance manager binary that is copied in the distroless/static:nonroot container image, by using the nonroot:nonroot user (#754)

Fixes:

  • Make the cluster's conditions compatible with metav1.Conditions struct (#720)
  • Drop any active connection on a standby after it is promoted to primary (#737)
  • Honor MAPPEDMETRIC and DURATION metric types conversion in the native Prometheus exporter (#765)

Version 1.15.4

Release date: Sep 6, 2022

Enhancements:

  • Enable configuration of low-level network TCP settings in the PgBouncer connection pooler implementation (#584)
  • Make sure that the cnpg.io/instanceName and the cnpg.io/podRole labels are always present on pods and PVCs (#632 and #680)
  • Propagate the role label of an instance to the underlying PVC (#634)

Fixes:

  • Prevent multiple in-place upgrade processes of the operator from running simultaneously by atomically checking whether another one is in progress (#655)
  • Avoid using a hardcoded file name to store the newly uploaded instance manager, preventing a possible race condition during online upgrades of the operator (#660)
  • Prevent a panic from happening when invoking GetAllAccessibleDatabases (#641)

Version 1.15.3

Release date: Aug 12, 2022

Enhancements:

  • Enable the configuration of the huge_pages option for PostgreSQL (#456)
  • Enhance log during promotion and demotion, after a failover or a switchover, by printing the time elapsed between the request of promotion and the actual availability for writes (#371)
  • Add the instanceName and clusterName labels on jobs, pods, and PVCs to improve interaction with these resources (#534)
  • Add instructions on how to create PostGIS clusters (#570)

Security:

  • Explicitly assign securityContext to the Pooler deployment (#485)
  • Add read timeout values to the internal web servers to prevent Slowloris DDoS (#437)

Fixes:

  • Use the correct delays for restarts (stopDelay) and for switchover (switchoverDelay), as they were erroneously swapped before. This is an important fix, as it might block indefinitely restarts if switchoverDelay is not set and uses the default value of 40000000 seconds (#531)
  • Prevent the metrics collector from causing panic when the query returns an error (#396)
  • Removing an unsafe debug message that was referencing an unchecked pointer, leading in some cases to segmentation faults regardless of the log level (#491)
  • Prevent panic when fencing in case the cluster had no annotation (#512)
  • Avoid updating the CRD if a TLS certificate is not changed (#501)
  • Handle conflicts while injecting a certificate in the CRD (#547)
  • Backup and recovery:
    • Correctly pass object store credentials in Google Cloud (#454)

Minor changes:

  • Set the default operand image to PostgreSQL 14.5

Version 1.15.2

Release date: Jul 7, 2022 (patch release)

Enhancements:

  • Improve logging of the instance manager during switchover and failover
  • Require Barman >= 3.0.0 for future support of PostgreSQL 15 in backup and recovery

Changes:

  • Set the default operand image to PostgreSQL 14.5

Fixes:

  • Fix the initialization order inside the WithActiveInstance function that starts the CSV log pipe for the PostgreSQL server, ensuring proper logging in the cluster initialization phase - this is especially useful in bootstrap operations like recovery from a backup are failing (before this patch, such logs were not sent to the standard output channel and were permanently lost)
  • Avoid an unnecessary switchover when a hot standby sensitive parameter is decreased, and the primary has already restarted
  • Properly quote role names in ALTER ROLE statements
  • Backup and recovery:
    • Fix the algorithm detecting the closest Barman backup for PITR, which was comparing the requested recovery timestamp with the backup start instead of the end
    • Fix Point in Time Recovery based on a transaction ID, a named restore point, or the “immediate” target by providing a new field called backupID in the recoveryTarget section
    • Fix encryption parameters invoking barman-cloud-wal-archive and barman-cloud-backup commands
    • Stop ignoring barmanObjectStore.serverName option when recovering from a backup object store using a server name that doesn’t match the current cluster name
  • cnpg plug-in:
    • Make sure that the plug-in complies with the -n parameter when specified by the user
    • Fix the status command to sort results and remove variability in the output

Version 1.15.1

Release date: May 27, 2022 (patch release)

Minor changes:

  • Enable configuration of the archive_timeout setting for PostgreSQL, which was previously a fixed parameter (by default set to 5 minutes)
  • Introduce a new field called backupOwnerReference in the scheduledBackup resource to set the ownership reference on the created backup resources, with possible values being none (default), self (objects owned by the scheduled backup object), and cluster (owned by the Postgres cluster object)
  • Introduce automated collection of pg_stat_wal metrics for PostgreSQL 14 or higher in the native Prometheus exporter
  • Set the default operand image to PostgreSQL 14.5

Fixes:

  • Fix fencing by killing orphaned processes related to postgres
  • Enable the CSV log pipe inside the WithActiveInstance function to collect logs from recovery bootstrap jobs and help in the troubleshooting phase
  • Prevent bootstrapping a new cluster with a non-empty backup object store, removing the risk of overwriting existing backups
  • With the recovery bootstrap method, make sure that the recovery object store and the backup object store are different to avoid overwriting existing backups
  • Re-queue the reconciliation loop if the RBAC for backups is not yet created
  • Fix an issue with backups and the wrong specification of the cluster name property
  • Ensures that operator pods always have the latest certificates in the case of a deployment of the operator in high availability, with more than one replica
  • Fix the cnpg report operator command to correctly handle the case of a deployment of the operator in high availability, with more than one replica
  • Properly propagate changes in the cluster’s inheritedMetadata set of labels and annotations to the related resources of the cluster without requiring a restart
  • Fix the cnpg plugin to correctly parse any custom configmap and secret name defined in the operator deployment, instead of relying just on the default values
  • Fix the local building of the documentation by using the minidocks/mkdocs image for mkdocs

Version 1.15.0

Release date: 21 April 2022

Features:

  • Fencing: Introduction of the fencing capability for a cluster or a given set of PostgreSQL instances through the cnpg.io/fencedInstances annotation, which, if not empty, disables switchover/failovers in the cluster; fenced instances are shut down and the pod is kept running (while considered not ready) for inspection and emergencies
  • LDAP authentication: Allow LDAP Simple Bind and Search+Bind configuration options in the pg_hba.conf to be defined in the Postgres cluster spec declaratively, enabling the optional use of Kubernetes secrets for sensitive options such as ldapbindpasswd
  • Introduction of the primaryUpdateMethod option, accepting the values of switchover (default) and restart, to be used in case of unsupervised primaryUpdateStrategy; this method controls what happens to the primary instance during the rolling update procedure
  • New report command in the kubectl cnp plugin for better diagnosis and more effective troubleshooting of both the operator and a specific Postgres cluster
  • Prune those Backup objects that are no longer in the backup object store
  • Specification of target timeline and LSN in Point-In-Time Recovery bootstrap method
  • Support for the AWS_SESSION_TOKEN authentication token in AWS S3 through the sessionToken option
  • Default image name for PgBouncer in Pooler pods set to quay.io/enterprisedb/pgbouncer:1.17.0

Fixes:

  • Base backup detection for Point-In-Time Recovery via targetTime correctly works now, as previously a target prior to the latest available backup was not possible (the detection algorithm was always wrong by selecting the last backup as a starting point)
  • Improved resilience of hot standby sensitive parameters by relying on the values the operator collects from pg_controldata
  • Intermediate certificates handling has been improved by properly discarding invalid entries, instead of throwing an invalid certificate error
  • Prometheus exporter metric collection queries in the databases are now committed instead of rolled back (this might result in a change in the number of rolled back transactions that are visible from downstream dashboards, where applicable)

Version 1.15.0 is the first release of CloudNativePG. Previously, this software was called EDB Cloud Native PostgreSQL (now EDB Postgres for Kubernetes). If you are looking for information about a previous release, please refer to the EDB documentation.