Release notes for CloudNativePG 1.22
History of user-visible changes in the 1.22 minor release of CloudNativePG.
For a complete list of changes, please refer to the commits on the release branch in GitHub.
Version 1.22.5
Release date: Jul 29, 2024
Warning
This is expected to be the last release in the 1.22.X series. Users are encouraged to update to a newer minor version soon.
Enhancements:
- Add transparent support for PostgreSQL 17's
allow_alter_system
parameter, enabling or disabling theALTER SYSTEM
command through the.spec.postgresql.enableAlterSystem
option (#4921). - Introduce the
reconcilePodSpec
annotation on theCluster
andPooler
resources to control the restart of pods following a change in the Pod specification (#5069). - Support the new metrics introduced in PgBouncer 1.23 in the
Pooler
metrics collector (#5044).
Fixes:
- Enhance the mechanism for detecting Pods that have been terminated but not
deleted during an eviction process, and extend the cleanup process during
maintenance windows to include unschedulable Pods when the
reusePVC
flag is set to false (#2056). - Disable
pg_rewind
execution for newly created replicas that employ VolumeSnapshot during bootstrapping to avoid introducing a new shutdown checkpoint entry in the WAL files. This ensures that replicas can reconnect to the primary without issues, which would otherwise be hindered by the additional checkpoint entry (#5081). - Gracefully handle failures during the initialization of a new instance. Any remaining data from the failed initialization is now either removed or, if it's a valid PostgreSQL data directory, moved to a backup location to avoid possible data loss (#5112).
- Enhance the robustness of the immediate backups reconciler by implementing retry logic upon initial backup failure (#4982).
- Wait for the
postmaster
to shut down before starting it again (#4938). - Exclude immutable databases from
pg_database
metric monitoring and alerting processes (#4980). - Removed unnecessary permissions from the operator service account (#4911).
- Ensure the operator initiates a rollout of the
Pooler
instance when the operator image is upgraded (#5006) - Address race condition causing the readiness probe to incorrectly
show "not ready" after a PostgreSQL restart, even when the
postmaster
was accessible (#4920). - Prevent reconciliation of resources that aren't owned by a
Pooler
(#4967). - Renew the certificates managed by the operator when the DNS Subject Alternative Names (SANs) are updated (#3269, #3319).
- Set PVC default
AccessModes
in the template only when unspecified (#4845). - Gracefully handle unsatisfiable backup schedule (#5109).
cnpg
plugin:- Properly handle errors during the
status
command execution. - Support TLS in the
status
command (#4915).
Version 1.22.4
Release date: Jun 12, 2024
Warning
Version 1.22 is approaching its End-of-Life (EOL) on Jul 24, 2024. If you haven't already, please begin planning for an upgrade promptly to ensure continued support and security.
Enhancements:
-
Enabled configuration of standby-sensitive parameters during recovery using a physical backup (#4564)
-
Enabled the configuration of the liveness probe timeout via the
.spec.livenessProbeTimeout
option (#4719) -
cnpg
plugin forkubectl
:- Enhanced support for ANSI colors in the plugin by adding the
--color
option, which acceptsalways
,never
, andauto
(default) as values (#4775) - The plugin is now available on Homebrew for macOS users (#4602)
- Enhanced support for ANSI colors in the plugin by adding the
Fixes:
-
Prevented fenced instances from entering an unnecessary loop and consuming all available CPU (#4625)
-
Resolved an issue where the instance manager on the primary would indefinitely wait for the instance to start after encountering a failure following a stop operation (#4434)
-
Fixed an issue where the interaction between
hot_standby_feedback
and managed cluster-level replication slots was preventing the autovacuum from operating correctly; this issue was causing disk space to remain occupied by dead tuples (#4811) -
Fixed a panic in the backup controller that occurred when pod container statuses were missing (#4765)
-
Prevented unnecessary shutdown of the instance manager (#4670)
-
Prevented unnecessary reloads of PostgreSQL configuration when unchanged (#4531)
-
Prevented unnecessary reloads of the ident map by ensuring a consistent and unique method of writing its content (#4648)
-
Avoided conflicts during phase registration by patching the status of the resource instead of updating it (#4637)
-
Implemented a timeout when restarting PostgreSQL and lifting fencing (#4504)
-
Ensured that a replica cluster is restarted after promotion to properly set the archive mode (#4399)
-
Removed an unneeded concurrent keep-alive routine that was causing random failures in volume snapshot backups (#4768)
-
Ensured correct parsing of the additional rows field returned when the
pgaudit.log_rows
option was enabled, preventing audit logs from being incorrectly routed to the normal log stream (#4394) -
cnpg
plugin forkubectl
:- Resolved an issue with listing PDBs using the
cnpg status
command (#4530)
- Resolved an issue with listing PDBs using the
Changes
- Default operand image set to PostgreSQL 16.3 (#4584)
- Removed all RBAC requirements on namespace objects (#4753)
Version 1.22.3
Release date: Apr 24, 2024
Enhancements:
- Users can now configure the
wal_log_hints
PostgreSQL parameter (#4218) (#4218) - Fully Qualified Domain Names (FQDN) in URIs for automatically generated secrets (#4095)
- Cleanup of instance Pods not owned by the Cluster during Cluster restore (#4141)
- Error detection when invoking
barman-cloud-wal-restore
inrecovery
bootstrap (#4101)
Fixes:
- Ensured that before a switchover, the elected replica is in streaming replication (#4288)
- Correctly handle parsing errors of instances' LSN when sorting them (#4283)
- Recreate the primary Pod if there are no healthy standbys available to promote (#4132)
- Cleanup
PGDATA
in case of failure of the restore job (#4151) - Reload certificates on configuration update (#3705)
cnpg
plugin forkubectl
:- Improve the arguments handling of
destroy
,fencing
, andpromote
plugin commands (#4280) - Correctly handle the percentage of the backup progress in
cnpg status
(#4131) - Gracefully handle databases with no sequences in
sync-sequences
command (#4346)
- Improve the arguments handling of
Changes:
- The Grafana dashboard now resides at https://github.com/cloudnative-pg/grafana-dashboards (#4154)
Version 1.22.2
Release date: Mar 14, 2024
Enhancements
- Allow customization of the
wal_level
GUC in PostgreSQL (#4020) - Add the
cnpg.io/skipWalArchiving
annotation to disable WAL archiving when set toenabled
(#4055) - Enrich the
cnpg
plugin forkubectl
with thepublication
andsubscription
command groups to imperatively set up PostgreSQL native logical replication (#4052) - Allow customization of
CERTIFICATE_DURATION
andEXPIRING_CHECK_THRESHOLD
for automated management of TLS certificates handled by the operator (#3686) - Retrieve the correct architecture's binary from the corresponding catalog in the running operator image during in-place updates, enabling the operator to inject the correct binary into any Pod with a supported architecture (#3840)
- Introduce initial support for tab-completion with the
cnpg
plugin forkubectl
(#3875)
Fixes
- Properly synchronize PVC group labels with those on the pods, a critical aspect when all pods are deleted and the operator needs to decide which Pod to recreate first (#3930)
- Disable
wal_sender_timeout
when cloning a replica to prevent timeout errors due to slow connections (#4080) - Ensure that volume snapshots are ready before initiating recovery bootstrap procedures, preventing an error condition where recovery with incomplete backups could enter an error loop (#3663)
- Prevent an error loop when unsetting connection limits in managed roles (#3832)
- Resolve a corner case in hibernation where the instance pod has been deleted, but the cluster status still has the hibernation condition set to false (#3970)
- Correctly detect Google Cloud capabilities for Barman Cloud (#3931)
Security
- Use
Role
instead ofClusterRole
for operator permissions in OLM, requiring fewer privileges when installed on a per-namespace basis (#3855, #3990) - Enforce fully-qualified object names in SQL queries for the PgBouncer pooler (#4080)
Changes
- Follow Kubernetes recommendations to switch from client-side to server-side
application of manifests, requiring the
--server-side
option by default when installing the operator (#3729). - Set the default operand image to PostgreSQL 16.2 (#3823).
Version 1.22.1
Release date: Feb 2, 2024
Enhancements:
- Tailor ephemeral volume storage in a Postgres cluster using a claim template
through the
ephemeralVolumeSource
option (#3678) - Introduce the
pgadmin4
command in thecnpg
plugin forkubectl
, providing a straightforward method to demonstrate connecting to a given database cluster and navigate its content in a local environment such as kind - for evaluation purposes only (#3701) - Allow customization of PostgreSQL's ident map file via the
.spec.postgresql.pg_ident
stanza, through a list of user name maps (#3534)
Fixes:
- Prevent an unrecoverable issue with
pg_rewind
failing due topostgresql.auto.conf
being read-only on clusters where theALTER SYSTEM
SQL command is disabled - the default (#3728) - Proper recovery of tablespaces from volume snapshots (#3682)
- Reduce the risk of disk space shortage when using the import facility of the
initdb
bootstrap method, by disabling the durability settings in the PostgreSQL instance for the duration of the import process (#3743) - Avoid pod restart due to erroneous resource quantity comparisons, e.g. "1 != 1000m" (#3706)
- Properly escape reserved characters in
pgpass
connection fields (#3713) - Prevent systematic rollout of pods due to considering zero and nil different
values in
.spec.projectedVolumeTemplate.sources
(#3647) - Ensure configuration coherence by pruning from
postgresql.auto.conf
any options now incorporated intooverride.conf
(#3773)
Version 1.22.0
Release date: Dec 21, 2023
Important changes from previous versions
This release introduces a significant change, disabling the default usage
of the ALTER SYSTEM
command in PostgreSQL. For users upgrading from a
previous version who wish to retain the old behavior: please refer to the
upgrade documentation for detailed instructions.
Features:
-
Declarative Tablespaces: Introducing the
tablespaces
stanza in theCluster
spec, enabling comprehensive lifecycle management of PostgreSQL tablespaces for enhanced vertical scalability (#3410). -
Temporary Tablespaces: Adding the
.spec.tablespaces[*].temporary
option to facilitate the utilization of a tablespace for temporary database operations, by incorporating the name into thetemp_tablespaces
PostgreSQL parameter (#3464).
Security:
- By default, TLSv1.3 is now enforced on all PostgreSQL 12 or higher
installations. Additionally, users can configure the
ssl_ciphers
,ssl_min_protocol_version
, andssl_max_protocol_version
GUCs (#3408). - Integration of Docker image scanning with Dockle and Snyk to enhance security measures (#3300).
Enhancements:
- Improved reconciliation of external clusters (#3533).
- Introduction of the ability to enable/disable the
ALTER SYSTEM
command (#3535). - Support for Prometheus' dynamic relabeling through the
podMonitorMetricRelabelings
andpodMonitorRelabelings
options in the.spec.monitoring
stanza of theCluster
andPooler
resources (#3075). - Enhanced computation of the first recoverability point and last successful backup by considering volume snapshots alongside object-store backups (#2940).
- Elimination of the use of the
PGPASSFILE
environment variable when establishing a network connection to PostgreSQL (#3522). - Improved
cnpg report
plugin command by collecting a cluster's PVCs (#3357). - Enhancement of the
cnpg status
plugin command, providing information about managed roles, including alerts (#3310). - Introduction of Red Hat UBI 8 container images for the operator, suitable for OLM deployments.
- Connection pooler:
- Scaling down instances of a
Pooler
resource to 0 is now possible (#3517). - Addition of the
cnpg.io/podRole
label with a value of 'pooler' to every pooler deployment, differentiating them from instance pods (#3396).
- Scaling down instances of a
Fixes:
- Reconciliation of metadata, annotations, and labels of
PodDisruptionBudget
resources (#3312 and #3434). - Reconciliation of the metadata of the managed credential secrets (#3316).
- Resolution of a bug in the backup snapshot code where an error reading the body would be handled as an overall error, leaving the backup process indefinitely stuck (#3321).
- Implicit setting of online backup with the
cnpg backup
plugin command when eitherimmediate-checkpoint
orwait-for-archive
options are requested (#3449). - Disabling of wal_sender_timeout when joining through pg_basebackup (#3586)
- Reloading of secrets used by external clusters (#3565)
- Connection pooler:
- Ensuring the controller watches all secrets owned by a
Pooler
resource (#3428). - Reconciliation of
RoleBinding
forPooler
resources (#3391). - Reconciliation of
imagePullSecret
forPooler
resources (#3389). - Reconciliation of the service of a
Pooler
and addition of the required labels (#3349). - Extension of
Pooler
labels to the deployment as well, not just the pods (#3350).
- Ensuring the controller watches all secrets owned by a
Changes:
- Default operand image set to PostgreSQL 16.1 (#3270).
- The
ALTER SYSTEM
command is now disabled by default (#3545).