Release notes for CloudNativePG 1.22

History of user-visible changes in the 1.22 minor release of CloudNativePG.

For a complete list of changes, please refer to the commits on the release branch in GitHub.

Version 1.22.3

Release date: Apr 24, 2024

Enhancements:

  • Users can now configure the wal_log_hints PostgreSQL parameter (#4218) (#4218)
  • Fully Qualified Domain Names (FQDN) in URIs for automatically generated secrets (#4095)
  • Cleanup of instance Pods not owned by the Cluster during Cluster restore (#4141)
  • Error detection when invoking barman-cloud-wal-restore in recovery bootstrap (#4101)

Fixes:

  • Ensured that before a switchover, the elected replica is in streaming replication (#4288)
  • Correctly handle parsing errors of instances' LSN when sorting them (#4283)
  • Recreate the primary Pod if there are no healthy standbys available to promote (#4132)
  • Cleanup PGDATA in case of failure of the restore job (#4151)
  • Reload certificates on configuration update (#3705)
  • cnpg plugin for kubectl:
    • Improve the arguments handling of destroy, fencing, and promote plugin commands (#4280)
    • Correctly handle the percentage of the backup progress in cnpg status (#4131)
    • Gracefully handle databases with no sequences in sync-sequences command (#4346)

Changes:

  • The Grafana dashboard now resides at https://github.com/cloudnative-pg/grafana-dashboards (#4154)

Version 1.22.2

Release date: Mar 14, 2024

Enhancements

  • Allow customization of the wal_level GUC in PostgreSQL (#4020)
  • Add the cnpg.io/skipWalArchiving annotation to disable WAL archiving when set to enabled (#4055)
  • Enrich the cnpg plugin for kubectl with the publication and subscription command groups to imperatively set up PostgreSQL native logical replication (#4052)
  • Allow customization of CERTIFICATE_DURATION and EXPIRING_CHECK_THRESHOLD for automated management of TLS certificates handled by the operator (#3686)
  • Retrieve the correct architecture's binary from the corresponding catalog in the running operator image during in-place updates, enabling the operator to inject the correct binary into any Pod with a supported architecture (#3840)
  • Introduce initial support for tab-completion with the cnpg plugin for kubectl (#3875)

Fixes

  • Properly synchronize PVC group labels with those on the pods, a critical aspect when all pods are deleted and the operator needs to decide which Pod to recreate first (#3930)
  • Disable wal_sender_timeout when cloning a replica to prevent timeout errors due to slow connections (#4080)
  • Ensure that volume snapshots are ready before initiating recovery bootstrap procedures, preventing an error condition where recovery with incomplete backups could enter an error loop (#3663)
  • Prevent an error loop when unsetting connection limits in managed roles (#3832)
  • Resolve a corner case in hibernation where the instance pod has been deleted, but the cluster status still has the hibernation condition set to false (#3970)
  • Correctly detect Google Cloud capabilities for Barman Cloud (#3931)

Security

  • Use Role instead of ClusterRole for operator permissions in OLM, requiring fewer privileges when installed on a per-namespace basis (#3855, #3990)
  • Enforce fully-qualified object names in SQL queries for the PgBouncer pooler (#4080)

Changes

  • Follow Kubernetes recommendations to switch from client-side to server-side application of manifests, requiring the --server-side option by default when installing the operator (#3729).
  • Set the default operand image to PostgreSQL 16.2 (#3823).

Version 1.22.1

Release date: Feb 2, 2024

Enhancements:

  • Tailor ephemeral volume storage in a Postgres cluster using a claim template through the ephemeralVolumeSource option (#3678)
  • Introduce the pgadmin4 command in the cnpg plugin for kubectl, providing a straightforward method to demonstrate connecting to a given database cluster and navigate its content in a local environment such as kind - for evaluation purposes only (#3701)
  • Allow customization of PostgreSQL's ident map file via the .spec.postgresql.pg_ident stanza, through a list of user name maps (#3534)

Fixes:

  • Prevent an unrecoverable issue with pg_rewind failing due to postgresql.auto.conf being read-only on clusters where the ALTER SYSTEM SQL command is disabled - the default (#3728)
  • Proper recovery of tablespaces from volume snapshots (#3682)
  • Reduce the risk of disk space shortage when using the import facility of the initdb bootstrap method, by disabling the durability settings in the PostgreSQL instance for the duration of the import process (#3743)
  • Avoid pod restart due to erroneous resource quantity comparisons, e.g. "1 != 1000m" (#3706)
  • Properly escape reserved characters in pgpass connection fields (#3713)
  • Prevent systematic rollout of pods due to considering zero and nil different values in .spec.projectedVolumeTemplate.sources (#3647)
  • Ensure configuration coherence by pruning from postgresql.auto.conf any options now incorporated into override.conf (#3773)

Version 1.22.0

Release date: Dec 21, 2023

Important changes from previous versions

This release introduces a significant change, disabling the default usage of the ALTER SYSTEM command in PostgreSQL. For users upgrading from a previous version who wish to retain the old behavior: please refer to the upgrade documentation for detailed instructions.

Features:

  • Declarative Tablespaces: Introducing the tablespaces stanza in the Cluster spec, enabling comprehensive lifecycle management of PostgreSQL tablespaces for enhanced vertical scalability (#3410).

  • Temporary Tablespaces: Adding the .spec.tablespaces[*].temporary option to facilitate the utilization of a tablespace for temporary database operations, by incorporating the name into the temp_tablespaces PostgreSQL parameter (#3464).

Security:

  • By default, TLSv1.3 is now enforced on all PostgreSQL 12 or higher installations. Additionally, users can configure the ssl_ciphers, ssl_min_protocol_version, and ssl_max_protocol_version GUCs (#3408).
  • Integration of Docker image scanning with Dockle and Snyk to enhance security measures (#3300).

Enhancements:

  • Improved reconciliation of external clusters (#3533).
  • Introduction of the ability to enable/disable the ALTER SYSTEM command (#3535).
  • Support for Prometheus' dynamic relabeling through the podMonitorMetricRelabelings and podMonitorRelabelings options in the .spec.monitoring stanza of the Cluster and Pooler resources (#3075).
  • Enhanced computation of the first recoverability point and last successful backup by considering volume snapshots alongside object-store backups (#2940).
  • Elimination of the use of the PGPASSFILE environment variable when establishing a network connection to PostgreSQL (#3522).
  • Improved cnpg report plugin command by collecting a cluster's PVCs (#3357).
  • Enhancement of the cnpg status plugin command, providing information about managed roles, including alerts (#3310).
  • Introduction of Red Hat UBI 8 container images for the operator, suitable for OLM deployments.
  • Connection pooler:
    • Scaling down instances of a Pooler resource to 0 is now possible (#3517).
    • Addition of the cnpg.io/podRole label with a value of 'pooler' to every pooler deployment, differentiating them from instance pods (#3396).

Fixes:

  • Reconciliation of metadata, annotations, and labels of PodDisruptionBudget resources (#3312 and #3434).
  • Reconciliation of the metadata of the managed credential secrets (#3316).
  • Resolution of a bug in the backup snapshot code where an error reading the body would be handled as an overall error, leaving the backup process indefinitely stuck (#3321).
  • Implicit setting of online backup with the cnpg backup plugin command when either immediate-checkpoint or wait-for-archive options are requested (#3449).
  • Disabling of wal_sender_timeout when joining through pg_basebackup (#3586)
  • Reloading of secrets used by external clusters (#3565)
  • Connection pooler:
    • Ensuring the controller watches all secrets owned by a Pooler resource (#3428).
    • Reconciliation of RoleBinding for Pooler resources (#3391).
    • Reconciliation of imagePullSecret for Pooler resources (#3389).
    • Reconciliation of the service of a Pooler and addition of the required labels (#3349).
    • Extension of Pooler labels to the deployment as well, not just the pods (#3350).

Changes:

  • Default operand image set to PostgreSQL 16.1 (#3270).
  • The ALTER SYSTEM command is now disabled by default (#3545).