Release notes for CloudNativePG 1.22
History of user-visible changes in the 1.22 minor release of CloudNativePG.
For a complete list of changes, please refer to the commits on the release branch in GitHub.
Version 1.22.3
Release date: Apr 24, 2024
Enhancements:
- Users can now configure the
wal_log_hints
PostgreSQL parameter (#4218) (#4218) - Fully Qualified Domain Names (FQDN) in URIs for automatically generated secrets (#4095)
- Cleanup of instance Pods not owned by the Cluster during Cluster restore (#4141)
- Error detection when invoking
barman-cloud-wal-restore
inrecovery
bootstrap (#4101)
Fixes:
- Ensured that before a switchover, the elected replica is in streaming replication (#4288)
- Correctly handle parsing errors of instances' LSN when sorting them (#4283)
- Recreate the primary Pod if there are no healthy standbys available to promote (#4132)
- Cleanup
PGDATA
in case of failure of the restore job (#4151) - Reload certificates on configuration update (#3705)
cnpg
plugin forkubectl
:- Improve the arguments handling of
destroy
,fencing
, andpromote
plugin commands (#4280) - Correctly handle the percentage of the backup progress in
cnpg status
(#4131) - Gracefully handle databases with no sequences in
sync-sequences
command (#4346)
- Improve the arguments handling of
Changes:
- The Grafana dashboard now resides at https://github.com/cloudnative-pg/grafana-dashboards (#4154)
Version 1.22.2
Release date: Mar 14, 2024
Enhancements
- Allow customization of the
wal_level
GUC in PostgreSQL (#4020) - Add the
cnpg.io/skipWalArchiving
annotation to disable WAL archiving when set toenabled
(#4055) - Enrich the
cnpg
plugin forkubectl
with thepublication
andsubscription
command groups to imperatively set up PostgreSQL native logical replication (#4052) - Allow customization of
CERTIFICATE_DURATION
andEXPIRING_CHECK_THRESHOLD
for automated management of TLS certificates handled by the operator (#3686) - Retrieve the correct architecture's binary from the corresponding catalog in the running operator image during in-place updates, enabling the operator to inject the correct binary into any Pod with a supported architecture (#3840)
- Introduce initial support for tab-completion with the
cnpg
plugin forkubectl
(#3875)
Fixes
- Properly synchronize PVC group labels with those on the pods, a critical aspect when all pods are deleted and the operator needs to decide which Pod to recreate first (#3930)
- Disable
wal_sender_timeout
when cloning a replica to prevent timeout errors due to slow connections (#4080) - Ensure that volume snapshots are ready before initiating recovery bootstrap procedures, preventing an error condition where recovery with incomplete backups could enter an error loop (#3663)
- Prevent an error loop when unsetting connection limits in managed roles (#3832)
- Resolve a corner case in hibernation where the instance pod has been deleted, but the cluster status still has the hibernation condition set to false (#3970)
- Correctly detect Google Cloud capabilities for Barman Cloud (#3931)
Security
- Use
Role
instead ofClusterRole
for operator permissions in OLM, requiring fewer privileges when installed on a per-namespace basis (#3855, #3990) - Enforce fully-qualified object names in SQL queries for the PgBouncer pooler (#4080)
Changes
- Follow Kubernetes recommendations to switch from client-side to server-side
application of manifests, requiring the
--server-side
option by default when installing the operator (#3729). - Set the default operand image to PostgreSQL 16.2 (#3823).
Version 1.22.1
Release date: Feb 2, 2024
Enhancements:
- Tailor ephemeral volume storage in a Postgres cluster using a claim template
through the
ephemeralVolumeSource
option (#3678) - Introduce the
pgadmin4
command in thecnpg
plugin forkubectl
, providing a straightforward method to demonstrate connecting to a given database cluster and navigate its content in a local environment such as kind - for evaluation purposes only (#3701) - Allow customization of PostgreSQL's ident map file via the
.spec.postgresql.pg_ident
stanza, through a list of user name maps (#3534)
Fixes:
- Prevent an unrecoverable issue with
pg_rewind
failing due topostgresql.auto.conf
being read-only on clusters where theALTER SYSTEM
SQL command is disabled - the default (#3728) - Proper recovery of tablespaces from volume snapshots (#3682)
- Reduce the risk of disk space shortage when using the import facility of the
initdb
bootstrap method, by disabling the durability settings in the PostgreSQL instance for the duration of the import process (#3743) - Avoid pod restart due to erroneous resource quantity comparisons, e.g. "1 != 1000m" (#3706)
- Properly escape reserved characters in
pgpass
connection fields (#3713) - Prevent systematic rollout of pods due to considering zero and nil different
values in
.spec.projectedVolumeTemplate.sources
(#3647) - Ensure configuration coherence by pruning from
postgresql.auto.conf
any options now incorporated intooverride.conf
(#3773)
Version 1.22.0
Release date: Dec 21, 2023
Important changes from previous versions
This release introduces a significant change, disabling the default usage
of the ALTER SYSTEM
command in PostgreSQL. For users upgrading from a
previous version who wish to retain the old behavior: please refer to the
upgrade documentation for detailed instructions.
Features:
-
Declarative Tablespaces: Introducing the
tablespaces
stanza in theCluster
spec, enabling comprehensive lifecycle management of PostgreSQL tablespaces for enhanced vertical scalability (#3410). -
Temporary Tablespaces: Adding the
.spec.tablespaces[*].temporary
option to facilitate the utilization of a tablespace for temporary database operations, by incorporating the name into thetemp_tablespaces
PostgreSQL parameter (#3464).
Security:
- By default, TLSv1.3 is now enforced on all PostgreSQL 12 or higher
installations. Additionally, users can configure the
ssl_ciphers
,ssl_min_protocol_version
, andssl_max_protocol_version
GUCs (#3408). - Integration of Docker image scanning with Dockle and Snyk to enhance security measures (#3300).
Enhancements:
- Improved reconciliation of external clusters (#3533).
- Introduction of the ability to enable/disable the
ALTER SYSTEM
command (#3535). - Support for Prometheus' dynamic relabeling through the
podMonitorMetricRelabelings
andpodMonitorRelabelings
options in the.spec.monitoring
stanza of theCluster
andPooler
resources (#3075). - Enhanced computation of the first recoverability point and last successful backup by considering volume snapshots alongside object-store backups (#2940).
- Elimination of the use of the
PGPASSFILE
environment variable when establishing a network connection to PostgreSQL (#3522). - Improved
cnpg report
plugin command by collecting a cluster's PVCs (#3357). - Enhancement of the
cnpg status
plugin command, providing information about managed roles, including alerts (#3310). - Introduction of Red Hat UBI 8 container images for the operator, suitable for OLM deployments.
- Connection pooler:
- Scaling down instances of a
Pooler
resource to 0 is now possible (#3517). - Addition of the
cnpg.io/podRole
label with a value of 'pooler' to every pooler deployment, differentiating them from instance pods (#3396).
- Scaling down instances of a
Fixes:
- Reconciliation of metadata, annotations, and labels of
PodDisruptionBudget
resources (#3312 and #3434). - Reconciliation of the metadata of the managed credential secrets (#3316).
- Resolution of a bug in the backup snapshot code where an error reading the body would be handled as an overall error, leaving the backup process indefinitely stuck (#3321).
- Implicit setting of online backup with the
cnpg backup
plugin command when eitherimmediate-checkpoint
orwait-for-archive
options are requested (#3449). - Disabling of wal_sender_timeout when joining through pg_basebackup (#3586)
- Reloading of secrets used by external clusters (#3565)
- Connection pooler:
- Ensuring the controller watches all secrets owned by a
Pooler
resource (#3428). - Reconciliation of
RoleBinding
forPooler
resources (#3391). - Reconciliation of
imagePullSecret
forPooler
resources (#3389). - Reconciliation of the service of a
Pooler
and addition of the required labels (#3349). - Extension of
Pooler
labels to the deployment as well, not just the pods (#3350).
- Ensuring the controller watches all secrets owned by a
Changes:
- Default operand image set to PostgreSQL 16.1 (#3270).
- The
ALTER SYSTEM
command is now disabled by default (#3545).