Conversation
renovate
bot
deleted the
renovate/ghcr.io-cloudnative-pg-cloudnative-pg-1.x
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.27.1→1.28.1Release Notes
cloudnative-pg/cloudnative-pg (ghcr.io/cloudnative-pg/cloudnative-pg)
v1.28.1Compare Source
Release date: Feb 5, 2026
Enhancements
DefaultAzureCredentialauthentication mechanism for backup and recovery operations. This can be enabled by settingazureCredentials.useDefaultAzureCredentials: truein the backup configuration, simplifying authentication in Azure environments without requiring explicit storage account keys or SAS tokens. (#9468)Fixes
Fixed validation of PostgreSQL extension names containing underscores (e.g.,
pg_partman,pg_ivm). Extension names with underscores are automatically sanitized to use hyphens for Kubernetes volume names while preserving the original name in mount paths. Webhook validation prevents naming conflicts after sanitization. Contributed by @shusaan. (#9386)Fixed a critical issue where the
TimelineIDin the cluster status was not reset to 1 after a major version upgrade. Becausepg_upgradeinitializes a new timeline, keeping the old ID (e.g., timeline 2) caused replicas to attempt to restore incompatible history files from object storage, leading to fatal "requested timeline is not a child of this server's history" errors. (#9830)Fixed an issue where stale TLS status fields in the
Poolerwere not cleared after being removed from the specification. This was particularly critical when upgrading to v1.28.0, where theServerTLSfield was repurposed, causing PgBouncer to use incorrect certificates and resulting in "unsupported certificate" errors that blocked all application connectivity. The operator now explicitly clearsServerCA,ClientCA,ClientTLS, andServerTLSstatus fields when they are no longer configured. (#9397)Fixed a bug where replicas could enter a crash-loop by attempting to download timeline history files from future timelines. This occurred when stale files remained in the WAL archive from a previous cluster life, and replicas would incorrectly try to fetch them during recovery. (#9650)
Fixed a race condition in
replica_clustersetups during designated primary transitions, preventing transient "no primary" states in the replica cluster. (#9601)The backup controller now uses the unique instance session ID to detect instance manager restarts. This prevents the operator from incorrectly assuming a backup is still progressing if the underlying container has crashed and restarted, which previously led to orphaned backup objects. (#9370)
Fixed a validation gap in Azure object store configurations where the
storageAccountwas not required when using explicit credentials (such as a storage key or SAS token). The operator now enforces that a storage account name is provided in these cases and thatconnectionStringis mutually exclusive with other authentication parameters. (#9604)Optimized the deletion path so the operator begins cleaning up resources immediately when a cluster is marked for deletion. This significantly reduces the time a cluster remains in
Terminatingstatus while waiting for internal reconciliation loops. (#9555)Fixed an issue where replication slots were not properly dropped from replicas when the feature was disabled or the cluster was reconfigured. This ensures that unused slots do not cause WAL build-up on the primary. (#9381)
Fixed an issue where
imagePullSecretswere not added to theServiceAccountcreated for thePooler. Previously, these secrets were applied to the Deployment but not the SA, which caused image pull failures in restricted environments using certain security policies. (#9427)Added a check to verify ownership before the operator deletes a
PodMonitor. This prevents the operator from accidentally deleting manually managed monitoring resources that happen to share a name with expected CNPG resources. Contributed by @juliamertz. (#9340)Fixed a bug where
pg_stat_archivermetrics would continue to report stale data on standby instances after a switchover. The exporter now skips these metrics on standbys, as PostgreSQL only provides valid archiver stats on the primary. (#9411)Clarified the interpretation of timestamp formats for recovery
targetTime. Timestamps provided without an explicit timezone are now consistently interpreted as UTC. Contributed by @pchovelon. (#8937)Fixed backup status updates to prevent "resource has been modified" errors during concurrent updates. (#9551)
Fixed event reporting to use the correct pod name when a backup pod is not found. (#9552)
Improved performance of scheduled backup operations for clusters with a very high number of historical backups. (#9489)
Fixed error handling when removing finalizers on
Databaseobjects. (#9431)cnpgplugin:Updated the
statuscommand to display "Disabled" when theskipWalArchivingannotation is present on a cluster. This replaces confusing "starting up" or "unknown" states when WAL archiving is intentionally bypassed. (#9709)Fixed the
logs --followcommand to continue polling for new pods instead of exiting prematurely when all current log streams complete. (#9599)v1.28.0Compare Source
Release date: Dec 9, 2025
Features
Quorum-Based Failover Promoted to Stable: Promoted the quorum-based failover feature, introduced experimentally in 1.27.0, to a stable API. This data-driven failover mechanism is now configured via the
spec.postgresql.synchronous.failoverQuorumfield, graduating from the previousalpha.cnpg.io/failoverQuorumannotation. (#8589)Declarative Foreign Data Management: Introduced comprehensive declarative management for Foreign Data Wrappers (FDW) by extending the
DatabaseCRD. This feature adds the.spec.fdwsand.spec.serversfields, allowing you to manage FDW extensions and their corresponding foreign servers directly from theDatabaseresource. This work was implemented by Ying Zhu (@EdwinaZhu) as part of the LFX Mentorship Program 2025 Term 2. (#7942, #8401)Changes
Updated the default PostgreSQL version to
18.1-system-trixie. (#9178)Updated the default PgBouncer version to 1.25.1 for new
Poolerdeployments. (#9367)Enhancements
Enabled simultaneous image and configuration changes when using
primaryUpdateMethod: restart, allowing you to update the container image (including PostgreSQL version or extensions) and PostgreSQL configuration settings in the same operation. Note that when usingprimaryUpdateMethod: switchover, image and configuration changes must still be performed separately to avoid configuration mismatches during the switchover process. (#8241)Improved network failure detection for replica instances by setting the default
tcp_user_timeoutto 5 seconds. This change helps replicas detect and recover from silent network drops more quickly. Previously, replicas could wait up to 127 seconds before detecting such failures; with the new timeout, they reconnect to the primary within 5 seconds. To preserve the previous behavior, setSTANDBY_TCP_USER_TIMEOUTto0in the operator configuration. (#9317)Adopted standard Kubernetes recommended labels (e.g.,
app.kubernetes.io/name) for all resources generated by CloudNativePG (Clusters, Backups, Poolers, etc.). Contributed by @JefeDavis. (#8087)Introduced
securityContextat the pod level andcontainerSecurityContextfor individual containers (includingpostgres,init, and sidecars). This provides granular control over security settings, replacing the previous cluster-widepostgresandoperatoruser settings. Contributed by @x0ddf. (#6614)Introduced the
alpha.cnpg.io/unrecoverable=trueannotation for replica pods. When applied, this annotation instructs the operator to permanently delete the instance by removing its Pod and PVCs, after which it will recreate the replica from the primary. (#8178)Introduced a new caching layer for user-defined monitoring queries to reduce load on the PostgreSQL database. (#8003)
Enhanced PgBouncer integration by automatically setting
auth_dbnameto thepgbouncerdatabase, simplifying auth setup. (#8671)Allowed providing stage-specific
pg_restoreoptions (preRestore,postRestore,dataRestore) during database import. Contributed by @hanshal101. (#7690)Added the PostgreSQL
majorVersionto theBackupobject's status for easier identification and management. (#8464)Enhanced cluster restore to wait for all init containers to complete before starting the restore process. This ensures that backup tools running in init containers finish preparing the data before the restore begins. The implementation correctly handles Kubernetes init container sidecars by ignoring those with
RestartPolicy=Always. (#9026)Added the
PGBOUNCER_IMAGE_NAMEoperator configuration parameter to allow overriding the default PgBouncer image. This is useful for air-gapped environments or when using internal registries. (#9232)cnpgplugin:Added a
--timeoutflag to thekubectl cnpg statuscommand for configuring the timeout for filesystem operations such as calculating cluster size. The default remains 10 seconds but can be adjusted for large clusters where operations may take longer. (#9201)Improved
cnpg reportto generate more shell-friendly file names. (#8984)Security
Allowed providing fine-grained custom TLS configurations for PgBouncer. The
PoolerCRD was extended withclientTLSSecret,clientCASecret,serverTLSSecret, andserverCASecretfields under.spec.pgbouncer. These fields enable users to supply their own certificates for both client-to-pooler and pooler-to-server connections, taking precedence over the operator-generated certificates. (#8692)Added optional TLS support for the operator's metrics server (port 8080). This feature is opt-in and enabled by setting the
METRICS_CERT_DIRenvironment variable, which instructs the operator to look fortls.crtandtls.keyfiles in the specified directory. When unset, the server continues to use HTTP for backward compatibility. (#8997)Enabled
cnpg report operatorto work with minimal permissions by making only the operator deployment required. All other resources (pods, secrets, config maps, events, webhooks, and OLM data) are now optional and collected on a best-efforts basis. The command gracefully handles permission errors for those resources by logging clear warnings and continuing report generation with available data, rather than failing completely. This enables least-privileged access, where users may have limited, namespace-scoped permissions. (#8982)Fixes
Improved resilience of all probe types (liveness, readiness, and startup) to transient Kubernetes API server connectivity issues. Probes now use a caching mechanism that falls back to cached cluster definitions during brief network interruptions, preventing unnecessary pod restarts and probe failures. (#9148)
Fixed the
CheckEmptyWalArchivesafeguard to run correctly when restoring from a volume snapshot using CNPG-I backup/WAL plugins (e.g.,plugin-barman-cloud). Previously, this check was skipped for plugin-based implementations. (#9306)Improved error reporting when ImageCatalog retrieval fails. The operator now emits a Warning event and logs errors for all failure types, not just
NotFounderrors, improving visibility into configuration issues. (#9266)Fixed TLS certificate verification issues when connecting to CNPG-I plugins by adding the
cnpg.io/pluginServerNameannotation. This allows customizing the DNS name used for certificate verification in environments where the plugin's certificate uses a different DNS name than the Service name. (#9222)Fixed an issue where the instance manager controller could fail to restart after an error, reporting a "controller already exists" message. The controller now uses
SkipNameValidationfor subsequent initialization attempts. Contributed by @mateusoliveira43. (#9123)Fixed incorrect WAL restore path handling in plugins when the destination path is absolute, preventing path duplication issues. Contributed by @Endevir. (#9093)
Fixed the
CREATE PUBLICATIONSQL generation for multi-table publications to be backward-compatible with PostgreSQL 13+. The previously generated syntax was only valid for PostgreSQL 15+ and caused syntax errors on older versions. (#8888)Fixed backup failures in complex pod definitions by reliably selecting the
postgrescontainer by name instead of by index. Contributed by @Joda89. (#8964)cnpgplugin:cnpg reportlog collection, especially when fetching previous logs. The collector now correctly fetches previous and current logs in separate requests and gracefully handles missing previous logs (e.g., on containers with no restart history), ensuring current logs are always collected. (#8992)Supported versions
v1.27.3Compare Source
Release date: Feb 5, 2026
Enhancements
DefaultAzureCredentialauthentication mechanism for backup and recovery operations. This can be enabled by settingazureCredentials.useDefaultAzureCredentials: truein the backup configuration, simplifying authentication in Azure environments without requiring explicit storage account keys or SAS tokens. (#9468)Fixes
Fixed validation of PostgreSQL extension names containing underscores (e.g.,
pg_partman,pg_ivm). Extension names with underscores are automatically sanitized to use hyphens for Kubernetes volume names while preserving the original name in mount paths. Webhook validation prevents naming conflicts after sanitization. Contributed by @shusaan. (#9386)Fixed a critical issue where the
TimelineIDin the cluster status was not reset to 1 after a major version upgrade. Becausepg_upgradeinitializes a new timeline, keeping the old ID (e.g., timeline 2) caused replicas to attempt to restore incompatible history files from object storage, leading to fatal "requested timeline is not a child of this server's history" errors. (#9830)Fixed a bug where replicas could enter a crash-loop by attempting to download timeline history files from future timelines. This occurred when stale files remained in the WAL archive from a previous cluster life, and replicas would incorrectly try to fetch them during recovery. (#9650)
Fixed a race condition in
replica_clustersetups during designated primary transitions, preventing transient "no primary" states in the replica cluster. (#9601)The backup controller now uses the unique instance session ID to detect instance manager restarts. This prevents the operator from incorrectly assuming a backup is still progressing if the underlying container has crashed and restarted, which previously led to orphaned backup objects. (#9370)
Fixed a validation gap in Azure object store configurations where the
storageAccountwas not required when using explicit credentials (such as a storage key or SAS token). The operator now enforces that a storage account name is provided in these cases and thatconnectionStringis mutually exclusive with other authentication parameters. (#9604)Optimized the deletion path so the operator begins cleaning up resources immediately when a cluster is marked for deletion. This significantly reduces the time a cluster remains in
Terminatingstatus while waiting for internal reconciliation loops. (#9555)Fixed an issue where replication slots were not properly dropped from replicas when the feature was disabled or the cluster was reconfigured. This ensures that unused slots do not cause WAL build-up on the primary. (#9381)
Fixed an issue where
imagePullSecretswere not added to theServiceAccountcreated for thePooler. Previously, these secrets were applied to the Deployment but not the SA, which caused image pull failures in restricted environments using certain security policies. (#9427)Added a check to verify ownership before the operator deletes a
PodMonitor. This prevents the operator from accidentally deleting manually managed monitoring resources that happen to share a name with expected CNPG resources. Contributed by @juliamertz. (#9340)Fixed a bug where
pg_stat_archivermetrics would continue to report stale data on standby instances after a switchover. The exporter now skips these metrics on standbys, as PostgreSQL only provides valid archiver stats on the primary. (#9411)Clarified the interpretation of timestamp formats for recovery
targetTime. Timestamps provided without an explicit timezone are now consistently interpreted as UTC. Contributed by @pchovelon. (#8937)Fixed backup status updates to prevent "resource has been modified" errors during concurrent updates. (#9551)
Fixed event reporting to use the correct pod name when a backup pod is not found. (#9552)
Improved performance of scheduled backup operations for clusters with a very high number of historical backups. (#9489)
Fixed error handling when removing finalizers on
Databaseobjects. (#9431)cnpgplugin:Updated the
statuscommand to display "Disabled" when theskipWalArchivingannotation is present on a cluster. This replaces confusing "starting up" or "unknown" states when WAL archiving is intentionally bypassed. (#9709)Fixed the
logs --followcommand to continue polling for new pods instead of exiting prematurely when all current log streams complete. (#9599)v1.27.2Compare Source
Release date: Dec 9, 2025
!!! Warning Version 1.27 will be supported until 9 March 2026.
Changes
Updated the default PostgreSQL version to
18.1-system-trixie. (#9178)Updated the default PgBouncer version to 1.25.1 for new
Poolerdeployments. (#9367)Enhancements
Added the PostgreSQL
majorVersionto theBackupobject's status for easier identification and management. (#8464)Added the
PGBOUNCER_IMAGE_NAMEoperator configuration parameter to allow overriding the default PgBouncer image. This is useful for air-gapped environments or when using internal registries. (#9232)cnpgplugin:Added a
--timeoutflag to thekubectl cnpg statuscommand for configuring the timeout for filesystem operations such as calculating cluster size. The default remains 10 seconds but can be adjusted for large clusters where operations may take longer. (#9201)Improved
cnpg reportto generate more shell-friendly file names. (#8984)Fixes
Improved resilience of all probe types (liveness, readiness, and startup) to transient Kubernetes API server connectivity issues. Probes now use a caching mechanism that falls back to cached cluster definitions during brief network interruptions, preventing unnecessary pod restarts and probe failures. (#9148)
Fixed the
CheckEmptyWalArchivesafeguard to run correctly when restoring from a volume snapshot using CNPG-I backup/WAL plugins (e.g.,plugin-barman-cloud). Previously, this check was skipped for plugin-based implementations. (#9306)Improved error reporting when ImageCatalog retrieval fails. The operator now emits a Warning event and logs errors for all failure types, not just
NotFounderrors, improving visibility into configuration issues. (#9266)Fixed TLS certificate verification issues when connecting to CNPG-I plugins by adding the
cnpg.io/pluginServerNameannotation. This allows customizing the DNS name used for certificate verification in environments where the plugin's certificate uses a different DNS name than the Service name. (#9222)Fixed an issue where the instance manager controller could fail to restart after an error, reporting a "controller already exists" message. The controller now uses
SkipNameValidationfor subsequent initialization attempts. Contributed by @mateusoliveira43. (#9123)Fixed incorrect WAL restore path handling in plugins when the destination path is absolute, preventing path duplication issues. Contributed by @Endevir. (#9093)
Fixed the
CREATE PUBLICATIONSQL generation for multi-table publications to be backward-compatible with PostgreSQL 13+. The previously generated syntax was only valid for PostgreSQL 15+ and caused syntax errors on older versions. (#8888)Fixed backup failures in complex pod definitions by reliably selecting the
postgrescontainer by name instead of by index. Contributed by @Joda89. (#8964)cnpgplugin:cnpg reportlog collection, especially when fetching previous logs. The collector now correctly fetches previous and current logs in separate requests and gracefully handles missing previous logs (e.g., on containers with no restart history), ensuring current logs are always collected. (#8992)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.