History of user-visible changes in the 1.22 minor release of CloudNativePG.
For a complete list of changes, please refer to the commits on the release branch in GitHub.
Release date: Apr 24, 2024
Enhancements:
- Users can now configure the
wal_log_hintsPostgreSQL parameter (#4218) (#4218) - Fully Qualified Domain Names (FQDN) in URIs for automatically generated secrets (#4095)
- Cleanup of instance Pods not owned by the Cluster during Cluster restore (#4141)
- Error detection when invoking
barman-cloud-wal-restoreinrecoverybootstrap (#4101)
Fixes:
- Ensured that before a switchover, the elected replica is in streaming replication (#4288)
- Correctly handle parsing errors of instances' LSN when sorting them (#4283)
- Recreate the primary Pod if there are no healthy standbys available to promote (#4132)
- Cleanup
PGDATAin case of failure of the restore job (#4151) - Reload certificates on configuration update (#3705)
cnpgplugin forkubectl:- Improve the arguments handling of
destroy,fencing, andpromoteplugin commands (#4280) - Correctly handle the percentage of the backup progress in
cnpg status(#4131) - Gracefully handle databases with no sequences in
sync-sequencescommand (#4346)
- Improve the arguments handling of
Changes:
- The Grafana dashboard now resides at https://github.com/cloudnative-pg/grafana-dashboards (#4154)
Release date: Mar 14, 2024
- Allow customization of the
wal_levelGUC in PostgreSQL (#4020) - Add the
cnpg.io/skipWalArchivingannotation to disable WAL archiving when set toenabled(#4055) - Enrich the
cnpgplugin forkubectlwith thepublicationandsubscriptioncommand groups to imperatively set up PostgreSQL native logical replication (#4052) - Allow customization of
CERTIFICATE_DURATIONandEXPIRING_CHECK_THRESHOLDfor automated management of TLS certificates handled by the operator (#3686) - Retrieve the correct architecture's binary from the corresponding catalog in the running operator image during in-place updates, enabling the operator to inject the correct binary into any Pod with a supported architecture (#3840)
- Introduce initial support for tab-completion with the
cnpgplugin forkubectl(#3875)
- Properly synchronize PVC group labels with those on the pods, a critical aspect when all pods are deleted and the operator needs to decide which Pod to recreate first (#3930)
- Disable
wal_sender_timeoutwhen cloning a replica to prevent timeout errors due to slow connections (#4080) - Ensure that volume snapshots are ready before initiating recovery bootstrap procedures, preventing an error condition where recovery with incomplete backups could enter an error loop (#3663)
- Prevent an error loop when unsetting connection limits in managed roles (#3832)
- Resolve a corner case in hibernation where the instance pod has been deleted, but the cluster status still has the hibernation condition set to false (#3970)
- Correctly detect Google Cloud capabilities for Barman Cloud (#3931)
- Use
Roleinstead ofClusterRolefor operator permissions in OLM, requiring fewer privileges when installed on a per-namespace basis (#3855, #3990) - Enforce fully-qualified object names in SQL queries for the PgBouncer pooler (#4080)
- Follow Kubernetes recommendations to switch from client-side to server-side
application of manifests, requiring the
--server-sideoption by default when installing the operator (#3729). - Set the default operand image to PostgreSQL 16.2 (#3823).
Release date: Feb 2, 2024
Enhancements:
- Tailor ephemeral volume storage in a Postgres cluster using a claim template
through the
ephemeralVolumeSourceoption (#3678) - Introduce the
pgadmin4command in thecnpgplugin forkubectl, providing a straightforward method to demonstrate connecting to a given database cluster and navigate its content in a local environment such as kind - for evaluation purposes only (#3701) - Allow customization of PostgreSQL's ident map file via the
.spec.postgresql.pg_identstanza, through a list of user name maps (#3534)
Fixes:
- Prevent an unrecoverable issue with
pg_rewindfailing due topostgresql.auto.confbeing read-only on clusters where theALTER SYSTEMSQL command is disabled - the default (#3728) - Proper recovery of tablespaces from volume snapshots (#3682)
- Reduce the risk of disk space shortage when using the import facility of the
initdbbootstrap method, by disabling the durability settings in the PostgreSQL instance for the duration of the import process (#3743) - Avoid pod restart due to erroneous resource quantity comparisons, e.g. "1 != 1000m" (#3706)
- Properly escape reserved characters in
pgpassconnection fields (#3713) - Prevent systematic rollout of pods due to considering zero and nil different
values in
.spec.projectedVolumeTemplate.sources(#3647) - Ensure configuration coherence by pruning from
postgresql.auto.confany options now incorporated intooverride.conf(#3773)
Release date: Dec 21, 2023
!!! Important "Important changes from previous versions"
This release introduces a significant change, disabling the default usage
of the ALTER SYSTEM command in PostgreSQL. For users upgrading from a
previous version who wish to retain the old behavior: please refer to the
upgrade documentation for detailed instructions.
Features:
-
Declarative Tablespaces: Introducing the
tablespacesstanza in theClusterspec, enabling comprehensive lifecycle management of PostgreSQL tablespaces for enhanced vertical scalability (#3410). -
Temporary Tablespaces: Adding the
.spec.tablespaces[*].temporaryoption to facilitate the utilization of a tablespace for temporary database operations, by incorporating the name into thetemp_tablespacesPostgreSQL parameter (#3464).
Security:
- By default, TLSv1.3 is now enforced on all PostgreSQL 12 or higher
installations. Additionally, users can configure the
ssl_ciphers,ssl_min_protocol_version, andssl_max_protocol_versionGUCs (#3408). - Integration of Docker image scanning with Dockle and Snyk to enhance security measures (#3300).
Enhancements:
- Improved reconciliation of external clusters (#3533).
- Introduction of the ability to enable/disable the
ALTER SYSTEMcommand (#3535). - Support for Prometheus' dynamic relabeling through the
podMonitorMetricRelabelingsandpodMonitorRelabelingsoptions in the.spec.monitoringstanza of theClusterandPoolerresources (#3075). - Enhanced computation of the first recoverability point and last successful backup by considering volume snapshots alongside object-store backups (#2940).
- Elimination of the use of the
PGPASSFILEenvironment variable when establishing a network connection to PostgreSQL (#3522). - Improved
cnpg reportplugin command by collecting a cluster's PVCs (#3357). - Enhancement of the
cnpg statusplugin command, providing information about managed roles, including alerts (#3310). - Introduction of Red Hat UBI 8 container images for the operator, suitable for OLM deployments.
- Connection pooler:
- Scaling down instances of a
Poolerresource to 0 is now possible (#3517). - Addition of the
cnpg.io/podRolelabel with a value of 'pooler' to every pooler deployment, differentiating them from instance pods (#3396).
- Scaling down instances of a
Fixes:
- Reconciliation of metadata, annotations, and labels of
PodDisruptionBudgetresources (#3312 and #3434). - Reconciliation of the metadata of the managed credential secrets (#3316).
- Resolution of a bug in the backup snapshot code where an error reading the body would be handled as an overall error, leaving the backup process indefinitely stuck (#3321).
- Implicit setting of online backup with the
cnpg backupplugin command when eitherimmediate-checkpointorwait-for-archiveoptions are requested (#3449). - Disabling of wal_sender_timeout when joining through pg_basebackup (#3586)
- Reloading of secrets used by external clusters (#3565)
- Connection pooler:
- Ensuring the controller watches all secrets owned by a
Poolerresource (#3428). - Reconciliation of
RoleBindingforPoolerresources (#3391). - Reconciliation of
imagePullSecretforPoolerresources (#3389). - Reconciliation of the service of a
Poolerand addition of the required labels (#3349). - Extension of
Poolerlabels to the deployment as well, not just the pods (#3350).
- Ensuring the controller watches all secrets owned by a
Changes:
- Default operand image set to PostgreSQL 16.1 (#3270).
- The
ALTER SYSTEMcommand is now disabled by default (#3545).