Release notes for CloudNativePG 1.15 ==================================== History of user-visible changes in the 1.15 minor release of CloudNativePG. For a complete list of changes, please refer to the `commits `_ on the release branch in GitHub. .. Warning:: This is expected to be the last release in the 1.15.X series. Users are encouraged to update to a newer minor version soon.   Version 1.15.5 -------------- **Release date:** Oct 6, 2022 Enhancements: - Introduce ``leaseDuration`` and ``renewDeadline`` parameters in the controller manager to enhance configuration of the leader election in operator deployments (#759) - Improve the mechanism that checks that the backup object store is empty before archiving a WAL file for the first time: a new file called ``.check-empty-wal-archive`` is placed in the ``PGDATA`` immediately after the cluster is bootstrapped and it is then removed after the first WAL file is successfully archived Security: - Explicitly set permissions of the instance manager binary that is copied in the ``distroless/static:nonroot`` container image, by using the ``nonroot:nonroot`` user (#754) Fixes: - Make the cluster’s conditions compatible with ``metav1.Conditions`` struct (#720) - Drop any active connection on a standby after it is promoted to primary (#737) - Honor ``MAPPEDMETRIC`` and ``DURATION`` metric types conversion in the native Prometheus exporter (#765) Version 1.15.4 -------------- **Release date:** Sep 6, 2022 Enhancements: - Enable configuration of low-level network TCP settings in the PgBouncer connection pooler implementation (#584) - Make sure that the ``cnpg.io/instanceName`` and the ``cnpg.io/podRole`` labels are always present on pods and PVCs (#632 and #680) - Propagate the ``role`` label of an instance to the underlying PVC (#634) Fixes: - Prevent multiple in-place upgrade processes of the operator from running simultaneously by atomically checking whether another one is in progress (#655) - Avoid using a hardcoded file name to store the newly uploaded instance manager, preventing a possible race condition during online upgrades of the operator (#660) - Prevent a panic from happening when invoking ``GetAllAccessibleDatabases`` (#641) Version 1.15.3 -------------- **Release date:** Aug 12, 2022 Enhancements: - Enable the configuration of the ``huge_pages`` option for PostgreSQL (#456) - Enhance log during promotion and demotion, after a failover or a switchover, by printing the time elapsed between the request of promotion and the actual availability for writes (#371) - Add the ``instanceName`` and ``clusterName`` labels on jobs, pods, and PVCs to improve interaction with these resources (#534) - Add instructions on how to create PostGIS clusters (#570) Security: - Explicitly assign ``securityContext`` to the ``Pooler`` deployment (#485) - Add read timeout values to the internal web servers to prevent Slowloris DDoS (#437) Fixes: - Use the correct delays for restarts (``stopDelay`` ) and for switchover (``switchoverDelay`` ), as they were erroneously swapped before. This is an important fix, as it might block indefinitely restarts if ``switchoverDelay`` is not set and uses the default value of 40000000 seconds (#531) - Prevent the metrics collector from causing panic when the query returns an error (#396) - Removing an unsafe debug message that was referencing an unchecked pointer, leading in some cases to segmentation faults regardless of the log level (#491) - Prevent panic when fencing in case the cluster had no annotation (#512) - Avoid updating the CRD if a TLS certificate is not changed (#501) - Handle conflicts while injecting a certificate in the CRD (#547) - Backup and recovery: - Correctly pass object store credentials in Google Cloud (#454) Minor changes: - Set the default operand image to PostgreSQL 15.0 Version 1.15.2 -------------- **Release date:** Jul 7, 2022 (patch release) Enhancements: - Improve logging of the instance manager during switchover and failover - Require Barman >= 3.0.0 for future support of PostgreSQL 15 in backup and recovery Changes: - Set the default operand image to PostgreSQL 15.0 Fixes: - Fix the initialization order inside the ``WithActiveInstance`` function that starts the CSV log pipe for the PostgreSQL server, ensuring proper logging in the cluster initialization phase - this is especially useful in bootstrap operations like recovery from a backup are failing (before this patch, such logs were not sent to the standard output channel and were permanently lost) - Avoid an unnecessary switchover when a hot standby sensitive parameter is decreased, and the primary has already restarted - Properly quote role names in ``ALTER ROLE`` statements - Backup and recovery: - Fix the algorithm detecting the closest Barman backup for PITR, which was comparing the requested recovery timestamp with the backup start instead of the end - Fix Point in Time Recovery based on a transaction ID, a named restore point, or the “immediate” target by providing a new field called ``backupID`` in the ``recoveryTarget`` section - Fix encryption parameters invoking ``barman-cloud-wal-archive`` and ``barman-cloud-backup`` commands - Stop ignoring ``barmanObjectStore.serverName`` option when recovering from a backup object store using a server name that doesn’t match the current cluster name - ``cnpg`` plug-in: - Make sure that the plug-in complies with the ``-n`` parameter when specified by the user - Fix the ``status`` command to sort results and remove variability in the output Version 1.15.1 -------------- **Release date:** May 27, 2022 (patch release) Minor changes: - Enable configuration of the ``archive_timeout`` setting for PostgreSQL, which was previously a fixed parameter (by default set to 5 minutes) - Introduce a new field called ``backupOwnerReference`` in the ``scheduledBackup`` resource to set the ownership reference on the created backup resources, with possible values being ``none`` (default), ``self`` (objects owned by the scheduled backup object), and ``cluster`` (owned by the Postgres cluster object) - Introduce automated collection of ``pg_stat_wal`` metrics for PostgreSQL 14 or higher in the native Prometheus exporter - Set the default operand image to PostgreSQL 15.0 Fixes: - Fix fencing by killing orphaned processes related to ``postgres`` - Enable the CSV log pipe inside the ``WithActiveInstance`` function to collect logs from recovery bootstrap jobs and help in the troubleshooting phase - Prevent bootstrapping a new cluster with a non-empty backup object store, removing the risk of overwriting existing backups - With the ``recovery`` bootstrap method, make sure that the recovery object store and the backup object store are different to avoid overwriting existing backups - Re-queue the reconciliation loop if the RBAC for backups is not yet created - Fix an issue with backups and the wrong specification of the cluster name property - Ensures that operator pods always have the latest certificates in the case of a deployment of the operator in high availability, with more than one replica - Fix the ``cnpg report operator`` command to correctly handle the case of a deployment of the operator in high availability, with more than one replica - Properly propagate changes in the cluster’s ``inheritedMetadata`` set of labels and annotations to the related resources of the cluster without requiring a restart - Fix the ``cnpg`` plugin to correctly parse any custom configmap and secret name defined in the operator deployment, instead of relying just on the default values - Fix the local building of the documentation by using the ``minidocks/mkdocs`` image for ``mkdocs`` Version 1.15.0 -------------- **Release date:** 21 April 2022 Features: - **Fencing:** Introduction of the fencing capability for a cluster or a given set of PostgreSQL instances through the ``cnpg.io/fencedInstances`` annotation, which, if not empty, disables switchover/failovers in the cluster; fenced instances are shut down and the pod is kept running (while considered not ready) for inspection and emergencies - **LDAP authentication:** Allow LDAP Simple Bind and Search+Bind configuration options in the ``pg_hba.conf`` to be defined in the Postgres cluster spec declaratively, enabling the optional use of Kubernetes secrets for sensitive options such as ``ldapbindpasswd`` - Introduction of the ``primaryUpdateMethod`` option, accepting the values of ``switchover`` (default) and ``restart`` , to be used in case of unsupervised ``primaryUpdateStrategy`` ; this method controls what happens to the primary instance during the rolling update procedure - New ``report`` command in the ``kubectl cnp`` plugin for better diagnosis and more effective troubleshooting of both the operator and a specific Postgres cluster - Prune those ``Backup`` objects that are no longer in the backup object store - Specification of target timeline and ``LSN`` in Point-In-Time Recovery bootstrap method - Support for the ``AWS_SESSION_TOKEN`` authentication token in AWS S3 through the ``sessionToken`` option - Default image name for PgBouncer in ``Pooler`` pods set to ``quay.io/enterprisedb/pgbouncer:1.17.0`` Fixes: - Base backup detection for Point-In-Time Recovery via ``targetTime`` correctly works now, as previously a target prior to the latest available backup was not possible (the detection algorithm was always wrong by selecting the last backup as a starting point) - Improved resilience of hot standby sensitive parameters by relying on the values the operator collects from ``pg_controldata`` - Intermediate certificates handling has been improved by properly discarding invalid entries, instead of throwing an invalid certificate error - Prometheus exporter metric collection queries in the databases are now committed instead of rolled back (this might result in a change in the number of rolled back transactions that are visible from downstream dashboards, where applicable) Version 1.15.0 is the first release of CloudNativePG. Previously, this software was called EDB Cloud Native PostgreSQL (now EDB Postgres for Kubernetes). If you are looking for information about a previous release, please refer to the `EDB documentation `_ .