Release date: Dec 21, 2023
Security
- By default, TLSv1.3 is now enforced on all PostgreSQL 12 or higher installations. Additionally, users can configure the
ssl_ciphers
,ssl_min_protocol_version
, andssl_max_protocol_version
GUCs (cloudnative-pg#3408). - Integration of Docker image scanning with Dockle and Snyk to enhance security measures (cloudnative-pg#3300).
Enhancements
- Improved reconciliation of external clusters (cloudnative-pg#3533).
- Introduction of the ability to enable/disable the
ALTER SYSTEM
command (cloudnative-pg#3535). - Support for Prometheus' dynamic relabeling through the
podMonitorMetricRelabelings
andpodMonitorRelabelings
options in the.spec.monitoring
stanza of theCluster
andPooler
resources (cloudnative-pg#3075). - Enhanced computation of the first recoverability point and last successful backup by considering volume snapshots alongside object-store backups (cloudnative-pg#2940).
- Elimination of the use of the
PGPASSFILE
environment variable when establishing a network connection to PostgreSQL (cloudnative-pg#3522). - Improved
cnpg report
plugin command by collecting a cluster's PVCs (cloudnative-pg#3357). - Enhancement of the
cnpg status
plugin command, providing information about managed roles, including alerts (cloudnative-pg#3310). - Introduction of Red Hat UBI 8 container images for the operator, suitable for OLM deployments.
- Connection pooler:
- Scaling down instances of a
Pooler
resource to 0 is now possible (cloudnative-pg#3517). - Addition of the
cnpg.io/podRole
label with a value of 'pooler' to every pooler deployment, differentiating them from instance pods (cloudnative-pg#3396).
- Scaling down instances of a
Fixes
- Reconciliation of metadata, annotations, and labels of
PodDisruptionBudget
resources (cloudnative-pg#3312 and cloudnative-pg#3434). - Reconciliation of the metadata of the managed credential secrets (cloudnative-pg#3316).
- Resolution of a bug in the backup snapshot code where an error reading the body would be handled as an overall error, leaving the backup process indefinitely stuck (cloudnative-pg#3321).
- Implicit setting of online backup with the
cnpg backup
plugin command when eitherimmediate-checkpoint
orwait-for-archive
options are requested (cloudnative-pg#3449). - Disabling of wal_sender_timeout when joining through pg_basebackup (cloudnative-pg#3586)
- Reloading of secrets used by external clusters (cloudnative-pg#3565)
- Connection pooler:
- Ensuring the controller watches all secrets owned by a
Pooler
resource (cloudnative-pg#3428). - Reconciliation of
RoleBinding
forPooler
resources (cloudnative-pg#3391). - Reconciliation of
imagePullSecret
forPooler
resources (cloudnative-pg#3389). - Reconciliation of the service of a
Pooler
and addition of the required labels (cloudnative-pg#3349). - Extension of
Pooler
labels to the deployment as well, not just the pods (cloudnative-pg#3350).
- Ensuring the controller watches all secrets owned by a
Changes
- Default operand image set to PostgreSQL 16.1 (cloudnative-pg#3270).