v1.22.0
Release date: Dec 21, 2023
!!! Important "Important changes from previous versions" This release introduces a significant change, disabling the default usage of the ALTER SYSTEM
command in PostgreSQL. For users upgrading from a previous version who wish to retain the old behavior: please refer to the upgrade documentation for detailed instructions.
Features
-
Declarative Tablespaces: Introducing the
tablespaces
stanza in theCluster
spec, enabling comprehensive lifecycle management of PostgreSQL tablespaces for enhanced vertical scalability (#3410). -
Temporary Tablespaces: Adding the
.spec.tablespaces[*].temporary
option to facilitate the utilization of a tablespace for temporary database operations, by incorporating the name into thetemp_tablespaces
PostgreSQL parameter (#3464).
Security
- By default, TLSv1.3 is now enforced on all PostgreSQL 12 or higher installations. Additionally, users can configure the
ssl_ciphers
,ssl_min_protocol_version
, andssl_max_protocol_version
GUCs (#3408). - Integration of Docker image scanning with Dockle and Snyk to enhance security measures (#3300).
Enhancements
- Improved reconciliation of external clusters (#3533).
- Introduction of the ability to enable/disable the
ALTER SYSTEM
command (#3535). - Support for Prometheus' dynamic relabeling through the
podMonitorMetricRelabelings
andpodMonitorRelabelings
options in the.spec.monitoring
stanza of theCluster
andPooler
resources (#3075). - Enhanced computation of the first recoverability point and last successful backup by considering volume snapshots alongside object-store backups (#2940).
- Elimination of the use of the
PGPASSFILE
environment variable when establishing a network connection to PostgreSQL (#3522). - Improved
cnpg report
plugin command by collecting a cluster's PVCs (#3357). - Enhancement of the
cnpg status
plugin command, providing information about managed roles, including alerts (#3310). - Introduction of Red Hat UBI 8 container images for the operator, suitable for OLM deployments.
- Connection pooler:
Fixes
- Reconciliation of metadata, annotations, and labels of
PodDisruptionBudget
resources (#3312 and #3434). - Reconciliation of the metadata of the managed credential secrets (#3316).
- Resolution of a bug in the backup snapshot code where an error reading the body would be handled as an overall error, leaving the backup process indefinitely stuck (#3321).
- Implicit setting of online backup with the
cnpg backup
plugin command when eitherimmediate-checkpoint
orwait-for-archive
options are requested (#3449). - Disabling of wal_sender_timeout when joining through pg_basebackup (#3586)
- Reloading of secrets used by external clusters (#3565)
- Connection pooler:
- Ensuring the controller watches all secrets owned by a
Pooler
resource (#3428). - Reconciliation of
RoleBinding
forPooler
resources (#3391). - Reconciliation of
imagePullSecret
forPooler
resources (#3389). - Reconciliation of the service of a
Pooler
and addition of the required labels (#3349). - Extension of
Pooler
labels to the deployment as well, not just the pods (#3350).
- Ensuring the controller watches all secrets owned by a