chore: Update manifests after automerge

clusters/cl01tl/manifests/cloudnative-pg/ClusterRole-cloudnative-pg-edit.yaml

@@ -3,10 +3,10 @@ kind: ClusterRole
 metadata:
   name: cloudnative-pg-edit
   labels:
-    helm.sh/chart: cloudnative-pg-0.27.0
+    helm.sh/chart: cloudnative-pg-0.27.1
     app.kubernetes.io/name: cloudnative-pg
     app.kubernetes.io/instance: cloudnative-pg
-    app.kubernetes.io/version: "1.28.0"
+    app.kubernetes.io/version: "1.28.1"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:

clusters/cl01tl/manifests/cloudnative-pg/ClusterRole-cloudnative-pg-view.yaml

@@ -3,10 +3,10 @@ kind: ClusterRole
 metadata:
   name: cloudnative-pg-view
   labels:
-    helm.sh/chart: cloudnative-pg-0.27.0
+    helm.sh/chart: cloudnative-pg-0.27.1
     app.kubernetes.io/name: cloudnative-pg
     app.kubernetes.io/instance: cloudnative-pg
-    app.kubernetes.io/version: "1.28.0"
+    app.kubernetes.io/version: "1.28.1"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:

clusters/cl01tl/manifests/cloudnative-pg/ClusterRole-cloudnative-pg.yaml

@@ -3,10 +3,10 @@ kind: ClusterRole
 metadata:
   name: cloudnative-pg
   labels:
-    helm.sh/chart: cloudnative-pg-0.27.0
+    helm.sh/chart: cloudnative-pg-0.27.1
     app.kubernetes.io/name: cloudnative-pg
     app.kubernetes.io/instance: cloudnative-pg
-    app.kubernetes.io/version: "1.28.0"
+    app.kubernetes.io/version: "1.28.1"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:

clusters/cl01tl/manifests/cloudnative-pg/ClusterRoleBinding-cloudnative-pg.yaml

@@ -3,10 +3,10 @@ kind: ClusterRoleBinding
 metadata:
   name: cloudnative-pg
   labels:
-    helm.sh/chart: cloudnative-pg-0.27.0
+    helm.sh/chart: cloudnative-pg-0.27.1
     app.kubernetes.io/name: cloudnative-pg
     app.kubernetes.io/instance: cloudnative-pg
-    app.kubernetes.io/version: "1.28.0"
+    app.kubernetes.io/version: "1.28.1"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io

clusters/cl01tl/manifests/cloudnative-pg/ConfigMap-cnpg-controller-manager-config.yaml

@@ -4,9 +4,9 @@ metadata:
   name: cnpg-controller-manager-config
   namespace: cloudnative-pg
   labels:
-    helm.sh/chart: cloudnative-pg-0.27.0
+    helm.sh/chart: cloudnative-pg-0.27.1
     app.kubernetes.io/name: cloudnative-pg
     app.kubernetes.io/instance: cloudnative-pg
-    app.kubernetes.io/version: "1.28.0"
+    app.kubernetes.io/version: "1.28.1"
     app.kubernetes.io/managed-by: Helm
 data: {}

clusters/cl01tl/manifests/cloudnative-pg/ConfigMap-cnpg-default-monitoring.yaml

@@ -4,40 +4,40 @@ metadata:
   name: cnpg-default-monitoring
   namespace: cloudnative-pg
   labels:
-    helm.sh/chart: cloudnative-pg-0.27.0
+    helm.sh/chart: cloudnative-pg-0.27.1
     app.kubernetes.io/name: cloudnative-pg
     app.kubernetes.io/instance: cloudnative-pg
-    app.kubernetes.io/version: "1.28.0"
+    app.kubernetes.io/version: "1.28.1"
     app.kubernetes.io/managed-by: Helm
     cnpg.io/reload: ""
 data:
   queries: |
     backends:
       query: |
-       SELECT sa.datname
+        SELECT sa.datname
-           , sa.usename
+          , sa.usename
-           , sa.application_name
+          , sa.application_name
-           , states.state
+          , states.state
-           , COALESCE(sa.count, 0) AS total
+          , COALESCE(sa.count, 0) AS total
-           , COALESCE(sa.max_tx_secs, 0) AS max_tx_duration_seconds
+          , COALESCE(sa.max_tx_secs, 0) AS max_tx_duration_seconds
-           FROM ( VALUES ('active')
+        FROM ( VALUES ('active')
-               , ('idle')
+          , ('idle')
-               , ('idle in transaction')
+          , ('idle in transaction')
-               , ('idle in transaction (aborted)')
+          , ('idle in transaction (aborted)')
-               , ('fastpath function call')
+          , ('fastpath function call')
-               , ('disabled')
+          , ('disabled')
-               ) AS states(state)
+          ) AS states(state)
-           LEFT JOIN (
+        LEFT JOIN (
-               SELECT datname
+          SELECT datname
-                   , state
+            , state
-                   , usename
+            , usename
-                   , COALESCE(application_name, '') AS application_name
+            , COALESCE(application_name, '') AS application_name
-                   , COUNT(*)
+            , COUNT(*)
-                   , COALESCE(EXTRACT (EPOCH FROM (max(now() - xact_start))), 0) AS max_tx_secs
+            , COALESCE(EXTRACT (EPOCH FROM (max(now() - xact_start))), 0) AS max_tx_secs
-               FROM pg_catalog.pg_stat_activity
+          FROM pg_catalog.pg_stat_activity
-               GROUP BY datname, state, usename, application_name
+          GROUP BY datname, state, usename, application_name
-           ) sa ON states.state = sa.state
+        ) sa ON states.state = sa.state
-           WHERE sa.usename IS NOT NULL
+        WHERE sa.usename IS NOT NULL
       metrics:
         - datname:
             usage: "LABEL"
@@ -60,22 +60,22 @@ data:
 
     backends_waiting:
       query: |
-       SELECT count(*) AS total
+        SELECT count(*) AS total
-       FROM pg_catalog.pg_locks blocked_locks
+        FROM pg_catalog.pg_locks blocked_locks
-       JOIN pg_catalog.pg_locks blocking_locks
+        JOIN pg_catalog.pg_locks blocking_locks
-         ON blocking_locks.locktype = blocked_locks.locktype
+          ON blocking_locks.locktype = blocked_locks.locktype
-         AND blocking_locks.database IS NOT DISTINCT FROM blocked_locks.database
+          AND blocking_locks.database IS NOT DISTINCT FROM blocked_locks.database
-         AND blocking_locks.relation IS NOT DISTINCT FROM blocked_locks.relation
+          AND blocking_locks.relation IS NOT DISTINCT FROM blocked_locks.relation
-         AND blocking_locks.page IS NOT DISTINCT FROM blocked_locks.page
+          AND blocking_locks.page IS NOT DISTINCT FROM blocked_locks.page
-         AND blocking_locks.tuple IS NOT DISTINCT FROM blocked_locks.tuple
+          AND blocking_locks.tuple IS NOT DISTINCT FROM blocked_locks.tuple
-         AND blocking_locks.virtualxid IS NOT DISTINCT FROM blocked_locks.virtualxid
+          AND blocking_locks.virtualxid IS NOT DISTINCT FROM blocked_locks.virtualxid
-         AND blocking_locks.transactionid IS NOT DISTINCT FROM blocked_locks.transactionid
+          AND blocking_locks.transactionid IS NOT DISTINCT FROM blocked_locks.transactionid
-         AND blocking_locks.classid IS NOT DISTINCT FROM blocked_locks.classid
+          AND blocking_locks.classid IS NOT DISTINCT FROM blocked_locks.classid
-         AND blocking_locks.objid IS NOT DISTINCT FROM blocked_locks.objid
+          AND blocking_locks.objid IS NOT DISTINCT FROM blocked_locks.objid
-         AND blocking_locks.objsubid IS NOT DISTINCT FROM blocked_locks.objsubid
+          AND blocking_locks.objsubid IS NOT DISTINCT FROM blocked_locks.objsubid
-         AND blocking_locks.pid != blocked_locks.pid
+          AND blocking_locks.pid != blocked_locks.pid
-       JOIN pg_catalog.pg_stat_activity blocking_activity ON blocking_activity.pid = blocking_locks.pid
+        JOIN pg_catalog.pg_stat_activity blocking_activity ON blocking_activity.pid = blocking_locks.pid
-       WHERE NOT blocked_locks.granted
+        WHERE NOT blocked_locks.granted
       metrics:
         - total:
             usage: "GAUGE"
@@ -113,16 +113,17 @@ data:
             description: "Time at which postgres started (based on epoch)"
 
     pg_replication:
-      query: "SELECT CASE WHEN (
+      query: |
-                NOT pg_catalog.pg_is_in_recovery()
+        SELECT CASE WHEN (
-                OR pg_catalog.pg_last_wal_receive_lsn() = pg_catalog.pg_last_wal_replay_lsn())
+            NOT pg_catalog.pg_is_in_recovery()
-              THEN 0
+            OR pg_catalog.pg_last_wal_receive_lsn() = pg_catalog.pg_last_wal_replay_lsn())
-              ELSE GREATEST (0,
+          THEN 0
-                EXTRACT(EPOCH FROM (now() - pg_catalog.pg_last_xact_replay_timestamp())))
+          ELSE GREATEST (0,
-              END AS lag,
+            EXTRACT(EPOCH FROM (now() - pg_catalog.pg_last_xact_replay_timestamp())))
-              pg_catalog.pg_is_in_recovery() AS in_recovery,
+          END AS lag,
-              EXISTS (TABLE pg_stat_wal_receiver) AS is_wal_receiver_up,
+          pg_catalog.pg_is_in_recovery() AS in_recovery,
-              (SELECT count(*) FROM pg_catalog.pg_stat_replication) AS streaming_replicas"
+          EXISTS (TABLE pg_stat_wal_receiver) AS is_wal_receiver_up,
+          (SELECT count(*) FROM pg_catalog.pg_stat_replication) AS streaming_replicas
       metrics:
         - lag:
             usage: "GAUGE"
@@ -178,6 +179,9 @@ data:
           , COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_failed_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_failed_wal_start_lsn
           , EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time
         FROM pg_catalog.pg_stat_archiver
+      predicate_query: |
+        SELECT NOT pg_catalog.pg_is_in_recovery()
+          OR pg_catalog.current_setting('archive_mode') = 'always'
       metrics:
         - archived_count:
             usage: "COUNTER"
@@ -390,20 +394,20 @@ data:
     pg_stat_replication:
       primary: true
       query: |
-       SELECT usename
+        SELECT usename
-         , COALESCE(application_name, '') AS application_name
+          , COALESCE(application_name, '') AS application_name
-         , COALESCE(client_addr::text, '') AS client_addr
+          , COALESCE(client_addr::text, '') AS client_addr
-         , COALESCE(client_port::text, '') AS client_port
+          , COALESCE(client_port::text, '') AS client_port
-         , EXTRACT(EPOCH FROM backend_start) AS backend_start
+          , EXTRACT(EPOCH FROM backend_start) AS backend_start
-         , COALESCE(pg_catalog.age(backend_xmin), 0) AS backend_xmin_age
+          , COALESCE(pg_catalog.age(backend_xmin), 0) AS backend_xmin_age
-         , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), sent_lsn) AS sent_diff_bytes
+          , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), sent_lsn) AS sent_diff_bytes
-         , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), write_lsn) AS write_diff_bytes
+          , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), write_lsn) AS write_diff_bytes
-         , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), flush_lsn) AS flush_diff_bytes
+          , pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), flush_lsn) AS flush_diff_bytes
-         , COALESCE(pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), replay_lsn),0) AS replay_diff_bytes
+          , COALESCE(pg_catalog.pg_wal_lsn_diff(pg_catalog.pg_current_wal_lsn(), replay_lsn),0) AS replay_diff_bytes
-         , COALESCE((EXTRACT(EPOCH FROM write_lag)),0)::float AS write_lag_seconds
+          , COALESCE((EXTRACT(EPOCH FROM write_lag)),0)::float AS write_lag_seconds
-         , COALESCE((EXTRACT(EPOCH FROM flush_lag)),0)::float AS flush_lag_seconds
+          , COALESCE((EXTRACT(EPOCH FROM flush_lag)),0)::float AS flush_lag_seconds
-         , COALESCE((EXTRACT(EPOCH FROM replay_lag)),0)::float AS replay_lag_seconds
+          , COALESCE((EXTRACT(EPOCH FROM replay_lag)),0)::float AS replay_lag_seconds
-       FROM pg_catalog.pg_stat_replication
+        FROM pg_catalog.pg_stat_replication
       metrics:
         - usename:
             usage: "LABEL"
@@ -463,13 +467,13 @@ data:
     pg_extensions:
       query: |
         SELECT
-         current_database() as datname,
+          current_database() as datname,
-         name as extname,
+          name as extname,
-         default_version,
+          default_version,
-         installed_version,
+          installed_version,
-         CASE
+          CASE
-           WHEN default_version = installed_version THEN 0
+            WHEN default_version = installed_version THEN 0
-           ELSE 1
+            ELSE 1
         END AS update_available
         FROM pg_catalog.pg_available_extensions
         WHERE installed_version IS NOT NULL

clusters/cl01tl/manifests/cloudnative-pg/CustomResourceDefinition-backups.postgresql.cnpg.io.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.20.0
     helm.sh/resource-policy: keep
   name: backups.postgresql.cnpg.io
 spec:
@@ -211,6 +211,11 @@ spec:
                         - key
                         - name
                       type: object
+                    useDefaultAzureCredentials:
+                      description: |-
+                        Use the default Azure authentication flow, which includes DefaultAzureCredential.
+                        This allows authentication using environment variables and managed identities.
+                      type: boolean
                   type: object
                 backupId:
                   description: The ID of the Barman backup
@@ -304,6 +309,13 @@ spec:
                     podName:
                       description: The pod name
                       type: string
+                    sessionID:
+                      description: |-
+                        The instance manager session ID. This is a unique identifier generated at instance manager
+                        startup and changes on every restart (including container reboots). Used to detect if
+                        the instance manager was restarted during long-running operations like backups, which
+                        would terminate any running backup process.
+                      type: string
                   type: object
                 majorVersion:
                   description: |-

clusters/cl01tl/manifests/cloudnative-pg/CustomResourceDefinition-clusterimagecatalogs.postgresql.cnpg.io.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.20.0
     helm.sh/resource-policy: keep
   name: clusterimagecatalogs.postgresql.cnpg.io
 spec:

clusters/cl01tl/manifests/cloudnative-pg/CustomResourceDefinition-clusters.postgresql.cnpg.io.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.20.0
     helm.sh/resource-policy: keep
   name: clusters.postgresql.cnpg.io
 spec:
@@ -984,9 +984,10 @@ spec:
                           operator:
                             description: |-
                               Operator represents a key's relationship to the value.
-                              Valid operators are Exists and Equal. Defaults to Equal.
+                              Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal.
                               Exists is equivalent to wildcard for value, so that a pod can
                               tolerate all taints of a particular category.
+                              Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
                             type: string
                           tolerationSeconds:
                             description: |-
@@ -1077,6 +1078,11 @@ spec:
                                 - key
                                 - name
                               type: object
+                            useDefaultAzureCredentials:
+                              description: |-
+                                Use the default Azure authentication flow, which includes DefaultAzureCredential.
+                                This allows authentication using environment variables and managed identities.
+                              type: boolean
                           type: object
                         data:
                           description: |-
@@ -1908,7 +1914,9 @@ spec:
                               description: The target timeline ("latest" or a positive integer)
                               type: string
                             targetTime:
-                              description: The target time as a timestamp in the RFC3339 standard
+                              description: |-
+                                The target time as a timestamp in RFC3339 format or PostgreSQL timestamp format.
+                                Timestamps without an explicit timezone are interpreted as UTC.
                               type: string
                             targetXID:
                               description: The target transaction ID
@@ -2410,7 +2418,7 @@ spec:
                             resources:
                               description: |-
                                 resources represents the minimum resources the volume should have.
-                                If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+                                Users are allowed to specify resource requirements
                                 that are lower than previous value but must still be higher than capacity recorded in the
                                 status field of the claim.
                                 More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
@@ -2607,6 +2615,11 @@ spec:
                                   - key
                                   - name
                                 type: object
+                              useDefaultAzureCredentials:
+                                description: |-
+                                  Use the default Azure authentication flow, which includes DefaultAzureCredential.
+                                  This allows authentication using environment variables and managed identities.
+                                type: boolean
                             type: object
                           data:
                             description: |-
@@ -4267,7 +4280,7 @@ spec:
                           name:
                             description: The name of the extension, required
                             minLength: 1
-                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+                            pattern: ^[a-z0-9]([-a-z0-9_]*[a-z0-9])?$
                             type: string
                         required:
                           - image
@@ -5020,6 +5033,24 @@ spec:
                               signerName:
                                 description: Kubelet's generated CSRs will be addressed to this signer.
                                 type: string
+                              userAnnotations:
+                                additionalProperties:
+                                  type: string
+                                description: |-
+                                  userAnnotations allow pod authors to pass additional information to
+                                  the signer implementation.  Kubernetes does not restrict or validate this
+                                  metadata in any way.
+
+                                  These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of
+                                  the PodCertificateRequest objects that Kubelet creates.
+
+                                  Entries are subject to the same validation as object metadata annotations,
+                                  with the addition that all keys must be domain-prefixed. No restrictions
+                                  are placed on values, except an overall size limitation on the entire field.
+
+                                  Signers should document the keys and values they support. Signers should
+                                  deny requests that contain keys they do not recognize.
+                                type: object
                             required:
                               - keyType
                               - signerName
@@ -5645,7 +5676,7 @@ spec:
                         resources:
                           description: |-
                             resources represents the minimum resources the volume should have.
-                            If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+                            Users are allowed to specify resource requirements
                             that are lower than previous value but must still be higher than capacity recorded in the
                             status field of the claim.
                             More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
@@ -5892,7 +5923,7 @@ spec:
                               resources:
                                 description: |-
                                   resources represents the minimum resources the volume should have.
-                                  If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+                                  Users are allowed to specify resource requirements
                                   that are lower than previous value but must still be higher than capacity recorded in the
                                   status field of the claim.
                                   More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
@@ -6291,7 +6322,7 @@ spec:
                         resources:
                           description: |-
                             resources represents the minimum resources the volume should have.
-                            If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+                            Users are allowed to specify resource requirements
                             that are lower than previous value but must still be higher than capacity recorded in the
                             status field of the claim.
                             More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources

clusters/cl01tl/manifests/cloudnative-pg/CustomResourceDefinition-databases.postgresql.cnpg.io.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.20.0
     helm.sh/resource-policy: keep
   name: databases.postgresql.cnpg.io
 spec:

clusters/cl01tl/manifests/cloudnative-pg/CustomResourceDefinition-failoverquorums.postgresql.cnpg.io.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.20.0
     helm.sh/resource-policy: keep
   name: failoverquorums.postgresql.cnpg.io
 spec:

clusters/cl01tl/manifests/cloudnative-pg/CustomResourceDefinition-imagecatalogs.postgresql.cnpg.io.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.20.0
     helm.sh/resource-policy: keep
   name: imagecatalogs.postgresql.cnpg.io
 spec:

clusters/cl01tl/manifests/cloudnative-pg/CustomResourceDefinition-poolers.postgresql.cnpg.io.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.20.0
     helm.sh/resource-policy: keep
   name: poolers.postgresql.cnpg.io
 spec:
@@ -2519,7 +2519,9 @@ spec:
                                     type: integer
                                 type: object
                               resizePolicy:
-                                description: Resources resize policy for the container.
+                                description: |-
+                                  Resources resize policy for the container.
+                                  This field cannot be set on ephemeral containers.
                                 items:
                                   description: ContainerResizePolicy represents resource resize policy for the container.
                                   properties:
@@ -5592,7 +5594,9 @@ spec:
                                     type: integer
                                 type: object
                               resizePolicy:
-                                description: Resources resize policy for the container.
+                                description: |-
+                                  Resources resize policy for the container.
+                                  This field cannot be set on ephemeral containers.
                                 items:
                                   description: ContainerResizePolicy represents resource resize policy for the container.
                                   properties:
@@ -6353,8 +6357,8 @@ spec:
                             will be made available to those containers which consume them
                             by name.
 
-                            This is an alpha field and requires enabling the
+                            This is a stable field but requires that the
-                            DynamicResourceAllocation feature gate.
+                            DynamicResourceAllocation feature gate is enabled.
 
                             This field is immutable.
                           items:
@@ -6806,9 +6810,10 @@ spec:
                               operator:
                                 description: |-
                                   Operator represents a key's relationship to the value.
-                                  Valid operators are Exists and Equal. Defaults to Equal.
+                                  Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal.
                                   Exists is equivalent to wildcard for value, so that a pod can
                                   tolerate all taints of a particular category.
+                                  Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
                                 type: string
                               tolerationSeconds:
                                 description: |-
@@ -7563,7 +7568,7 @@ spec:
                                           resources:
                                             description: |-
                                               resources represents the minimum resources the volume should have.
-                                              If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+                                              Users are allowed to specify resource requirements
                                               that are lower than previous value but must still be higher than capacity recorded in the
                                               status field of the claim.
                                               More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
@@ -8398,6 +8403,24 @@ spec:
                                             signerName:
                                               description: Kubelet's generated CSRs will be addressed to this signer.
                                               type: string
+                                            userAnnotations:
+                                              additionalProperties:
+                                                type: string
+                                              description: |-
+                                                userAnnotations allow pod authors to pass additional information to
+                                                the signer implementation.  Kubernetes does not restrict or validate this
+                                                metadata in any way.
+
+                                                These values are copied verbatim into the `spec.unverifiedUserAnnotations` field of
+                                                the PodCertificateRequest objects that Kubelet creates.
+
+                                                Entries are subject to the same validation as object metadata annotations,
+                                                with the addition that all keys must be domain-prefixed. No restrictions
+                                                are placed on values, except an overall size limitation on the entire field.
+
+                                                Signers should document the keys and values they support. Signers should
+                                                deny requests that contain keys they do not recognize.
+                                              type: object
                                           required:
                                             - keyType
                                             - signerName
@@ -8807,6 +8830,42 @@ spec:
                           x-kubernetes-list-map-keys:
                             - name
                           x-kubernetes-list-type: map
+                        workloadRef:
+                          description: |-
+                            WorkloadRef provides a reference to the Workload object that this Pod belongs to.
+                            This field is used by the scheduler to identify the PodGroup and apply the
+                            correct group scheduling policies. The Workload object referenced
+                            by this field may not exist at the time the Pod is created.
+                            This field is immutable, but a Workload object with the same name
+                            may be recreated with different policies. Doing this during pod scheduling
+                            may result in the placement not conforming to the expected policies.
+                          properties:
+                            name:
+                              description: |-
+                                Name defines the name of the Workload object this Pod belongs to.
+                                Workload must be in the same namespace as the Pod.
+                                If it doesn't match any existing Workload, the Pod will remain unschedulable
+                                until a Workload object is created and observed by the kube-scheduler.
+                                It must be a DNS subdomain.
+                              type: string
+                            podGroup:
+                              description: |-
+                                PodGroup is the name of the PodGroup within the Workload that this Pod
+                                belongs to. If it doesn't match any existing PodGroup within the Workload,
+                                the Pod will remain unschedulable until the Workload object is recreated
+                                and observed by the kube-scheduler. It must be a DNS label.
+                              type: string
+                            podGroupReplicaKey:
+                              description: |-
+                                PodGroupReplicaKey specifies the replica key of the PodGroup to which this
+                                Pod belongs. It is used to distinguish pods belonging to different replicas
+                                of the same pod group. The pod group policy is applied separately to each replica.
+                                When set, it must be a DNS label.
+                              type: string
+                          required:
+                            - name
+                            - podGroup
+                          type: object
                       required:
                         - containers
                       type: object

clusters/cl01tl/manifests/cloudnative-pg/CustomResourceDefinition-publications.postgresql.cnpg.io.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.20.0
     helm.sh/resource-policy: keep
   name: publications.postgresql.cnpg.io
 spec:

clusters/cl01tl/manifests/cloudnative-pg/CustomResourceDefinition-scheduledbackups.postgresql.cnpg.io.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.20.0
     helm.sh/resource-policy: keep
   name: scheduledbackups.postgresql.cnpg.io
 spec:

clusters/cl01tl/manifests/cloudnative-pg/CustomResourceDefinition-subscriptions.postgresql.cnpg.io.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.19.0
+    controller-gen.kubebuilder.io/version: v0.20.0
     helm.sh/resource-policy: keep
   name: subscriptions.postgresql.cnpg.io
 spec:

clusters/cl01tl/manifests/cloudnative-pg/Deployment-cloudnative-pg.yaml

@@ -4,10 +4,10 @@ metadata:
   name: cloudnative-pg
   namespace: cloudnative-pg
   labels:
-    helm.sh/chart: cloudnative-pg-0.27.0
+    helm.sh/chart: cloudnative-pg-0.27.1
     app.kubernetes.io/name: cloudnative-pg
     app.kubernetes.io/instance: cloudnative-pg
-    app.kubernetes.io/version: "1.28.0"
+    app.kubernetes.io/version: "1.28.1"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 2
@@ -18,9 +18,9 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/rbac: 625d3dbff4558ad674205e1cd8555211cddb507d587760354c9c1871e366b859
+        checksum/rbac: f56b7f8a804f170d0321013a76b6986d87676d3d2686ab6e516c78728c914633
-        checksum/config: ffb213960dde6a3a8cc898d67058389735af67e191de063efd4d39b4e1130db4
+        checksum/config: a9a8db623df05650079bba7bb18a20557d311139de2c1115f8a80327aefa16b5
-        checksum/monitoring-config: 1e0e508ea8c794ca396cd418f9fc622311e161e94283828fa8b61896a86f60c9
+        checksum/monitoring-config: 76f52b5d508cf7d22063ef07656ad78f7277ee177de83e23b5b06f7f54ebc924
       labels:
         app.kubernetes.io/name: cloudnative-pg
         app.kubernetes.io/instance: cloudnative-pg
@@ -36,19 +36,19 @@ spec:
             - /manager
           env:
             - name: OPERATOR_IMAGE_NAME
-              value: "ghcr.io/cloudnative-pg/cloudnative-pg:1.28.0"
+              value: "ghcr.io/cloudnative-pg/cloudnative-pg:1.28.1"
             - name: OPERATOR_NAMESPACE
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
             - name: MONITORING_QUERIES_CONFIGMAP
               value: "cnpg-default-monitoring"
-          image: "ghcr.io/cloudnative-pg/cloudnative-pg:1.28.0"
+          image: "ghcr.io/cloudnative-pg/cloudnative-pg:1.28.1"
           imagePullPolicy: IfNotPresent
           livenessProbe:
             httpGet:
               path: /readyz
-              port: 9443
+              port: webhook-server
               scheme: HTTPS
             initialDelaySeconds: 3
           name: manager
@@ -62,7 +62,7 @@ spec:
           readinessProbe:
             httpGet:
               path: /readyz
-              port: 9443
+              port: webhook-server
               scheme: HTTPS
             initialDelaySeconds: 3
           resources: {}
@@ -80,7 +80,7 @@ spec:
             failureThreshold: 6
             httpGet:
               path: /readyz
-              port: 9443
+              port: webhook-server
               scheme: HTTPS
             periodSeconds: 5
           volumeMounts:

clusters/cl01tl/manifests/cloudnative-pg/MutatingWebhookConfiguration-cnpg-mutating-webhook-configuration.yaml

@@ -3,10 +3,10 @@ kind: MutatingWebhookConfiguration
 metadata:
   name: cnpg-mutating-webhook-configuration
   labels:
-    helm.sh/chart: cloudnative-pg-0.27.0
+    helm.sh/chart: cloudnative-pg-0.27.1
     app.kubernetes.io/name: cloudnative-pg
     app.kubernetes.io/instance: cloudnative-pg
-    app.kubernetes.io/version: "1.28.0"
+    app.kubernetes.io/version: "1.28.1"
     app.kubernetes.io/managed-by: Helm
 webhooks:
   - admissionReviewVersions:

clusters/cl01tl/manifests/cloudnative-pg/PodMonitor-cloudnative-pg.yaml

@@ -4,10 +4,10 @@ metadata:
   name: cloudnative-pg
   namespace: cloudnative-pg
   labels:
-    helm.sh/chart: cloudnative-pg-0.27.0
+    helm.sh/chart: cloudnative-pg-0.27.1
     app.kubernetes.io/name: cloudnative-pg
     app.kubernetes.io/instance: cloudnative-pg
-    app.kubernetes.io/version: "1.28.0"
+    app.kubernetes.io/version: "1.28.1"
     app.kubernetes.io/managed-by: Helm
 spec:
   selector:

clusters/cl01tl/manifests/cloudnative-pg/Service-cnpg-webhook-service.yaml

@@ -4,10 +4,10 @@ metadata:
   name: cnpg-webhook-service
   namespace: cloudnative-pg
   labels:
-    helm.sh/chart: cloudnative-pg-0.27.0
+    helm.sh/chart: cloudnative-pg-0.27.1
     app.kubernetes.io/name: cloudnative-pg
     app.kubernetes.io/instance: cloudnative-pg
-    app.kubernetes.io/version: "1.28.0"
+    app.kubernetes.io/version: "1.28.1"
     app.kubernetes.io/managed-by: Helm
 spec:
   type: ClusterIP

clusters/cl01tl/manifests/cloudnative-pg/ServiceAccount-cloudnative-pg.yaml

@@ -4,8 +4,8 @@ metadata:
   name: cloudnative-pg
   namespace: cloudnative-pg
   labels:
-    helm.sh/chart: cloudnative-pg-0.27.0
+    helm.sh/chart: cloudnative-pg-0.27.1
     app.kubernetes.io/name: cloudnative-pg
     app.kubernetes.io/instance: cloudnative-pg
-    app.kubernetes.io/version: "1.28.0"
+    app.kubernetes.io/version: "1.28.1"
     app.kubernetes.io/managed-by: Helm

clusters/cl01tl/manifests/cloudnative-pg/ValidatingWebhookConfiguration-cnpg-validating-webhook-configuration.yaml

@@ -3,10 +3,10 @@ kind: ValidatingWebhookConfiguration
 metadata:
   name: cnpg-validating-webhook-configuration
   labels:
-    helm.sh/chart: cloudnative-pg-0.27.0
+    helm.sh/chart: cloudnative-pg-0.27.1
     app.kubernetes.io/name: cloudnative-pg
     app.kubernetes.io/instance: cloudnative-pg
-    app.kubernetes.io/version: "1.28.0"
+    app.kubernetes.io/version: "1.28.1"
     app.kubernetes.io/managed-by: Helm
 webhooks:
   - admissionReviewVersions: