chore(deps): update cloudnative-pg #5367

Merged

alexlebens merged 1 commits from renovate/unified-cloudnative-pg into main 2026-04-01 21:25:26 +00:00

Conversation 0 Commits 1 Files Changed 2 +5 -5

renovate-bot commented 2026-04-01 11:03:40 +00:00

Collaborator

Copy Link

This PR contains the following updates:

Package	Update	Change
cloudnative-pg (source)	minor	0.27.1 → 0.28.0
cloudnative-pg/cloudnative-pg	minor	1.28.1 → 1.29.0

---

Release Notes

cloudnative-pg/charts (cloudnative-pg)

v0.28.0

Compare Source

CloudNativePG Operator Helm Chart

What's Changed

• fix(security): harden GitHub Actions workflows against expression injection by @​mnencia in #​823
• feat(monitoring): add support for custom PodMonitor by @​Dashing-Nelson in #​724
• Release cloudnative-pg-v0.28.0 by @​cnpg-bot in #​845

New Contributors

• @​Dashing-Nelson made their first contribution in #​724

Full Changelog: https://github.com/cloudnative-pg/charts/compare/cluster-v0.6.0...cloudnative-pg-v0.28.0

cloudnative-pg/cloudnative-pg (cloudnative-pg/cloudnative-pg)

v1.29.0

Compare Source

Release date: Mar 31, 2026

Important changes

• Updated the deprecation notice for native (in-tree) Barman Cloud support to reflect that it will now be removed in CloudNativePG 1.30.0, rather than 1.29.0. Users are still encouraged to migrate to the Barman Cloud Plugin. (#​10167)

Features

• PostgreSQL extensions in image catalogs: extended the ImageCatalog functionality to support PostgreSQL extensions. This allows users to define and manage extension-specific images within a catalog, simplifying the deployment of customized PostgreSQL builds. (#​9781)

• Dynamic network access control via pod selectors: introduced the declarative definition of podSelectorRefs to manage pg_hba.conf rules dynamically. By using label selectors to identify client pods, the operator automatically resolves their ephemeral IP addresses and updates the PostgreSQL host-based authentication rules accordingly. This ensures that only authorized workloads in the same namespace can connect to the database, eliminating the need for manual IP management or static CIDR ranges. (#​10148)

• Shared ServiceAccount support: added an optional serviceAccountName field to both Cluster and Pooler specifications. This allows multiple resources to share a pre-existing ServiceAccount, facilitating one-time IAM configurations (such as AWS IRSA, GCP Workload Identity, or Azure Workload Identity) across all clusters and poolers. Contributed by @​bozkayasalihx. (#​9287)

Enhancements

• Improved the Pooler CRD with support for granular configuration of TLS cipher suites and minimum/maximum TLS versions. This enables administrators to meet strict security compliance requirements for pooler-to-client and pooler-to-server connections. Contributed by @​alex1989hu. (#​9571)

• Improved the reliability of major upgrades by setting BackoffLimit=0 on the upgrade job, preventing unnecessary retries of a failed pg_upgrade. The operator now automatically deletes the failed job when a user reverts the container image, allowing the cluster to restart gracefully on the original version. (#​10104, #​10298)

• Improved the operator's observability by emitting native Kubernetes events during key phases of the reconciliation loop, providing visibility into the operator's decision-making process and the lifecycle of managed resources directly through kubectl get events. (#​10040)

• Extended support for the cnpg.io/reconciliationDisabled annotation on Backup resources. This allows administrators to temporarily freeze the operator's reconciliation logic for specific backup objects. Contributed by @​GabriFedi97. (#​10020)

• Added a bin_path field to the postgresql.extensions stanza, as well as in ImageCatalog and ClusterImageCatalog resources. This allows extensions to specify directory paths for external binaries, which are automatically appended to the PATH environment variable of the Postgres process. (#​10250)

• Added an env field to the postgresql.extensions stanza, as well as in ImageCatalog and ClusterImageCatalog resources. This allows cluster administrators to define custom environment variables for the Postgres process. This field supports the ${image_root} placeholder to dynamically resolve to the extension's absolute mount path. (#​10375)

• Implemented a finalizer for plugins to ensure that resources managed by a plugin are gracefully cleaned up when the corresponding service is deleted. (#​9560)

• Improved role management by verifying the instance is the primary before each reconciliation cycle, avoiding unnecessary reconciliation attempts and spurious error messages on read-only replicas. (#​9971)

• The operator now honors the primaryUpdateMethod when adding new PVCs to a cluster, ensuring that the rollout strategy (e.g., switchover vs. restart) is respected during storage expansion or additions. (#​9720)

• Refined the alpha.cnpg.io/unrecoverable annotation logic to allow it to function even on pods that have not yet reached the Ready state, facilitating the recovery of stuck instances. (#​9968)

• Introduced a "Terminal Error" phase for backups that encounter unrecoverable issues (such as invalid credentials or non-existent cloud buckets). This ensures the operator stops retrying doomed operations, preventing resource exhaustion and providing immediate, clear feedback in the status. (#​9353)

• Improved monitoring of long-running backups by introducing reconciliationStartedAt and reconciliationTerminatedAt fields to the Backup status. This change separates the operator's internal lifecycle from the actual backup tool's execution timing (startedAt/stoppedAt), allowing users to track when the operator begins processing a request. (#​9351)

• Added a Pending phase to the Backup status to explicitly indicate when a backup is queued and waiting for an available worker or instance availability. (#​9364)

Security and Supply Chain

• Security best practices integration: integrated the OpenSSF baseline scanner and added a SECURITY-INSIGHTS.yaml file to the repository to align with industry-standard security reporting. (#​10054, #​10062)

• SLSA provenance and SBOMs: added SLSA (Supply-chain Levels for Software Artifacts) provenance to release binaries and container images. Additionally, enabled Software Bill of Materials (SBOM) generation within the GoReleaser pipeline for improved dependency transparency. (#​10048, #​10074)

• Password leak prevention: fixed a potential security risk where PostgreSQL could leak role passwords in the logs during specific reconciliation phases. (#​9950)

Changes

• Updated the default PostgreSQL version to 18.3 (image 18.3-system-trixie). (#​10090)

Fixes

• Fixed a deadlock during operator upgrades affecting clusters using synchronous replication, where pods running the old and new operator versions computed different PostgreSQL configuration hashes, causing the uniformity check to block indefinitely and preventing both rolling updates and in-place upgrades from proceeding. (#​10342)

• Fixed an issue where fencing annotations could not be processed when the WAL disk was full, because the disk space check blocked the instance manager from starting. The check is now performed later in the lifecycle loop, after fencing is evaluated. (#​10302)

• Fixed an issue where replicas would get stuck in a Pending state if the VolumeSnapshot used for the initial bootstrap had been deleted. The operator now validates snapshot existence before use; if a snapshot is missing, it attempts to use the next available candidate or falls back to pg_basebackup. (#​10192)

• Prevented the "supervised primary" rollout strategy from consuming all available rollout slots, which previously caused delays in scheduled updates. Contributed by @​ermakov-oleg. (#​9977)

• Fixed an issue where certain hot-standby parameter changes were not being correctly applied to replica clusters. (#​9952)

• Fixed a bug in the CNPG-I reconciler hook that could lead to skipping subsequent plugins when a "continue" result was returned. Contributed by @​sharifmshaker. (#​9978)

• Fixed a deadlock scenario that occurred when attempting to resize a filesystem on a PVC that was not currently attached to a Pod. Contributed by @​jmealo. (#​9981)

• Fixed webhook validation of bootstrap recovery sources to accept external clusters configured with ConnectionParameters (for pg_basebackup-based recovery). Previously, these were incorrectly rejected unless a Barman object store or CNPG-i plugin was also configured. (#​10268)

• Volume names for extensions and tablespaces are now prefixed to avoid naming collisions with standard cluster volumes. (#​9973)

• When hibernating a non-healthy cluster, the operator now reports a WaitingForHealthy condition, making the deferred hibernation state visible through cnpg status. (#​10193)

• Fixed fencing to work correctly even when the target pod does not exist. Fencing operates on a cluster-level annotation and should not depend on pod existence; instance name validation is now performed only in the cnpg fencing on command. (#​10035)

• Fixed the cluster and pooler service reconcilers to correctly handle changes to all spec fields when using the patch update strategy. The reconciler now uses RFC 7386 JSON Merge Patching, preventing cloud-provider-set fields (such as loadBalancerClass) from being inadvertently removed. (#​10190, #​10311)

• Fixed a race condition in the deprecated in-tree Barman Cloud backup implementation affecting parallel WAL restore, where prefetched files could be read while still being downloaded, causing PostgreSQL recovery to fail with "invalid checkpoint record" errors. (#​10285)

• Fixed the timeline history file validation to also apply to plugin-based WAL restore. Previously, the protection introduced in #​9650 only covered in-tree restores, allowing plugins to bypass the check and download future timeline history files, causing timeline mismatch errors on replicas. (#​9849)

• cnpg plugin:

  • The cnpg plugin now correctly propagates ImagePullSecrets to the pgbench Job pod template. (#​10174)

Supported versions

• Kubernetes 1.35, 1.34, and 1.33
• PostgreSQL 18, 17, 16, 15, and 14
  • PostgreSQL 18.3 is the default image
  • PostgreSQL 14 support ends on November 12, 2026

v1.28.2

Compare Source

Release date: Mar 31, 2026

Important changes

• Updated the deprecation notice for native (in-tree) Barman Cloud support to reflect that it will now be removed in CloudNativePG 1.30.0, rather than 1.29.0. Users are still encouraged to migrate to the Barman Cloud Plugin. (#​10167)

Enhancements

• Improved the Pooler CRD with support for granular configuration of TLS cipher suites and minimum/maximum TLS versions. This enables administrators to meet strict security compliance requirements for pooler-to-client and pooler-to-server connections. Contributed by @​alex1989hu. (#​9571)

• Improved the reliability of major upgrades by setting BackoffLimit=0 on the upgrade job, preventing unnecessary retries of a failed pg_upgrade. The operator now automatically deletes the failed job when a user reverts the container image, allowing the cluster to restart gracefully on the original version. (#​10104, #​10298)

• Improved role management by verifying the instance is the primary before each reconciliation cycle, avoiding unnecessary reconciliation attempts and spurious error messages on read-only replicas. (#​9971)

• Extended the CRD schemas for Cluster, ImageCatalog, and ClusterImageCatalog to accept the extensions, bin_path, and env fields introduced in 1.29. The operator ignores these fields on older versions, but accepting them in the schema allows users to share a single manifest across clusters running different CNPG versions. (#​10131, #​10387)

• The operator now honors the primaryUpdateMethod when adding new PVCs to a cluster, ensuring that the rollout strategy (e.g., switchover vs. restart) is respected during storage expansion or additions. (#​9720)

• Refined the alpha.cnpg.io/unrecoverable annotation logic to allow it to function even on pods that have not yet reached the Ready state, facilitating the recovery of stuck instances. (#​9968)

Security and Supply Chain

• Security best practices integration: integrated the OpenSSF baseline scanner and added a SECURITY-INSIGHTS.yaml file to the repository to align with industry-standard security reporting. (#​10054, #​10062)

• SLSA provenance and SBOMs: added SLSA (Supply-chain Levels for Software Artifacts) provenance to release binaries and container images. Additionally, enabled Software Bill of Materials (SBOM) generation within the GoReleaser pipeline for improved dependency transparency. (#​10048, #​10074)

• Password leak prevention: fixed a potential security risk where PostgreSQL could leak role passwords in the logs during specific reconciliation phases. (#​9950)

Changes

• Updated the default PostgreSQL version to 18.3 (image 18.3-system-trixie). (#​10090)

Fixes

• Fixed a deadlock during operator upgrades affecting clusters using synchronous replication, where pods running the old and new operator versions computed different PostgreSQL configuration hashes, causing the uniformity check to block indefinitely and preventing both rolling updates and in-place upgrades from proceeding. (#​10342)

• Fixed an issue where fencing annotations could not be processed when the WAL disk was full, because the disk space check blocked the instance manager from starting. The check is now performed later in the lifecycle loop, after fencing is evaluated. (#​10302)

• Fixed an issue where replicas would get stuck in a Pending state if the VolumeSnapshot used for the initial bootstrap had been deleted. The operator now validates snapshot existence before use; if a snapshot is missing, it attempts to use the next available candidate or falls back to pg_basebackup. (#​10192)

• Prevented the "supervised primary" rollout strategy from consuming all available rollout slots, which previously caused delays in scheduled updates. Contributed by @​ermakov-oleg. (#​9977)

• Fixed an issue where certain hot-standby parameter changes were not being correctly applied to replica clusters. (#​9952)

• Fixed a bug in the CNPG-I reconciler hook that could lead to skipping subsequent plugins when a "continue" result was returned. Contributed by @​sharifmshaker. (#​9978)

• Fixed a deadlock scenario that occurred when attempting to resize a filesystem on a PVC that was not currently attached to a Pod. Contributed by @​jmealo. (#​9981)

• Fixed webhook validation of bootstrap recovery sources to accept external clusters configured with ConnectionParameters (for pg_basebackup-based recovery). Previously, these were incorrectly rejected unless a Barman object store or CNPG-i plugin was also configured. (#​10268)

• Volume names for extensions and tablespaces are now prefixed to avoid naming collisions with standard cluster volumes. (#​9973)

• When hibernating a non-healthy cluster, the operator now reports a WaitingForHealthy condition, making the deferred hibernation state visible through cnpg status. (#​10193)

• Fixed fencing to work correctly even when the target pod does not exist. Fencing operates on a cluster-level annotation and should not depend on pod existence; instance name validation is now performed only in the cnpg fencing on command. (#​10035)

• Fixed the cluster and pooler service reconcilers to correctly handle changes to all spec fields when using the patch update strategy. The reconciler now uses RFC 7386 JSON Merge Patching, preventing cloud-provider-set fields (such as loadBalancerClass) from being inadvertently removed. (#​10190, #​10311)

• Fixed a race condition in the deprecated in-tree Barman Cloud backup implementation affecting parallel WAL restore, where prefetched files could be read while still being downloaded, causing PostgreSQL recovery to fail with "invalid checkpoint record" errors. (#​10285)

• Fixed the timeline history file validation to also apply to plugin-based WAL restore. Previously, the protection introduced in #​9650 only covered in-tree restores, allowing plugins to bypass the check and download future timeline history files, causing timeline mismatch errors on replicas. (#​9849)

• cnpg plugin:

  • The cnpg plugin now correctly propagates ImagePullSecrets to the pgbench Job pod template. (#​10174)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cloudnative-pg](https://cloudnative-pg.io) ([source](https://github.com/cloudnative-pg/charts)) | minor | `0.27.1` → `0.28.0` | | [cloudnative-pg/cloudnative-pg](https://github.com/cloudnative-pg/cloudnative-pg) | minor | `1.28.1` → `1.29.0` | --- ### Release Notes <details> <summary>cloudnative-pg/charts (cloudnative-pg)</summary> ### [`v0.28.0`](https://github.com/cloudnative-pg/charts/releases/tag/cloudnative-pg-v0.28.0) [Compare Source](https://github.com/cloudnative-pg/charts/compare/cloudnative-pg-v0.27.1...cloudnative-pg-v0.28.0) CloudNativePG Operator Helm Chart #### What's Changed - fix(security): harden GitHub Actions workflows against expression injection by [@&#8203;mnencia](https://github.com/mnencia) in [#&#8203;823](https://github.com/cloudnative-pg/charts/pull/823) - feat(monitoring): add support for custom PodMonitor by [@&#8203;Dashing-Nelson](https://github.com/Dashing-Nelson) in [#&#8203;724](https://github.com/cloudnative-pg/charts/pull/724) - Release cloudnative-pg-v0.28.0 by [@&#8203;cnpg-bot](https://github.com/cnpg-bot) in [#&#8203;845](https://github.com/cloudnative-pg/charts/pull/845) #### New Contributors - [@&#8203;Dashing-Nelson](https://github.com/Dashing-Nelson) made their first contribution in [#&#8203;724](https://github.com/cloudnative-pg/charts/pull/724) **Full Changelog**: <https://github.com/cloudnative-pg/charts/compare/cluster-v0.6.0...cloudnative-pg-v0.28.0> </details> <details> <summary>cloudnative-pg/cloudnative-pg (cloudnative-pg/cloudnative-pg)</summary> ### [`v1.29.0`](https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.29.0) [Compare Source](https://github.com/cloudnative-pg/cloudnative-pg/compare/v1.28.2...v1.29.0-rc1) **Release date:** Mar 31, 2026 ##### Important changes - Updated the deprecation notice for native (in-tree) Barman Cloud support to reflect that it will now be removed in CloudNativePG 1.30.0, rather than 1.29.0. Users are still encouraged to migrate to the Barman Cloud Plugin. ([#&#8203;10167](https://github.com/cloudnative-pg/cloudnative-pg/pull/10167)) <!-- 1.28 1.27 --> ##### Features - **PostgreSQL extensions in image catalogs**: extended the `ImageCatalog` functionality to support PostgreSQL extensions. This allows users to define and manage extension-specific images within a catalog, simplifying the deployment of customized PostgreSQL builds. ([#&#8203;9781](https://github.com/cloudnative-pg/cloudnative-pg/pull/9781)) - **Dynamic network access control via pod selectors**: introduced the declarative definition of `podSelectorRefs` to manage `pg_hba.conf` rules dynamically. By using label selectors to identify client pods, the operator automatically resolves their ephemeral IP addresses and updates the PostgreSQL host-based authentication rules accordingly. This ensures that only authorized workloads in the same namespace can connect to the database, eliminating the need for manual IP management or static CIDR ranges. ([#&#8203;10148](https://github.com/cloudnative-pg/cloudnative-pg/pull/10148)) - **Shared `ServiceAccount` support**: added an optional `serviceAccountName` field to both `Cluster` and `Pooler` specifications. This allows multiple resources to share a pre-existing ServiceAccount, facilitating one-time IAM configurations (such as AWS IRSA, GCP Workload Identity, or Azure Workload Identity) across all clusters and poolers. Contributed by [@&#8203;bozkayasalihx](https://github.com/bozkayasalihx). ([#&#8203;9287](https://github.com/cloudnative-pg/cloudnative-pg/pull/9287)) ##### Enhancements - Improved the `Pooler` CRD with support for granular configuration of TLS cipher suites and minimum/maximum TLS versions. This enables administrators to meet strict security compliance requirements for pooler-to-client and pooler-to-server connections. Contributed by [@&#8203;alex1989hu](https://github.com/alex1989hu). ([#&#8203;9571](https://github.com/cloudnative-pg/cloudnative-pg/pull/9571)) <!-- 1.28 1.27 1.25 --> - Improved the reliability of major upgrades by setting `BackoffLimit=0` on the upgrade job, preventing unnecessary retries of a failed `pg_upgrade`. The operator now automatically deletes the failed job when a user reverts the container image, allowing the cluster to restart gracefully on the original version. ([#&#8203;10104](https://github.com/cloudnative-pg/cloudnative-pg/pull/10104), [#&#8203;10298](https://github.com/cloudnative-pg/cloudnative-pg/pull/10298)) <!-- 1.28 1.27 --> - Improved the operator's observability by emitting native Kubernetes events during key phases of the reconciliation loop, providing visibility into the operator's decision-making process and the lifecycle of managed resources directly through `kubectl get events`. ([#&#8203;10040](https://github.com/cloudnative-pg/cloudnative-pg/pull/10040)) - Extended support for the `cnpg.io/reconciliationDisabled` annotation on Backup resources. This allows administrators to temporarily freeze the operator's reconciliation logic for specific backup objects. Contributed by [@&#8203;GabriFedi97](https://github.com/GabriFedi97). ([#&#8203;10020](https://github.com/cloudnative-pg/cloudnative-pg/pull/10020)) - Added a `bin_path` field to the `postgresql.extensions` stanza, as well as in `ImageCatalog` and `ClusterImageCatalog` resources. This allows extensions to specify directory paths for external binaries, which are automatically appended to the `PATH` environment variable of the Postgres process. ([#&#8203;10250](https://github.com/cloudnative-pg/cloudnative-pg/pull/10250)) - Added an `env` field to the `postgresql.extensions` stanza, as well as in `ImageCatalog` and `ClusterImageCatalog` resources. This allows cluster administrators to define custom environment variables for the Postgres process. This field supports the `${image_root}` placeholder to dynamically resolve to the extension's absolute mount path. ([#&#8203;10375](https://github.com/cloudnative-pg/cloudnative-pg/pull/10375)) - Implemented a finalizer for plugins to ensure that resources managed by a plugin are gracefully cleaned up when the corresponding service is deleted. ([#&#8203;9560](https://github.com/cloudnative-pg/cloudnative-pg/pull/9560)) - Improved role management by verifying the instance is the primary before each reconciliation cycle, avoiding unnecessary reconciliation attempts and spurious error messages on read-only replicas. ([#&#8203;9971](https://github.com/cloudnative-pg/cloudnative-pg/pull/9971)) <!-- 1.28 1.27 1.25 --> - The operator now honors the `primaryUpdateMethod` when adding new PVCs to a cluster, ensuring that the rollout strategy (e.g., switchover vs. restart) is respected during storage expansion or additions. ([#&#8203;9720](https://github.com/cloudnative-pg/cloudnative-pg/pull/9720)) <!-- 1.28 1.27 --> - Refined the `alpha.cnpg.io/unrecoverable` annotation logic to allow it to function even on pods that have not yet reached the `Ready` state, facilitating the recovery of stuck instances. ([#&#8203;9968](https://github.com/cloudnative-pg/cloudnative-pg/pull/9968)) <!-- 1.28 --> - Introduced a "Terminal Error" phase for backups that encounter unrecoverable issues (such as invalid credentials or non-existent cloud buckets). This ensures the operator stops retrying doomed operations, preventing resource exhaustion and providing immediate, clear feedback in the status. ([#&#8203;9353](https://github.com/cloudnative-pg/cloudnative-pg/pull/9353)) - Improved monitoring of long-running backups by introducing `reconciliationStartedAt` and `reconciliationTerminatedAt` fields to the `Backup` status. This change separates the operator's internal lifecycle from the actual backup tool's execution timing (`startedAt`/`stoppedAt`), allowing users to track when the operator begins processing a request. ([#&#8203;9351](https://github.com/cloudnative-pg/cloudnative-pg/pull/9351)) - Added a `Pending` phase to the `Backup` status to explicitly indicate when a backup is queued and waiting for an available worker or instance availability. ([#&#8203;9364](https://github.com/cloudnative-pg/cloudnative-pg/pull/9364)) ##### Security and Supply Chain - **Security best practices integration**: integrated the OpenSSF baseline scanner and added a `SECURITY-INSIGHTS.yaml` file to the repository to align with industry-standard security reporting. ([#&#8203;10054](https://github.com/cloudnative-pg/cloudnative-pg/pull/10054), <!-- 1.28 1.27 1.25 --> [#&#8203;10062](https://github.com/cloudnative-pg/cloudnative-pg/pull/10062)) <!-- 1.28 1.27 1.25 --> - **SLSA provenance and SBOMs**: added SLSA (Supply-chain Levels for Software Artifacts) provenance to release binaries and container images. Additionally, enabled Software Bill of Materials (SBOM) generation within the GoReleaser pipeline for improved dependency transparency. ([#&#8203;10048](https://github.com/cloudnative-pg/cloudnative-pg/pull/10048), <!-- 1.28 1.27 1.25 --> [#&#8203;10074](https://github.com/cloudnative-pg/cloudnative-pg/pull/10074)) <!-- 1.28 1.27 1.25 --> - **Password leak prevention**: fixed a potential security risk where PostgreSQL could leak role passwords in the logs during specific reconciliation phases. ([#&#8203;9950](https://github.com/cloudnative-pg/cloudnative-pg/pull/9950)) <!-- 1.28 1.27 1.25 --> ##### Changes - Updated the default PostgreSQL version to 18.3 (image `18.3-system-trixie`). ([#&#8203;10090](https://github.com/cloudnative-pg/cloudnative-pg/pull/10090)) <!-- 1.28 1.27 1.25 --> ##### Fixes - Fixed a deadlock during operator upgrades affecting clusters using synchronous replication, where pods running the old and new operator versions computed different PostgreSQL configuration hashes, causing the uniformity check to block indefinitely and preventing both rolling updates and in-place upgrades from proceeding. ([#&#8203;10342](https://github.com/cloudnative-pg/cloudnative-pg/pull/10342)) <!-- 1.28 --> - Fixed an issue where fencing annotations could not be processed when the WAL disk was full, because the disk space check blocked the instance manager from starting. The check is now performed later in the lifecycle loop, after fencing is evaluated. ([#&#8203;10302](https://github.com/cloudnative-pg/cloudnative-pg/pull/10302)) <!-- 1.28 1.27 --> - Fixed an issue where replicas would get stuck in a `Pending` state if the `VolumeSnapshot` used for the initial bootstrap had been deleted. The operator now validates snapshot existence before use; if a snapshot is missing, it attempts to use the next available candidate or falls back to `pg_basebackup`. ([#&#8203;10192](https://github.com/cloudnative-pg/cloudnative-pg/pull/10192)) <!-- 1.28 1.27 1.25 --> - Prevented the "supervised primary" rollout strategy from consuming all available rollout slots, which previously caused delays in scheduled updates. Contributed by [@&#8203;ermakov-oleg](https://github.com/ermakov-oleg). ([#&#8203;9977](https://github.com/cloudnative-pg/cloudnative-pg/pull/9977)) <!-- 1.28 1.27 1.25 --> - Fixed an issue where certain hot-standby parameter changes were not being correctly applied to replica clusters. ([#&#8203;9952](https://github.com/cloudnative-pg/cloudnative-pg/pull/9952)) <!-- 1.28 1.27 1.25 --> - Fixed a bug in the CNPG-I reconciler hook that could lead to skipping subsequent plugins when a "continue" result was returned. Contributed by [@&#8203;sharifmshaker](https://github.com/sharifmshaker). ([#&#8203;9978](https://github.com/cloudnative-pg/cloudnative-pg/pull/9978)) <!-- 1.28 1.27 --> - Fixed a deadlock scenario that occurred when attempting to resize a filesystem on a PVC that was not currently attached to a Pod. Contributed by [@&#8203;jmealo](https://github.com/jmealo). ([#&#8203;9981](https://github.com/cloudnative-pg/cloudnative-pg/pull/9981)) <!-- 1.28 1.27 --> - Fixed webhook validation of bootstrap recovery sources to accept external clusters configured with `ConnectionParameters` (for `pg_basebackup`-based recovery). Previously, these were incorrectly rejected unless a Barman object store or CNPG-i plugin was also configured. ([#&#8203;10268](https://github.com/cloudnative-pg/cloudnative-pg/pull/10268)) <!-- 1.28 1.27 1.25 --> - Volume names for extensions and tablespaces are now prefixed to avoid naming collisions with standard cluster volumes. ([#&#8203;9973](https://github.com/cloudnative-pg/cloudnative-pg/pull/9973)) <!-- 1.28 1.27 --> - When hibernating a non-healthy cluster, the operator now reports a `WaitingForHealthy` condition, making the deferred hibernation state visible through `cnpg status`. ([#&#8203;10193](https://github.com/cloudnative-pg/cloudnative-pg/pull/10193)) <!-- 1.28 1.27 1.25 --> - Fixed fencing to work correctly even when the target pod does not exist. Fencing operates on a cluster-level annotation and should not depend on pod existence; instance name validation is now performed only in the `cnpg fencing on` command. ([#&#8203;10035](https://github.com/cloudnative-pg/cloudnative-pg/pull/10035)) <!-- 1.28 1.27 1.25 --> - Fixed the cluster and pooler service reconcilers to correctly handle changes to all spec fields when using the patch update strategy. The reconciler now uses RFC 7386 JSON Merge Patching, preventing cloud-provider-set fields (such as `loadBalancerClass`) from being inadvertently removed. ([#&#8203;10190](https://github.com/cloudnative-pg/cloudnative-pg/pull/10190), [#&#8203;10311](https://github.com/cloudnative-pg/cloudnative-pg/pull/10311)) <!-- 1.28 1.27 1.25 --> - Fixed a race condition in the deprecated in-tree Barman Cloud backup implementation affecting parallel WAL restore, where prefetched files could be read while still being downloaded, causing PostgreSQL recovery to fail with "invalid checkpoint record" errors. ([#&#8203;10285](https://github.com/cloudnative-pg/cloudnative-pg/pull/10285)) <!-- 1.28 1.27 1.25 --> - Fixed the timeline history file validation to also apply to plugin-based WAL restore. Previously, the protection introduced in [#&#8203;9650](https://github.com/cloudnative-pg/cloudnative-pg/pull/9650) only covered in-tree restores, allowing plugins to bypass the check and download future timeline history files, causing timeline mismatch errors on replicas. ([#&#8203;9849](https://github.com/cloudnative-pg/cloudnative-pg/pull/9849)) <!-- 1.28 1.27 1.25 --> - `cnpg` plugin: - The cnpg plugin now correctly propagates ImagePullSecrets to the `pgbench` Job pod template. ([#&#8203;10174](https://github.com/cloudnative-pg/cloudnative-pg/pull/10174)) <!-- 1.28 1.27 1.25 --> ##### Supported versions - Kubernetes 1.35, 1.34, and 1.33 - PostgreSQL 18, 17, 16, 15, and 14 - PostgreSQL 18.3 is the default image - [PostgreSQL 14 support ends on November 12, 2026](https://www.postgresql.org/support/versioning/) ### [`v1.28.2`](https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.28.2) [Compare Source](https://github.com/cloudnative-pg/cloudnative-pg/compare/v1.28.1...v1.28.2) **Release date:** Mar 31, 2026 ##### Important changes - Updated the deprecation notice for native (in-tree) Barman Cloud support to reflect that it will now be removed in CloudNativePG 1.30.0, rather than 1.29.0. Users are still encouraged to migrate to the Barman Cloud Plugin. ([#&#8203;10167](https://github.com/cloudnative-pg/cloudnative-pg/pull/10167)) <!-- 1.28 1.27 --> ##### Enhancements - Improved the `Pooler` CRD with support for granular configuration of TLS cipher suites and minimum/maximum TLS versions. This enables administrators to meet strict security compliance requirements for pooler-to-client and pooler-to-server connections. Contributed by [@&#8203;alex1989hu](https://github.com/alex1989hu). ([#&#8203;9571](https://github.com/cloudnative-pg/cloudnative-pg/pull/9571)) <!-- 1.28 1.27 1.25 --> - Improved the reliability of major upgrades by setting `BackoffLimit=0` on the upgrade job, preventing unnecessary retries of a failed `pg_upgrade`. The operator now automatically deletes the failed job when a user reverts the container image, allowing the cluster to restart gracefully on the original version. ([#&#8203;10104](https://github.com/cloudnative-pg/cloudnative-pg/pull/10104), [#&#8203;10298](https://github.com/cloudnative-pg/cloudnative-pg/pull/10298)) <!-- 1.28 1.27 --> - Improved role management by verifying the instance is the primary before each reconciliation cycle, avoiding unnecessary reconciliation attempts and spurious error messages on read-only replicas. ([#&#8203;9971](https://github.com/cloudnative-pg/cloudnative-pg/pull/9971)) <!-- 1.28 1.27 1.25 --> - Extended the CRD schemas for `Cluster`, `ImageCatalog`, and `ClusterImageCatalog` to accept the `extensions`, `bin_path`, and `env` fields introduced in 1.29. The operator ignores these fields on older versions, but accepting them in the schema allows users to share a single manifest across clusters running different CNPG versions. ([#&#8203;10131](https://github.com/cloudnative-pg/cloudnative-pg/pull/10131), [#&#8203;10387](https://github.com/cloudnative-pg/cloudnative-pg/pull/10387)) <!-- 1.28 1.27 --> - The operator now honors the `primaryUpdateMethod` when adding new PVCs to a cluster, ensuring that the rollout strategy (e.g., switchover vs. restart) is respected during storage expansion or additions. ([#&#8203;9720](https://github.com/cloudnative-pg/cloudnative-pg/pull/9720)) <!-- 1.28 1.27 --> - Refined the `alpha.cnpg.io/unrecoverable` annotation logic to allow it to function even on pods that have not yet reached the `Ready` state, facilitating the recovery of stuck instances. ([#&#8203;9968](https://github.com/cloudnative-pg/cloudnative-pg/pull/9968)) <!-- 1.28 --> ##### Security and Supply Chain - **Security best practices integration**: integrated the OpenSSF baseline scanner and added a `SECURITY-INSIGHTS.yaml` file to the repository to align with industry-standard security reporting. ([#&#8203;10054](https://github.com/cloudnative-pg/cloudnative-pg/pull/10054), <!-- 1.28 1.27 1.25 --> [#&#8203;10062](https://github.com/cloudnative-pg/cloudnative-pg/pull/10062)) <!-- 1.28 1.27 1.25 --> - **SLSA provenance and SBOMs**: added SLSA (Supply-chain Levels for Software Artifacts) provenance to release binaries and container images. Additionally, enabled Software Bill of Materials (SBOM) generation within the GoReleaser pipeline for improved dependency transparency. ([#&#8203;10048](https://github.com/cloudnative-pg/cloudnative-pg/pull/10048), <!-- 1.28 1.27 1.25 --> [#&#8203;10074](https://github.com/cloudnative-pg/cloudnative-pg/pull/10074)) <!-- 1.28 1.27 1.25 --> - **Password leak prevention**: fixed a potential security risk where PostgreSQL could leak role passwords in the logs during specific reconciliation phases. ([#&#8203;9950](https://github.com/cloudnative-pg/cloudnative-pg/pull/9950)) <!-- 1.28 1.27 1.25 --> ##### Changes - Updated the default PostgreSQL version to 18.3 (image `18.3-system-trixie`). ([#&#8203;10090](https://github.com/cloudnative-pg/cloudnative-pg/pull/10090)) <!-- 1.28 1.27 1.25 --> ##### Fixes - Fixed a deadlock during operator upgrades affecting clusters using synchronous replication, where pods running the old and new operator versions computed different PostgreSQL configuration hashes, causing the uniformity check to block indefinitely and preventing both rolling updates and in-place upgrades from proceeding. ([#&#8203;10342](https://github.com/cloudnative-pg/cloudnative-pg/pull/10342)) <!-- 1.28 --> - Fixed an issue where fencing annotations could not be processed when the WAL disk was full, because the disk space check blocked the instance manager from starting. The check is now performed later in the lifecycle loop, after fencing is evaluated. ([#&#8203;10302](https://github.com/cloudnative-pg/cloudnative-pg/pull/10302)) <!-- 1.28 1.27 --> - Fixed an issue where replicas would get stuck in a `Pending` state if the `VolumeSnapshot` used for the initial bootstrap had been deleted. The operator now validates snapshot existence before use; if a snapshot is missing, it attempts to use the next available candidate or falls back to `pg_basebackup`. ([#&#8203;10192](https://github.com/cloudnative-pg/cloudnative-pg/pull/10192)) <!-- 1.28 1.27 1.25 --> - Prevented the "supervised primary" rollout strategy from consuming all available rollout slots, which previously caused delays in scheduled updates. Contributed by [@&#8203;ermakov-oleg](https://github.com/ermakov-oleg). ([#&#8203;9977](https://github.com/cloudnative-pg/cloudnative-pg/pull/9977)) <!-- 1.28 1.27 1.25 --> - Fixed an issue where certain hot-standby parameter changes were not being correctly applied to replica clusters. ([#&#8203;9952](https://github.com/cloudnative-pg/cloudnative-pg/pull/9952)) <!-- 1.28 1.27 1.25 --> - Fixed a bug in the CNPG-I reconciler hook that could lead to skipping subsequent plugins when a "continue" result was returned. Contributed by [@&#8203;sharifmshaker](https://github.com/sharifmshaker). ([#&#8203;9978](https://github.com/cloudnative-pg/cloudnative-pg/pull/9978)) <!-- 1.28 1.27 --> - Fixed a deadlock scenario that occurred when attempting to resize a filesystem on a PVC that was not currently attached to a Pod. Contributed by [@&#8203;jmealo](https://github.com/jmealo). ([#&#8203;9981](https://github.com/cloudnative-pg/cloudnative-pg/pull/9981)) <!-- 1.28 1.27 --> - Fixed webhook validation of bootstrap recovery sources to accept external clusters configured with `ConnectionParameters` (for `pg_basebackup`-based recovery). Previously, these were incorrectly rejected unless a Barman object store or CNPG-i plugin was also configured. ([#&#8203;10268](https://github.com/cloudnative-pg/cloudnative-pg/pull/10268)) <!-- 1.28 1.27 1.25 --> - Volume names for extensions and tablespaces are now prefixed to avoid naming collisions with standard cluster volumes. ([#&#8203;9973](https://github.com/cloudnative-pg/cloudnative-pg/pull/9973)) <!-- 1.28 1.27 --> - When hibernating a non-healthy cluster, the operator now reports a `WaitingForHealthy` condition, making the deferred hibernation state visible through `cnpg status`. ([#&#8203;10193](https://github.com/cloudnative-pg/cloudnative-pg/pull/10193)) <!-- 1.28 1.27 1.25 --> - Fixed fencing to work correctly even when the target pod does not exist. Fencing operates on a cluster-level annotation and should not depend on pod existence; instance name validation is now performed only in the `cnpg fencing on` command. ([#&#8203;10035](https://github.com/cloudnative-pg/cloudnative-pg/pull/10035)) <!-- 1.28 1.27 1.25 --> - Fixed the cluster and pooler service reconcilers to correctly handle changes to all spec fields when using the patch update strategy. The reconciler now uses RFC 7386 JSON Merge Patching, preventing cloud-provider-set fields (such as `loadBalancerClass`) from being inadvertently removed. ([#&#8203;10190](https://github.com/cloudnative-pg/cloudnative-pg/pull/10190), [#&#8203;10311](https://github.com/cloudnative-pg/cloudnative-pg/pull/10311)) <!-- 1.28 1.27 1.25 --> - Fixed a race condition in the deprecated in-tree Barman Cloud backup implementation affecting parallel WAL restore, where prefetched files could be read while still being downloaded, causing PostgreSQL recovery to fail with "invalid checkpoint record" errors. ([#&#8203;10285](https://github.com/cloudnative-pg/cloudnative-pg/pull/10285)) <!-- 1.28 1.27 1.25 --> - Fixed the timeline history file validation to also apply to plugin-based WAL restore. Previously, the protection introduced in [#&#8203;9650](https://github.com/cloudnative-pg/cloudnative-pg/pull/9650) only covered in-tree restores, allowing plugins to bypass the check and download future timeline history files, causing timeline mismatch errors on replicas. ([#&#8203;9849](https://github.com/cloudnative-pg/cloudnative-pg/pull/9849)) <!-- 1.28 1.27 1.25 --> - `cnpg` plugin: - The cnpg plugin now correctly propagates ImagePullSecrets to the `pgbench` Job pod template. ([#&#8203;10174](https://github.com/cloudnative-pg/cloudnative-pg/pull/10174)) <!-- 1.28 1.27 1.25 --> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDIuNCIsInVwZGF0ZWRJblZlciI6IjQzLjEwMi42IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJoZWxtIl19-->

renovate-bot changed title from chore(deps): update dependency cloudnative-pg/cloudnative-pg to v1.29.0 to chore(deps): update cloudnative-pg 2026-04-01 14:07:07 +00:00

renovate-bot added the helm label 2026-04-01 14:07:07 +00:00

renovate-bot added 1 commit 2026-04-01 20:05:57 +00:00

chore(deps): update cloudnative-pg 9dd61aba00

renovate-bot force-pushed renovate/unified-cloudnative-pg from 13d61f6139 to 9dd61aba00 2026-04-01 20:05:57 +00:00 Compare

alexlebens merged commit 1a732ddfcc into main 2026-04-01 21:25:26 +00:00

alexlebens referenced this issue from a commit 2026-04-01 21:25:26 +00:00

chore(deps): update cloudnative-pg (#5367)

alexlebens deleted branch renovate/unified-cloudnative-pg 2026-04-01 21:25:29 +00:00

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

Renovate

Issue generated by Renovate.

automerge

This PR will be automerged by Renovate.

chart

Chart update generated by Renovate.

docker

Docker update generated by Renovate.

github-actions

Github Action update generated by Renovate.

helm

Helm update generated by Renovate.

image

Image update generated by Renovate.

stale

PR or Issue that has not been updated recently.

No Label helm

Milestone

No items

No Milestone

Assignees

Clear assignees

gitea-bot renovate-bot alexlebens

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: alexlebens/infrastructure#5367