alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

chore(deps): update dependency cloudnative-pg/cloudnative-pg to v1.28.1 #3745

Merged
renovate-bot merged 1 commits from renovate/unified-cloudnative-pgcloudnative-pg into main 2026-02-05 19:34:59 +00:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
renovate-bot commented 2026-02-05 19:34:47 +00:00
Collaborator
Copy Link

This PR contains the following updates:

Package Update Change
cloudnative-pg/cloudnative-pg patch 1.28.01.28.1

⚠️ Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

cloudnative-pg/cloudnative-pg (cloudnative-pg/cloudnative-pg)

v1.28.1

Compare Source

Release date: Feb 5, 2026

Enhancements

  • Added support for Azure's DefaultAzureCredential authentication mechanism for backup and recovery operations. This can be enabled by setting azureCredentials.useDefaultAzureCredentials: true in the backup configuration, simplifying authentication in Azure environments without requiring explicit storage account keys or SAS tokens. (#​9468)

  • Added support for PostgreSQL extension names containing underscores (e.g., pg_ivm, pg_stat_statements). Extension names with underscores are automatically sanitized to use hyphens for Kubernetes volume names while preserving the original name in mount paths. Webhook validation prevents naming conflicts after sanitization. Contributed by @​shusaan. (#​9386)

Fixes

  • Fixed a critical issue where the TimelineID in the cluster status was not reset to 1 after a major version upgrade. Because pg_upgrade initializes a new timeline, keeping the old ID (e.g., timeline 2) caused replicas to attempt to restore incompatible history files from object storage, leading to fatal "requested timeline is not a child of this server's history" errors. (#​9830)

  • Fixed an issue where stale TLS status fields in the Pooler were not cleared after being removed from the specification. This was particularly critical when upgrading to v1.28.0, where the ServerTLS field was repurposed, causing PgBouncer to use incorrect certificates and resulting in "unsupported certificate" errors that blocked all application connectivity. The operator now explicitly clears ServerCA, ClientCA, ClientTLS, and ServerTLS status fields when they are no longer configured. (#​9397)

  • Fixed a bug where replicas could enter a crash-loop by attempting to download timeline history files from future timelines. This occurred when stale files remained in the WAL archive from a previous cluster life, and replicas would incorrectly try to fetch them during recovery. (#​9650)

  • Fixed a race condition in replica_cluster setups during designated primary transitions, preventing transient "no primary" states in the replica cluster. (#​9601)

  • The backup controller now uses the unique instance session ID to detect instance manager restarts. This prevents the operator from incorrectly assuming a backup is still progressing if the underlying container has crashed and restarted, which previously led to orphaned backup objects. (#​9370)

  • Fixed a validation gap in Azure object store configurations where the storageAccount was not required when using explicit credentials (such as a storage key or SAS token). The operator now enforces that a storage account name is provided in these cases and that connectionString is mutually exclusive with other authentication parameters. (#​9604)

  • Optimized the deletion path so the operator begins cleaning up resources immediately when a cluster is marked for deletion. This significantly reduces the time a cluster remains in Terminating status while waiting for internal reconciliation loops. (#​9555)

  • Fixed an issue where replication slots were not properly dropped from replicas when the feature was disabled or the cluster was reconfigured. This ensures that unused slots do not cause WAL build-up on the primary. (#​9381)

  • Fixed an issue where imagePullSecrets were not added to the ServiceAccount created for the Pooler. Previously, these secrets were applied to the Deployment but not the SA, which caused image pull failures in restricted environments using certain security policies. (#​9427)

  • Added a check to verify ownership before the operator deletes a PodMonitor. This prevents the operator from accidentally deleting manually managed monitoring resources that happen to share a name with expected CNPG resources. Contributed by @​juliamertz. (#​9340)

  • Fixed a bug where pg_stat_archiver metrics would continue to report stale data on standby instances after a switchover. The exporter now skips these metrics on standbys, as PostgreSQL only provides valid archiver stats on the primary. (#​9411)

  • Clarified the interpretation of timestamp formats for recovery targetTime. Timestamps provided without an explicit timezone are now consistently interpreted as UTC. Contributed by @​pchovelon. (#​8937)

  • Fixed backup status updates to prevent "resource has been modified" errors during concurrent updates. (#​9551)

  • Fixed event reporting to use the correct pod name when a backup pod is not found. (#​9552)

  • Improved performance of scheduled backup operations for clusters with a very high number of historical backups. (#​9489)

  • Fixed error handling when removing finalizers on Database objects. (#​9431)

  • cnpg plugin:

    • Updated the status command to display "Disabled" when the skipWalArchiving annotation is present on a cluster. This replaces confusing "starting up" or "unknown" states when WAL archiving is intentionally bypassed. (#​9709)

    • Fixed the logs --follow command to continue polling for new pods instead of exiting prematurely when all current log streams complete. (#​9599)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cloudnative-pg/cloudnative-pg](https://github.com/cloudnative-pg/cloudnative-pg) | patch | `1.28.0` → `1.28.1` | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>cloudnative-pg/cloudnative-pg (cloudnative-pg/cloudnative-pg)</summary> ### [`v1.28.1`](https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.28.1) [Compare Source](https://github.com/cloudnative-pg/cloudnative-pg/compare/v1.28.0...v1.28.1) **Release date:** Feb 5, 2026 ##### Enhancements - Added support for Azure's `DefaultAzureCredential` authentication mechanism for backup and recovery operations. This can be enabled by setting `azureCredentials.useDefaultAzureCredentials: true` in the backup configuration, simplifying authentication in Azure environments without requiring explicit storage account keys or SAS tokens. ([#&#8203;9468](https://github.com/cloudnative-pg/cloudnative-pg/pull/9468)) <!-- 1.27 1.25 --> - Added support for PostgreSQL extension names containing underscores (e.g., `pg_ivm`, `pg_stat_statements`). Extension names with underscores are automatically sanitized to use hyphens for Kubernetes volume names while preserving the original name in mount paths. Webhook validation prevents naming conflicts after sanitization. Contributed by [@&#8203;shusaan](https://github.com/shusaan). ([#&#8203;9386](https://github.com/cloudnative-pg/cloudnative-pg/pull/9386)) <!-- 1.27 --> ##### Fixes - Fixed a critical issue where the `TimelineID` in the cluster status was not reset to 1 after a major version upgrade. Because `pg_upgrade` initializes a new timeline, keeping the old ID (e.g., timeline 2) caused replicas to attempt to restore incompatible history files from object storage, leading to fatal "requested timeline is not a child of this server's history" errors. ([#&#8203;9830](https://github.com/cloudnative-pg/cloudnative-pg/pull/9830)) <!-- 1.27 --> - Fixed an issue where stale TLS status fields in the `Pooler` were not cleared after being removed from the specification. This was particularly critical when upgrading to v1.28.0, where the `ServerTLS` field was repurposed, causing PgBouncer to use incorrect certificates and resulting in "unsupported certificate" errors that blocked all application connectivity. The operator now explicitly clears `ServerCA`, `ClientCA`, `ClientTLS`, and `ServerTLS` status fields when they are no longer configured. ([#&#8203;9397](https://github.com/cloudnative-pg/cloudnative-pg/pull/9397)) - Fixed a bug where replicas could enter a crash-loop by attempting to download timeline history files from future timelines. This occurred when stale files remained in the WAL archive from a previous cluster life, and replicas would incorrectly try to fetch them during recovery. ([#&#8203;9650](https://github.com/cloudnative-pg/cloudnative-pg/pull/9650)) <!-- 1.27 1.25 --> - Fixed a race condition in `replica_cluster` setups during designated primary transitions, preventing transient "no primary" states in the replica cluster. ([#&#8203;9601](https://github.com/cloudnative-pg/cloudnative-pg/pull/9601)) <!-- 1.27 1.25 --> - The backup controller now uses the unique instance session ID to detect instance manager restarts. This prevents the operator from incorrectly assuming a backup is still progressing if the underlying container has crashed and restarted, which previously led to orphaned backup objects. ([#&#8203;9370](https://github.com/cloudnative-pg/cloudnative-pg/pull/9370)) <!-- 1.27 --> - Fixed a validation gap in Azure object store configurations where the `storageAccount` was not required when using explicit credentials (such as a storage key or SAS token). The operator now enforces that a storage account name is provided in these cases and that `connectionString` is mutually exclusive with other authentication parameters. ([#&#8203;9604](https://github.com/cloudnative-pg/cloudnative-pg/pull/9604)) <!-- 1.27 1.25 --> - Optimized the deletion path so the operator begins cleaning up resources immediately when a cluster is marked for deletion. This significantly reduces the time a cluster remains in `Terminating` status while waiting for internal reconciliation loops. ([#&#8203;9555](https://github.com/cloudnative-pg/cloudnative-pg/pull/9555)) <!-- 1.27 1.25 --> - Fixed an issue where replication slots were not properly dropped from replicas when the feature was disabled or the cluster was reconfigured. This ensures that unused slots do not cause WAL build-up on the primary. ([#&#8203;9381](https://github.com/cloudnative-pg/cloudnative-pg/pull/9381)) <!-- 1.27 1.25 --> - Fixed an issue where `imagePullSecrets` were not added to the `ServiceAccount` created for the `Pooler`. Previously, these secrets were applied to the Deployment but not the SA, which caused image pull failures in restricted environments using certain security policies. ([#&#8203;9427](https://github.com/cloudnative-pg/cloudnative-pg/pull/9427)) <!-- 1.27 1.25 --> - Added a check to verify ownership before the operator deletes a `PodMonitor`. This prevents the operator from accidentally deleting manually managed monitoring resources that happen to share a name with expected CNPG resources. Contributed by [@&#8203;juliamertz](https://github.com/juliamertz). ([#&#8203;9340](https://github.com/cloudnative-pg/cloudnative-pg/pull/9340)) <!-- 1.27 1.25 --> - Fixed a bug where `pg_stat_archiver` metrics would continue to report stale data on standby instances after a switchover. The exporter now skips these metrics on standbys, as PostgreSQL only provides valid archiver stats on the primary. ([#&#8203;9411](https://github.com/cloudnative-pg/cloudnative-pg/pull/9411)) <!-- 1.27 1.25 --> - Clarified the interpretation of timestamp formats for recovery `targetTime`. Timestamps provided without an explicit timezone are now consistently interpreted as UTC. Contributed by [@&#8203;pchovelon](https://github.com/pchovelon). ([#&#8203;8937](https://github.com/cloudnative-pg/cloudnative-pg/pull/8937)) <!-- 1.27 1.25 --> - Fixed backup status updates to prevent "resource has been modified" errors during concurrent updates. ([#&#8203;9551](https://github.com/cloudnative-pg/cloudnative-pg/pull/9551)) <!-- 1.27 1.25 --> - Fixed event reporting to use the correct pod name when a backup pod is not found. ([#&#8203;9552](https://github.com/cloudnative-pg/cloudnative-pg/pull/9552)) <!-- 1.27 1.25 --> - Improved performance of scheduled backup operations for clusters with a very high number of historical backups. ([#&#8203;9489](https://github.com/cloudnative-pg/cloudnative-pg/pull/9489)) <!-- 1.27 1.25 --> - Fixed error handling when removing finalizers on `Database` objects. ([#&#8203;9431](https://github.com/cloudnative-pg/cloudnative-pg/pull/9431)) <!-- 1.27 1.25 --> - `cnpg` plugin: - Updated the `status` command to display "Disabled" when the `skipWalArchiving` annotation is present on a cluster. This replaces confusing "starting up" or "unknown" states when WAL archiving is intentionally bypassed. ([#&#8203;9709](https://github.com/cloudnative-pg/cloudnative-pg/pull/9709)) <!-- 1.27 1.25 --> - Fixed the `logs --follow` command to continue polling for new pods instead of exiting prematurely when all current log streams complete. ([#&#8203;9599](https://github.com/cloudnative-pg/cloudnative-pg/pull/9599)) <!-- 1.27 1.25 --> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4zLjYiLCJ1cGRhdGVkSW5WZXIiOiI0My4zLjYiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImF1dG9tZXJnZSIsImltYWdlIl19-->
renovate-bot added the automergeimage labels 2026-02-05 19:34:47 +00:00
renovate-bot added 1 commit 2026-02-05 19:34:48 +00:00
chore(deps): update dependency cloudnative-pg/cloudnative-pg to v1.28.1
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
render-manifests-merge / render-manifests-merge (pull_request) Has been skipped
Details
lint-test-helm / lint-helm (pull_request) Successful in 27s
Details
render-manifests-automerge / render-manifests-automerge (pull_request) Successful in 33s
Details
cab55efa46
renovate-bot scheduled this pull request to auto merge when all checks succeed 2026-02-05 19:34:57 +00:00
renovate-bot merged commit ad9f4e7ef2 into main 2026-02-05 19:34:59 +00:00
renovate-bot deleted branch renovate/unified-cloudnative-pgcloudnative-pg 2026-02-05 19:35:06 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Renovate
Issue generated by Renovate.
 automerge
This PR will be automerged by Renovate.
 chart
Chart update generated by Renovate.
 image
Image update generated by Renovate.
 stale
PR or Issue that has not been updated recently.
No Label automerge image
Milestone
No items
No Milestone
Assignees
Clear assignees
gitea-bot renovate-bot alexlebens
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: alexlebens/infrastructure#3745
Delete Branch "renovate/unified-cloudnative-pgcloudnative-pg"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?