From 57fd6f1b097cd2b4651547934cce424a158f9d0a Mon Sep 17 00:00:00 2001 From: cnp-autobot <85171364+cnp-autobot@users.noreply.github.com> Date: Thu, 12 Feb 2026 19:02:06 +0000 Subject: [PATCH 1/6] Sync EnterpriseDB/cloud-native-postgres product/pg4k/v1.28.1 --- .../1/appendixes/_category_.json | 7 + .../docs/postgres_for_kubernetes/1/backup.mdx | 16 +- .../1/cncf-projects/_category_.json | 7 + .../1/{cnp_i.mdx => cnpg_i.mdx} | 20 +- .../1/connection_pooling.mdx | 56 +- .../1/default-monitoring.yaml | 3 + .../1/images/openshift/software-catalog.png | 3 + .../1/imagevolume_extensions.mdx | 10 +- .../1/installation_upgrade.mdx | 4 +- .../postgres_for_kubernetes/1/iron-bank.mdx | 21 +- .../1/kubectl-plugin.mdx | 30 +- .../postgres_for_kubernetes/1/monitoring.mdx | 7 +- .../1/object_stores.mdx | 41 +- .../postgres_for_kubernetes/1/openshift.mdx | 6 + .../1/operator_capability_levels.mdx | 6 +- .../1/operator_conf.mdx | 3 +- .../1/pg4k.v1/index.mdx | 28 +- .../1/pg4k.v1/v1.28.1.mdx | 2350 +++++++++++++++++ .../1/postgres_upgrades.mdx | 72 +- .../1/preview_version.mdx | 4 +- .../postgres_for_kubernetes/1/recovery.mdx | 18 +- .../1/replica_cluster.mdx | 2 +- .../1/samples/k9s/plugins.yml | 4 +- 23 files changed, 2619 insertions(+), 99 deletions(-) create mode 100644 product_docs/docs/postgres_for_kubernetes/1/appendixes/_category_.json create mode 100644 product_docs/docs/postgres_for_kubernetes/1/cncf-projects/_category_.json rename product_docs/docs/postgres_for_kubernetes/1/{cnp_i.mdx => cnpg_i.mdx} (92%) create mode 100644 product_docs/docs/postgres_for_kubernetes/1/images/openshift/software-catalog.png create mode 100644 product_docs/docs/postgres_for_kubernetes/1/pg4k.v1/v1.28.1.mdx diff --git a/product_docs/docs/postgres_for_kubernetes/1/appendixes/_category_.json b/product_docs/docs/postgres_for_kubernetes/1/appendixes/_category_.json new file mode 100644 index 0000000000..406ff35478 --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/appendixes/_category_.json @@ -0,0 +1,7 @@ +{ + "label": "Appendixes", + "position": 600, + "link": { + "type": "generated-index" + } +} diff --git a/product_docs/docs/postgres_for_kubernetes/1/backup.mdx b/product_docs/docs/postgres_for_kubernetes/1/backup.mdx index fded7332bb..e2841a02e1 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/backup.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/backup.mdx @@ -17,9 +17,9 @@ for guidance. !!!info Important Starting with version 1.26, native backup and recovery capabilities are being **progressively phased out** of the core operator and moved to official -CNP-I plugins. This transition aligns with {{name.ln}}' shift towards a +CNPG-I plugins. This transition aligns with {{name.ln}}' shift towards a **backup-agnostic architecture**, enabled by its extensible -interface—**CNP-I**—which standardizes the management of **WAL archiving**, +interface—**CNPG-I**—which standardizes the management of **WAL archiving**, **physical base backups**, and corresponding **recovery processes**. !!! @@ -58,7 +58,7 @@ up of the following resources: - **Physical base backups**: a copy of all the files that PostgreSQL uses to store the data in the database (primarily the `PGDATA` and any tablespace) -CNP-I provides a generic and extensible interface for managing WAL archiving +CNPG-I provides a generic and extensible interface for managing WAL archiving (both archive and restore operations), as well as the base backup and corresponding restore processes. @@ -130,7 +130,7 @@ for your disaster recovery plans. Kubernetes CSI interface and supported storage classes !!!info Important -CNP-I is designed to enable third parties to build and integrate their own +CNPG-I is designed to enable third parties to build and integrate their own backup plugins. Over time, we expect the ecosystem of supported backup solutions to grow. !!! @@ -267,7 +267,7 @@ spec: immediate: true ``` -\### Pause Scheduled Backups +### Pause Scheduled Backups To temporarily stop scheduled backups from running: @@ -276,7 +276,7 @@ spec: suspend: true ``` -\### Backup Owner Reference (`.spec.backupOwnerReference`) +### Backup Owner Reference (`.spec.backupOwnerReference`) Controls which Kubernetes object is set as the owner of the backup resource: @@ -374,7 +374,7 @@ your broader Kubernetes cluster backup strategy. {{name.ln}} currently supports the following backup methods for scheduled and on-demand backups: -- `plugin` – Uses a CNP-I plugin (requires `.spec.pluginConfiguration`) +- `plugin` – Uses a CNPG-I plugin (requires `.spec.pluginConfiguration`) - `volumeSnapshot` – Uses native [Kubernetes volume snapshots](backup_volumesnapshot.md#how-to-configure-volume-snapshot-backups) - `barmanObjectStore` – Uses [Barman Cloud for object storage](backup_barmanobjectstore.md) *(deprecated starting with v1.26 in favor of the @@ -484,7 +484,7 @@ backup will be taken from the primary instance. ## Retention Policies {{name.ln}} is evolving toward a **backup-agnostic architecture**, where -backup responsibilities are delegated to external **CNP-I plugins**. These +backup responsibilities are delegated to external **CNPG-I plugins**. These plugins are expected to offer advanced and customizable data protection features, including sophisticated retention management, that go beyond the built-in capabilities and scope of {{name.ln}}. diff --git a/product_docs/docs/postgres_for_kubernetes/1/cncf-projects/_category_.json b/product_docs/docs/postgres_for_kubernetes/1/cncf-projects/_category_.json new file mode 100644 index 0000000000..0bb5a46834 --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/cncf-projects/_category_.json @@ -0,0 +1,7 @@ +{ + "label": "CNCF Projects Integrations", + "position": 590, + "link": { + "type": "generated-index" + } +} diff --git a/product_docs/docs/postgres_for_kubernetes/1/cnp_i.mdx b/product_docs/docs/postgres_for_kubernetes/1/cnpg_i.mdx similarity index 92% rename from product_docs/docs/postgres_for_kubernetes/1/cnp_i.mdx rename to product_docs/docs/postgres_for_kubernetes/1/cnpg_i.mdx index 28af06b671..ebd4941b66 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/cnp_i.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/cnpg_i.mdx @@ -1,6 +1,6 @@ --- -title: 'CNP-I' -originalFilePath: 'src/cnp_i.md' +title: 'CNPG-I' +originalFilePath: 'src/cnpg_i.md' --- @@ -9,32 +9,32 @@ The **CloudNativePG Interface** ([CNPG-I](https://github.com/cloudnative-pg/cnpg is a standard way to extend and customize {{name.ln}} without modifying its core codebase. -## Why CNP-I? +## Why CNPG-I? {{name.ln}} supports a wide range of use cases, but sometimes its built-in functionality isn’t enough, or adding certain features directly to the main project isn’t practical. -Before CNP-I, users had two main options: +Before CNPG-I, users had two main options: - Fork the project to add custom behavior, or - Extend the upstream codebase by writing custom components on top of it. Both approaches created maintenance overhead, slowed upgrades, and delayed delivery of critical features. -CNP-I solves these problems by providing a stable, gRPC-based integration +CNPG-I solves these problems by providing a stable, gRPC-based integration point for extending {{name.ln}} at key points in a cluster’s lifecycle —such as backups, recovery, and sub-resource reconciliation— without disrupting the core project. -CNP-I can extend: +CNPG-I can extend: - The operator, and/or - The instance manager running inside PostgreSQL pods. ## Registering a plugin -CNP-I is inspired by the Kubernetes +CNPG-I is inspired by the Kubernetes [Container Storage Interface (CSI)](https://kubernetes.io/blog/2019/01/15/container-storage-interface-ga/). The operator communicates with registered plugins using **gRPC**, following the [CNPG-I protocol](https://github.com/cloudnative-pg/cnpg-i/blob/main/docs/protocol.md). @@ -198,7 +198,7 @@ must include this DNS name in its Subject Alternative Names (SAN). To enable a plugin, configure the `.spec.plugins` section in your `Cluster` resource. Refer to the {{name.ln}} API Reference for the full -[PluginConfiguration](https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-k8s-enterprisedb-io-v1-PluginConfiguration) +[PluginConfiguration](https://cloudnative-pg.io/docs/devel/cloudnative-pg.v1/#pluginconfiguration) specification. Example: @@ -229,10 +229,10 @@ deployed: ## Community plugins -The CNP-I protocol has quickly become a proven and reliable pattern for +The CNPG-I protocol has quickly become a proven and reliable pattern for extending {{name.ln}} while keeping the core project maintainable. Over time, the community has built and shared plugins that address real-world needs and serve as examples for developers. -For a complete and up-to-date list of plugins built with CNP-I, please refer to the +For a complete and up-to-date list of plugins built with CNPG-I, please refer to the [CNPG-I GitHub page](https://github.com/cloudnative-pg/cnpg-i?tab=readme-ov-file#projects-built-with-cnpg-i). diff --git a/product_docs/docs/postgres_for_kubernetes/1/connection_pooling.mdx b/product_docs/docs/postgres_for_kubernetes/1/connection_pooling.mdx index 6f81e4cb4a..dd8499114f 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/connection_pooling.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/connection_pooling.mdx @@ -219,15 +219,37 @@ replicate similar behavior to the default setup. ## Pod templates -You can take advantage of pod templates specification in the `template` -section of a `Pooler` resource. For details, see -[`PoolerSpec`](pg4k.v1.md#poolerspec) in the API reference. +The `Pooler` resource allows you to customize the underlying pods via the +`template` section. This provides full access to the Kubernetes `PodSpec` for +advanced configurations like scheduling constraints, custom security contexts, +or resource overrides. -Using templates, you can configure pods as you like, including fine control -over affinity and anti-affinity rules for pods and nodes. By default, -containers use images from `docker.enterprisedb.com/k8s/pgbouncer`. +For a complete list of supported fields, see the +[`PoolerSpec`](pg4k.v1.md#poolerspec) API reference. -This example shows `Pooler` specifying \`PodAntiAffinity\`\`: +### Key requirements + +- **The `pgbouncer` container name:** When overriding container settings (like + images or resources), the name of the container **must** be set to + `pgbouncer`. The operator looks for this specific name to manage the + PgBouncer process. + +- **Mandatory `containers` field:** Since `template` follows the standard + Kubernetes `PodSpec` schema, the `containers` field is mandatory. + +- If you aren't modifying container-level settings, you must set it to an empty + array: `containers: []`. + +- If the `containers` field is missing, the API server will throw a + `ValidationError`. + +### Examples + +#### High availability with pod anti-affinity + +This configuration uses `podAntiAffinity` to ensure that PgBouncer pods are +distributed across different nodes, preventing a single node failure from +taking down the entire pool. ```yaml apiVersion: postgresql.k8s.enterprisedb.io/v1 @@ -258,16 +280,10 @@ spec: topologyKey: "kubernetes.io/hostname" ``` -!!!note -Explicitly set `.spec.template.spec.containers` to `[]` when not modified, -as it's a required field for a `PodSpec`. If `.spec.template.spec.containers` -isn't set, the Kubernetes api-server returns the following error when trying to -apply the manifest:`error validating "pooler.yaml": error validating data: -ValidationError(Pooler.spec.template.spec): missing required field -"containers"` -!!! +#### Custom image and resource limits -This example sets resources and changes the used image: +You can specify a custom image and define resource requests/limits. Note that +the container name is explicitly set to `pgbouncer`. ```yaml apiVersion: postgresql.k8s.enterprisedb.io/v1 @@ -286,6 +302,7 @@ spec: app: pooler spec: containers: + # This name MUST be "pgbouncer" - name: pgbouncer image: my-pgbouncer:latest resources: @@ -648,9 +665,10 @@ spec: ### Deprecation of Automatic `PodMonitor` Creation -!!!warning "Feature Deprecation Notice" - The `.spec.monitoring.enablePodMonitor` field in the `Pooler` resource is - now deprecated and will be removed in a future version of the operator. +!!!warning Feature Deprecation Notice +The `.spec.monitoring.enablePodMonitor` field in the `Pooler` resource is +now deprecated and will be removed in a future version of the operator. +!!! If you are currently using this feature, we strongly recommend you either remove or set `.spec.monitoring.enablePodMonitor` to `false` and manually diff --git a/product_docs/docs/postgres_for_kubernetes/1/default-monitoring.yaml b/product_docs/docs/postgres_for_kubernetes/1/default-monitoring.yaml index 1a22775737..675aed6426 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/default-monitoring.yaml +++ b/product_docs/docs/postgres_for_kubernetes/1/default-monitoring.yaml @@ -173,6 +173,9 @@ data: , COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_failed_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_failed_wal_start_lsn , EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time FROM pg_catalog.pg_stat_archiver + predicate_query: | + SELECT NOT pg_catalog.pg_is_in_recovery() + OR pg_catalog.current_setting('archive_mode') = 'always' metrics: - archived_count: usage: "COUNTER" diff --git a/product_docs/docs/postgres_for_kubernetes/1/images/openshift/software-catalog.png b/product_docs/docs/postgres_for_kubernetes/1/images/openshift/software-catalog.png new file mode 100644 index 0000000000..e129a525a3 --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/images/openshift/software-catalog.png @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:93a066d4a3d4f8cd26ccb4c55bb48df6746140f4c196d790d60620d6df5b0c33 +size 56993 diff --git a/product_docs/docs/postgres_for_kubernetes/1/imagevolume_extensions.mdx b/product_docs/docs/postgres_for_kubernetes/1/imagevolume_extensions.mdx index 63647b49fc..72705dab9a 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/imagevolume_extensions.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/imagevolume_extensions.mdx @@ -135,9 +135,17 @@ spec: The `name` field is **mandatory** and **must be unique within the cluster**, as it determines the mount path (`/extensions/foo` in this example). It must -consist of *lowercase alphanumeric characters or hyphens (`-`)* and must start +consist of *lowercase alphanumeric characters, underscores (`_`) or hyphens (`-`)* and must start and end with an alphanumeric character. +!!!note +Extension names containing underscores (e.g., `pg_ivm`) are converted to use +hyphens (e.g., `pg-ivm`) for Kubernetes volume names to comply with RFC 1123 +DNS label requirements. Do not use extension names that become identical after +sanitization (e.g., `pg_ivm` and `pg-ivm` both sanitize to `pg-ivm`). The +webhook validation will prevent such conflicts. +!!! + The `image` stanza follows the [Kubernetes `ImageVolume` API](https://kubernetes.io/docs/tasks/configure-pod-container/image-volumes/). The `reference` must point to a valid container registry path for the extension image. diff --git a/product_docs/docs/postgres_for_kubernetes/1/installation_upgrade.mdx b/product_docs/docs/postgres_for_kubernetes/1/installation_upgrade.mdx index 77eb9d4a12..683e1a9782 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/installation_upgrade.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/installation_upgrade.mdx @@ -74,7 +74,7 @@ for this minor release as follows: ```sh kubectl apply --server-side -f \ - https://get.enterprisedb.io/pg4k/pg4k-1.28.0.yaml + https://get.enterprisedb.io/pg4k/pg4k-1.28.1.yaml ``` You can verify that with: @@ -323,7 +323,7 @@ Your applications will need to reconnect to PostgreSQL after the upgrade. #### Deprecation of backup metrics and fields in the `Cluster` `.status` -With the transition to a backup and recovery agnostic approach based on CNP-I +With the transition to a backup and recovery agnostic approach based on CNPG-I plugins in {{name.ln}}, which began with version 1.26.0 for Barman Cloud, we are starting the deprecation period for the following fields in the `.status` section of the `Cluster` resource: diff --git a/product_docs/docs/postgres_for_kubernetes/1/iron-bank.mdx b/product_docs/docs/postgres_for_kubernetes/1/iron-bank.mdx index 36dbbc1069..332fae06b4 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/iron-bank.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/iron-bank.mdx @@ -39,14 +39,20 @@ the image. From there, you can get the instruction to pull the image: ![pulling-ironbank-images](./images/ironbank/pulling-the-image.png) -For example, to pull the EPAS16 operand from Ironbank, you can run: +For example, to pull the EPAS 18 operand from Ironbank, you can run: ```bash -docker pull registry1.dso.mil/ironbank/enterprisedb/edb-postgres-advanced-16:16 +docker pull registry1.dso.mil/ironbank/enterprisedb/edb-postgres-advanced-18:18 +``` +Similarly, for EPAS 16 or 17: + +```bash +docker pull registry1.dso.mil/ironbank/enterprisedb/edb-postgres-advanced-17:17 +docker pull registry1.dso.mil/ironbank/enterprisedb/edb-postgres-advanced-16:16 ``` -If you want to pick a more specific tag or use a specific SHA, you need to find it from the [Harbor page](https://registry1.dso.mil/harbor/projects/3/repositories/enterprisedb%2Fedb-postgres-advanced-16/artifacts-tab). +If you want to pick a more specific tag or use a specific SHA, you need to find it from the Harbor page (e.g., [EPAS 18](https://registry1.dso.mil/harbor/projects/3/repositories/enterprisedb%2Fedb-postgres-advanced-18/artifacts-tab), [EPAS 17](https://registry1.dso.mil/harbor/projects/3/repositories/enterprisedb%2Fedb-postgres-advanced-17/artifacts-tab), [EPAS 16](https://registry1.dso.mil/harbor/projects/3/repositories/enterprisedb%2Fedb-postgres-advanced-16/artifacts-tab)). ## Installing the {{name.short}} operator using the Iron Bank image @@ -99,7 +105,7 @@ Once you have this in place, you can apply your manifest normally with ## Deploying clusters with EPAS operands using IronBank images To deploy a cluster using the EPAS [operand](/postgres_for_kubernetes/latest/private_edb_registries/#operand-images) you must reference the Ironbank operand image appropriately in the `Cluster` resource YAML. -For example, to deploy a {{name.short}} Cluster using the EPAS 16 operand: +For example, to deploy a {{name.short}} Cluster using the EPAS 18 operand: 1. Create or edit a `Cluster` resource YAML file with the following content: @@ -109,11 +115,16 @@ For example, to deploy a {{name.short}} Cluster using the EPAS 16 operand: metadata: name: cluster-example-full spec: - imageName: registry1.dso.mil/ironbank/enterprisedb/edb-postgres-advanced-17:17 + imageName: registry1.dso.mil/ironbank/enterprisedb/edb-postgres-advanced-18:18 imagePullSecrets: - name: my_ironbank_secret ``` + For EPAS 17 or 16, use the corresponding image: + +- EPAS 17: `registry1.dso.mil/ironbank/enterprisedb/edb-postgres-advanced-17:17` +- EPAS 16: `registry1.dso.mil/ironbank/enterprisedb/edb-postgres-advanced-16:16` + 2. Apply the YAML: ``` diff --git a/product_docs/docs/postgres_for_kubernetes/1/kubectl-plugin.mdx b/product_docs/docs/postgres_for_kubernetes/1/kubectl-plugin.mdx index dc2a97e5fa..1ee71dfdda 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/kubectl-plugin.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/kubectl-plugin.mdx @@ -36,11 +36,11 @@ them in your systems. #### Debian packages -For example, let's install the 1.28.0 release of the plugin, for an Intel based +For example, let's install the 1.28.1 release of the plugin, for an Intel based 64 bit server. First, we download the right `.deb` file. ```sh -wget https://github.com/EnterpriseDB/kubectl-cnp/releases/download/v1.28.0/kubectl-cnp_1.28.0_linux_x86_64.deb \ +wget https://github.com/EnterpriseDB/kubectl-cnp/releases/download/v1.28.1/kubectl-cnp_1.28.1_linux_x86_64.deb \ --output-document kube-plugin.deb ``` @@ -51,17 +51,17 @@ $ sudo dpkg -i kube-plugin.deb Selecting previously unselected package cnp. (Reading database ... 6688 files and directories currently installed.) Preparing to unpack kube-plugin.deb ... -Unpacking kubectl-cnp (1.28.0) ... -Setting up kubectl-cnp (1.28.0) ... +Unpacking kubectl-cnp (1.28.1) ... +Setting up kubectl-cnp (1.28.1) ... ``` #### RPM packages -As in the example for `.rpm` packages, let's install the 1.28.0 release for an +As in the example for `.rpm` packages, let's install the 1.28.1 release for an Intel 64 bit machine. Note the `--output` flag to provide a file name. ```sh -curl -L https://github.com/EnterpriseDB/kubectl-cnp/releases/download/v1.28.0/kubectl-cnp_1.28.0_linux_x86_64.rpm \ +curl -L https://github.com/EnterpriseDB/kubectl-cnp/releases/download/v1.28.1/kubectl-cnp_1.28.1_linux_x86_64.rpm \ --output kube-plugin.rpm ``` @@ -75,7 +75,7 @@ Dependencies resolved. Package Architecture Version Repository Size ==================================================================================================== Installing: - cnp x86_64 1.28.0-1 @commandline 20 M + cnp x86_64 1.28.1 @commandline 20 M Transaction Summary ==================================================================================================== @@ -246,9 +246,9 @@ sandbox-3 0/604DE38 0/604DE38 0/604DE38 0/604DE38 00:00:00 00:00:00 00 Instances status Name Current LSN Replication role Status QoS Manager Version Node ---- ----------- ---------------- ------ --- --------------- ---- -sandbox-1 0/604DE38 Primary OK BestEffort 1.28.0 k8s-eu-worker -sandbox-2 0/604DE38 Standby (async) OK BestEffort 1.28.0 k8s-eu-worker2 -sandbox-3 0/604DE38 Standby (async) OK BestEffort 1.28.0 k8s-eu-worker +sandbox-1 0/604DE38 Primary OK BestEffort 1.28.1 k8s-eu-worker +sandbox-2 0/604DE38 Standby (async) OK BestEffort 1.28.1 k8s-eu-worker2 +sandbox-3 0/604DE38 Standby (async) OK BestEffort 1.28.1 k8s-eu-worker ``` If you require more detailed status information, use the `--verbose` option (or @@ -302,9 +302,9 @@ sandbox-primary primary 1 1 1 Instances status Name Current LSN Replication role Status QoS Manager Version Node ---- ----------- ---------------- ------ --- --------------- ---- -sandbox-1 0/6053720 Primary OK BestEffort 1.28.0 k8s-eu-worker -sandbox-2 0/6053720 Standby (async) OK BestEffort 1.28.0 k8s-eu-worker2 -sandbox-3 0/6053720 Standby (async) OK BestEffort 1.28.0 k8s-eu-worker +sandbox-1 0/6053720 Primary OK BestEffort 1.28.1 k8s-eu-worker +sandbox-2 0/6053720 Standby (async) OK BestEffort 1.28.1 k8s-eu-worker2 +sandbox-3 0/6053720 Standby (async) OK BestEffort 1.28.1 k8s-eu-worker ``` With an additional `-v` (e.g. `kubectl cnp status sandbox -v -v`), you can @@ -532,12 +532,12 @@ and previous logs are available, it will show them both. ```output ====== Begin of Previous Log ===== -2023-03-28T12:56:41.251711811Z {"level":"info","ts":"2023-03-28T12:56:41Z","logger":"setup","msg":"Starting EDB Postgres for Kubernetes Operator","version":"1.28.0","build":{"Version":"1.28.0+dev107","Commit":"cc9bab17","Date":"2023-03-28"}} +2023-03-28T12:56:41.251711811Z {"level":"info","ts":"2023-03-28T12:56:41Z","logger":"setup","msg":"Starting EDB Postgres for Kubernetes Operator","version":"1.28.1","build":{"Version":"1.28.1+dev107","Commit":"cc9bab17","Date":"2023-03-28"}} 2023-03-28T12:56:41.251851909Z {"level":"info","ts":"2023-03-28T12:56:41Z","logger":"setup","msg":"Starting pprof HTTP server","addr":"0.0.0.0:6060"} ====== End of Previous Log ===== -2023-03-28T12:57:09.854306024Z {"level":"info","ts":"2023-03-28T12:57:09Z","logger":"setup","msg":"Starting EDB Postgres for Kubernetes Operator","version":"1.28.0","build":{"Version":"1.28.0+dev107","Commit":"cc9bab17","Date":"2023-03-28"}} +2023-03-28T12:57:09.854306024Z {"level":"info","ts":"2023-03-28T12:57:09Z","logger":"setup","msg":"Starting EDB Postgres for Kubernetes Operator","version":"1.28.1","build":{"Version":"1.28.1+dev107","Commit":"cc9bab17","Date":"2023-03-28"}} 2023-03-28T12:57:09.854363943Z {"level":"info","ts":"2023-03-28T12:57:09Z","logger":"setup","msg":"Starting pprof HTTP server","addr":"0.0.0.0:6060"} ``` diff --git a/product_docs/docs/postgres_for_kubernetes/1/monitoring.mdx b/product_docs/docs/postgres_for_kubernetes/1/monitoring.mdx index 87323fe80a..04c4c18fd0 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/monitoring.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/monitoring.mdx @@ -116,9 +116,10 @@ spec: #### Deprecation of Automatic `PodMonitor` Creation -!!!warning "Feature Deprecation Notice" - The `.spec.monitoring.enablePodMonitor` field in the `Cluster` resource is - now deprecated and will be removed in a future version of the operator. +!!!warning Feature Deprecation Notice +The `.spec.monitoring.enablePodMonitor` field in the `Cluster` resource is +now deprecated and will be removed in a future version of the operator. +!!! If you are currently using this feature, we strongly recommend you either remove or set `.spec.monitoring.enablePodMonitor` to `false` and manually diff --git a/product_docs/docs/postgres_for_kubernetes/1/object_stores.mdx b/product_docs/docs/postgres_for_kubernetes/1/object_stores.mdx index 4d03a6dd36..5ab5b7c71f 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/object_stores.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/object_stores.mdx @@ -26,6 +26,16 @@ You can also use any compatible implementation of the supported services. The required setup depends on the chosen storage provider and is discussed in the following sections. +!!!note Authentication Methods +{{name.ln}} does not independently test all authentication methods +supported by `barman-cloud`. {{name.ln}}' responsibility is limited to passing +the provided credentials to `barman-cloud`, which then handles authentication +according to its own implementation. Users should refer to the +[Barman Cloud documentation](https://docs.pgbarman.org/release/latest/) to +verify that their chosen authentication method is supported and properly +configured. +!!! + ## AWS S3 [AWS Simple Storage Service (S3)](https://aws.amazon.com/s3/) is @@ -194,17 +204,15 @@ the instances using the `kubectl cnp reload` subcommand. [Azure Blob Storage](https://azure.microsoft.com/en-us/services/storage/blobs/) is the object storage service provided by Microsoft. -In order to access your storage account for backup and recovery of -{{name.ln}} managed databases, you will need one of the following -combinations of credentials: +{{name.ln}} supports the following authentication methods for Azure Blob Storage: - [Connection String](https://docs.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string#configure-a-connection-string-for-an-azure-storage-account) -- Storage account name and [Storage account access key](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage) -- Storage account name and [Storage account SAS Token](https://docs.microsoft.com/en-us/azure/storage/blobs/sas-service-create) -- Storage account name and [Azure AD Workload Identity](https://azure.github.io/azure-workload-identity/docs/introduction.html) - properly configured. +- Storage Account Name + [Storage Account Access Key](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage) +- Storage Account Name + [Storage Account SAS Token](https://docs.microsoft.com/en-us/azure/storage/blobs/sas-service-create) +- [Azure AD Managed Identity](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview) +- [Default Azure Credentials](https://learn.microsoft.com/en-us/python/api/azure-identity/azure.identity.defaultazurecredential?view=azure-python) -Using **Azure AD Workload Identity**, you can avoid saving the credentials into a Kubernetes Secret, +Using **Azure AD Managed Identity**, you can avoid saving the credentials into a Kubernetes Secret, and have a Cluster configuration adding the `inheritFromAzureAD` as follows: ```yaml @@ -219,6 +227,23 @@ spec: inheritFromAzureAD: true ``` +Alternatively, you can use the **Default Azure Credentials** authentication mechanism, which provides +a seamless authentication experience by supporting multiple authentication methods including environment +variables, managed identities, and Azure CLI credentials. Add the `useDefaultAzureCredentials` flag +as follows: + +```yaml +apiVersion: postgresql.k8s.enterprisedb.io/v1 +kind: Cluster +[...] +spec: + backup: + barmanObjectStore: + destinationPath: "" + azureCredentials: + useDefaultAzureCredentials: true +``` + On the other side, using both **Storage account access key** or **Storage account SAS Token**, the credentials need to be stored inside a Kubernetes Secret, adding data entries only when needed. The following command performs that: diff --git a/product_docs/docs/postgres_for_kubernetes/1/openshift.mdx b/product_docs/docs/postgres_for_kubernetes/1/openshift.mdx index 82a6ea3f74..b822e9ad0e 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/openshift.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/openshift.mdx @@ -311,6 +311,12 @@ with different upgrade policies as long as the API is the same (see ["Limitations for multi-tenant management"](#limitations-for-multi-tenant-management)). !!! +\!!! Note + If you are running with OpenShift 4.20 or later, OperatorHub has been integrated into the + Software Catalog. In the web console, navigate to `Operators -> Software Catalog` + and select a Project to view the software catalog. + ![Menu Software Catalog](./images/openshift/software-catalog.png) + Choosing cluster-wide vs local installation of the operator is a critical turning point. Trying to install the operator globally with an existing local installation is blocked, by throwing the error below. If you want to proceed diff --git a/product_docs/docs/postgres_for_kubernetes/1/operator_capability_levels.mdx b/product_docs/docs/postgres_for_kubernetes/1/operator_capability_levels.mdx index a44047e780..8e096e5cd5 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/operator_capability_levels.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/operator_capability_levels.mdx @@ -411,7 +411,7 @@ command before beginning to ship the first set of WAL files. ### PostgreSQL Backups -{{name.ln}} provides a pluggable interface (CNP-I) for managing +{{name.ln}} provides a pluggable interface (CNPG-I) for managing application-level backups using PostgreSQL’s native physical backup mechanisms—namely base backups and continuous WAL archiving. This design enables flexibility and extensibility while ensuring consistency and @@ -421,7 +421,7 @@ The {{name.ln}} Community officially supports the [Barman Cloud Plugin](https:// which enables continuous physical backups to object stores, along with full and Point-In-Time Recovery (PITR) capabilities. -In addition to CNP-I plugins, {{name.ln}} also natively supports backups +In addition to CNPG-I plugins, {{name.ln}} also natively supports backups using Kubernetes volume snapshots, when supported by the underlying storage class and CSI driver. @@ -434,7 +434,7 @@ You can initiate base backups in two ways: Volume snapshots leverage the Kubernetes API and are particularly effective for very large databases (VLDBs) due to their speed and storage efficiency. -Both volume snapshots and CNP-I-based backups support: +Both volume snapshots and CNPG-I-based backups support: - Hot backups: Taken while PostgreSQL is running, ensuring minimal disruption. diff --git a/product_docs/docs/postgres_for_kubernetes/1/operator_conf.mdx b/product_docs/docs/postgres_for_kubernetes/1/operator_conf.mdx index a2adcd5637..e7ed43f185 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/operator_conf.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/operator_conf.mdx @@ -48,6 +48,7 @@ The operator looks for the following environment variables to be defined in the | `CERTIFICATE_DURATION` | Determines the lifetime of the generated certificates in days. Default is 90. | | `CLUSTERS_ROLLOUT_DELAY` | The duration (in seconds) to wait between the roll-outs of different clusters during an operator upgrade. This setting controls the timing of upgrades across clusters, spreading them out to reduce system impact. The default value is `0` which means no delay between PostgreSQL cluster upgrades. | | `CREATE_ANY_SERVICE` | When set to `true`, will create `-any` service for the cluster. Default is `false` | +| `DRAIN_TAINTS` | Specifies the taint keys that should be interpreted as indicators of node drain. By default, it includes the taints commonly applied by [kubectl](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/), [Cluster Autoscaler](https://github.com/kubernetes/autoscaler), and [Karpenter](https://github.com/aws/karpenter-provider-aws): `node.kubernetes.io/unschedulable`, `ToBeDeletedByClusterAutoscaler`, `karpenter.sh/disrupted`, `karpenter.sh/disruption`. | | `EDB_LICENSE_KEY` | Default license key (to be used only if the cluster does not define one, and preferably in the `Secret`) | | `ENABLE_INSTANCE_MANAGER_INPLACE_UPDATES` | When set to `true`, enables in-place updates of the instance manager after an update of the operator, avoiding rolling updates of the cluster (default `false`) | | `ENABLE_REDWOOD_BY_DEFAULT` | Enable the Redwood compatibility by default when using EPAS. | @@ -66,7 +67,7 @@ The operator looks for the following environment variables to be defined in the | `POSTGRES_IMAGE_NAME` | The name of the PostgreSQL image used by default for new clusters. Defaults to the version specified in the operator. | | `PULL_SECRET_NAME` | Name of an additional pull secret to be defined in the operator's namespace and to be used to download images | | `STANDBY_TCP_USER_TIMEOUT` | Defines the [`TCP_USER_TIMEOUT` socket option](https://www.postgresql.org/docs/current/runtime-config-connection.html#GUC-TCP-USER-TIMEOUT) in milliseconds for replication connections from standby instances to the primary. Default is 5000 (5 seconds). Set to `0` to use the system's default. | -| `DRAIN_TAINTS` | Specifies the taint keys that should be interpreted as indicators of node drain. By default, it includes the taints commonly applied by [kubectl](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/), [Cluster Autoscaler](https://github.com/kubernetes/autoscaler), and [Karpenter](https://github.com/aws/karpenter-provider-aws): `node.kubernetes.io/unschedulable`, `ToBeDeletedByClusterAutoscaler`, `karpenter.sh/disrupted`, `karpenter.sh/disruption`. | +| `WATCH_NAMESPACE` | Specifies the namespace(s) where the operator should watch for resources. Multiple namespaces can be specified separated by commas. If not set, the operator watches all namespaces (cluster-wide mode). | Values in `INHERITED_ANNOTATIONS` and `INHERITED_LABELS` support path-like wildcards. For example, the value `example.com/*` will match both the value `example.com/one` and `example.com/two`. diff --git a/product_docs/docs/postgres_for_kubernetes/1/pg4k.v1/index.mdx b/product_docs/docs/postgres_for_kubernetes/1/pg4k.v1/index.mdx index 57d45af2bc..d20a34ecb6 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/pg4k.v1/index.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/pg4k.v1/index.mdx @@ -1,8 +1,9 @@ --- -title: API Reference - v1.28.0 +title: API Reference - v1.28.1 originalFilePath: src/pg4k.v1.md navTitle: API Reference navigation: + - v1.28.1 - v1.28.0 - v1.27.1 - v1.27.0 @@ -894,13 +895,13 @@ PostgreSQL extensions to the Cluster. - [PostgresConfiguration](#postgresconfiguration) -| Field | Description | Required | Default | Validation | -| ----------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | -------- | ------- | -------------------------------------------------------------------- | -| `name` *string* | The name of the extension, required | True | | MinLength: 1
Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$`
| -| `image` *[ImageVolumeSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#imagevolumesource-v1-core)* | The image containing the extension, required | True | | | -| `extension_control_path` *string array* | The list of directories inside the image which should be added to extension_control_path.
If not defined, defaults to "/share". | | | | -| `dynamic_library_path` *string array* | The list of directories inside the image which should be added to dynamic_library_path.
If not defined, defaults to "/lib". | | | | -| `ld_library_path` *string array* | The list of directories inside the image which should be added to ld_library_path. | | | | +| Field | Description | Required | Default | Validation | +| ----------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | -------- | ------- | --------------------------------------------------------------------- | +| `name` *string* | The name of the extension, required | True | | MinLength: 1
Pattern: `^[a-z0-9]([-a-z0-9_]*[a-z0-9])?$`
| +| `image` *[ImageVolumeSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#imagevolumesource-v1-core)* | The image containing the extension, required | True | | | +| `extension_control_path` *string array* | The list of directories inside the image which should be added to extension_control_path.
If not defined, defaults to "/share". | | | | +| `dynamic_library_path` *string array* | The list of directories inside the image which should be added to dynamic_library_path.
If not defined, defaults to "/lib". | | | | +| `ld_library_path` *string array* | The list of directories inside the image which should be added to ld_library_path. | | | | #### ExtensionSpec @@ -1079,10 +1080,11 @@ InstanceID contains the information to identify an instance - [BackupStatus](#backupstatus) -| Field | Description | Required | Default | Validation | -| ---------------------- | ---------------- | -------- | ------- | ---------- | -| `podName` *string* | The pod name | | | | -| `ContainerID` *string* | The container ID | | | | +| Field | Description | Required | Default | Validation | +| ---------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `podName` *string* | The pod name | | | | +| `ContainerID` *string* | The container ID | | | | +| `sessionID` *string* | The instance manager session ID. This is a unique identifier generated at instance manager
startup and changes on every restart (including container reboots). Used to detect if
the instance manager was restarted during long-running operations like backups, which
would terminate any running backup process. | | | | #### InstanceReportedState @@ -1843,7 +1845,7 @@ will stop. All the target options except TargetTLI are mutually exclusive. | `targetXID` *string* | The target transaction ID | | | | | `targetName` *string* | The target name (to be previously created
with `pg_create_restore_point`) | | | | | `targetLSN` *string* | The target LSN (Log Sequence Number) | | | | -| `targetTime` *string* | The target time as a timestamp in the RFC3339 standard | | | | +| `targetTime` *string* | The target time as a timestamp in RFC3339 format or PostgreSQL timestamp format.
Timestamps without an explicit timezone are interpreted as UTC. | | | | | `targetImmediate` *boolean* | End recovery as soon as a consistent state is reached | | | | | `exclusive` *boolean* | Set the target to be exclusive. If omitted, defaults to false, so that
in Postgres, `recovery_target_inclusive` will be true | | | | diff --git a/product_docs/docs/postgres_for_kubernetes/1/pg4k.v1/v1.28.1.mdx b/product_docs/docs/postgres_for_kubernetes/1/pg4k.v1/v1.28.1.mdx new file mode 100644 index 0000000000..9b7b2f2b28 --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/pg4k.v1/v1.28.1.mdx @@ -0,0 +1,2350 @@ +--- +title: API Reference - v1.28.1 +navTitle: v1.28.1 +pdfExclude: 'true' + +--- + +## Packages + +- [postgresql.k8s.enterprisedb.io/v1](#postgresqlk8senterprisedbiov1) + +## postgresql.k8s.enterprisedb.io/v1 + +Package v1 contains API Schema definitions for the postgresql v1 API group + +### Resource Types + +- [Backup](#backup) +- [Cluster](#cluster) +- [ClusterImageCatalog](#clusterimagecatalog) +- [Database](#database) +- [FailoverQuorum](#failoverquorum) +- [ImageCatalog](#imagecatalog) +- [Pooler](#pooler) +- [Publication](#publication) +- [ScheduledBackup](#scheduledbackup) +- [Subscription](#subscription) + +#### AffinityConfiguration + +AffinityConfiguration contains the info we need to create the +affinity rules for Pods + +*Appears in:* + +- [ClusterSpec](#clusterspec) + +| Field | Description | Required | Default | Validation | +| --------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------- | ------- | ---------- | +| `enablePodAntiAffinity` *boolean* | Activates anti-affinity for the pods. The operator will define pods
anti-affinity unless this field is explicitly set to false | | | | +| `topologyKey` *string* | TopologyKey to use for anti-affinity configuration. See k8s documentation
for more info on that | | | | +| `nodeSelector` *object (keys:string, values:string)* | NodeSelector is map of key-value pairs used to define the nodes on which
the pods can run.
More info: | | | | +| `nodeAffinity` *[NodeAffinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#nodeaffinity-v1-core)* | NodeAffinity describes node affinity scheduling rules for the pod.
More info: | | | | +| `tolerations` *[Toleration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#toleration-v1-core) array* | Tolerations is a list of Tolerations that should be set for all the pods, in order to allow them to run
on tainted nodes.
More info: | | | | +| `podAntiAffinityType` *string* | PodAntiAffinityType allows the user to decide whether pod anti-affinity between cluster instance has to be
considered a strong requirement during scheduling or not. Allowed values are: "preferred" (default if empty) or
"required". Setting it to "required", could lead to instances remaining pending until new kubernetes nodes are
added if all the existing nodes don't match the required pod anti-affinity rule.
More info:
| | | | +| `additionalPodAntiAffinity` *[PodAntiAffinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#podantiaffinity-v1-core)* | AdditionalPodAntiAffinity allows to specify pod anti-affinity terms to be added to the ones generated
by the operator if EnablePodAntiAffinity is set to true (default) or to be used exclusively if set to false. | | | | +| `additionalPodAffinity` *[PodAffinity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#podaffinity-v1-core)* | AdditionalPodAffinity allows to specify pod affinity terms to be passed to all the cluster's pods. | | | | + +#### AvailableArchitecture + +AvailableArchitecture represents the state of a cluster's architecture + +*Appears in:* + +- [ClusterStatus](#clusterstatus) + +| Field | Description | Required | Default | Validation | +| ----------------- | ------------------------------------------------- | -------- | ------- | ---------- | +| `goArch` *string* | GoArch is the name of the executable architecture | True | | | +| `hash` *string* | Hash is the hash of the executable | True | | | + +#### Backup + +A Backup resource is a request for a PostgreSQL backup by the user. + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `apiVersion` *string* | `postgresql.k8s.enterprisedb.io/v1` | True | | | +| `kind` *string* | `Backup` | True | | | +| `metadata` *[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectmeta-v1-meta)* | Refer to Kubernetes API documentation for fields of `metadata`. | True | | | +| `spec` *[BackupSpec](#backupspec)* | Specification of the desired behavior of the backup.
More info: | True | | | +| `status` *[BackupStatus](#backupstatus)* | Most recently observed status of the backup. This data may not be up to
date. Populated by the system. Read-only.
More info: | | | | + +#### BackupConfiguration + +BackupConfiguration defines how the backup of the cluster are taken. +The supported backup methods are BarmanObjectStore and VolumeSnapshot. +For details and examples refer to the Backup and Recovery section of the +documentation + +*Appears in:* + +- [ClusterSpec](#clusterspec) + +| Field | Description | Required | Default | Validation | +| -------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ------------------------------------- | +| `volumeSnapshot` *[VolumeSnapshotConfiguration](#volumesnapshotconfiguration)* | VolumeSnapshot provides the configuration for the execution of volume snapshot backups. | | | | +| `barmanObjectStore` *[BarmanObjectStoreConfiguration](https://pkg.go.dev/github.com/cloudnative-pg/barman-cloud/pkg/api#BarmanObjectStoreConfiguration)* | The configuration for the barman-cloud tool suite | | | | +| `retentionPolicy` *string* | RetentionPolicy is the retention policy to be used for backups
and WALs (i.e. '60d'). The retention policy is expressed in the form
of `XXu` where `XX` is a positive integer and `u` is in `[dwm]` -
days, weeks, months.
It's currently only applicable when using the BarmanObjectStore method. | | | Pattern: `^[1-9][0-9]*[dwm]$`
| +| `target` *[BackupTarget](#backuptarget)* | The policy to decide which instance should perform backups. Available
options are empty string, which will default to `prefer-standby` policy,
`primary` to have backups run always on primary instances, `prefer-standby`
to have backups run preferably on the most updated standby, if available. | | | Enum: [primary prefer-standby]
| + +#### BackupMethod + +*Underlying type:* *string* + +BackupMethod defines the way of executing the physical base backups of +the selected PostgreSQL instance + +*Appears in:* + +- [BackupSpec](#backupspec) +- [BackupStatus](#backupstatus) +- [ClusterStatus](#clusterstatus) +- [ScheduledBackupSpec](#scheduledbackupspec) + +| Field | Description | +| ------------------- | -------------------------------------------------------------------------------------------- | +| `volumeSnapshot` | BackupMethodVolumeSnapshot means using the volume snapshot
Kubernetes feature
| +| `barmanObjectStore` | BackupMethodBarmanObjectStore means using barman to backup the
PostgreSQL cluster
| +| `plugin` | BackupMethodPlugin means that this backup should be handled by
a plugin
| + +#### BackupPhase + +*Underlying type:* *string* + +BackupPhase is the phase of the backup + +*Appears in:* + +- [BackupStatus](#backupstatus) + +#### BackupPluginConfiguration + +BackupPluginConfiguration contains the backup configuration used by +the backup plugin + +*Appears in:* + +- [BackupSpec](#backupspec) +- [ScheduledBackupSpec](#scheduledbackupspec) + +| Field | Description | Required | Default | Validation | +| -------------------------------------------------- | -------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `name` *string* | Name is the name of the plugin managing this backup | True | | | +| `parameters` *object (keys:string, values:string)* | Parameters are the configuration parameters passed to the backup
plugin for this backup | | | | + +#### BackupSnapshotElementStatus + +BackupSnapshotElementStatus is a volume snapshot that is part of a volume snapshot method backup + +*Appears in:* + +- [BackupSnapshotStatus](#backupsnapshotstatus) + +| Field | Description | Required | Default | Validation | +| ------------------------- | -------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `name` *string* | Name is the snapshot resource name | True | | | +| `type` *string* | Type is tho role of the snapshot in the cluster, such as PG_DATA, PG_WAL and PG_TABLESPACE | True | | | +| `tablespaceName` *string* | TablespaceName is the name of the snapshotted tablespace. Only set
when type is PG_TABLESPACE | | | | + +#### BackupSnapshotStatus + +BackupSnapshotStatus the fields exclusive to the volumeSnapshot method backup + +*Appears in:* + +- [BackupStatus](#backupstatus) + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------ | --------------------------------------------------------------- | -------- | ------- | ---------- | +| `elements` *[BackupSnapshotElementStatus](#backupsnapshotelementstatus) array* | The elements list, populated with the gathered volume snapshots | | | | + +#### BackupSource + +BackupSource contains the backup we need to restore from, plus some +information that could be needed to correctly restore it. + +*Appears in:* + +- [BootstrapRecovery](#bootstraprecovery) + +| Field | Description | Required | Default | Validation | +| -------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `name` *string* | Name of the referent. | True | | | +| `endpointCA` *[SecretKeySelector](https://pkg.go.dev/github.com/cloudnative-pg/machinery/pkg/api#SecretKeySelector)* | EndpointCA store the CA bundle of the barman endpoint.
Useful when using self-signed certificates to avoid
errors with certificate issuer and barman-cloud-wal-archive. | | | | + +#### BackupSpec + +BackupSpec defines the desired state of Backup + +*Appears in:* + +- [Backup](#backup) + +| Field | Description | Required | Default | Validation | +| ----------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ----------------- | ------------------------------------------------------ | +| `cluster` *[LocalObjectReference](https://pkg.go.dev/github.com/cloudnative-pg/machinery/pkg/api#LocalObjectReference)* | The cluster to backup | True | | | +| `target` *[BackupTarget](#backuptarget)* | The policy to decide which instance should perform this backup. If empty,
it defaults to `cluster.spec.backup.target`.
Available options are empty string, `primary` and `prefer-standby`.
`primary` to have backups run always on primary instances,
`prefer-standby` to have backups run preferably on the most updated
standby, if available. | | | Enum: [primary prefer-standby]
| +| `method` *[BackupMethod](#backupmethod)* | The backup method to be used, possible options are `barmanObjectStore`,
`volumeSnapshot` or `plugin`. Defaults to: `barmanObjectStore`. | | barmanObjectStore | Enum: [barmanObjectStore volumeSnapshot plugin]
| +| `pluginConfiguration` *[BackupPluginConfiguration](#backuppluginconfiguration)* | Configuration parameters passed to the plugin managing this backup | | | | +| `online` *boolean* | Whether the default type of backup with volume snapshots is
online/hot (`true`, default) or offline/cold (`false`)
Overrides the default setting specified in the cluster field '.spec.backup.volumeSnapshot.online' | | | | +| `onlineConfiguration` *[OnlineConfiguration](#onlineconfiguration)* | Configuration parameters to control the online/hot backup with volume snapshots
Overrides the default settings specified in the cluster '.backup.volumeSnapshot.onlineConfiguration' stanza | | | | + +#### BackupStatus + +BackupStatus defines the observed state of Backup + +*Appears in:* + +- [Backup](#backup) + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `googleCredentials` *[GoogleCredentials](https://pkg.go.dev/github.com/cloudnative-pg/barman-cloud/pkg/api#GoogleCredentials)* | The credentials to use to upload data to Google Cloud Storage | | | | +| `s3Credentials` *[S3Credentials](https://pkg.go.dev/github.com/cloudnative-pg/barman-cloud/pkg/api#S3Credentials)* | The credentials to use to upload data to S3 | | | | +| `azureCredentials` *[AzureCredentials](https://pkg.go.dev/github.com/cloudnative-pg/barman-cloud/pkg/api#AzureCredentials)* | The credentials to use to upload data to Azure Blob Storage | | | | +| `majorVersion` *integer* | The PostgreSQL major version that was running when the
backup was taken. | True | | | +| `endpointCA` *[SecretKeySelector](https://pkg.go.dev/github.com/cloudnative-pg/machinery/pkg/api#SecretKeySelector)* | EndpointCA store the CA bundle of the barman endpoint.
Useful when using self-signed certificates to avoid
errors with certificate issuer and barman-cloud-wal-archive. | | | | +| `endpointURL` *string* | Endpoint to be used to upload data to the cloud,
overriding the automatic endpoint discovery | | | | +| `destinationPath` *string* | The path where to store the backup (i.e. s3://bucket/path/to/folder)
this path, with different destination folders, will be used for WALs
and for data. This may not be populated in case of errors. | | | | +| `serverName` *string* | The server name on S3, the cluster name is used if this
parameter is omitted | | | | +| `encryption` *string* | Encryption method required to S3 API | | | | +| `backupId` *string* | The ID of the Barman backup | | | | +| `backupName` *string* | The Name of the Barman backup | | | | +| `phase` *[BackupPhase](#backupphase)* | The last backup status | | | | +| `startedAt` *[Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#time-v1-meta)* | When the backup was started | | | | +| `stoppedAt` *[Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#time-v1-meta)* | When the backup was terminated | | | | +| `beginWal` *string* | The starting WAL | | | | +| `endWal` *string* | The ending WAL | | | | +| `beginLSN` *string* | The starting xlog | | | | +| `endLSN` *string* | The ending xlog | | | | +| `error` *string* | The detected error | | | | +| `commandOutput` *string* | Unused. Retained for compatibility with old versions. | | | | +| `commandError` *string* | The backup command output in case of error | | | | +| `backupLabelFile` *integer array* | Backup label file content as returned by Postgres in case of online (hot) backups | | | | +| `tablespaceMapFile` *integer array* | Tablespace map file content as returned by Postgres in case of online (hot) backups | | | | +| `instanceID` *[InstanceID](#instanceid)* | Information to identify the instance where the backup has been taken from | | | | +| `snapshotBackupStatus` *[BackupSnapshotStatus](#backupsnapshotstatus)* | Status of the volumeSnapshot backup | | | | +| `method` *[BackupMethod](#backupmethod)* | The backup method being used | | | | +| `online` *boolean* | Whether the backup was online/hot (`true`) or offline/cold (`false`) | | | | +| `pluginMetadata` *object (keys:string, values:string)* | A map containing the plugin metadata | | | | + +#### BackupTarget + +*Underlying type:* *string* + +BackupTarget describes the preferred targets for a backup + +*Appears in:* + +- [BackupConfiguration](#backupconfiguration) +- [BackupSpec](#backupspec) +- [ScheduledBackupSpec](#scheduledbackupspec) + +#### BootstrapConfiguration + +BootstrapConfiguration contains information about how to create the PostgreSQL +cluster. Only a single bootstrap method can be defined among the supported +ones. `initdb` will be used as the bootstrap method if left +unspecified. Refer to the Bootstrap page of the documentation for more +information. + +*Appears in:* + +- [ClusterSpec](#clusterspec) + +| Field | Description | Required | Default | Validation | +| ----------------------------------------------------------------- | --------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `initdb` *[BootstrapInitDB](#bootstrapinitdb)* | Bootstrap the cluster via initdb | | | | +| `recovery` *[BootstrapRecovery](#bootstraprecovery)* | Bootstrap the cluster from a backup | | | | +| `pg_basebackup` *[BootstrapPgBaseBackup](#bootstrappgbasebackup)* | Bootstrap the cluster taking a physical backup of another compatible
PostgreSQL instance | | | | + +#### BootstrapInitDB + +BootstrapInitDB is the configuration of the bootstrap process when +initdb is used +Refer to the Bootstrap page of the documentation for more information. + +*Appears in:* + +- [BootstrapConfiguration](#bootstrapconfiguration) + +| Field | Description | Required | Default | Validation | +| ---------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ------------------------------------- | +| `database` *string* | Name of the database used by the application. Default: `app`. | | | | +| `owner` *string* | Name of the owner of the database in the instance to be used
by applications. Defaults to the value of the `database` key. | | | | +| `secret` *[LocalObjectReference](https://pkg.go.dev/github.com/cloudnative-pg/machinery/pkg/api#LocalObjectReference)* | Name of the secret containing the initial credentials for the
owner of the user database. If empty a new secret will be
created from scratch | | | | +| `redwood` *boolean* | If we need to enable/disable Redwood compatibility. Requires
EPAS and for EPAS defaults to true | | | | +| `options` *string array* | The list of options that must be passed to initdb when creating the cluster.
Deprecated: This could lead to inconsistent configurations,
please use the explicit provided parameters instead.
If defined, explicit values will be ignored. | | | | +| `dataChecksums` *boolean* | Whether the `-k` option should be passed to initdb,
enabling checksums on data pages (default: `false`) | | | | +| `encoding` *string* | The value to be passed as option `--encoding` for initdb (default:`UTF8`) | | | | +| `localeCollate` *string* | The value to be passed as option `--lc-collate` for initdb (default:`C`) | | | | +| `localeCType` *string* | The value to be passed as option `--lc-ctype` for initdb (default:`C`) | | | | +| `locale` *string* | Sets the default collation order and character classification in the new database. | | | | +| `localeProvider` *string* | This option sets the locale provider for databases created in the new cluster.
Available from PostgreSQL 16. | | | | +| `icuLocale` *string* | Specifies the ICU locale when the ICU provider is used.
This option requires `localeProvider` to be set to `icu`.
Available from PostgreSQL 15. | | | | +| `icuRules` *string* | Specifies additional collation rules to customize the behavior of the default collation.
This option requires `localeProvider` to be set to `icu`.
Available from PostgreSQL 16. | | | | +| `builtinLocale` *string* | Specifies the locale name when the builtin provider is used.
This option requires `localeProvider` to be set to `builtin`.
Available from PostgreSQL 17. | | | | +| `walSegmentSize` *integer* | The value in megabytes (1 to 1024) to be passed to the `--wal-segsize`
option for initdb (default: empty, resulting in PostgreSQL default: 16MB) | | | Maximum: 1024
Minimum: 1
| +| `postInitSQL` *string array* | List of SQL queries to be executed as a superuser in the `postgres`
database right after the cluster has been created - to be used with extreme care
(by default empty) | | | | +| `postInitApplicationSQL` *string array* | List of SQL queries to be executed as a superuser in the application
database right after the cluster has been created - to be used with extreme care
(by default empty) | | | | +| `postInitTemplateSQL` *string array* | List of SQL queries to be executed as a superuser in the `template1`
database right after the cluster has been created - to be used with extreme care
(by default empty) | | | | +| `import` *[Import](#import)* | Bootstraps the new cluster by importing data from an existing PostgreSQL
instance using logical backup (`pg_dump` and `pg_restore`) | | | | +| `postInitApplicationSQLRefs` *[SQLRefs](#sqlrefs)* | List of references to ConfigMaps or Secrets containing SQL files
to be executed as a superuser in the application database right after
the cluster has been created. The references are processed in a specific order:
first, all Secrets are processed, followed by all ConfigMaps.
Within each group, the processing order follows the sequence specified
in their respective arrays.
(by default empty) | | | | +| `postInitTemplateSQLRefs` *[SQLRefs](#sqlrefs)* | List of references to ConfigMaps or Secrets containing SQL files
to be executed as a superuser in the `template1` database right after
the cluster has been created. The references are processed in a specific order:
first, all Secrets are processed, followed by all ConfigMaps.
Within each group, the processing order follows the sequence specified
in their respective arrays.
(by default empty) | | | | +| `postInitSQLRefs` *[SQLRefs](#sqlrefs)* | List of references to ConfigMaps or Secrets containing SQL files
to be executed as a superuser in the `postgres` database right after
the cluster has been created. The references are processed in a specific order:
first, all Secrets are processed, followed by all ConfigMaps.
Within each group, the processing order follows the sequence specified
in their respective arrays.
(by default empty) | | | | + +#### BootstrapPgBaseBackup + +BootstrapPgBaseBackup contains the configuration required to take +a physical backup of an existing PostgreSQL cluster + +*Appears in:* + +- [BootstrapConfiguration](#bootstrapconfiguration) + +| Field | Description | Required | Default | Validation | +| ---------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ | -------- | ------- | ------------------- | +| `source` *string* | The name of the server of which we need to take a physical backup | True | | MinLength: 1
| +| `database` *string* | Name of the database used by the application. Default: `app`. | | | | +| `owner` *string* | Name of the owner of the database in the instance to be used
by applications. Defaults to the value of the `database` key. | | | | +| `secret` *[LocalObjectReference](https://pkg.go.dev/github.com/cloudnative-pg/machinery/pkg/api#LocalObjectReference)* | Name of the secret containing the initial credentials for the
owner of the user database. If empty a new secret will be
created from scratch | | | | + +#### BootstrapRecovery + +BootstrapRecovery contains the configuration required to restore +from an existing cluster using 3 methodologies: external cluster, +volume snapshots or backup objects. Full recovery and Point-In-Time +Recovery are supported. +The method can be also be used to create clusters in continuous recovery +(replica clusters), also supporting cascading replication when `instances` > + +1. Once the cluster exits recovery, the password for the superuser + will be changed through the provided secret. + Refer to the Bootstrap page of the documentation for more information. + +*Appears in:* + +- [BootstrapConfiguration](#bootstrapconfiguration) + +| Field | Description | Required | Default | Validation | +| ---------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `backup` *[BackupSource](#backupsource)* | The backup object containing the physical base backup from which to
initiate the recovery procedure.
Mutually exclusive with `source` and `volumeSnapshots`. | | | | +| `source` *string* | The external cluster whose backup we will restore. This is also
used as the name of the folder under which the backup is stored,
so it must be set to the name of the source cluster
Mutually exclusive with `backup`. | | | | +| `volumeSnapshots` *[DataSource](#datasource)* | The static PVC data source(s) from which to initiate the
recovery procedure. Currently supporting `VolumeSnapshot`
and `PersistentVolumeClaim` resources that map an existing
PVC group, compatible with {{name.ln}}, and taken with
a cold backup copy on a fenced Postgres instance (limitation
which will be removed in the future when online backup
will be implemented).
Mutually exclusive with `backup`. | | | | +| `recoveryTarget` *[RecoveryTarget](#recoverytarget)* | By default, the recovery process applies all the available
WAL files in the archive (full recovery). However, you can also
end the recovery as soon as a consistent state is reached or
recover to a point-in-time (PITR) by specifying a `RecoveryTarget` object,
as expected by PostgreSQL (i.e., timestamp, transaction Id, LSN, ...).
More info: | | | | +| `database` *string* | Name of the database used by the application. Default: `app`. | | | | +| `owner` *string* | Name of the owner of the database in the instance to be used
by applications. Defaults to the value of the `database` key. | | | | +| `secret` *[LocalObjectReference](https://pkg.go.dev/github.com/cloudnative-pg/machinery/pkg/api#LocalObjectReference)* | Name of the secret containing the initial credentials for the
owner of the user database. If empty a new secret will be
created from scratch | | | | + +#### CatalogImage + +CatalogImage defines the image and major version + +*Appears in:* + +- [ImageCatalogSpec](#imagecatalogspec) + +| Field | Description | Required | Default | Validation | +| ----------------- | ----------------------------------------------------------------------------- | -------- | ------- | ------------------ | +| `image` *string* | The image reference | True | | | +| `major` *integer* | The PostgreSQL major version of the image. Must be unique within the catalog. | True | | Minimum: 10
| + +#### CertificatesConfiguration + +CertificatesConfiguration contains the needed configurations to handle server certificates. + +*Appears in:* + +- [CertificatesStatus](#certificatesstatus) +- [ClusterSpec](#clusterspec) + +| Field | Description | Required | Default | Validation | +| ---------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `serverCASecret` *string* | The secret containing the Server CA certificate. If not defined, a new secret will be created
with a self-signed CA and will be used to generate the TLS certificate ServerTLSSecret.

Contains:

- `ca.crt`: CA that should be used to validate the server certificate,
used as `sslrootcert` in client connection strings.
- `ca.key`: key used to generate Server SSL certs, if ServerTLSSecret is provided,
this can be omitted.
| | | | +| `serverTLSSecret` *string* | The secret of type kubernetes.io/tls containing the server TLS certificate and key that will be set as
`ssl_cert_file` and `ssl_key_file` so that clients can connect to postgres securely.
If not defined, ServerCASecret must provide also `ca.key` and a new secret will be
created using the provided CA. | | | | +| `replicationTLSSecret` *string* | The secret of type kubernetes.io/tls containing the client certificate to authenticate as
the `streaming_replica` user.
If not defined, ClientCASecret must provide also `ca.key`, and a new secret will be
created using the provided CA. | | | | +| `clientCASecret` *string* | The secret containing the Client CA certificate. If not defined, a new secret will be created
with a self-signed CA and will be used to generate all the client certificates.

Contains:

- `ca.crt`: CA that should be used to validate the client certificates,
used as `ssl_ca_file` of all the instances.
- `ca.key`: key used to generate client certificates, if ReplicationTLSSecret is provided,
this can be omitted.
| | | | +| `serverAltDNSNames` *string array* | The list of the server alternative DNS names to be added to the generated server TLS certificates, when required. | | | | + +#### CertificatesStatus + +CertificatesStatus contains configuration certificates and related expiration dates. + +*Appears in:* + +- [ClusterStatus](#clusterstatus) + +| Field | Description | Required | Default | Validation | +| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `serverCASecret` *string* | The secret containing the Server CA certificate. If not defined, a new secret will be created
with a self-signed CA and will be used to generate the TLS certificate ServerTLSSecret.

Contains:

- `ca.crt`: CA that should be used to validate the server certificate,
used as `sslrootcert` in client connection strings.
- `ca.key`: key used to generate Server SSL certs, if ServerTLSSecret is provided,
this can be omitted.
| | | | +| `serverTLSSecret` *string* | The secret of type kubernetes.io/tls containing the server TLS certificate and key that will be set as
`ssl_cert_file` and `ssl_key_file` so that clients can connect to postgres securely.
If not defined, ServerCASecret must provide also `ca.key` and a new secret will be
created using the provided CA. | | | | +| `replicationTLSSecret` *string* | The secret of type kubernetes.io/tls containing the client certificate to authenticate as
the `streaming_replica` user.
If not defined, ClientCASecret must provide also `ca.key`, and a new secret will be
created using the provided CA. | | | | +| `clientCASecret` *string* | The secret containing the Client CA certificate. If not defined, a new secret will be created
with a self-signed CA and will be used to generate all the client certificates.

Contains:

- `ca.crt`: CA that should be used to validate the client certificates,
used as `ssl_ca_file` of all the instances.
- `ca.key`: key used to generate client certificates, if ReplicationTLSSecret is provided,
this can be omitted.
| | | | +| `serverAltDNSNames` *string array* | The list of the server alternative DNS names to be added to the generated server TLS certificates, when required. | | | | +| `expirations` *object (keys:string, values:string)* | Expiration dates for all certificates. | | | | + +#### Cluster + +Cluster defines the API schema for a highly available PostgreSQL database cluster +managed by {{name.ln}}. + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `apiVersion` *string* | `postgresql.k8s.enterprisedb.io/v1` | True | | | +| `kind` *string* | `Cluster` | True | | | +| `metadata` *[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectmeta-v1-meta)* | Refer to Kubernetes API documentation for fields of `metadata`. | True | | | +| `spec` *[ClusterSpec](#clusterspec)* | Specification of the desired behavior of the cluster.
More info: | True | | | +| `status` *[ClusterStatus](#clusterstatus)* | Most recently observed status of the cluster. This data may not be up
to date. Populated by the system. Read-only.
More info: | | | | + +#### ClusterImageCatalog + +ClusterImageCatalog is the Schema for the clusterimagecatalogs API + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `apiVersion` *string* | `postgresql.k8s.enterprisedb.io/v1` | True | | | +| `kind` *string* | `ClusterImageCatalog` | True | | | +| `metadata` *[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectmeta-v1-meta)* | Refer to Kubernetes API documentation for fields of `metadata`. | True | | | +| `spec` *[ImageCatalogSpec](#imagecatalogspec)* | Specification of the desired behavior of the ClusterImageCatalog.
More info: | True | | | + +#### ClusterMonitoringTLSConfiguration + +ClusterMonitoringTLSConfiguration is the type containing the TLS configuration +for the cluster's monitoring + +*Appears in:* + +- [MonitoringConfiguration](#monitoringconfiguration) + +| Field | Description | Required | Default | Validation | +| ------------------- | -------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `enabled` *boolean* | Enable TLS for the monitoring endpoint.
Changing this option will force a rollout of all instances. | | false | | + +#### ClusterSpec + +ClusterSpec defines the desired state of a PostgreSQL cluster managed by +{{name.ln}}. + +*Appears in:* + +- [Cluster](#cluster) + +| Field | Description | Required | Default | Validation | +| --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------------ | --------------------------------------------- | +| `description` *string* | Description of this PostgreSQL cluster | | | | +| `inheritedMetadata` *[EmbeddedObjectMetadata](#embeddedobjectmetadata)* | Metadata that will be inherited by all objects related to the Cluster | | | | +| `imageName` *string* | Name of the container image, supporting both tags (`:`)
and digests for deterministic and repeatable deployments
(`:@sha256:`) | | | | +| `imageCatalogRef` *[ImageCatalogRef](#imagecatalogref)* | Defines the major PostgreSQL version we want to use within an ImageCatalog | | | | +| `imagePullPolicy` *[PullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#pullpolicy-v1-core)* | Image pull policy.
One of `Always`, `Never` or `IfNotPresent`.
If not defined, it defaults to `IfNotPresent`.
Cannot be updated.
More info: | | | | +| `schedulerName` *string* | If specified, the pod will be dispatched by specified Kubernetes
scheduler. If not specified, the pod will be dispatched by the default
scheduler. More info:
| | | | +| `postgresUID` *integer* | The UID of the `postgres` user inside the image, defaults to `26` | | 26 | | +| `postgresGID` *integer* | The GID of the `postgres` user inside the image, defaults to `26` | | 26 | | +| `instances` *integer* | Number of instances required in the cluster | True | 1 | Minimum: 1
| +| `minSyncReplicas` *integer* | Minimum number of instances required in synchronous replication with the
primary. Undefined or 0 allow writes to complete when no standby is
available. | | 0 | Minimum: 0
| +| `maxSyncReplicas` *integer* | The target value for the synchronous replication quorum, that can be
decreased if the number of ready standbys is lower than this.
Undefined or 0 disable synchronous replication. | | 0 | Minimum: 0
| +| `postgresql` *[PostgresConfiguration](#postgresconfiguration)* | Configuration of the PostgreSQL server | | | | +| `replicationSlots` *[ReplicationSlotsConfiguration](#replicationslotsconfiguration)* | Replication slots management configuration | | | | +| `bootstrap` *[BootstrapConfiguration](#bootstrapconfiguration)* | Instructions to bootstrap this cluster | | | | +| `replica` *[ReplicaClusterConfiguration](#replicaclusterconfiguration)* | Replica cluster configuration | | | | +| `superuserSecret` *[LocalObjectReference](https://pkg.go.dev/github.com/cloudnative-pg/machinery/pkg/api#LocalObjectReference)* | The secret containing the superuser password. If not defined a new
secret will be created with a randomly generated password | | | | +| `enableSuperuserAccess` *boolean* | When this option is enabled, the operator will use the `SuperuserSecret`
to update the `postgres` user password (if the secret is
not present, the operator will automatically create one). When this
option is disabled, the operator will ignore the `SuperuserSecret` content, delete
it when automatically created, and then blank the password of the `postgres`
user by setting it to `NULL`. Disabled by default. | | | | +| `certificates` *[CertificatesConfiguration](#certificatesconfiguration)* | The configuration for the CA and related certificates | | | | +| `imagePullSecrets` *[LocalObjectReference](https://pkg.go.dev/github.com/cloudnative-pg/machinery/pkg/api#LocalObjectReference) array* | The list of pull secrets to be used to pull the images. If the license key
contains a pull secret that secret will be automatically included. | | | | +| `storage` *[StorageConfiguration](#storageconfiguration)* | Configuration of the storage of the instances | | | | +| `serviceAccountTemplate` *[ServiceAccountTemplate](#serviceaccounttemplate)* | Configure the generation of the service account | | | | +| `walStorage` *[StorageConfiguration](#storageconfiguration)* | Configuration of the storage for PostgreSQL WAL (Write-Ahead Log) | | | | +| `ephemeralVolumeSource` *[EphemeralVolumeSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#ephemeralvolumesource-v1-core)* | EphemeralVolumeSource allows the user to configure the source of ephemeral volumes. | | | | +| `startDelay` *integer* | The time in seconds that is allowed for a PostgreSQL instance to
successfully start up (default 3600).
The startup probe failure threshold is derived from this value using the formula:
ceiling(startDelay / 10). | | 3600 | | +| `stopDelay` *integer* | The time in seconds that is allowed for a PostgreSQL instance to
gracefully shutdown (default 1800) | | 1800 | | +| `smartStopDelay` *integer* | Deprecated: please use SmartShutdownTimeout instead | | | | +| `smartShutdownTimeout` *integer* | The time in seconds that controls the window of time reserved for the smart shutdown of Postgres to complete.
Make sure you reserve enough time for the operator to request a fast shutdown of Postgres
(that is: `stopDelay` - `smartShutdownTimeout`). Default is 180 seconds. | | 180 | | +| `switchoverDelay` *integer* | The time in seconds that is allowed for a primary PostgreSQL instance
to gracefully shutdown during a switchover.
Default value is 3600 seconds (1 hour). | | 3600 | | +| `failoverDelay` *integer* | The amount of time (in seconds) to wait before triggering a failover
after the primary PostgreSQL instance in the cluster was detected
to be unhealthy | | 0 | | +| `livenessProbeTimeout` *integer* | LivenessProbeTimeout is the time (in seconds) that is allowed for a PostgreSQL instance
to successfully respond to the liveness probe (default 30).
The Liveness probe failure threshold is derived from this value using the formula:
ceiling(livenessProbe / 10). | | | | +| `affinity` *[AffinityConfiguration](#affinityconfiguration)* | Affinity/Anti-affinity rules for Pods | | | | +| `topologySpreadConstraints` *[TopologySpreadConstraint](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#topologyspreadconstraint-v1-core) array* | TopologySpreadConstraints specifies how to spread matching pods among the given topology.
More info:
| | | | +| `resources` *[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#resourcerequirements-v1-core)* | Resources requirements of every generated Pod. Please refer to

for more information. | | | | +| `ephemeralVolumesSizeLimit` *[EphemeralVolumesSizeLimitConfiguration](#ephemeralvolumessizelimitconfiguration)* | EphemeralVolumesSizeLimit allows the user to set the limits for the ephemeral
volumes | | | | +| `priorityClassName` *string* | Name of the priority class which will be used in every generated Pod, if the PriorityClass
specified does not exist, the pod will not be able to schedule. Please refer to

for more information | | | | +| `primaryUpdateStrategy` *[PrimaryUpdateStrategy](#primaryupdatestrategy)* | Deployment strategy to follow to upgrade the primary server during a rolling
update procedure, after all replicas have been successfully updated:
it can be automated (`unsupervised` - default) or manual (`supervised`) | | unsupervised | Enum: [unsupervised supervised]
| +| `primaryUpdateMethod` *[PrimaryUpdateMethod](#primaryupdatemethod)* | Method to follow to upgrade the primary server during a rolling
update procedure, after all replicas have been successfully updated:
it can be with a switchover (`switchover`) or in-place (`restart` - default).
Note: when using `switchover`, the operator will reject updates that change both
the image name and PostgreSQL configuration parameters simultaneously to avoid
configuration mismatches during the switchover process. | | | Enum: [switchover restart]
| +| `backup` *[BackupConfiguration](#backupconfiguration)* | The configuration to be used for backups | | | | +| `nodeMaintenanceWindow` *[NodeMaintenanceWindow](#nodemaintenancewindow)* | Define a maintenance window for the Kubernetes nodes | | | | +| `licenseKey` *string* | The license key of the cluster. When empty, the cluster operates in
trial mode and after the expiry date (default 30 days) the operator
will cease any reconciliation attempt. For details, please refer to
the license agreement that comes with the operator. | | | | +| `licenseKeySecret` *[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#secretkeyselector-v1-core)* | The reference to the license key. When this is set it take precedence over LicenseKey. | | | | +| `monitoring` *[MonitoringConfiguration](#monitoringconfiguration)* | The configuration of the monitoring infrastructure of this cluster | | | | +| `externalClusters` *[ExternalCluster](#externalcluster) array* | The list of external clusters which are used in the configuration | | | | +| `logLevel` *string* | The instances' log level, one of the following values: error, warning, info (default), debug, trace | | info | Enum: [error warning info debug trace]
| +| `projectedVolumeTemplate` *[ProjectedVolumeSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#projectedvolumesource-v1-core)* | Template to be used to define projected volumes, projected volumes will be mounted
under `/projected` base folder | | | | +| `env` *[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#envvar-v1-core) array* | Env follows the Env format to pass environment variables
to the pods created in the cluster | | | | +| `envFrom` *[EnvFromSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#envfromsource-v1-core) array* | EnvFrom follows the EnvFrom format to pass environment variables
sources to the pods to be used by Env | | | | +| `managed` *[ManagedConfiguration](#managedconfiguration)* | The configuration that is used by the portions of PostgreSQL that are managed by the instance manager | | | | +| `seccompProfile` *[SeccompProfile](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#seccompprofile-v1-core)* | The SeccompProfile applied to every Pod and Container.
Defaults to: `RuntimeDefault` | | | | +| `podSecurityContext` *[PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#podsecuritycontext-v1-core)* | Override the PodSecurityContext applied to every Pod of the cluster.
When set, this overrides the operator's default PodSecurityContext for the cluster.
If omitted, the operator defaults are used.
This field doesn't have any effect if SecurityContextConstraints are present. | | | | +| `securityContext` *[SecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#securitycontext-v1-core)* | Override the SecurityContext applied to every Container in the Pod of the cluster.
When set, this overrides the operator's default Container SecurityContext.
If omitted, the operator defaults are used. | | | | +| `tablespaces` *[TablespaceConfiguration](#tablespaceconfiguration) array* | The tablespaces configuration | | | | +| `enablePDB` *boolean* | Manage the `PodDisruptionBudget` resources within the cluster. When
configured as `true` (default setting), the pod disruption budgets
will safeguard the primary node from being terminated. Conversely,
setting it to `false` will result in the absence of any
`PodDisruptionBudget` resource, permitting the shutdown of all nodes
hosting the PostgreSQL cluster. This latter configuration is
advisable for any PostgreSQL cluster employed for
development/staging purposes. | | true | | +| `plugins` *[PluginConfiguration](#pluginconfiguration) array* | The plugins configuration, containing
any plugin to be loaded with the corresponding configuration | | | | +| `probes` *[ProbesConfiguration](#probesconfiguration)* | The configuration of the probes to be injected
in the PostgreSQL Pods. | | | | + +#### ClusterStatus + +ClusterStatus defines the observed state of a PostgreSQL cluster managed by +{{name.ln}}. + +*Appears in:* + +- [Cluster](#cluster) + +| Field | Description | Required | Default | Validation | +| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `instances` *integer* | The total number of PVC Groups detected in the cluster. It may differ from the number of existing instance pods. | | | | +| `readyInstances` *integer* | The total number of ready instances in the cluster. It is equal to the number of ready instance pods. | | | | +| `instancesStatus` *object (keys:[PodStatus](#podstatus), values:string array)* | InstancesStatus indicates in which status the instances are | | | | +| `instancesReportedState` *object (keys:[PodName](#podname), values:[InstanceReportedState](#instancereportedstate))* | The reported state of the instances during the last reconciliation loop | | | | +| `managedRolesStatus` *[ManagedRoles](#managedroles)* | ManagedRolesStatus reports the state of the managed roles in the cluster | | | | +| `tablespacesStatus` *[TablespaceState](#tablespacestate) array* | TablespacesStatus reports the state of the declarative tablespaces in the cluster | | | | +| `timelineID` *integer* | The timeline of the Postgres cluster | | | | +| `topology` *[Topology](#topology)* | Instances topology. | | | | +| `latestGeneratedNode` *integer* | ID of the latest generated node (used to avoid node name clashing) | | | | +| `currentPrimary` *string* | Current primary instance | | | | +| `targetPrimary` *string* | Target primary instance, this is different from the previous one
during a switchover or a failover | | | | +| `lastPromotionToken` *string* | LastPromotionToken is the last verified promotion token that
was used to promote a replica cluster | | | | +| `pvcCount` *integer* | How many PVCs have been created by this cluster | | | | +| `jobCount` *integer* | How many Jobs have been created by this cluster | | | | +| `danglingPVC` *string array* | List of all the PVCs created by this cluster and still available
which are not attached to a Pod | | | | +| `resizingPVC` *string array* | List of all the PVCs that have ResizingPVC condition. | | | | +| `initializingPVC` *string array* | List of all the PVCs that are being initialized by this cluster | | | | +| `healthyPVC` *string array* | List of all the PVCs not dangling nor initializing | | | | +| `unusablePVC` *string array* | List of all the PVCs that are unusable because another PVC is missing | | | | +| `licenseStatus` *[Status](#status)* | Status of the license | | | | +| `writeService` *string* | Current write pod | | | | +| `readService` *string* | Current list of read pods | | | | +| `phase` *string* | Current phase of the cluster | | | | +| `phaseReason` *string* | Reason for the current phase | | | | +| `secretsResourceVersion` *[SecretsResourceVersion](#secretsresourceversion)* | The list of resource versions of the secrets
managed by the operator. Every change here is done in the
interest of the instance manager, which will refresh the
secret data | | | | +| `configMapResourceVersion` *[ConfigMapResourceVersion](#configmapresourceversion)* | The list of resource versions of the configmaps,
managed by the operator. Every change here is done in the
interest of the instance manager, which will refresh the
configmap data | | | | +| `certificates` *[CertificatesStatus](#certificatesstatus)* | The configuration for the CA and related certificates, initialized with defaults. | | | | +| `firstRecoverabilityPoint` *string* | The first recoverability point, stored as a date in RFC3339 format.
This field is calculated from the content of FirstRecoverabilityPointByMethod.
Deprecated: the field is not set for backup plugins. | | | | +| `firstRecoverabilityPointByMethod` *object (keys:[BackupMethod](#backupmethod), values:[Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#time-v1-meta))* | The first recoverability point, stored as a date in RFC3339 format, per backup method type.
Deprecated: the field is not set for backup plugins. | | | | +| `lastSuccessfulBackup` *string* | Last successful backup, stored as a date in RFC3339 format.
This field is calculated from the content of LastSuccessfulBackupByMethod.
Deprecated: the field is not set for backup plugins. | | | | +| `lastSuccessfulBackupByMethod` *object (keys:[BackupMethod](#backupmethod), values:[Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#time-v1-meta))* | Last successful backup, stored as a date in RFC3339 format, per backup method type.
Deprecated: the field is not set for backup plugins. | | | | +| `lastFailedBackup` *string* | Last failed backup, stored as a date in RFC3339 format.
Deprecated: the field is not set for backup plugins. | | | | +| `cloudNativePostgresqlCommitHash` *string* | The commit hash number of which this operator running | | | | +| `currentPrimaryTimestamp` *string* | The timestamp when the last actual promotion to primary has occurred | | | | +| `currentPrimaryFailingSinceTimestamp` *string* | The timestamp when the primary was detected to be unhealthy
This field is reported when `.spec.failoverDelay` is populated or during online upgrades | | | | +| `targetPrimaryTimestamp` *string* | The timestamp when the last request for a new primary has occurred | | | | +| `poolerIntegrations` *[PoolerIntegrations](#poolerintegrations)* | The integration needed by poolers referencing the cluster | | | | +| `cloudNativePostgresqlOperatorHash` *string* | The hash of the binary of the operator | | | | +| `availableArchitectures` *[AvailableArchitecture](#availablearchitecture) array* | AvailableArchitectures reports the available architectures of a cluster | | | | +| `conditions` *[Condition](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#condition-v1-meta) array* | Conditions for cluster object | | | | +| `instanceNames` *string array* | List of instance names in the cluster | | | | +| `onlineUpdateEnabled` *boolean* | OnlineUpdateEnabled shows if the online upgrade is enabled inside the cluster | | | | +| `image` *string* | Image contains the image name used by the pods | | | | +| `pgDataImageInfo` *[ImageInfo](#imageinfo)* | PGDataImageInfo contains the details of the latest image that has run on the current data directory. | | | | +| `pluginStatus` *[PluginStatus](#pluginstatus) array* | PluginStatus is the status of the loaded plugins | | | | +| `switchReplicaClusterStatus` *[SwitchReplicaClusterStatus](#switchreplicaclusterstatus)* | SwitchReplicaClusterStatus is the status of the switch to replica cluster | | | | +| `demotionToken` *string* | DemotionToken is a JSON token containing the information
from pg_controldata such as Database system identifier, Latest checkpoint's
TimeLineID, Latest checkpoint's REDO location, Latest checkpoint's REDO
WAL file, and Time of latest checkpoint | | | | +| `systemID` *string* | SystemID is the latest detected PostgreSQL SystemID | | | | + +#### ConfigMapResourceVersion + +ConfigMapResourceVersion is the resource versions of the secrets +managed by the operator + +*Appears in:* + +- [ClusterStatus](#clusterstatus) + +| Field | Description | Required | Default | Validation | +| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `metrics` *object (keys:string, values:string)* | A map with the versions of all the config maps used to pass metrics.
Map keys are the config map names, map values are the versions | | | | + +#### DataDurabilityLevel + +*Underlying type:* *string* + +DataDurabilityLevel specifies how strictly to enforce synchronous replication +when cluster instances are unavailable. Options are `required` or `preferred`. + +*Appears in:* + +- [SynchronousReplicaConfiguration](#synchronousreplicaconfiguration) + +| Field | Description | +| ----------- | ----------------------------------------------------------------------------------------------------------------------- | +| `required` | DataDurabilityLevelRequired means that data durability is strictly enforced
| +| `preferred` | DataDurabilityLevelPreferred means that data durability is enforced
only when healthy replicas are available
| + +#### DataSource + +DataSource contains the configuration required to bootstrap a +PostgreSQL cluster from an existing storage + +*Appears in:* + +- [BootstrapRecovery](#bootstraprecovery) + +| Field | Description | Required | Default | Validation | +| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | -------- | ------- | ---------- | +| `storage` *[TypedLocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#typedlocalobjectreference-v1-core)* | Configuration of the storage of the instances | True | | | +| `walStorage` *[TypedLocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#typedlocalobjectreference-v1-core)* | Configuration of the storage for PostgreSQL WAL (Write-Ahead Log) | | | | +| `tablespaceStorage` *object (keys:string, values:[TypedLocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#typedlocalobjectreference-v1-core))* | Configuration of the storage for PostgreSQL tablespaces | | | | + +#### Database + +Database is the Schema for the databases API + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `apiVersion` *string* | `postgresql.k8s.enterprisedb.io/v1` | True | | | +| `kind` *string* | `Database` | True | | | +| `metadata` *[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectmeta-v1-meta)* | Refer to Kubernetes API documentation for fields of `metadata`. | True | | | +| `spec` *[DatabaseSpec](#databasespec)* | Specification of the desired Database.
More info: | True | | | +| `status` *[DatabaseStatus](#databasestatus)* | Most recently observed status of the Database. This data may not be up to
date. Populated by the system. Read-only.
More info: | | | | + +#### DatabaseObjectSpec + +DatabaseObjectSpec contains the fields which are common to every +database object + +*Appears in:* + +- [ExtensionSpec](#extensionspec) +- [FDWSpec](#fdwspec) +- [SchemaSpec](#schemaspec) +- [ServerSpec](#serverspec) + +| Field | Description | Required | Default | Validation | +| ---------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ----------------------------- | +| `name` *string* | Name of the object (extension, schema, FDW, server) | True | | | +| `ensure` *[EnsureOption](#ensureoption)* | Specifies whether an object (e.g schema) should be present or absent
in the database. If set to `present`, the object will be created if
it does not exist. If set to `absent`, the extension/schema will be
removed if it exists. | | present | Enum: [present absent]
| + +#### DatabaseObjectStatus + +DatabaseObjectStatus is the status of the managed database objects + +*Appears in:* + +- [DatabaseStatus](#databasestatus) + +| Field | Description | Required | Default | Validation | +| ------------------- | ----------------------------------------------------------------------- | -------- | ------- | ---------- | +| `name` *string* | The name of the object | True | | | +| `applied` *boolean* | True of the object has been installed successfully in
the database | True | | | +| `message` *string* | Message is the object reconciliation message | | | | + +#### DatabaseReclaimPolicy + +*Underlying type:* *string* + +DatabaseReclaimPolicy describes a policy for end-of-life maintenance of databases. + +*Appears in:* + +- [DatabaseSpec](#databasespec) + +| Field | Description | +| -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `delete` | DatabaseReclaimDelete means the database will be deleted from its PostgreSQL Cluster on release
from its claim.
| +| `retain` | DatabaseReclaimRetain means the database will be left in its current phase for manual
reclamation by the administrator. The default policy is Retain.
| + +#### DatabaseRoleRef + +DatabaseRoleRef is a reference an a role available inside PostgreSQL + +*Appears in:* + +- [TablespaceConfiguration](#tablespaceconfiguration) + +| Field | Description | Required | Default | Validation | +| --------------- | ----------- | -------- | ------- | ---------- | +| `name` *string* | | | | | + +#### DatabaseSpec + +DatabaseSpec is the specification of a Postgresql Database, built around the +`CREATE DATABASE`, `ALTER DATABASE`, and `DROP DATABASE` SQL commands of +PostgreSQL. + +*Appears in:* + +- [Database](#database) + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ----------------------------- | +| `cluster` *[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#localobjectreference-v1-core)* | The name of the PostgreSQL cluster hosting the database. | True | | | +| `ensure` *[EnsureOption](#ensureoption)* | Ensure the PostgreSQL database is `present` or `absent` - defaults to "present". | | present | Enum: [present absent]
| +| `name` *string* | The name of the database to create inside PostgreSQL. This setting cannot be changed. | True | | | +| `owner` *string* | Maps to the `OWNER` parameter of `CREATE DATABASE`.
Maps to the `OWNER TO` command of `ALTER DATABASE`.
The role name of the user who owns the database inside PostgreSQL. | True | | | +| `template` *string* | Maps to the `TEMPLATE` parameter of `CREATE DATABASE`. This setting
cannot be changed. The name of the template from which to create
this database. | | | | +| `encoding` *string* | Maps to the `ENCODING` parameter of `CREATE DATABASE`. This setting
cannot be changed. Character set encoding to use in the database. | | | | +| `locale` *string* | Maps to the `LOCALE` parameter of `CREATE DATABASE`. This setting
cannot be changed. Sets the default collation order and character
classification in the new database. | | | | +| `localeProvider` *string* | Maps to the `LOCALE_PROVIDER` parameter of `CREATE DATABASE`. This
setting cannot be changed. This option sets the locale provider for
databases created in the new cluster. Available from PostgreSQL 16. | | | | +| `localeCollate` *string* | Maps to the `LC_COLLATE` parameter of `CREATE DATABASE`. This
setting cannot be changed. | | | | +| `localeCType` *string* | Maps to the `LC_CTYPE` parameter of `CREATE DATABASE`. This setting
cannot be changed. | | | | +| `icuLocale` *string* | Maps to the `ICU_LOCALE` parameter of `CREATE DATABASE`. This
setting cannot be changed. Specifies the ICU locale when the ICU
provider is used. This option requires `localeProvider` to be set to
`icu`. Available from PostgreSQL 15. | | | | +| `icuRules` *string* | Maps to the `ICU_RULES` parameter of `CREATE DATABASE`. This setting
cannot be changed. Specifies additional collation rules to customize
the behavior of the default collation. This option requires
`localeProvider` to be set to `icu`. Available from PostgreSQL 16. | | | | +| `builtinLocale` *string* | Maps to the `BUILTIN_LOCALE` parameter of `CREATE DATABASE`. This
setting cannot be changed. Specifies the locale name when the
builtin provider is used. This option requires `localeProvider` to
be set to `builtin`. Available from PostgreSQL 17. | | | | +| `collationVersion` *string* | Maps to the `COLLATION_VERSION` parameter of `CREATE DATABASE`. This
setting cannot be changed. | | | | +| `isTemplate` *boolean* | Maps to the `IS_TEMPLATE` parameter of `CREATE DATABASE` and `ALTER
DATABASE`. If true, this database is considered a template and can
be cloned by any user with `CREATEDB` privileges. | | | | +| `allowConnections` *boolean* | Maps to the `ALLOW_CONNECTIONS` parameter of `CREATE DATABASE` and
`ALTER DATABASE`. If false then no one can connect to this database. | | | | +| `connectionLimit` *integer* | Maps to the `CONNECTION LIMIT` clause of `CREATE DATABASE` and
`ALTER DATABASE`. How many concurrent connections can be made to
this database. -1 (the default) means no limit. | | | | +| `tablespace` *string* | Maps to the `TABLESPACE` parameter of `CREATE DATABASE`.
Maps to the `SET TABLESPACE` command of `ALTER DATABASE`.
The name of the tablespace (in PostgreSQL) that will be associated
with the new database. This tablespace will be the default
tablespace used for objects created in this database. | | | | +| `databaseReclaimPolicy` *[DatabaseReclaimPolicy](#databasereclaimpolicy)* | The policy for end-of-life maintenance of this database. | | retain | Enum: [delete retain]
| +| `schemas` *[SchemaSpec](#schemaspec) array* | The list of schemas to be managed in the database | | | | +| `extensions` *[ExtensionSpec](#extensionspec) array* | The list of extensions to be managed in the database | | | | +| `fdws` *[FDWSpec](#fdwspec) array* | The list of foreign data wrappers to be managed in the database | | | | +| `servers` *[ServerSpec](#serverspec) array* | The list of foreign servers to be managed in the database | | | | + +#### DatabaseStatus + +DatabaseStatus defines the observed state of Database + +*Appears in:* + +- [Database](#database) + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------ | ---------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `observedGeneration` *integer* | A sequence number representing the latest
desired state that was synchronized | | | | +| `applied` *boolean* | Applied is true if the database was reconciled correctly | | | | +| `message` *string* | Message is the reconciliation output message | | | | +| `schemas` *[DatabaseObjectStatus](#databaseobjectstatus) array* | Schemas is the status of the managed schemas | | | | +| `extensions` *[DatabaseObjectStatus](#databaseobjectstatus) array* | Extensions is the status of the managed extensions | | | | +| `fdws` *[DatabaseObjectStatus](#databaseobjectstatus) array* | FDWs is the status of the managed FDWs | | | | +| `servers` *[DatabaseObjectStatus](#databaseobjectstatus) array* | Servers is the status of the managed servers | | | | + +#### EPASConfiguration + +EPASConfiguration contains EDB Postgres Advanced Server specific configurations + +*Appears in:* + +- [PostgresConfiguration](#postgresconfiguration) + +| Field | Description | Required | Default | Validation | +| --------------------------------------------- | --------------------------------- | -------- | ------- | ---------- | +| `audit` *boolean* | If true enables edb_audit logging | | | | +| `tde` *[TDEConfiguration](#tdeconfiguration)* | TDE configuration | | | | + +#### EmbeddedObjectMetadata + +EmbeddedObjectMetadata contains metadata to be inherited by all resources related to a Cluster + +*Appears in:* + +- [ClusterSpec](#clusterspec) + +| Field | Description | Required | Default | Validation | +| --------------------------------------------------- | ----------- | -------- | ------- | ---------- | +| `labels` *object (keys:string, values:string)* | | | | | +| `annotations` *object (keys:string, values:string)* | | | | | + +#### EnsureOption + +*Underlying type:* *string* + +EnsureOption represents whether we should enforce the presence or absence of +a Role in a PostgreSQL instance + +*Appears in:* + +- [DatabaseObjectSpec](#databaseobjectspec) +- [DatabaseSpec](#databasespec) +- [ExtensionSpec](#extensionspec) +- [FDWSpec](#fdwspec) +- [OptionSpec](#optionspec) +- [RoleConfiguration](#roleconfiguration) +- [SchemaSpec](#schemaspec) +- [ServerSpec](#serverspec) + +| Field | Description | +| --------- | ----------- | +| `present` | | +| `absent` | | + +#### EphemeralVolumesSizeLimitConfiguration + +EphemeralVolumesSizeLimitConfiguration contains the configuration of the ephemeral +storage + +*Appears in:* + +- [ClusterSpec](#clusterspec) + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------ | -------- | ------- | ---------- | +| `shm` *[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#quantity-resource-api)* | Shm is the size limit of the shared memory volume | | | | +| `temporaryData` *[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#quantity-resource-api)* | TemporaryData is the size limit of the temporary data volume | | | | + +#### ExtensionConfiguration + +ExtensionConfiguration is the configuration used to add +PostgreSQL extensions to the Cluster. + +*Appears in:* + +- [PostgresConfiguration](#postgresconfiguration) + +| Field | Description | Required | Default | Validation | +| ----------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | -------- | ------- | --------------------------------------------------------------------- | +| `name` *string* | The name of the extension, required | True | | MinLength: 1
Pattern: `^[a-z0-9]([-a-z0-9_]*[a-z0-9])?$`
| +| `image` *[ImageVolumeSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#imagevolumesource-v1-core)* | The image containing the extension, required | True | | | +| `extension_control_path` *string array* | The list of directories inside the image which should be added to extension_control_path.
If not defined, defaults to "/share". | | | | +| `dynamic_library_path` *string array* | The list of directories inside the image which should be added to dynamic_library_path.
If not defined, defaults to "/lib". | | | | +| `ld_library_path` *string array* | The list of directories inside the image which should be added to ld_library_path. | | | | + +#### ExtensionSpec + +ExtensionSpec configures an extension in a database + +*Appears in:* + +- [DatabaseSpec](#databasespec) + +| Field | Description | Required | Default | Validation | +| ---------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ----------------------------- | +| `name` *string* | Name of the object (extension, schema, FDW, server) | True | | | +| `ensure` *[EnsureOption](#ensureoption)* | Specifies whether an object (e.g schema) should be present or absent
in the database. If set to `present`, the object will be created if
it does not exist. If set to `absent`, the extension/schema will be
removed if it exists. | | present | Enum: [present absent]
| +| `version` *string* | The version of the extension to install. If empty, the operator will
install the default version (whatever is specified in the
extension's control file) | True | | | +| `schema` *string* | The name of the schema in which to install the extension's objects,
in case the extension allows its contents to be relocated. If not
specified (default), and the extension's control file does not
specify a schema either, the current default object creation schema
is used. | True | | | + +#### ExternalCluster + +ExternalCluster represents the connection parameters to an +external cluster which is used in the other sections of the configuration + +*Appears in:* + +- [ClusterSpec](#clusterspec) + +| Field | Description | Required | Default | Validation | +| -------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `name` *string* | The server name, required | True | | | +| `connectionParameters` *object (keys:string, values:string)* | The list of connection parameters, such as dbname, host, username, etc | | | | +| `sslCert` *[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#secretkeyselector-v1-core)* | The reference to an SSL certificate to be used to connect to this
instance | | | | +| `sslKey` *[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#secretkeyselector-v1-core)* | The reference to an SSL private key to be used to connect to this
instance | | | | +| `sslRootCert` *[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#secretkeyselector-v1-core)* | The reference to an SSL CA public key to be used to connect to this
instance | | | | +| `password` *[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#secretkeyselector-v1-core)* | The reference to the password to be used to connect to the server.
If a password is provided, {{name.ln}} creates a PostgreSQL
passfile at `/controller/external/NAME/pass` (where "NAME" is the
cluster's name). This passfile is automatically referenced in the
connection string when establishing a connection to the remote
PostgreSQL server from the current PostgreSQL `Cluster`. This ensures
secure and efficient password management for external clusters. | | | | +| `barmanObjectStore` *[BarmanObjectStoreConfiguration](https://pkg.go.dev/github.com/cloudnative-pg/barman-cloud/pkg/api#BarmanObjectStoreConfiguration)* | The configuration for the barman-cloud tool suite | | | | +| `plugin` *[PluginConfiguration](#pluginconfiguration)* | The configuration of the plugin that is taking care
of WAL archiving and backups for this external cluster | True | | | + +#### FDWSpec + +FDWSpec configures an Foreign Data Wrapper in a database + +*Appears in:* + +- [DatabaseSpec](#databasespec) + +| Field | Description | Required | Default | Validation | +| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ----------------------------- | +| `name` *string* | Name of the object (extension, schema, FDW, server) | True | | | +| `ensure` *[EnsureOption](#ensureoption)* | Specifies whether an object (e.g schema) should be present or absent
in the database. If set to `present`, the object will be created if
it does not exist. If set to `absent`, the extension/schema will be
removed if it exists. | | present | Enum: [present absent]
| +| `handler` *string* | Name of the handler function (e.g., "postgres_fdw_handler").
This will be empty if no handler is specified. In that case,
the default handler is registered when the FDW extension is created. | | | | +| `validator` *string* | Name of the validator function (e.g., "postgres_fdw_validator").
This will be empty if no validator is specified. In that case,
the default validator is registered when the FDW extension is created. | | | | +| `owner` *string* | Owner specifies the database role that will own the Foreign Data Wrapper.
The role must have superuser privileges in the target database. | | | | +| `options` *[OptionSpec](#optionspec) array* | Options specifies the configuration options for the FDW. | | | | +| `usage` *[UsageSpec](#usagespec) array* | List of roles for which `USAGE` privileges on the FDW are granted or revoked. | | | | + +#### FailoverQuorum + +FailoverQuorum contains the information about the current failover +quorum status of a PG cluster. It is updated by the instance manager +of the primary node and reset to zero by the operator to trigger +an update. + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------- | -------- | ------- | ---------- | +| `apiVersion` *string* | `postgresql.k8s.enterprisedb.io/v1` | True | | | +| `kind` *string* | `FailoverQuorum` | True | | | +| `metadata` *[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectmeta-v1-meta)* | Refer to Kubernetes API documentation for fields of `metadata`. | True | | | +| `status` *[FailoverQuorumStatus](#failoverquorumstatus)* | Most recently observed status of the failover quorum. | | | | + +#### FailoverQuorumStatus + +FailoverQuorumStatus is the latest observed status of the failover +quorum of the PG cluster. + +*Appears in:* + +- [FailoverQuorum](#failoverquorum) + +| Field | Description | Required | Default | Validation | +| ----------------------------- | --------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `method` *string* | Contains the latest reported Method value. | | | | +| `standbyNames` *string array* | StandbyNames is the list of potentially synchronous
instance names. | | | | +| `standbyNumber` *integer* | StandbyNumber is the number of synchronous standbys that transactions
need to wait for replies from. | | | | +| `primary` *string* | Primary is the name of the primary instance that updated
this object the latest time. | | | | + +#### ImageCatalog + +ImageCatalog is the Schema for the imagecatalogs API + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `apiVersion` *string* | `postgresql.k8s.enterprisedb.io/v1` | True | | | +| `kind` *string* | `ImageCatalog` | True | | | +| `metadata` *[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectmeta-v1-meta)* | Refer to Kubernetes API documentation for fields of `metadata`. | True | | | +| `spec` *[ImageCatalogSpec](#imagecatalogspec)* | Specification of the desired behavior of the ImageCatalog.
More info: | True | | | + +#### ImageCatalogRef + +ImageCatalogRef defines the reference to a major version in an ImageCatalog + +*Appears in:* + +- [ClusterSpec](#clusterspec) + +| Field | Description | Required | Default | Validation | +| ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `apiGroup` *string* | APIGroup is the group for the resource being referenced.
If APIGroup is not specified, the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required. | | | | +| `kind` *string* | Kind is the type of resource being referenced | True | | | +| `name` *string* | Name is the name of resource being referenced | True | | | +| `major` *integer* | The major version of PostgreSQL we want to use from the ImageCatalog | True | | | + +#### ImageCatalogSpec + +ImageCatalogSpec defines the desired ImageCatalog + +*Appears in:* + +- [ClusterImageCatalog](#clusterimagecatalog) +- [ImageCatalog](#imagecatalog) + +| Field | Description | Required | Default | Validation | +| ---------------------------------------------- | ---------------------------------------------- | -------- | ------- | ------------------------------------ | +| `images` *[CatalogImage](#catalogimage) array* | List of CatalogImages available in the catalog | True | | MaxItems: 8
MinItems: 1
| + +#### ImageInfo + +ImageInfo contains the information about a PostgreSQL image + +*Appears in:* + +- [ClusterStatus](#clusterstatus) + +| Field | Description | Required | Default | Validation | +| ------------------------ | ---------------------------------------------- | -------- | ------- | ---------- | +| `image` *string* | Image is the image name | True | | | +| `majorVersion` *integer* | MajorVersion is the major version of the image | True | | | + +#### Import + +Import contains the configuration to init a database from a logic snapshot of an externalCluster + +*Appears in:* + +- [BootstrapInitDB](#bootstrapinitdb) + +| Field | Description | Required | Default | Validation | +| ----------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ------------------------------------ | +| `source` *[ImportSource](#importsource)* | The source of the import | True | | | +| `type` *[SnapshotType](#snapshottype)* | The import type. Can be `microservice` or `monolith`. | True | | Enum: [microservice monolith]
| +| `databases` *string array* | The databases to import | True | | | +| `roles` *string array* | The roles to import | | | | +| `postImportApplicationSQL` *string array* | List of SQL queries to be executed as a superuser in the application
database right after is imported - to be used with extreme care
(by default empty). Only available in microservice type. | | | | +| `schemaOnly` *boolean* | When set to true, only the `pre-data` and `post-data` sections of
`pg_restore` are invoked, avoiding data import. Default: `false`. | | | | +| `pgDumpExtraOptions` *string array* | List of custom options to pass to the `pg_dump` command.
IMPORTANT: Use with caution. The operator does not validate these options,
and certain flags may interfere with its intended functionality or design.
You are responsible for ensuring that the provided options are compatible
with your environment and desired behavior. | | | | +| `pgRestoreExtraOptions` *string array* | List of custom options to pass to the `pg_restore` command.
IMPORTANT: Use with caution. The operator does not validate these options,
and certain flags may interfere with its intended functionality or design.
You are responsible for ensuring that the provided options are compatible
with your environment and desired behavior. | | | | +| `pgRestorePredataOptions` *string array* | Custom options to pass to the `pg_restore` command during the `pre-data`
section. This setting overrides the generic `pgRestoreExtraOptions` value.
IMPORTANT: Use with caution. The operator does not validate these options,
and certain flags may interfere with its intended functionality or design.
You are responsible for ensuring that the provided options are compatible
with your environment and desired behavior. | | | | +| `pgRestoreDataOptions` *string array* | Custom options to pass to the `pg_restore` command during the `data`
section. This setting overrides the generic `pgRestoreExtraOptions` value.
IMPORTANT: Use with caution. The operator does not validate these options,
and certain flags may interfere with its intended functionality or design.
You are responsible for ensuring that the provided options are compatible
with your environment and desired behavior. | | | | +| `pgRestorePostdataOptions` *string array* | Custom options to pass to the `pg_restore` command during the `post-data`
section. This setting overrides the generic `pgRestoreExtraOptions` value.
IMPORTANT: Use with caution. The operator does not validate these options,
and certain flags may interfere with its intended functionality or design.
You are responsible for ensuring that the provided options are compatible
with your environment and desired behavior. | | | | + +#### ImportSource + +ImportSource describes the source for the logical snapshot + +*Appears in:* + +- [Import](#import) + +| Field | Description | Required | Default | Validation | +| -------------------------- | ----------------------------------------------- | -------- | ------- | ---------- | +| `externalCluster` *string* | The name of the externalCluster used for import | True | | | + +#### InstanceID + +InstanceID contains the information to identify an instance + +*Appears in:* + +- [BackupStatus](#backupstatus) + +| Field | Description | Required | Default | Validation | +| ---------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `podName` *string* | The pod name | | | | +| `ContainerID` *string* | The container ID | | | | +| `sessionID` *string* | The instance manager session ID. This is a unique identifier generated at instance manager
startup and changes on every restart (including container reboots). Used to detect if
the instance manager was restarted during long-running operations like backups, which
would terminate any running backup process. | | | | + +#### InstanceReportedState + +InstanceReportedState describes the last reported state of an instance during a reconciliation loop + +*Appears in:* + +- [ClusterStatus](#clusterstatus) + +| Field | Description | Required | Default | Validation | +| ---------------------- | --------------------------------------------- | -------- | ------- | ---------- | +| `isPrimary` *boolean* | indicates if an instance is the primary one | True | | | +| `timeLineID` *integer* | indicates on which TimelineId the instance is | | | | +| `ip` *string* | IP address of the instance | True | | | + +#### IsolationCheckConfiguration + +IsolationCheckConfiguration contains the configuration for the isolation check +functionality in the liveness probe + +*Appears in:* + +- [LivenessProbe](#livenessprobe) + +| Field | Description | Required | Default | Validation | +| ----------------------------- | -------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `enabled` *boolean* | Whether primary isolation checking is enabled for the liveness probe | | true | | +| `requestTimeout` *integer* | Timeout in milliseconds for requests during the primary isolation check | | 1000 | | +| `connectionTimeout` *integer* | Timeout in milliseconds for connections during the primary isolation check | | 1000 | | + +#### LDAPBindAsAuth + +LDAPBindAsAuth provides the required fields to use the +bind authentication for LDAP + +*Appears in:* + +- [LDAPConfig](#ldapconfig) + +| Field | Description | Required | Default | Validation | +| ----------------- | ----------------------------------------- | -------- | ------- | ---------- | +| `prefix` *string* | Prefix for the bind authentication option | | | | +| `suffix` *string* | Suffix for the bind authentication option | | | | + +#### LDAPBindSearchAuth + +LDAPBindSearchAuth provides the required fields to use +the bind+search LDAP authentication process + +*Appears in:* + +- [LDAPConfig](#ldapconfig) + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------- | -------- | ------- | ---------- | +| `baseDN` *string* | Root DN to begin the user search | | | | +| `bindDN` *string* | DN of the user to bind to the directory | | | | +| `bindPassword` *[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#secretkeyselector-v1-core)* | Secret with the password for the user to bind to the directory | | | | +| `searchAttribute` *string* | Attribute to match against the username | | | | +| `searchFilter` *string* | Search filter to use when doing the search+bind authentication | | | | + +#### LDAPConfig + +LDAPConfig contains the parameters needed for LDAP authentication + +*Appears in:* + +- [PostgresConfiguration](#postgresconfiguration) + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------ | --------------------------------------------------------------- | -------- | ------- | ------------------------- | +| `server` *string* | LDAP hostname or IP address | | | | +| `port` *integer* | LDAP server port | | | | +| `scheme` *[LDAPScheme](#ldapscheme)* | LDAP schema to be used, possible options are `ldap` and `ldaps` | | | Enum: [ldap ldaps]
| +| `bindAsAuth` *[LDAPBindAsAuth](#ldapbindasauth)* | Bind as authentication configuration | | | | +| `bindSearchAuth` *[LDAPBindSearchAuth](#ldapbindsearchauth)* | Bind+Search authentication configuration | | | | +| `tls` *boolean* | Set to 'true' to enable LDAP over TLS. 'false' is default | | | | + +#### LDAPScheme + +*Underlying type:* *string* + +LDAPScheme defines the possible schemes for LDAP + +*Appears in:* + +- [LDAPConfig](#ldapconfig) + +| Field | Description | +| ------- | ----------- | +| `ldap` | | +| `ldaps` | | + +#### LivenessProbe + +LivenessProbe is the configuration of the liveness probe + +*Appears in:* + +- [ProbesConfiguration](#probesconfiguration) + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `initialDelaySeconds` *integer* | Number of seconds after the container has started before liveness probes are initiated.
More info: | | | | +| `timeoutSeconds` *integer* | Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1.
More info: | | | | +| `periodSeconds` *integer* | How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1. | | | | +| `successThreshold` *integer* | Minimum consecutive successes for the probe to be considered successful after having failed.
Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. | | | | +| `failureThreshold` *integer* | Minimum consecutive failures for the probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1. | | | | +| `terminationGracePeriodSeconds` *integer* | Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
The grace period is the duration in seconds after the processes running in the pod are sent
a termination signal and the time when the processes are forcibly halted with a kill signal.
Set this value longer than the expected cleanup time for your process.
If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec.
Value must be non-negative integer. The value zero indicates stop immediately via
the kill signal (no opportunity to shut down).
This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. | | | | +| `isolationCheck` *[IsolationCheckConfiguration](#isolationcheckconfiguration)* | Configure the feature that extends the liveness probe for a primary
instance. In addition to the basic checks, this verifies whether the
primary is isolated from the Kubernetes API server and from its
replicas, ensuring that it can be safely shut down if network
partition or API unavailability is detected. Enabled by default. | | | | + +#### ManagedConfiguration + +ManagedConfiguration represents the portions of PostgreSQL that are managed +by the instance manager + +*Appears in:* + +- [ClusterSpec](#clusterspec) + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------- | --------------------------------------- | -------- | ------- | ---------- | +| `roles` *[RoleConfiguration](#roleconfiguration) array* | Database roles managed by the `Cluster` | | | | +| `services` *[ManagedServices](#managedservices)* | Services roles managed by the `Cluster` | | | | + +#### ManagedRoles + +ManagedRoles tracks the status of a cluster's managed roles + +*Appears in:* + +- [ClusterStatus](#clusterstatus) + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `byStatus` *object (keys:[RoleStatus](#rolestatus), values:string array)* | ByStatus gives the list of roles in each state | | | | +| `cannotReconcile` *object (keys:string, values:string array)* | CannotReconcile lists roles that cannot be reconciled in PostgreSQL,
with an explanation of the cause | | | | +| `passwordStatus` *object (keys:string, values:[PasswordState](#passwordstate))* | PasswordStatus gives the last transaction id and password secret version for each managed role | | | | + +#### ManagedService + +ManagedService represents a specific service managed by the cluster. +It includes the type of service and its associated template specification. + +*Appears in:* + +- [ManagedServices](#managedservices) + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------------------------- | +| `selectorType` *[ServiceSelectorType](#serviceselectortype)* | SelectorType specifies the type of selectors that the service will have.
Valid values are "rw", "r", and "ro", representing read-write, read, and read-only services. | True | | Enum: [rw r ro]
| +| `updateStrategy` *[ServiceUpdateStrategy](#serviceupdatestrategy)* | UpdateStrategy describes how the service differences should be reconciled | | patch | Enum: [patch replace]
| +| `serviceTemplate` *[ServiceTemplateSpec](#servicetemplatespec)* | ServiceTemplate is the template specification for the service. | True | | | + +#### ManagedServices + +ManagedServices represents the services managed by the cluster. + +*Appears in:* + +- [ManagedConfiguration](#managedconfiguration) + +| Field | Description | Required | Default | Validation | +| ----------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------------------- | +| `disabledDefaultServices` *[ServiceSelectorType](#serviceselectortype) array* | DisabledDefaultServices is a list of service types that are disabled by default.
Valid values are "r", and "ro", representing read, and read-only services. | | | Enum: [rw r ro]
| +| `additional` *[ManagedService](#managedservice) array* | Additional is a list of additional managed services specified by the user. | | | | + +#### Metadata + +Metadata is a structure similar to the metav1.ObjectMeta, but still +parseable by controller-gen to create a suitable CRD for the user. +The comment of PodTemplateSpec has an explanation of why we are +not using the core data types. + +*Appears in:* + +- [PodTemplateSpec](#podtemplatespec) +- [ServiceAccountTemplate](#serviceaccounttemplate) +- [ServiceTemplateSpec](#servicetemplatespec) + +| Field | Description | Required | Default | Validation | +| --------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `name` *string* | The name of the resource. Only supported for certain types | | | | +| `labels` *object (keys:string, values:string)* | Map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services.
More info: | | | | +| `annotations` *object (keys:string, values:string)* | Annotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects.
More info: | | | | + +#### MonitoringConfiguration + +MonitoringConfiguration is the type containing all the monitoring +configuration for a certain cluster + +*Appears in:* + +- [ClusterSpec](#clusterspec) + +| Field | Description | Required | Default | Validation | +| ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `disableDefaultQueries` *boolean* | Whether the default queries should be injected.
Set it to `true` if you don't want to inject default queries into the cluster.
Default: false. | | false | | +| `customQueriesConfigMap` *[ConfigMapKeySelector](https://pkg.go.dev/github.com/cloudnative-pg/machinery/pkg/api#ConfigMapKeySelector) array* | The list of config maps containing the custom queries | | | | +| `customQueriesSecret` *[SecretKeySelector](https://pkg.go.dev/github.com/cloudnative-pg/machinery/pkg/api#SecretKeySelector) array* | The list of secrets containing the custom queries | | | | +| `enablePodMonitor` *boolean* | Enable or disable the `PodMonitor`
Deprecated: This feature will be removed in an upcoming release. If
you need this functionality, you can create a PodMonitor manually. | | false | | +| `tls` *[ClusterMonitoringTLSConfiguration](#clustermonitoringtlsconfiguration)* | Configure TLS communication for the metrics endpoint.
Changing tls.enabled option will force a rollout of all instances. | | | | +| `podMonitorMetricRelabelings` *[RelabelConfig](https://pkg.go.dev/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1#RelabelConfig) array* | The list of metric relabelings for the `PodMonitor`. Applied to samples before ingestion.
Deprecated: This feature will be removed in an upcoming release. If
you need this functionality, you can create a PodMonitor manually. | | | | +| `podMonitorRelabelings` *[RelabelConfig](https://pkg.go.dev/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1#RelabelConfig) array* | The list of relabelings for the `PodMonitor`. Applied to samples before scraping.
Deprecated: This feature will be removed in an upcoming release. If
you need this functionality, you can create a PodMonitor manually. | | | | +| `metricsQueriesTTL` *[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)* | The interval during which metrics computed from queries are considered current.
Once it is exceeded, a new scrape will trigger a rerun
of the queries.
If not set, defaults to 30 seconds, in line with Prometheus scraping defaults.
Setting this to zero disables the caching mechanism and can cause heavy load on the PostgreSQL server. | | | | + +#### NodeMaintenanceWindow + +NodeMaintenanceWindow contains information that the operator +will use while upgrading the underlying node. + +This option is only useful when the chosen storage prevents the Pods +from being freely moved across nodes. + +*Appears in:* + +- [ClusterSpec](#clusterspec) + +| Field | Description | Required | Default | Validation | +| ---------------------- | --------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `reusePVC` *boolean* | Reuse the existing PVC (wait for the node to come
up again) or not (recreate it elsewhere - when `instances` >1) | | true | | +| `inProgress` *boolean* | Is there a node maintenance activity in progress? | | false | | + +#### OnlineConfiguration + +OnlineConfiguration contains the configuration parameters for the online volume snapshot + +*Appears in:* + +- [BackupSpec](#backupspec) +- [ScheduledBackupSpec](#scheduledbackupspec) +- [VolumeSnapshotConfiguration](#volumesnapshotconfiguration) + +| Field | Description | Required | Default | Validation | +| ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `waitForArchive` *boolean* | If false, the function will return immediately after the backup is completed,
without waiting for WAL to be archived.
This behavior is only useful with backup software that independently monitors WAL archiving.
Otherwise, WAL required to make the backup consistent might be missing and make the backup useless.
By default, or when this parameter is true, pg_backup_stop will wait for WAL to be archived when archiving is
enabled.
On a standby, this means that it will wait only when archive_mode = always.
If write activity on the primary is low, it may be useful to run pg_switch_wal on the primary in order to trigger
an immediate segment switch. | | true | | +| `immediateCheckpoint` *boolean* | Control whether the I/O workload for the backup initial checkpoint will
be limited, according to the `checkpoint_completion_target` setting on
the PostgreSQL server. If set to true, an immediate checkpoint will be
used, meaning PostgreSQL will complete the checkpoint as soon as
possible. `false` by default. | | | | + +#### OptionSpec + +OptionSpec holds the name, value and the ensure field for an option + +*Appears in:* + +- [FDWSpec](#fdwspec) +- [ServerSpec](#serverspec) + +| Field | Description | Required | Default | Validation | +| ---------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ----------------------------- | +| `name` *string* | Name of the option | True | | | +| `value` *string* | Value of the option | True | | | +| `ensure` *[EnsureOption](#ensureoption)* | Specifies whether an option should be present or absent in
the database. If set to `present`, the option will be
created if it does not exist. If set to `absent`, the
option will be removed if it exists. | | present | Enum: [present absent]
| + +#### PasswordState + +PasswordState represents the state of the password of a managed RoleConfiguration + +*Appears in:* + +- [ManagedRoles](#managedroles) + +| Field | Description | Required | Default | Validation | +| -------------------------- | ------------------------------------------------------------------- | -------- | ------- | ---------- | +| `transactionID` *integer* | the last transaction ID to affect the role definition in PostgreSQL | | | | +| `resourceVersion` *string* | the resource version of the password secret | | | | + +#### PgBouncerIntegrationStatus + +PgBouncerIntegrationStatus encapsulates the needed integration for the pgbouncer poolers referencing the cluster + +*Appears in:* + +- [PoolerIntegrations](#poolerintegrations) + +| Field | Description | Required | Default | Validation | +| ------------------------ | ----------- | -------- | ------- | ---------- | +| `secrets` *string array* | | | | | + +#### PgBouncerPoolMode + +*Underlying type:* *string* + +PgBouncerPoolMode is the mode of PgBouncer + +*Validation:* + +- Enum: [session transaction] + +*Appears in:* + +- [PgBouncerSpec](#pgbouncerspec) + +#### PgBouncerSecrets + +PgBouncerSecrets contains the versions of the secrets used +by pgbouncer + +*Appears in:* + +- [PoolerSecrets](#poolersecrets) + +| Field | Description | Required | Default | Validation | +| --------------------------------------------- | ----------------------------- | -------- | ------- | ---------- | +| `authQuery` *[SecretVersion](#secretversion)* | The auth query secret version | | | | + +#### PgBouncerSpec + +PgBouncerSpec defines how to configure PgBouncer + +*Appears in:* + +- [PoolerSpec](#poolerspec) + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------------------------------- | +| `poolMode` *[PgBouncerPoolMode](#pgbouncerpoolmode)* | The pool mode. Default: `session`. | | session | Enum: [session transaction]
| +| `serverTLSSecret` *[LocalObjectReference](https://pkg.go.dev/github.com/cloudnative-pg/machinery/pkg/api#LocalObjectReference)* | ServerTLSSecret, when pointing to a TLS secret, provides pgbouncer's
`server_tls_key_file` and `server_tls_cert_file`, used when
authenticating against PostgreSQL. | | | | +| `serverCASecret` *[LocalObjectReference](https://pkg.go.dev/github.com/cloudnative-pg/machinery/pkg/api#LocalObjectReference)* | ServerCASecret provides PgBouncer’s server_tls_ca_file, the root
CA for validating PostgreSQL certificates | | | | +| `clientCASecret` *[LocalObjectReference](https://pkg.go.dev/github.com/cloudnative-pg/machinery/pkg/api#LocalObjectReference)* | ClientCASecret provides PgBouncer’s client_tls_ca_file, the root
CA for validating client certificates | | | | +| `clientTLSSecret` *[LocalObjectReference](https://pkg.go.dev/github.com/cloudnative-pg/machinery/pkg/api#LocalObjectReference)* | ClientTLSSecret provides PgBouncer’s client_tls_key_file (private key)
and client_tls_cert_file (certificate) used to accept client connections | | | | +| `authQuerySecret` *[LocalObjectReference](https://pkg.go.dev/github.com/cloudnative-pg/machinery/pkg/api#LocalObjectReference)* | The credentials of the user that need to be used for the authentication
query. In case it is specified, also an AuthQuery
(e.g. "SELECT usename, passwd FROM pg_catalog.pg_shadow WHERE usename=$1")
has to be specified and no automatic CNP Cluster integration will be triggered.
Deprecated. | | | | +| `authQuery` *string* | The query that will be used to download the hash of the password
of a certain user. Default: "SELECT usename, passwd FROM public.user_search($1)".
In case it is specified, also an AuthQuerySecret has to be specified and
no automatic CNP Cluster integration will be triggered. | | | | +| `parameters` *object (keys:string, values:string)* | Additional parameters to be passed to PgBouncer - please check
the CNP documentation for a list of options you can configure | | | | +| `pg_hba` *string array* | PostgreSQL Host Based Authentication rules (lines to be appended
to the pg_hba.conf file) | | | | +| `paused` *boolean* | When set to `true`, PgBouncer will disconnect from the PostgreSQL
server, first waiting for all queries to complete, and pause all new
client connections until this value is set to `false` (default). Internally,
the operator calls PgBouncer's `PAUSE` and `RESUME` commands. | | false | | + +#### PluginConfiguration + +PluginConfiguration specifies a plugin that need to be loaded for this +cluster to be reconciled + +*Appears in:* + +- [ClusterSpec](#clusterspec) +- [ExternalCluster](#externalcluster) + +| Field | Description | Required | Default | Validation | +| -------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------- | ------- | ---------- | +| `name` *string* | Name is the plugin name | True | | | +| `enabled` *boolean* | Enabled is true if this plugin will be used | | true | | +| `isWALArchiver` *boolean* | Marks the plugin as the WAL archiver. At most one plugin can be
designated as a WAL archiver. This cannot be enabled if the
`.spec.backup.barmanObjectStore` configuration is present. | | false | | +| `parameters` *object (keys:string, values:string)* | Parameters is the configuration of the plugin | | | | + +#### PluginStatus + +PluginStatus is the status of a loaded plugin + +*Appears in:* + +- [ClusterStatus](#clusterstatus) + +| Field | Description | Required | Default | Validation | +| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | -------- | ------- | ---------- | +| `name` *string* | Name is the name of the plugin | True | | | +| `version` *string* | Version is the version of the plugin loaded by the
latest reconciliation loop | True | | | +| `capabilities` *string array* | Capabilities are the list of capabilities of the
plugin | | | | +| `operatorCapabilities` *string array* | OperatorCapabilities are the list of capabilities of the
plugin regarding the reconciler | | | | +| `walCapabilities` *string array* | WALCapabilities are the list of capabilities of the
plugin regarding the WAL management | | | | +| `backupCapabilities` *string array* | BackupCapabilities are the list of capabilities of the
plugin regarding the Backup management | | | | +| `restoreJobHookCapabilities` *string array* | RestoreJobHookCapabilities are the list of capabilities of the
plugin regarding the RestoreJobHook management | | | | +| `status` *string* | Status contain the status reported by the plugin through the SetStatusInCluster interface | | | | + +#### PodName + +*Underlying type:* *string* + +PodName is the name of a Pod + +*Appears in:* + +- [ClusterStatus](#clusterstatus) +- [Topology](#topology) + +#### PodStatus + +*Underlying type:* *string* + +PodStatus represent the possible status of pods + +*Appears in:* + +- [ClusterStatus](#clusterstatus) + +#### PodTemplateSpec + +PodTemplateSpec is a structure allowing the user to set +a template for Pod generation. + +Unfortunately we can't use the corev1.PodTemplateSpec +type because the generated CRD won't have the field for the +metadata section. + +References: + + + + +*Appears in:* + +- [PoolerSpec](#poolerspec) + +| Field | Description | Required | Default | Validation | +| -------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `metadata` *[Metadata](#metadata)* | Refer to Kubernetes API documentation for fields of `metadata`. | | | | +| `spec` *[PodSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#podspec-v1-core)* | Specification of the desired behavior of the pod.
More info: | | | | + +#### PodTopologyLabels + +*Underlying type:* *object* + +PodTopologyLabels represent the topology of a Pod. map[labelName]labelValue + +*Appears in:* + +- [Topology](#topology) + +#### Pooler + +Pooler is the Schema for the poolers API + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `apiVersion` *string* | `postgresql.k8s.enterprisedb.io/v1` | True | | | +| `kind` *string* | `Pooler` | True | | | +| `metadata` *[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectmeta-v1-meta)* | Refer to Kubernetes API documentation for fields of `metadata`. | True | | | +| `spec` *[PoolerSpec](#poolerspec)* | Specification of the desired behavior of the Pooler.
More info: | True | | | +| `status` *[PoolerStatus](#poolerstatus)* | Most recently observed status of the Pooler. This data may not be up to
date. Populated by the system. Read-only.
More info: | | | | + +#### PoolerIntegrations + +PoolerIntegrations encapsulates the needed integration for the poolers referencing the cluster + +*Appears in:* + +- [ClusterStatus](#clusterstatus) + +| Field | Description | Required | Default | Validation | +| ---------------------------------------------------------------------------------- | ----------- | -------- | ------- | ---------- | +| `pgBouncerIntegration` *[PgBouncerIntegrationStatus](#pgbouncerintegrationstatus)* | | | | | + +#### PoolerMonitoringConfiguration + +PoolerMonitoringConfiguration is the type containing all the monitoring +configuration for a certain Pooler. + +Mirrors the Cluster's MonitoringConfiguration but without the custom queries +part for now. + +*Appears in:* + +- [PoolerSpec](#poolerspec) + +| Field | Description | Required | Default | Validation | +| ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `enablePodMonitor` *boolean* | Enable or disable the `PodMonitor` | | false | | +| `podMonitorMetricRelabelings` *[RelabelConfig](https://pkg.go.dev/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1#RelabelConfig) array* | The list of metric relabelings for the `PodMonitor`. Applied to samples before ingestion. | | | | +| `podMonitorRelabelings` *[RelabelConfig](https://pkg.go.dev/github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1#RelabelConfig) array* | The list of relabelings for the `PodMonitor`. Applied to samples before scraping. | | | | + +#### PoolerSecrets + +PoolerSecrets contains the versions of all the secrets used + +*Appears in:* + +- [PoolerStatus](#poolerstatus) + +| Field | Description | Required | Default | Validation | +| ---------------------------------------------------------- | -------------------------------------------- | -------- | ------- | ---------- | +| `clientTLS` *[SecretVersion](#secretversion)* | The client TLS secret version | | | | +| `serverTLS` *[SecretVersion](#secretversion)* | The server TLS secret version | | | | +| `serverCA` *[SecretVersion](#secretversion)* | The server CA secret version | | | | +| `clientCA` *[SecretVersion](#secretversion)* | The client CA secret version | | | | +| `pgBouncerSecrets` *[PgBouncerSecrets](#pgbouncersecrets)* | The version of the secrets used by PgBouncer | | | | + +#### PoolerSpec + +PoolerSpec defines the desired state of Pooler + +*Appears in:* + +- [Pooler](#pooler) + +| Field | Description | Required | Default | Validation | +| -------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------------------- | +| `cluster` *[LocalObjectReference](https://pkg.go.dev/github.com/cloudnative-pg/machinery/pkg/api#LocalObjectReference)* | This is the cluster reference on which the Pooler will work.
Pooler name should never match with any cluster name within the same namespace. | True | | | +| `type` *[PoolerType](#poolertype)* | Type of service to forward traffic to. Default: `rw`. | | rw | Enum: [rw ro r]
| +| `instances` *integer* | The number of replicas we want. Default: 1. | | 1 | | +| `template` *[PodTemplateSpec](#podtemplatespec)* | The template of the Pod to be created | | | | +| `pgbouncer` *[PgBouncerSpec](#pgbouncerspec)* | The PgBouncer configuration | True | | | +| `deploymentStrategy` *[DeploymentStrategy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#deploymentstrategy-v1-apps)* | The deployment strategy to use for pgbouncer to replace existing pods with new ones | | | | +| `monitoring` *[PoolerMonitoringConfiguration](#poolermonitoringconfiguration)* | The configuration of the monitoring infrastructure of this pooler.
Deprecated: This feature will be removed in an upcoming release. If
you need this functionality, you can create a PodMonitor manually. | | | | +| `serviceTemplate` *[ServiceTemplateSpec](#servicetemplatespec)* | Template for the Service to be created | | | | + +#### PoolerStatus + +PoolerStatus defines the observed state of Pooler + +*Appears in:* + +- [Pooler](#pooler) + +| Field | Description | Required | Default | Validation | +| ------------------------------------------- | ----------------------------------------- | -------- | ------- | ---------- | +| `secrets` *[PoolerSecrets](#poolersecrets)* | The resource version of the config object | | | | +| `instances` *integer* | The number of pods trying to be scheduled | | | | + +#### PoolerType + +*Underlying type:* *string* + +PoolerType is the type of the connection pool, meaning the service +we are targeting. Allowed values are `rw` and `ro`. + +*Validation:* + +- Enum: [rw ro r] + +*Appears in:* + +- [PoolerSpec](#poolerspec) + +#### PostgresConfiguration + +PostgresConfiguration defines the PostgreSQL configuration + +*Appears in:* + +- [ClusterSpec](#clusterspec) + +| Field | Description | Required | Default | Validation | +| --------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `parameters` *object (keys:string, values:string)* | PostgreSQL configuration options (postgresql.conf) | | | | +| `synchronous` *[SynchronousReplicaConfiguration](#synchronousreplicaconfiguration)* | Configuration of the PostgreSQL synchronous replication feature | | | | +| `pg_hba` *string array* | PostgreSQL Host Based Authentication rules (lines to be appended
to the pg_hba.conf file) | | | | +| `pg_ident` *string array* | PostgreSQL User Name Maps rules (lines to be appended
to the pg_ident.conf file) | | | | +| `epas` *[EPASConfiguration](#epasconfiguration)* | EDB Postgres Advanced Server specific configurations | | | | +| `syncReplicaElectionConstraint` *[SyncReplicaElectionConstraints](#syncreplicaelectionconstraints)* | Requirements to be met by sync replicas. This will affect how the "synchronous_standby_names" parameter will be
set up. | | | | +| `shared_preload_libraries` *string array* | Lists of shared preload libraries to add to the default ones | | | | +| `ldap` *[LDAPConfig](#ldapconfig)* | Options to specify LDAP configuration | | | | +| `promotionTimeout` *integer* | Specifies the maximum number of seconds to wait when promoting an instance to primary.
Default value is 40000000, greater than one year in seconds,
big enough to simulate an infinite timeout | | | | +| `enableAlterSystem` *boolean* | If this parameter is true, the user will be able to invoke `ALTER SYSTEM`
on this {{name.ln}} Cluster.
This should only be used for debugging and troubleshooting.
Defaults to false. | | | | +| `extensions` *[ExtensionConfiguration](#extensionconfiguration) array* | The configuration of the extensions to be added | | | | + +#### PrimaryUpdateMethod + +*Underlying type:* *string* + +PrimaryUpdateMethod contains the method to use when upgrading +the primary server of the cluster as part of rolling updates + +*Appears in:* + +- [ClusterSpec](#clusterspec) + +| Field | Description | +| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| `switchover` | PrimaryUpdateMethodSwitchover means that the operator will switchover to another updated
replica when it needs to upgrade the primary instance.
Note: when using this method, the operator will reject updates that change both
the image name and PostgreSQL configuration parameters simultaneously to avoid
configuration mismatches during the switchover process.
| +| `restart` | PrimaryUpdateMethodRestart means that the operator will restart the primary instance in-place
when it needs to upgrade it
| + +#### PrimaryUpdateStrategy + +*Underlying type:* *string* + +PrimaryUpdateStrategy contains the strategy to follow when upgrading +the primary server of the cluster as part of rolling updates + +*Appears in:* + +- [ClusterSpec](#clusterspec) + +| Field | Description | +| -------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `supervised` | PrimaryUpdateStrategySupervised means that the operator need to wait for the
user to manually issue a switchover request before updating the primary
server (`supervised`)
| +| `unsupervised` | PrimaryUpdateStrategyUnsupervised means that the operator will proceed with the
selected PrimaryUpdateMethod to another updated replica and then automatically update
the primary server (`unsupervised`, default)
| + +#### Probe + +Probe describes a health check to be performed against a container to determine whether it is +alive or ready to receive traffic. + +*Appears in:* + +- [LivenessProbe](#livenessprobe) +- [ProbeWithStrategy](#probewithstrategy) + +| Field | Description | Required | Default | Validation | +| ----------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `initialDelaySeconds` *integer* | Number of seconds after the container has started before liveness probes are initiated.
More info: | | | | +| `timeoutSeconds` *integer* | Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1.
More info: | | | | +| `periodSeconds` *integer* | How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1. | | | | +| `successThreshold` *integer* | Minimum consecutive successes for the probe to be considered successful after having failed.
Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. | | | | +| `failureThreshold` *integer* | Minimum consecutive failures for the probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1. | | | | +| `terminationGracePeriodSeconds` *integer* | Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
The grace period is the duration in seconds after the processes running in the pod are sent
a termination signal and the time when the processes are forcibly halted with a kill signal.
Set this value longer than the expected cleanup time for your process.
If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec.
Value must be non-negative integer. The value zero indicates stop immediately via
the kill signal (no opportunity to shut down).
This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. | | | | + +#### ProbeStrategyType + +*Underlying type:* *string* + +ProbeStrategyType is the type of the strategy used to declare a PostgreSQL instance +ready + +*Appears in:* + +- [ProbeWithStrategy](#probewithstrategy) + +| Field | Description | +| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| `pg_isready` | ProbeStrategyPgIsReady means that the pg_isready tool is used to determine
whether PostgreSQL is started up
| +| `streaming` | ProbeStrategyStreaming means that pg_isready is positive and the replica is
connected via streaming replication to the current primary and the lag is, if specified,
within the limit.
| +| `query` | ProbeStrategyQuery means that the server is able to connect to the superuser database
and able to execute a simple query like "-- ping"
| + +#### ProbeWithStrategy + +ProbeWithStrategy is the configuration of the startup probe + +*Appears in:* + +- [ProbesConfiguration](#probesconfiguration) + +| Field | Description | Required | Default | Validation | +| --------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ----------------------------------------- | +| `initialDelaySeconds` *integer* | Number of seconds after the container has started before liveness probes are initiated.
More info: | | | | +| `timeoutSeconds` *integer* | Number of seconds after which the probe times out.
Defaults to 1 second. Minimum value is 1.
More info: | | | | +| `periodSeconds` *integer* | How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1. | | | | +| `successThreshold` *integer* | Minimum consecutive successes for the probe to be considered successful after having failed.
Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. | | | | +| `failureThreshold` *integer* | Minimum consecutive failures for the probe to be considered failed after having succeeded.
Defaults to 3. Minimum value is 1. | | | | +| `terminationGracePeriodSeconds` *integer* | Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
The grace period is the duration in seconds after the processes running in the pod are sent
a termination signal and the time when the processes are forcibly halted with a kill signal.
Set this value longer than the expected cleanup time for your process.
If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
value overrides the value provided by the pod spec.
Value must be non-negative integer. The value zero indicates stop immediately via
the kill signal (no opportunity to shut down).
This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. | | | | +| `type` *[ProbeStrategyType](#probestrategytype)* | The probe strategy | | | Enum: [pg_isready streaming query]
| +| `maximumLag` *[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#quantity-resource-api)* | Lag limit. Used only for `streaming` strategy | | | | + +#### ProbesConfiguration + +ProbesConfiguration represent the configuration for the probes +to be injected in the PostgreSQL Pods + +*Appears in:* + +- [ClusterSpec](#clusterspec) + +| Field | Description | Required | Default | Validation | +| ----------------------------------------------------- | --------------------------------- | -------- | ------- | ---------- | +| `startup` *[ProbeWithStrategy](#probewithstrategy)* | The startup probe configuration | True | | | +| `liveness` *[LivenessProbe](#livenessprobe)* | The liveness probe configuration | True | | | +| `readiness` *[ProbeWithStrategy](#probewithstrategy)* | The readiness probe configuration | True | | | + +#### Publication + +Publication is the Schema for the publications API + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------- | -------- | ------- | ---------- | +| `apiVersion` *string* | `postgresql.k8s.enterprisedb.io/v1` | True | | | +| `kind` *string* | `Publication` | True | | | +| `metadata` *[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectmeta-v1-meta)* | Refer to Kubernetes API documentation for fields of `metadata`. | True | | | +| `spec` *[PublicationSpec](#publicationspec)* | | True | | | +| `status` *[PublicationStatus](#publicationstatus)* | | True | | | + +#### PublicationReclaimPolicy + +*Underlying type:* *string* + +PublicationReclaimPolicy defines a policy for end-of-life maintenance of Publications. + +*Appears in:* + +- [PublicationSpec](#publicationspec) + +| Field | Description | +| -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `delete` | PublicationReclaimDelete means the publication will be deleted from Kubernetes on release
from its claim.
| +| `retain` | PublicationReclaimRetain means the publication will be left in its current phase for manual
reclamation by the administrator. The default policy is Retain.
| + +#### PublicationSpec + +PublicationSpec defines the desired state of Publication + +*Appears in:* + +- [Publication](#publication) + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | -------- | ------- | ---------------------------- | +| `cluster` *[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#localobjectreference-v1-core)* | The name of the PostgreSQL cluster that identifies the "publisher" | True | | | +| `name` *string* | The name of the publication inside PostgreSQL | True | | | +| `dbname` *string* | The name of the database where the publication will be installed in
the "publisher" cluster | True | | | +| `parameters` *object (keys:string, values:string)* | Publication parameters part of the `WITH` clause as expected by
PostgreSQL `CREATE PUBLICATION` command | | | | +| `target` *[PublicationTarget](#publicationtarget)* | Target of the publication as expected by PostgreSQL `CREATE PUBLICATION` command | True | | | +| `publicationReclaimPolicy` *[PublicationReclaimPolicy](#publicationreclaimpolicy)* | The policy for end-of-life maintenance of this publication | | retain | Enum: [delete retain]
| + +#### PublicationStatus + +PublicationStatus defines the observed state of Publication + +*Appears in:* + +- [Publication](#publication) + +| Field | Description | Required | Default | Validation | +| ------------------------------ | ---------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `observedGeneration` *integer* | A sequence number representing the latest
desired state that was synchronized | | | | +| `applied` *boolean* | Applied is true if the publication was reconciled correctly | | | | +| `message` *string* | Message is the reconciliation output message | | | | + +#### PublicationTarget + +PublicationTarget is what this publication should publish + +*Appears in:* + +- [PublicationSpec](#publicationspec) + +| Field | Description | Required | Default | Validation | +| --------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ----------------------- | +| `allTables` *boolean* | Marks the publication as one that replicates changes for all tables
in the database, including tables created in the future.
Corresponding to `FOR ALL TABLES` in PostgreSQL. | | | | +| `objects` *[PublicationTargetObject](#publicationtargetobject) array* | Just the following schema objects | | | MaxItems: 100000
| + +#### PublicationTargetObject + +PublicationTargetObject is an object to publish + +*Appears in:* + +- [PublicationTarget](#publicationtarget) + +| Field | Description | Required | Default | Validation | +| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `tablesInSchema` *string* | Marks the publication as one that replicates changes for all tables
in the specified list of schemas, including tables created in the
future. Corresponding to `FOR TABLES IN SCHEMA` in PostgreSQL. | | | | +| `table` *[PublicationTargetTable](#publicationtargettable)* | Specifies a list of tables to add to the publication. Corresponding
to `FOR TABLE` in PostgreSQL. | | | | + +#### PublicationTargetTable + +PublicationTargetTable is a table to publish + +*Appears in:* + +- [PublicationTargetObject](#publicationtargetobject) + +| Field | Description | Required | Default | Validation | +| ------------------------ | ----------------------------------------------------------------- | -------- | ------- | ---------- | +| `only` *boolean* | Whether to limit to the table only or include all its descendants | | | | +| `name` *string* | The table name | True | | | +| `schema` *string* | The schema name | | | | +| `columns` *string array* | The columns to publish | | | | + +#### RecoveryTarget + +RecoveryTarget allows to configure the moment where the recovery process +will stop. All the target options except TargetTLI are mutually exclusive. + +*Appears in:* + +- [BootstrapRecovery](#bootstraprecovery) + +| Field | Description | Required | Default | Validation | +| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `backupID` *string* | The ID of the backup from which to start the recovery process.
If empty (default) the operator will automatically detect the backup
based on targetTime or targetLSN if specified. Otherwise use the
latest available backup in chronological order. | | | | +| `targetTLI` *string* | The target timeline ("latest" or a positive integer) | | | | +| `targetXID` *string* | The target transaction ID | | | | +| `targetName` *string* | The target name (to be previously created
with `pg_create_restore_point`) | | | | +| `targetLSN` *string* | The target LSN (Log Sequence Number) | | | | +| `targetTime` *string* | The target time as a timestamp in RFC3339 format or PostgreSQL timestamp format.
Timestamps without an explicit timezone are interpreted as UTC. | | | | +| `targetImmediate` *boolean* | End recovery as soon as a consistent state is reached | | | | +| `exclusive` *boolean* | Set the target to be exclusive. If omitted, defaults to false, so that
in Postgres, `recovery_target_inclusive` will be true | | | | + +#### ReplicaClusterConfiguration + +ReplicaClusterConfiguration encapsulates the configuration of a replica +cluster + +*Appears in:* + +- [ClusterSpec](#clusterspec) + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ------------------- | +| `self` *string* | Self defines the name of this cluster. It is used to determine if this is a primary
or a replica cluster, comparing it with `primary` | | | | +| `primary` *string* | Primary defines which Cluster is defined to be the primary in the distributed PostgreSQL cluster, based on the
topology specified in externalClusters | | | | +| `source` *string* | The name of the external cluster which is the replication origin | True | | MinLength: 1
| +| `enabled` *boolean* | If replica mode is enabled, this cluster will be a replica of an
existing cluster. Replica cluster can be created from a recovery
object store or via streaming through pg_basebackup.
Refer to the Replica clusters page of the documentation for more information. | | | | +| `promotionToken` *string* | A demotion token generated by an external cluster used to
check if the promotion requirements are met. | | | | +| `minApplyDelay` *[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#duration-v1-meta)* | When replica mode is enabled, this parameter allows you to replay
transactions only when the system time is at least the configured
time past the commit time. This provides an opportunity to correct
data loss errors. Note that when this parameter is set, a promotion
token cannot be used. | | | | + +#### ReplicationSlotsConfiguration + +ReplicationSlotsConfiguration encapsulates the configuration +of replication slots + +*Appears in:* + +- [ClusterSpec](#clusterspec) + +| Field | Description | Required | Default | Validation | +| --------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | -------- | ------- | ----------------- | +| `highAvailability` *[ReplicationSlotsHAConfiguration](#replicationslotshaconfiguration)* | Replication slots for high availability configuration | | | | +| `updateInterval` *integer* | Standby will update the status of the local replication slots
every `updateInterval` seconds (default 30). | | | Minimum: 1
| +| `synchronizeReplicas` *[SynchronizeReplicasConfiguration](#synchronizereplicasconfiguration)* | Configures the synchronization of the user defined physical replication slots | | | | + +#### ReplicationSlotsHAConfiguration + +ReplicationSlotsHAConfiguration encapsulates the configuration +of the replication slots that are automatically managed by +the operator to control the streaming replication connections +with the standby instances for high availability (HA) purposes. +Replication slots are a PostgreSQL feature that makes sure +that PostgreSQL automatically keeps WAL files in the primary +when a streaming client (in this specific case a replica that +is part of the HA cluster) gets disconnected. + +*Appears in:* + +- [ReplicationSlotsConfiguration](#replicationslotsconfiguration) + +| Field | Description | Required | Default | Validation | +| -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ------------------------------ | +| `enabled` *boolean* | If enabled (default), the operator will automatically manage replication slots
on the primary instance and use them in streaming replication
connections with all the standby instances that are part of the HA
cluster. If disabled, the operator will not take advantage
of replication slots in streaming connections with the replicas.
This feature also controls replication slots in replica cluster,
from the designated primary to its cascading replicas. | | | | +| `slotPrefix` *string* | Prefix for replication slots managed by the operator for HA.
It may only contain lower case letters, numbers, and the underscore character.
This can only be set at creation time. By default set to `_cnp_`. | | | Pattern: `^[0-9a-z_]*$`
| +| `synchronizeLogicalDecoding` *boolean* | When enabled, the operator automatically manages synchronization of logical
decoding (replication) slots across high-availability clusters.
Requires one of the following conditions:
- PostgreSQL version 17 or later
- PostgreSQL version < 17 with pg_failover_slots extension enabled | | | | + +#### RoleConfiguration + +RoleConfiguration is the representation, in Kubernetes, of a PostgreSQL role +with the additional field Ensure specifying whether to ensure the presence or +absence of the role in the database + +The defaults of the CREATE ROLE command are applied +Reference: + +*Appears in:* + +- [ManagedConfiguration](#managedconfiguration) + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ----------------------------- | +| `name` *string* | Name of the role | True | | | +| `comment` *string* | Description of the role | | | | +| `ensure` *[EnsureOption](#ensureoption)* | Ensure the role is `present` or `absent` - defaults to "present" | | present | Enum: [present absent]
| +| `passwordSecret` *[LocalObjectReference](https://pkg.go.dev/github.com/cloudnative-pg/machinery/pkg/api#LocalObjectReference)* | Secret containing the password of the role (if present)
If null, the password will be ignored unless DisablePassword is set | | | | +| `connectionLimit` *integer* | If the role can log in, this specifies how many concurrent
connections the role can make. `-1` (the default) means no limit. | | -1 | | +| `validUntil` *[Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#time-v1-meta)* | Date and time after which the role's password is no longer valid.
When omitted, the password will never expire (default). | | | | +| `inRoles` *string array* | List of one or more existing roles to which this role will be
immediately added as a new member. Default empty. | | | | +| `inherit` *boolean* | Whether a role "inherits" the privileges of roles it is a member of.
Defaults is `true`. | | true | | +| `disablePassword` *boolean* | DisablePassword indicates that a role's password should be set to NULL in Postgres | | | | +| `superuser` *boolean* | Whether the role is a `superuser` who can override all access
restrictions within the database - superuser status is dangerous and
should be used only when really needed. You must yourself be a
superuser to create a new superuser. Defaults is `false`. | | | | +| `createdb` *boolean* | When set to `true`, the role being defined will be allowed to create
new databases. Specifying `false` (default) will deny a role the
ability to create databases. | | | | +| `createrole` *boolean* | Whether the role will be permitted to create, alter, drop, comment
on, change the security label for, and grant or revoke membership in
other roles. Default is `false`. | | | | +| `login` *boolean* | Whether the role is allowed to log in. A role having the `login`
attribute can be thought of as a user. Roles without this attribute
are useful for managing database privileges, but are not users in
the usual sense of the word. Default is `false`. | | | | +| `replication` *boolean* | Whether a role is a replication role. A role must have this
attribute (or be a superuser) in order to be able to connect to the
server in replication mode (physical or logical replication) and in
order to be able to create or drop replication slots. A role having
the `replication` attribute is a very highly privileged role, and
should only be used on roles actually used for replication. Default
is `false`. | | | | +| `bypassrls` *boolean* | Whether a role bypasses every row-level security (RLS) policy.
Default is `false`. | | | | + +#### RoleStatus + +*Underlying type:* *string* + +RoleStatus represents the status of a managed role in the cluster + +*Appears in:* + +- [ManagedRoles](#managedroles) + +| Field | Description | +| ------------------------ | ----------------------------------------------------------------------------------------------------- | +| `reconciled` | RoleStatusReconciled indicates the role in DB matches the Spec
| +| `not-managed` | RoleStatusNotManaged indicates the role is not in the Spec, therefore not managed
| +| `pending-reconciliation` | RoleStatusPendingReconciliation indicates the role in Spec requires updated/creation in DB
| +| `reserved` | RoleStatusReserved indicates this is one of the roles reserved by the operator. E.g. `postgres`
| + +#### SQLRefs + +SQLRefs holds references to ConfigMaps or Secrets +containing SQL files. The references are processed in a specific order: +first, all Secrets are processed, followed by all ConfigMaps. +Within each group, the processing order follows the sequence specified +in their respective arrays. + +*Appears in:* + +- [BootstrapInitDB](#bootstrapinitdb) + +| Field | Description | Required | Default | Validation | +| ----------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | -------- | ------- | ---------- | +| `secretRefs` *[SecretKeySelector](https://pkg.go.dev/github.com/cloudnative-pg/machinery/pkg/api#SecretKeySelector) array* | SecretRefs holds a list of references to Secrets | | | | +| `configMapRefs` *[ConfigMapKeySelector](https://pkg.go.dev/github.com/cloudnative-pg/machinery/pkg/api#ConfigMapKeySelector) array* | ConfigMapRefs holds a list of references to ConfigMaps | | | | + +#### ScheduledBackup + +ScheduledBackup is the Schema for the scheduledbackups API + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `apiVersion` *string* | `postgresql.k8s.enterprisedb.io/v1` | True | | | +| `kind` *string* | `ScheduledBackup` | True | | | +| `metadata` *[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectmeta-v1-meta)* | Refer to Kubernetes API documentation for fields of `metadata`. | True | | | +| `spec` *[ScheduledBackupSpec](#scheduledbackupspec)* | Specification of the desired behavior of the ScheduledBackup.
More info: | True | | | +| `status` *[ScheduledBackupStatus](#scheduledbackupstatus)* | Most recently observed status of the ScheduledBackup. This data may not be up
to date. Populated by the system. Read-only.
More info: | | | | + +#### ScheduledBackupSpec + +ScheduledBackupSpec defines the desired state of ScheduledBackup + +*Appears in:* + +- [ScheduledBackup](#scheduledbackup) + +| Field | Description | Required | Default | Validation | +| ----------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ----------------- | ------------------------------------------------------ | +| `suspend` *boolean* | If this backup is suspended or not | | | | +| `immediate` *boolean* | If the first backup has to be immediately start after creation or not | | | | +| `schedule` *string* | The schedule does not follow the same format used in Kubernetes CronJobs
as it includes an additional seconds specifier,
see | True | | | +| `cluster` *[LocalObjectReference](https://pkg.go.dev/github.com/cloudnative-pg/machinery/pkg/api#LocalObjectReference)* | The cluster to backup | True | | | +| `backupOwnerReference` *string* | Indicates which ownerReference should be put inside the created backup resources.
- none: no owner reference for created backup objects (same behavior as before the field was introduced)
- self: sets the Scheduled backup object as owner of the backup
- cluster: set the cluster as owner of the backup
| | none | Enum: [none self cluster]
| +| `target` *[BackupTarget](#backuptarget)* | The policy to decide which instance should perform this backup. If empty,
it defaults to `cluster.spec.backup.target`.
Available options are empty string, `primary` and `prefer-standby`.
`primary` to have backups run always on primary instances,
`prefer-standby` to have backups run preferably on the most updated
standby, if available. | | | Enum: [primary prefer-standby]
| +| `method` *[BackupMethod](#backupmethod)* | The backup method to be used, possible options are `barmanObjectStore`,
`volumeSnapshot` or `plugin`. Defaults to: `barmanObjectStore`. | | barmanObjectStore | Enum: [barmanObjectStore volumeSnapshot plugin]
| +| `pluginConfiguration` *[BackupPluginConfiguration](#backuppluginconfiguration)* | Configuration parameters passed to the plugin managing this backup | | | | +| `online` *boolean* | Whether the default type of backup with volume snapshots is
online/hot (`true`, default) or offline/cold (`false`)
Overrides the default setting specified in the cluster field '.spec.backup.volumeSnapshot.online' | | | | +| `onlineConfiguration` *[OnlineConfiguration](#onlineconfiguration)* | Configuration parameters to control the online/hot backup with volume snapshots
Overrides the default settings specified in the cluster '.backup.volumeSnapshot.onlineConfiguration' stanza | | | | + +#### ScheduledBackupStatus + +ScheduledBackupStatus defines the observed state of ScheduledBackup + +*Appears in:* + +- [ScheduledBackup](#scheduledbackup) + +| Field | Description | Required | Default | Validation | +| -------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `lastCheckTime` *[Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#time-v1-meta)* | The latest time the schedule | | | | +| `lastScheduleTime` *[Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#time-v1-meta)* | Information when was the last time that backup was successfully scheduled. | | | | +| `nextScheduleTime` *[Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#time-v1-meta)* | Next time we will run a backup | | | | + +#### SchemaSpec + +SchemaSpec configures a schema in a database + +*Appears in:* + +- [DatabaseSpec](#databasespec) + +| Field | Description | Required | Default | Validation | +| ---------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ----------------------------- | +| `name` *string* | Name of the object (extension, schema, FDW, server) | True | | | +| `ensure` *[EnsureOption](#ensureoption)* | Specifies whether an object (e.g schema) should be present or absent
in the database. If set to `present`, the object will be created if
it does not exist. If set to `absent`, the extension/schema will be
removed if it exists. | | present | Enum: [present absent]
| +| `owner` *string* | The role name of the user who owns the schema inside PostgreSQL.
It maps to the `AUTHORIZATION` parameter of `CREATE SCHEMA` and the
`OWNER TO` command of `ALTER SCHEMA`. | True | | | + +#### SecretVersion + +SecretVersion contains a secret name and its ResourceVersion + +*Appears in:* + +- [PgBouncerSecrets](#pgbouncersecrets) +- [PoolerSecrets](#poolersecrets) + +| Field | Description | Required | Default | Validation | +| ------------------ | --------------------------------- | -------- | ------- | ---------- | +| `name` *string* | The name of the secret | | | | +| `version` *string* | The ResourceVersion of the secret | | | | + +#### SecretsResourceVersion + +SecretsResourceVersion is the resource versions of the secrets +managed by the operator + +*Appears in:* + +- [ClusterStatus](#clusterstatus) + +| Field | Description | Required | Default | Validation | +| -------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `superuserSecretVersion` *string* | The resource version of the "postgres" user secret | | | | +| `replicationSecretVersion` *string* | The resource version of the "streaming_replica" user secret | | | | +| `applicationSecretVersion` *string* | The resource version of the "app" user secret | | | | +| `managedRoleSecretVersion` *object (keys:string, values:string)* | The resource versions of the managed roles secrets | | | | +| `caSecretVersion` *string* | Unused. Retained for compatibility with old versions. | | | | +| `clientCaSecretVersion` *string* | The resource version of the PostgreSQL client-side CA secret version | | | | +| `serverCaSecretVersion` *string* | The resource version of the PostgreSQL server-side CA secret version | | | | +| `serverSecretVersion` *string* | The resource version of the PostgreSQL server-side secret version | | | | +| `barmanEndpointCA` *string* | The resource version of the Barman Endpoint CA if provided | | | | +| `externalClusterSecretVersion` *object (keys:string, values:string)* | The resource versions of the external cluster secrets | | | | +| `metrics` *object (keys:string, values:string)* | A map with the versions of all the secrets used to pass metrics.
Map keys are the secret names, map values are the versions | | | | + +#### ServerSpec + +ServerSpec configures a server of a foreign data wrapper + +*Appears in:* + +- [DatabaseSpec](#databasespec) + +| Field | Description | Required | Default | Validation | +| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ----------------------------- | +| `name` *string* | Name of the object (extension, schema, FDW, server) | True | | | +| `ensure` *[EnsureOption](#ensureoption)* | Specifies whether an object (e.g schema) should be present or absent
in the database. If set to `present`, the object will be created if
it does not exist. If set to `absent`, the extension/schema will be
removed if it exists. | | present | Enum: [present absent]
| +| `fdw` *string* | The name of the Foreign Data Wrapper (FDW) | True | | | +| `options` *[OptionSpec](#optionspec) array* | Options specifies the configuration options for the server
(key is the option name, value is the option value). | | | | +| `usage` *[UsageSpec](#usagespec) array* | List of roles for which `USAGE` privileges on the server are granted or revoked. | | | | + +#### ServiceAccountTemplate + +ServiceAccountTemplate contains the template needed to generate the service accounts + +*Appears in:* + +- [ClusterSpec](#clusterspec) + +| Field | Description | Required | Default | Validation | +| ---------------------------------- | --------------------------------------------------------------- | -------- | ------- | ---------- | +| `metadata` *[Metadata](#metadata)* | Refer to Kubernetes API documentation for fields of `metadata`. | True | | | + +#### ServiceSelectorType + +*Underlying type:* *string* + +ServiceSelectorType describes a valid value for generating the service selectors. +It indicates which type of service the selector applies to, such as read-write, read, or read-only + +*Validation:* + +- Enum: [rw r ro] + +*Appears in:* + +- [ManagedService](#managedservice) +- [ManagedServices](#managedservices) + +| Field | Description | +| ----- | ----------------------------------------------------------- | +| `rw` | ServiceSelectorTypeRW selects the read-write service.
| +| `r` | ServiceSelectorTypeR selects the read service.
| +| `ro` | ServiceSelectorTypeRO selects the read-only service.
| + +#### ServiceTemplateSpec + +ServiceTemplateSpec is a structure allowing the user to set +a template for Service generation. + +*Appears in:* + +- [ManagedService](#managedservice) +- [PoolerSpec](#poolerspec) + +| Field | Description | Required | Default | Validation | +| ---------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `metadata` *[Metadata](#metadata)* | Refer to Kubernetes API documentation for fields of `metadata`. | | | | +| `spec` *[ServiceSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#servicespec-v1-core)* | Specification of the desired behavior of the service.
More info: | | | | + +#### ServiceUpdateStrategy + +*Underlying type:* *string* + +ServiceUpdateStrategy describes how the changes to the managed service should be handled + +*Validation:* + +- Enum: [patch replace] + +*Appears in:* + +- [ManagedService](#managedservice) + +#### SnapshotOwnerReference + +*Underlying type:* *string* + +SnapshotOwnerReference defines the reference type for the owner of the snapshot. +This specifies which owner the processed resources should relate to. + +*Appears in:* + +- [VolumeSnapshotConfiguration](#volumesnapshotconfiguration) + +| Field | Description | +| --------- | ------------------------------------------------------------------------------------------------- | +| `none` | SnapshotOwnerReferenceNone indicates that the snapshot does not have any owner reference.
| +| `backup` | SnapshotOwnerReferenceBackup indicates that the snapshot is owned by the backup resource.
| +| `cluster` | SnapshotOwnerReferenceCluster indicates that the snapshot is owned by the cluster resource.
| + +#### SnapshotType + +*Underlying type:* *string* + +SnapshotType is a type of allowed import + +*Appears in:* + +- [Import](#import) + +| Field | Description | +| -------------- | ----------------------------------------------------------------------------------- | +| `monolith` | MonolithSnapshotType indicates to execute the monolith clone typology
| +| `microservice` | MicroserviceSnapshotType indicates to execute the microservice clone typology
| + +#### StorageConfiguration + +StorageConfiguration is the configuration used to create and reconcile PVCs, +usable for WAL volumes, PGDATA volumes, or tablespaces + +*Appears in:* + +- [ClusterSpec](#clusterspec) +- [TablespaceConfiguration](#tablespaceconfiguration) + +| Field | Description | Required | Default | Validation | +| --------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `storageClass` *string* | StorageClass to use for PVCs. Applied after
evaluating the PVC template, if available.
If not specified, the generated PVCs will use the
default storage class | | | | +| `size` *string* | Size of the storage. Required if not already specified in the PVC template.
Changes to this field are automatically reapplied to the created PVCs.
Size cannot be decreased. | | | | +| `resizeInUseVolumes` *boolean* | Resize existent PVCs, defaults to true | | true | | +| `pvcTemplate` *[PersistentVolumeClaimSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#persistentvolumeclaimspec-v1-core)* | Template to be used to generate the Persistent Volume Claim | | | | + +#### Subscription + +Subscription is the Schema for the subscriptions API + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------- | -------- | ------- | ---------- | +| `apiVersion` *string* | `postgresql.k8s.enterprisedb.io/v1` | True | | | +| `kind` *string* | `Subscription` | True | | | +| `metadata` *[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#objectmeta-v1-meta)* | Refer to Kubernetes API documentation for fields of `metadata`. | True | | | +| `spec` *[SubscriptionSpec](#subscriptionspec)* | | True | | | +| `status` *[SubscriptionStatus](#subscriptionstatus)* | | True | | | + +#### SubscriptionReclaimPolicy + +*Underlying type:* *string* + +SubscriptionReclaimPolicy describes a policy for end-of-life maintenance of Subscriptions. + +*Appears in:* + +- [SubscriptionSpec](#subscriptionspec) + +| Field | Description | +| -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| `delete` | SubscriptionReclaimDelete means the subscription will be deleted from Kubernetes on release
from its claim.
| +| `retain` | SubscriptionReclaimRetain means the subscription will be left in its current phase for manual
reclamation by the administrator. The default policy is Retain.
| + +#### SubscriptionSpec + +SubscriptionSpec defines the desired state of Subscription + +*Appears in:* + +- [Subscription](#subscription) + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------------------------- | +| `cluster` *[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#localobjectreference-v1-core)* | The name of the PostgreSQL cluster that identifies the "subscriber" | True | | | +| `name` *string* | The name of the subscription inside PostgreSQL | True | | | +| `dbname` *string* | The name of the database where the publication will be installed in
the "subscriber" cluster | True | | | +| `parameters` *object (keys:string, values:string)* | Subscription parameters included in the `WITH` clause of the PostgreSQL
`CREATE SUBSCRIPTION` command. Most parameters cannot be changed
after the subscription is created and will be ignored if modified
later, except for a limited set documented at:
| | | | +| `publicationName` *string* | The name of the publication inside the PostgreSQL database in the
"publisher" | True | | | +| `publicationDBName` *string* | The name of the database containing the publication on the external
cluster. Defaults to the one in the external cluster definition. | | | | +| `externalClusterName` *string* | The name of the external cluster with the publication ("publisher") | True | | | +| `subscriptionReclaimPolicy` *[SubscriptionReclaimPolicy](#subscriptionreclaimpolicy)* | The policy for end-of-life maintenance of this subscription | | retain | Enum: [delete retain]
| + +#### SubscriptionStatus + +SubscriptionStatus defines the observed state of Subscription + +*Appears in:* + +- [Subscription](#subscription) + +| Field | Description | Required | Default | Validation | +| ------------------------------ | ---------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `observedGeneration` *integer* | A sequence number representing the latest
desired state that was synchronized | | | | +| `applied` *boolean* | Applied is true if the subscription was reconciled correctly | | | | +| `message` *string* | Message is the reconciliation output message | | | | + +#### SwitchReplicaClusterStatus + +SwitchReplicaClusterStatus contains all the statuses regarding the switch of a cluster to a replica cluster + +*Appears in:* + +- [ClusterStatus](#clusterstatus) + +| Field | Description | Required | Default | Validation | +| ---------------------- | -------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `inProgress` *boolean* | InProgress indicates if there is an ongoing procedure of switching a cluster to a replica cluster. | | | | + +#### SyncReplicaElectionConstraints + +SyncReplicaElectionConstraints contains the constraints for sync replicas election. + +For anti-affinity parameters two instances are considered in the same location +if all the labels values match. + +In future synchronous replica election restriction by name will be supported. + +*Appears in:* + +- [PostgresConfiguration](#postgresconfiguration) + +| Field | Description | Required | Default | Validation | +| --------------------------------------- | -------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `nodeLabelsAntiAffinity` *string array* | A list of node labels values to extract and compare to evaluate if the pods reside in the same topology or not | | | | +| `enabled` *boolean* | This flag enables the constraints for sync replicas | True | | | + +#### SynchronizeReplicasConfiguration + +SynchronizeReplicasConfiguration contains the configuration for the synchronization of user defined +physical replication slots + +*Appears in:* + +- [ReplicationSlotsConfiguration](#replicationslotsconfiguration) + +| Field | Description | Required | Default | Validation | +| -------------------------------- | ------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `enabled` *boolean* | When set to true, every replication slot that is on the primary is synchronized on each standby | True | | | +| `excludePatterns` *string array* | List of regular expression patterns to match the names of replication slots to be excluded (by default empty) | | | | + +#### SynchronousReplicaConfiguration + +SynchronousReplicaConfiguration contains the configuration of the +PostgreSQL synchronous replication feature. +Important: at this moment, also `.spec.minSyncReplicas` and `.spec.maxSyncReplicas` +need to be considered. + +*Appears in:* + +- [PostgresConfiguration](#postgresconfiguration) + +| Field | Description | Required | Default | Validation | +| ------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | --------------------------------- | +| `method` *[SynchronousReplicaConfigurationMethod](#synchronousreplicaconfigurationmethod)* | Method to select synchronous replication standbys from the listed
servers, accepting 'any' (quorum-based synchronous replication) or
'first' (priority-based synchronous replication) as values. | True | | Enum: [any first]
| +| `number` *integer* | Specifies the number of synchronous standby servers that
transactions must wait for responses from. | True | | | +| `maxStandbyNamesFromCluster` *integer* | Specifies the maximum number of local cluster pods that can be
automatically included in the `synchronous_standby_names` option in
PostgreSQL. | | | | +| `standbyNamesPre` *string array* | A user-defined list of application names to be added to
`synchronous_standby_names` before local cluster pods (the order is
only useful for priority-based synchronous replication). | | | | +| `standbyNamesPost` *string array* | A user-defined list of application names to be added to
`synchronous_standby_names` after local cluster pods (the order is
only useful for priority-based synchronous replication). | | | | +| `dataDurability` *[DataDurabilityLevel](#datadurabilitylevel)* | If set to "required", data durability is strictly enforced. Write operations
with synchronous commit settings (`on`, `remote_write`, or `remote_apply`) will
block if there are insufficient healthy replicas, ensuring data persistence.
If set to "preferred", data durability is maintained when healthy replicas
are available, but the required number of instances will adjust dynamically
if replicas become unavailable. This setting relaxes strict durability enforcement
to allow for operational continuity. This setting is only applicable if both
`standbyNamesPre` and `standbyNamesPost` are unset (empty). | | | Enum: [required preferred]
| +| `failoverQuorum` *boolean* | FailoverQuorum enables a quorum-based check before failover, improving
data durability and safety during failover events in {{name.ln}}-managed
PostgreSQL clusters. | | | | + +#### SynchronousReplicaConfigurationMethod + +*Underlying type:* *string* + +SynchronousReplicaConfigurationMethod configures whether to use +quorum based replication or a priority list + +*Appears in:* + +- [SynchronousReplicaConfiguration](#synchronousreplicaconfiguration) + +#### TDEConfiguration + +TDEConfiguration contains the Transparent Data Encryption configuration + +*Appears in:* + +- [EPASConfiguration](#epasconfiguration) + +| Field | Description | Required | Default | Validation | +| ----------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `enabled` *boolean* | True if we want to have TDE enabled | | | | +| `secretKeyRef` *[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#secretkeyselector-v1-core)* | Reference to the secret that contains the encryption key | | | | +| `wrapCommand` *[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#secretkeyselector-v1-core)* | WrapCommand is the encrypt command provided by the user | | | | +| `unwrapCommand` *[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#secretkeyselector-v1-core)* | UnwrapCommand is the decryption command provided by the user | | | | +| `passphraseCommand` *[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#secretkeyselector-v1-core)* | PassphraseCommand is the command executed to get the passphrase that will be
passed to the OpenSSL command to encrypt and decrypt | | | | + +#### TablespaceConfiguration + +TablespaceConfiguration is the configuration of a tablespace, and includes +the storage specification for the tablespace + +*Appears in:* + +- [ClusterSpec](#clusterspec) + +| Field | Description | Required | Default | Validation | +| --------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `name` *string* | The name of the tablespace | True | | | +| `storage` *[StorageConfiguration](#storageconfiguration)* | The storage configuration for the tablespace | True | | | +| `owner` *[DatabaseRoleRef](#databaseroleref)* | Owner is the PostgreSQL user owning the tablespace | | | | +| `temporary` *boolean* | When set to true, the tablespace will be added as a `temp_tablespaces`
entry in PostgreSQL, and will be available to automatically house temp
database objects, or other temporary files. Please refer to PostgreSQL
documentation for more information on the `temp_tablespaces` GUC. | | false | | + +#### TablespaceState + +TablespaceState represents the state of a tablespace in a cluster + +*Appears in:* + +- [ClusterStatus](#clusterstatus) + +| Field | Description | Required | Default | Validation | +| ----------------------------------------------- | -------------------------------------------------- | -------- | ------- | ---------- | +| `name` *string* | Name is the name of the tablespace | True | | | +| `owner` *string* | Owner is the PostgreSQL user owning the tablespace | | | | +| `state` *[TablespaceStatus](#tablespacestatus)* | State is the latest reconciliation state | True | | | +| `error` *string* | Error is the reconciliation error, if any | | | | + +#### TablespaceStatus + +*Underlying type:* *string* + +TablespaceStatus represents the status of a tablespace in the cluster + +*Appears in:* + +- [TablespaceState](#tablespacestate) + +| Field | Description | +| ------------ | -------------------------------------------------------------------------------------------------------- | +| `reconciled` | TablespaceStatusReconciled indicates the tablespace in DB matches the Spec
| +| `pending` | TablespaceStatusPendingReconciliation indicates the tablespace in Spec requires creation in the DB
| + +#### Topology + +Topology contains the cluster topology + +*Appears in:* + +- [ClusterStatus](#clusterstatus) + +| Field | Description | Required | Default | Validation | +| ----------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | ---------- | +| `instances` *object (keys:[PodName](#podname), values:[PodTopologyLabels](#podtopologylabels))* | Instances contains the pod topology of the instances | | | | +| `nodesUsed` *integer* | NodesUsed represents the count of distinct nodes accommodating the instances.
A value of '1' suggests that all instances are hosted on a single node,
implying the absence of High Availability (HA). Ideally, this value should
be the same as the number of instances in the Postgres HA cluster, implying
shared nothing architecture on the compute side. | | | | +| `successfullyExtracted` *boolean* | SuccessfullyExtracted indicates if the topology data was extract. It is useful to enact fallback behaviors
in synchronous replica election in case of failures | | | | + +#### UsageSpec + +UsageSpec configures a usage for a foreign data wrapper + +*Appears in:* + +- [FDWSpec](#fdwspec) +- [ServerSpec](#serverspec) + +| Field | Description | Required | Default | Validation | +| ---------------------------------------- | ----------------- | -------- | ------- | --------------------------- | +| `name` *string* | Name of the usage | True | | | +| `type` *[UsageSpecType](#usagespectype)* | The type of usage | | grant | Enum: [grant revoke]
| + +#### UsageSpecType + +*Underlying type:* *string* + +UsageSpecType describes the type of usage specified in the `usage` field of the +`Database` object. + +*Appears in:* + +- [UsageSpec](#usagespec) + +| Field | Description | +| -------- | -------------------------------------------------------------------------------------------------------- | +| `grant` | GrantUsageSpecType indicates a grant usage permission.
The default usage permission is grant.
| +| `revoke` | RevokeUsageSpecType indicates a revoke usage permission.
| + +#### VolumeSnapshotConfiguration + +VolumeSnapshotConfiguration represents the configuration for the execution of snapshot backups. + +*Appears in:* + +- [BackupConfiguration](#backupconfiguration) + +| Field | Description | Required | Default | Validation | +| ---------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------------------------------------------------- | ---------------------------------- | +| `labels` *object (keys:string, values:string)* | Labels are key-value pairs that will be added to .metadata.labels snapshot resources. | | | | +| `annotations` *object (keys:string, values:string)* | Annotations key-value pairs that will be added to .metadata.annotations snapshot resources. | | | | +| `className` *string* | ClassName specifies the Snapshot Class to be used for PG_DATA PersistentVolumeClaim.
It is the default class for the other types if no specific class is present | | | | +| `walClassName` *string* | WalClassName specifies the Snapshot Class to be used for the PG_WAL PersistentVolumeClaim. | | | | +| `tablespaceClassName` *object (keys:string, values:string)* | TablespaceClassName specifies the Snapshot Class to be used for the tablespaces.
defaults to the PGDATA Snapshot Class, if set | | | | +| `snapshotOwnerReference` *[SnapshotOwnerReference](#snapshotownerreference)* | SnapshotOwnerReference indicates the type of owner reference the snapshot should have | | none | Enum: [none cluster backup]
| +| `online` *boolean* | Whether the default type of backup with volume snapshots is
online/hot (`true`, default) or offline/cold (`false`) | | true | | +| `onlineConfiguration` *[OnlineConfiguration](#onlineconfiguration)* | Configuration parameters to control the online/hot backup with volume snapshots | | { immediateCheckpoint:false waitForArchive:true } | | diff --git a/product_docs/docs/postgres_for_kubernetes/1/postgres_upgrades.mdx b/product_docs/docs/postgres_for_kubernetes/1/postgres_upgrades.mdx index 27f98140c2..9378ce4cee 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/postgres_upgrades.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/postgres_upgrades.mdx @@ -133,9 +133,10 @@ If the upgrade is successful, {{name.ln}}: !!!warning Re-cloning replicas can be time-consuming, especially for very large databases. Plan accordingly to accommodate potential delays. After completing -the upgrade, it is strongly recommended to take a full backup. Existing backup -data (namely base backups and WAL files) is only available for the previous -minor PostgreSQL release. +the upgrade, take a new base backup as soon as possible. Pre-upgrade backups +and WAL files cannot be used for point-in-time recovery (PITR) across major +version boundaries. See [Backup and WAL Archive Considerations](#backup-and-wal-archive-considerations) +for more details. !!! !!!warning @@ -154,6 +155,71 @@ usually possible, without having to perform a full recovery from a backup. Ensure you monitor the process closely and take corrective action if needed. !!! +### Backup and WAL Archive Considerations + +When performing a major upgrade, `pg_upgrade` creates a new database system +with a new *System ID* and resets the PostgreSQL timeline to 1. This has +implications for backup and WAL archiving: + +- **Timeline file conflicts**: New timeline 1 files may overwrite timeline 1 + files from the original cluster. +- **Mixed version archives**: Without intervention, the archive will contain + WAL files and backups from both PostgreSQL versions. + +!!!warning +Point-in-time recovery (PITR) is not supported across major PostgreSQL version +boundaries. You cannot use pre-upgrade backups to recover to a point in time +after the upgrade. Take a new base backup as soon as possible after upgrading +to establish a recovery baseline for the new major version. +!!! + +How backup systems handle major upgrades depends on the plugin implementation. +Some plugins may automatically manage archive separation during upgrades, while +others require manual configuration to use different archive paths for each +major version. Consult your backup plugin documentation for its specific +behavior during major upgrades. + +#### Example: Manual archive path separation with the Barman Cloud plugin + +The Barman Cloud plugin does not automatically separate archives during major +upgrades. To preserve pre-upgrade backups and keep archives clean, change the +`serverName` parameter when you trigger the upgrade. + +Before upgrade (PostgreSQL 16): + +```yaml +spec: + imageName: docker.enterprisedb.com/k8s_enterprise/postgresql:16-minimal-ubi9 + plugins: + - name: plugin-barman-cloud + enabled: true + parameters: + destinationPath: s3://my-bucket/ + serverName: cluster-example-pg16 +``` + +To trigger the upgrade, change both `imageName` and `serverName` together: + +```yaml +spec: + imageName: docker.enterprisedb.com/k8s_enterprise/postgresql:17-minimal-ubi9 + plugins: + - name: plugin-barman-cloud + enabled: true + parameters: + destinationPath: s3://my-bucket/ + serverName: cluster-example-pg17 +``` + +With this configuration, the old archive at `cluster-example-pg16` remains +intact for pre-upgrade recovery, while the upgraded cluster writes to +`cluster-example-pg17`. + +!!!info +The deprecated in-tree `barmanObjectStore` implementation also requires manual +`serverName` changes to separate archives during major upgrades. +!!! + ### Example: Performing a Major Upgrade Consider the following PostgreSQL cluster running version 16: diff --git a/product_docs/docs/postgres_for_kubernetes/1/preview_version.mdx b/product_docs/docs/postgres_for_kubernetes/1/preview_version.mdx index 85e75c8566..6d2305f6fa 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/preview_version.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/preview_version.mdx @@ -11,8 +11,8 @@ These versions are feature-frozen, meaning no new features are added, and are intended for public testing prior to the final release. !!!warning Important -    {{name.ln}} release candidates are **not intended for use in production** systems. - They should only be deployed in staging or dedicated testing environments. +{{name.ln}} release candidates are **not intended for use in production** systems. +They should only be deployed in staging or dedicated testing environments. !!! ## Purpose of Release Candidates diff --git a/product_docs/docs/postgres_for_kubernetes/1/recovery.mdx b/product_docs/docs/postgres_for_kubernetes/1/recovery.mdx index e434dd421c..c1f69c241e 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/recovery.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/recovery.mdx @@ -30,7 +30,7 @@ a consistent and optionally point-in-time state. {{name.ln}} supports recovery via: -- A **pluggable backup and recovery interface (CNP-I)**, enabling integration +- A **pluggable backup and recovery interface (CNPG-I)**, enabling integration with external tools such as the [Barman Cloud Plugin](https://cloudnative-pg.io/plugin-barman-cloud/). - **Native recovery from volume snapshots**, where supported by the underlying Kubernetes storage infrastructure. @@ -365,7 +365,7 @@ spec: kind: VolumeSnapshot apiGroup: snapshot.storage.k8s.io recoveryTarget: - targetTime: "2023-07-06T08:00:39" + targetTime: "2023-07-06T08:00:39Z" externalClusters: - name: origin plugin: @@ -403,9 +403,21 @@ Here are the recovery target criteria you can use: targetTime : Time stamp up to which recovery proceeds, expressed in - [RFC 3339](https://datatracker.ietf.org/doc/html/rfc3339) format. + [RFC 3339](https://datatracker.ietf.org/doc/html/rfc3339) format, or as a + [timestamp](https://www.postgresql.org/docs/current/runtime-config-wal.html#GUC-RECOVERY-TARGET-TIME). (The precise stopping point is also influenced by the `exclusive` option.) +!!!note +Timestamps without an explicit timezone suffix +(e.g., `2023-07-06 08:00:39`) are interpreted as UTC. +!!! + +!!!warning +Always specify an explicit timezone in your timestamp to avoid ambiguity. +For example, use `2023-07-06T08:00:39Z` or `2023-07-06T08:00:39+02:00` +instead of `2023-07-06 08:00:39`. +!!! + !!!warning PostgreSQL recovery will stop when it encounters the first transaction that occurs after the specified time. If no such transaction exists after the diff --git a/product_docs/docs/postgres_for_kubernetes/1/replica_cluster.mdx b/product_docs/docs/postgres_for_kubernetes/1/replica_cluster.mdx index 455f06a068..a3120c143a 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/replica_cluster.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/replica_cluster.mdx @@ -92,7 +92,7 @@ recovery. There are three main options: seamless data transfer. 2. **WAL Archive**: Use the WAL (Write-Ahead Logging) archive stored in an object store. WAL files are regularly transferred from the source cluster to - the object store, from where a CNP-I plugin like [Barman Cloud](https://cloudnative-pg.io/plugin-barman-cloud/) + the object store, from where a CNPG-I plugin like [Barman Cloud](https://cloudnative-pg.io/plugin-barman-cloud/) retrieves them for the replica cluster via the `restore_command`. 3. **Hybrid Approach**: Combine both streaming replication and WAL archive methods. PostgreSQL can manage and switch between these two approaches as diff --git a/product_docs/docs/postgres_for_kubernetes/1/samples/k9s/plugins.yml b/product_docs/docs/postgres_for_kubernetes/1/samples/k9s/plugins.yml index c5f5222d51..13062a3ed5 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/samples/k9s/plugins.yml +++ b/product_docs/docs/postgres_for_kubernetes/1/samples/k9s/plugins.yml @@ -1,5 +1,5 @@ # Move/add to $XDG_CONFIG_HOME/k9s/plugins.yaml -# Requires the cnp kubectl plugin. See https://cloudnative-pg.io/documentation/current/kubectl-plugin/ +# Requires the cnp kubectl plugin. See https://cloudnative-pg.io/docs/devel/kubectl-plugin/ # # Cluster actions: # b Request a new physical backup @@ -131,4 +131,4 @@ plugins: background: false args: - -c - - "kubectl cnp status $NAME -n $NAMESPACE --context \"$CONTEXT\" --verbose 2>&1 | less -R" \ No newline at end of file + - "kubectl cnp status $NAME -n $NAMESPACE --context \"$CONTEXT\" --verbose 2>&1 | less -R" From e55b271e696896691f2535b0e6ec2d122f70da62 Mon Sep 17 00:00:00 2001 From: Josh Heyer Date: Thu, 12 Feb 2026 19:34:44 +0000 Subject: [PATCH 2/6] patchup a few import artifacts --- .../postgres_for_kubernetes/1/appendixes/_category_.json | 7 ------- .../1/cncf-projects/_category_.json | 7 ------- product_docs/docs/postgres_for_kubernetes/1/openshift.mdx | 2 +- product_docs/docs/postgres_for_kubernetes/1/security.mdx | 1 - 4 files changed, 1 insertion(+), 16 deletions(-) delete mode 100644 product_docs/docs/postgres_for_kubernetes/1/appendixes/_category_.json delete mode 100644 product_docs/docs/postgres_for_kubernetes/1/cncf-projects/_category_.json diff --git a/product_docs/docs/postgres_for_kubernetes/1/appendixes/_category_.json b/product_docs/docs/postgres_for_kubernetes/1/appendixes/_category_.json deleted file mode 100644 index 406ff35478..0000000000 --- a/product_docs/docs/postgres_for_kubernetes/1/appendixes/_category_.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "label": "Appendixes", - "position": 600, - "link": { - "type": "generated-index" - } -} diff --git a/product_docs/docs/postgres_for_kubernetes/1/cncf-projects/_category_.json b/product_docs/docs/postgres_for_kubernetes/1/cncf-projects/_category_.json deleted file mode 100644 index 0bb5a46834..0000000000 --- a/product_docs/docs/postgres_for_kubernetes/1/cncf-projects/_category_.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "label": "CNCF Projects Integrations", - "position": 590, - "link": { - "type": "generated-index" - } -} diff --git a/product_docs/docs/postgres_for_kubernetes/1/openshift.mdx b/product_docs/docs/postgres_for_kubernetes/1/openshift.mdx index b822e9ad0e..189f4eec88 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/openshift.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/openshift.mdx @@ -311,7 +311,7 @@ with different upgrade policies as long as the API is the same (see ["Limitations for multi-tenant management"](#limitations-for-multi-tenant-management)). !!! -\!!! Note +!!! Note If you are running with OpenShift 4.20 or later, OperatorHub has been integrated into the Software Catalog. In the web console, navigate to `Operators -> Software Catalog` and select a Project to view the software catalog. diff --git a/product_docs/docs/postgres_for_kubernetes/1/security.mdx b/product_docs/docs/postgres_for_kubernetes/1/security.mdx index 1f97949e44..e119fb01d4 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/security.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/security.mdx @@ -239,7 +239,6 @@ some resources is correctly updated and to access the config maps and secrets that are associated with that Postgres cluster. Such calls are performed through a dedicated `ServiceAccount` created by the operator that shares the same PostgreSQL `Cluster` resource name. -\!!! !!! Important The operand can only access a specific and limited subset of resources From 2b4009420425a92f26e63e8d1a632f7cac23e8b1 Mon Sep 17 00:00:00 2001 From: Josh Heyer Date: Thu, 12 Feb 2026 20:39:29 +0000 Subject: [PATCH 3/6] add release notes --- .../1/rel_notes/src/1.25.6_rel_notes.yml | 176 ++++++++++++++ .../1/rel_notes/src/1.27.3_rel_notes.yml | 210 ++++++++++++++++ .../1/rel_notes/src/1.28.1_rel_notes.yml | 225 ++++++++++++++++++ 3 files changed, 611 insertions(+) create mode 100644 product_docs/docs/postgres_for_kubernetes/1/rel_notes/src/1.25.6_rel_notes.yml create mode 100644 product_docs/docs/postgres_for_kubernetes/1/rel_notes/src/1.27.3_rel_notes.yml create mode 100644 product_docs/docs/postgres_for_kubernetes/1/rel_notes/src/1.28.1_rel_notes.yml diff --git a/product_docs/docs/postgres_for_kubernetes/1/rel_notes/src/1.25.6_rel_notes.yml b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/src/1.25.6_rel_notes.yml new file mode 100644 index 0000000000..71e8f16da6 --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/src/1.25.6_rel_notes.yml @@ -0,0 +1,176 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/EnterpriseDB/docs/refs/heads/develop/tools/automation/generators/relgen/relnote-schema.json +product: EDB CloudNativePG Cluster +version: 1.25.6 +date: 10 February 2025 +intro: | + This release of EDB CloudNativePG Cluster is built on the final community release of the 1.25.x series of CloudNativePG. + EDB will continue providing LTS releases in the 1.25.x series according to our [Long-Term Support + policy](/postgres_for_kubernetes/1/#long-term-support). + + This release of EDB CloudNativePG Cluster includes the following: +components: + "Operator": 1.25.6 + "CNP plugin": 1.25.6 + upstream-merge: None +relnotes: +- relnote: | + Added support for Azure's `DefaultAzureCredential` authentication mechanism + for backup and recovery operations. + details: | + This can be enabled by setting + `azureCredentials.useDefaultAzureCredentials: true` in the backup + configuration, simplifying authentication in Azure environments without + requiring explicit storage account keys or SAS tokens. + jira: + addresses: #9468 + type: Enhancement + impact: High +- relnote: | + Fixed a bug where replicas could enter a crash-loop by attempting to download + timeline history files from future timelines. + details: | + This occurred when stale files + remained in the WAL archive from a previous cluster life, and replicas would + incorrectly try to fetch them during recovery. + jira: + addresses: #9650 + type: Bug Fix + impact: High +- relnote: | + Fixed a race condition in `replica_cluster` setups during designated primary + transitions, preventing transient "no primary" states in the replica cluster. + jira: + addresses: #9601 + type: Bug Fix + impact: High + +- relnote: | + Fixed a validation gap in Azure object store configurations where the + `storageAccount` was not required when using explicit credentials (such as a + storage key or SAS token). + details: | + The operator now enforces that a storage account + name is provided in these cases and that `connectionString` is mutually + exclusive with other authentication parameters. + jira: + addresses: #9604 + type: Bug Fix + impact: High + +- relnote: | + Optimized the deletion path so the operator begins cleaning up resources + immediately when a cluster is marked for deletion. + details: | + This significantly reduces the time a cluster remains in `Terminating` status + while waiting for internal reconciliation loops. + jira: + addresses: #9555 + type: Bug Fix + impact: High + +- relnote: | + Fixed an issue where replication slots were not properly dropped from + replicas when the feature was disabled or the cluster was reconfigured. + details: | + This ensures that unused slots do not cause WAL build-up on the primary. + jira: + addresses: #9381 + type: Bug Fix + impact: High + +- relnote: | + Fixed an issue where `imagePullSecrets` were not added to the `ServiceAccount` + created for the `Pooler`. + details: | + Previously, these secrets were applied to the + Deployment but not the SA, which caused image pull failures in restricted + environments using certain security policies. + jira: + addresses: #9427 + type: Bug Fix + impact: High + +- relnote: | + Added a check to verify ownership before the operator deletes a `PodMonitor`. + details: | + This prevents the operator from accidentally deleting manually managed + monitoring resources that happen to share a name with expected CNP + resources. Contributed by @juliamertz. + jira: + addresses: #9340 + type: Bug Fix + impact: High + +- relnote: | + Fixed a bug where `pg_stat_archiver` metrics would continue to report stale + data on standby instances after a switchover. + details: | + The exporter now skips these metrics on standbys, as PostgreSQL only provides + valid archiver stats on the primary. + jira: + addresses: #9411 + type: Bug Fix + impact: High + +- relnote: | + Clarified the interpretation of timestamp formats for recovery `targetTime`. + details: | + Timestamps provided without an explicit timezone are now consistently + interpreted as UTC. Contributed by @pchovelon. + jira: + addresses: #8937 + type: Bug Fix + impact: High + +- relnote: | + Fixed backup status updates to prevent "resource has been modified" errors + during concurrent updates. + jira: + addresses: #9551 + type: Bug Fix + impact: High + +- relnote: | + Fixed event reporting to use the correct pod name when a backup pod is not + found. + jira: + addresses: #9552 + type: Bug Fix + impact: High + +- relnote: | + Improved performance of scheduled backup operations for clusters with a very + high number of historical backups. + jira: + addresses: #9489 + type: Bug Fix + impact: High + +- relnote: | + Fixed error handling when removing finalizers on `Database` objects. + jira: + addresses: #9431 + type: Bug Fix + impact: High + +- relnote: | + Updated the `status` command to display "Disabled" when the + `skipWalArchiving` annotation is present on a cluster. + details: | + This replaces + confusing "starting up" or "unknown" states when WAL archiving is + intentionally bypassed. + jira: + addresses: #9709 + component: CNP plugin + type: Bug Fix + impact: High + +- relnote: | + Fixed the `logs --follow` command to continue polling for new pods instead + of exiting prematurely when all current log streams complete. + jira: + addresses: #9599 + component: CNP plugin + type: Bug Fix + impact: High diff --git a/product_docs/docs/postgres_for_kubernetes/1/rel_notes/src/1.27.3_rel_notes.yml b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/src/1.27.3_rel_notes.yml new file mode 100644 index 0000000000..c54a1d935e --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/src/1.27.3_rel_notes.yml @@ -0,0 +1,210 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/EnterpriseDB/docs/refs/heads/develop/tools/automation/generators/relgen/relnote-schema.json +product: EDB CloudNativePG Cluster +version: 1.27.3 +date: 10 February 2025 +intro: | + This release of EDB CloudNativePG Cluster includes the following: +components: + "Operator": 1.27.3 + "CNP plugin": 1.27.3 + upstream-merge: Upstream [1.27.3](https://cloudnative-pg.io/docs/1.27/release_notes/v1.27/) +relnotes: +- relnote: | + Added support for Azure's `DefaultAzureCredential` authentication mechanism + for backup and recovery operations. + details: | + This can be enabled by setting + `azureCredentials.useDefaultAzureCredentials: true` in the backup + configuration, simplifying authentication in Azure environments without + requiring explicit storage account keys or SAS tokens. + jira: + addresses: #9468 + type: Enhancement + impact: High +- relnote: | + Fixed validation of PostgreSQL extension names containing underscores (e.g., + `pg_partman`, `pg_ivm`). + details: | + Extension names with underscores are + automatically sanitized to use hyphens for Kubernetes volume names while + preserving the original name in mount paths. Webhook validation prevents + naming conflicts after sanitization. Contributed by @shusaan. + jira: + addresses: #9386 + type: Bug Fix + impact: High + +- relnote: | + Fixed a critical issue where the `TimelineID` in the cluster status was not + reset to 1 after a major version upgrade. + details: | + Because `pg_upgrade` initializes a + new timeline, keeping the old ID (e.g., timeline 2) caused replicas to attempt + to restore incompatible history files from object storage, leading to fatal + "requested timeline is not a child of this server's history" errors. + jira: + addresses: #9830 + type: Bug Fix + impact: High + +- relnote: | + Fixed a bug where replicas could enter a crash-loop by attempting to download + timeline history files from future timelines. + details: | + This occurred when stale files + remained in the WAL archive from a previous cluster life, and replicas would + incorrectly try to fetch them during recovery. + jira: + addresses: #9650 + type: Bug Fix + impact: High +- relnote: | + Fixed a race condition in `replica_cluster` setups during designated primary + transitions, preventing transient "no primary" states in the replica cluster. + jira: + addresses: #9601 + type: Bug Fix + impact: High + +- relnote: | + The backup controller now uses the unique instance session ID to detect + instance manager restarts. + details: | + This prevents the operator from incorrectly + assuming a backup is still progressing if the underlying container has crashed + and restarted, which previously led to orphaned backup objects. + jira: + addresses: #9370 + type: Bug Fix + impact: High + +- relnote: | + Fixed a validation gap in Azure object store configurations where the + `storageAccount` was not required when using explicit credentials (such as a + storage key or SAS token). + details: | + The operator now enforces that a storage account + name is provided in these cases and that `connectionString` is mutually + exclusive with other authentication parameters. + jira: + addresses: #9604 + type: Bug Fix + impact: High + +- relnote: | + Optimized the deletion path so the operator begins cleaning up resources + immediately when a cluster is marked for deletion. + details: | + This significantly reduces the time a cluster remains in `Terminating` status + while waiting for internal reconciliation loops. + jira: + addresses: #9555 + type: Bug Fix + impact: High + +- relnote: | + Fixed an issue where replication slots were not properly dropped from + replicas when the feature was disabled or the cluster was reconfigured. + details: | + This ensures that unused slots do not cause WAL build-up on the primary. + jira: + addresses: #9381 + type: Bug Fix + impact: High + +- relnote: | + Fixed an issue where `imagePullSecrets` were not added to the `ServiceAccount` + created for the `Pooler`. + details: | + Previously, these secrets were applied to the + Deployment but not the SA, which caused image pull failures in restricted + environments using certain security policies. + jira: + addresses: #9427 + type: Bug Fix + impact: High + +- relnote: | + Added a check to verify ownership before the operator deletes a `PodMonitor`. + details: | + This prevents the operator from accidentally deleting manually managed + monitoring resources that happen to share a name with expected CNP + resources. Contributed by @juliamertz. + jira: + addresses: #9340 + type: Bug Fix + impact: High + +- relnote: | + Fixed a bug where `pg_stat_archiver` metrics would continue to report stale + data on standby instances after a switchover. + details: | + The exporter now skips these metrics on standbys, as PostgreSQL only provides + valid archiver stats on the primary. + jira: + addresses: #9411 + type: Bug Fix + impact: High + +- relnote: | + Clarified the interpretation of timestamp formats for recovery `targetTime`. + details: | + Timestamps provided without an explicit timezone are now consistently + interpreted as UTC. Contributed by @pchovelon. + jira: + addresses: #8937 + type: Bug Fix + impact: High + +- relnote: | + Fixed backup status updates to prevent "resource has been modified" errors + during concurrent updates. + jira: + addresses: #9551 + type: Bug Fix + impact: High + +- relnote: | + Fixed event reporting to use the correct pod name when a backup pod is not + found. + jira: + addresses: #9552 + type: Bug Fix + impact: High + +- relnote: | + Improved performance of scheduled backup operations for clusters with a very + high number of historical backups. + jira: + addresses: #9489 + type: Bug Fix + impact: High + +- relnote: | + Fixed error handling when removing finalizers on `Database` objects. + jira: + addresses: #9431 + type: Bug Fix + impact: High + +- relnote: | + Updated the `status` command to display "Disabled" when the + `skipWalArchiving` annotation is present on a cluster. + details: | + This replaces + confusing "starting up" or "unknown" states when WAL archiving is + intentionally bypassed. + jira: + addresses: #9709 + component: CNP plugin + type: Bug Fix + impact: High + +- relnote: | + Fixed the `logs --follow` command to continue polling for new pods instead + of exiting prematurely when all current log streams complete. + jira: + addresses: #9599 + component: CNP plugin + type: Bug Fix + impact: High diff --git a/product_docs/docs/postgres_for_kubernetes/1/rel_notes/src/1.28.1_rel_notes.yml b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/src/1.28.1_rel_notes.yml new file mode 100644 index 0000000000..53195fd9bb --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/src/1.28.1_rel_notes.yml @@ -0,0 +1,225 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/EnterpriseDB/docs/refs/heads/develop/tools/automation/generators/relgen/relnote-schema.json +product: EDB CloudNativePG Cluster +version: 1.28.1 +date: 10 February 2025 +intro: | + This release of EDB Postgres® AI for CloudNativePG™ Cluster includes the following: +components: + "Operator": 1.28.1 + "CNP plugin": 1.28.1 + upstream-merge: Upstream [1.28.1](https://cloudnative-pg.io/docs/1.28/release_notes/v1.28/) +relnotes: +- relnote: | + Added support for Azure's `DefaultAzureCredential` authentication mechanism + for backup and recovery operations. + details: | + This can be enabled by setting + `azureCredentials.useDefaultAzureCredentials: true` in the backup + configuration, simplifying authentication in Azure environments without + requiring explicit storage account keys or SAS tokens. + jira: + addresses: #9468 + type: Enhancement + impact: High +- relnote: | + Fixed validation of PostgreSQL extension names containing underscores (e.g., + `pg_partman`, `pg_ivm`). + details: | + Extension names with underscores are + automatically sanitized to use hyphens for Kubernetes volume names while + preserving the original name in mount paths. Webhook validation prevents + naming conflicts after sanitization. Contributed by @shusaan. + jira: + addresses: #9386 + type: Bug Fix + impact: High + +- relnote: | + Fixed a critical issue where the `TimelineID` in the cluster status was not + reset to 1 after a major version upgrade. + details: | + Because `pg_upgrade` initializes a + new timeline, keeping the old ID (e.g., timeline 2) caused replicas to attempt + to restore incompatible history files from object storage, leading to fatal + "requested timeline is not a child of this server's history" errors. + jira: + addresses: #9830 + type: Bug Fix + impact: High + +- relnote: | + Fixed an issue where stale TLS status fields in the `Pooler` were not cleared + after being removed from the specification. + details: | + This was particularly critical + when upgrading to v1.28.0, where the `ServerTLS` field was repurposed, causing + PgBouncer to use incorrect certificates and resulting in "unsupported + certificate" errors that blocked all application connectivity. + The operator now explicitly clears `ServerCA`, `ClientCA`, `ClientTLS`, and + `ServerTLS` status fields when they are no longer configured. + jira: + addresses: #9397 + type: Bug Fix + impact: High + +- relnote: | + Fixed a bug where replicas could enter a crash-loop by attempting to download + timeline history files from future timelines. + details: | + This occurred when stale files + remained in the WAL archive from a previous cluster life, and replicas would + incorrectly try to fetch them during recovery. + jira: + addresses: #9650 + type: Bug Fix + impact: High +- relnote: | + Fixed a race condition in `replica_cluster` setups during designated primary + transitions, preventing transient "no primary" states in the replica cluster. + jira: + addresses: #9601 + type: Bug Fix + impact: High + +- relnote: | + The backup controller now uses the unique instance session ID to detect + instance manager restarts. + details: | + This prevents the operator from incorrectly + assuming a backup is still progressing if the underlying container has crashed + and restarted, which previously led to orphaned backup objects. + jira: + addresses: #9370 + type: Bug Fix + impact: High + +- relnote: | + Fixed a validation gap in Azure object store configurations where the + `storageAccount` was not required when using explicit credentials (such as a + storage key or SAS token). + details: | + The operator now enforces that a storage account + name is provided in these cases and that `connectionString` is mutually + exclusive with other authentication parameters. + jira: + addresses: #9604 + type: Bug Fix + impact: High + +- relnote: | + Optimized the deletion path so the operator begins cleaning up resources + immediately when a cluster is marked for deletion. + details: | + This significantly reduces the time a cluster remains in `Terminating` status + while waiting for internal reconciliation loops. + jira: + addresses: #9555 + type: Bug Fix + impact: High + +- relnote: | + Fixed an issue where replication slots were not properly dropped from + replicas when the feature was disabled or the cluster was reconfigured. + details: | + This ensures that unused slots do not cause WAL build-up on the primary. + jira: + addresses: #9381 + type: Bug Fix + impact: High + +- relnote: | + Fixed an issue where `imagePullSecrets` were not added to the `ServiceAccount` + created for the `Pooler`. + details: | + Previously, these secrets were applied to the + Deployment but not the SA, which caused image pull failures in restricted + environments using certain security policies. + jira: + addresses: #9427 + type: Bug Fix + impact: High + +- relnote: | + Added a check to verify ownership before the operator deletes a `PodMonitor`. + details: | + This prevents the operator from accidentally deleting manually managed + monitoring resources that happen to share a name with expected CNP + resources. Contributed by @juliamertz. + jira: + addresses: #9340 + type: Bug Fix + impact: High + +- relnote: | + Fixed a bug where `pg_stat_archiver` metrics would continue to report stale + data on standby instances after a switchover. + details: | + The exporter now skips these metrics on standbys, as PostgreSQL only provides + valid archiver stats on the primary. + jira: + addresses: #9411 + type: Bug Fix + impact: High + +- relnote: | + Clarified the interpretation of timestamp formats for recovery `targetTime`. + details: | + Timestamps provided without an explicit timezone are now consistently + interpreted as UTC. Contributed by @pchovelon. + jira: + addresses: #8937 + type: Bug Fix + impact: High + +- relnote: | + Fixed backup status updates to prevent "resource has been modified" errors + during concurrent updates. + jira: + addresses: #9551 + type: Bug Fix + impact: High + +- relnote: | + Fixed event reporting to use the correct pod name when a backup pod is not + found. + jira: + addresses: #9552 + type: Bug Fix + impact: High + +- relnote: | + Improved performance of scheduled backup operations for clusters with a very + high number of historical backups. + jira: + addresses: #9489 + type: Bug Fix + impact: High + +- relnote: | + Fixed error handling when removing finalizers on `Database` objects. + jira: + addresses: #9431 + type: Bug Fix + impact: High + +- relnote: | + Updated the `status` command to display "Disabled" when the + `skipWalArchiving` annotation is present on a cluster. + details: | + This replaces + confusing "starting up" or "unknown" states when WAL archiving is + intentionally bypassed. + jira: + addresses: #9709 + component: CNP plugin + type: Bug Fix + impact: High + +- relnote: | + Fixed the `logs --follow` command to continue polling for new pods instead + of exiting prematurely when all current log streams complete. + jira: + addresses: #9599 + component: CNP plugin + type: Bug Fix + impact: High From 4446d9000314f76efcd6266ca7b76f8d3c03668a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 12 Feb 2026 20:40:19 +0000 Subject: [PATCH 4/6] update generated release notes --- .../1/rel_notes/1_25_6_rel_notes.mdx | 100 ++++++++++++++ .../1/rel_notes/1_27_3_rel_notes.mdx | 116 ++++++++++++++++ .../1/rel_notes/1_28_1_rel_notes.mdx | 125 ++++++++++++++++++ .../1/rel_notes/index.mdx | 6 + 4 files changed, 347 insertions(+) create mode 100644 product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_25_6_rel_notes.mdx create mode 100644 product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_27_3_rel_notes.mdx create mode 100644 product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_28_1_rel_notes.mdx diff --git a/product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_25_6_rel_notes.mdx b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_25_6_rel_notes.mdx new file mode 100644 index 0000000000..855f74b8d0 --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_25_6_rel_notes.mdx @@ -0,0 +1,100 @@ +--- +# IMPORTANT: Do not edit this file directly - it is generated from yaml source. +title: EDB CloudNativePG Cluster 1.25.6 release notes +navTitle: Version 1.25.6 +originalFilePath: product_docs/docs/postgres_for_kubernetes/1/rel_notes/src/1.25.6_rel_notes.yml +editTarget: originalFilePath +--- + +Released: 10 February 2025 + +This release of EDB CloudNativePG Cluster is built on the final community release of the 1.25.x series of CloudNativePG. +EDB will continue providing LTS releases in the 1.25.x series according to our [Long-Term Support +policy](/postgres_for_kubernetes/1/#long-term-support). + +This release of EDB CloudNativePG Cluster includes the following: + +## Enhancements + + + +
DescriptionAddresses
Added support for Azure's DefaultAzureCredential authentication mechanism +for backup and recovery operations. +

This can be enabled by setting +azureCredentials.useDefaultAzureCredentials: true in the backup +configuration, simplifying authentication in Azure environments without +requiring explicit storage account keys or SAS tokens.

+
#9468
+ + +## Bug Fixes + + + + + + + + + + + + + + + + + +
DescriptionAddresses
Fixed a bug where replicas could enter a crash-loop by attempting to download +timeline history files from future timelines. +

This occurred when stale files +remained in the WAL archive from a previous cluster life, and replicas would +incorrectly try to fetch them during recovery.

+
#9650
Fixed a race condition in `replica_cluster` setups during designated primary +transitions, preventing transient "no primary" states in the replica cluster. +#9601
Fixed a validation gap in Azure object store configurations where the +storageAccount was not required when using explicit credentials (such as a +storage key or SAS token). +

The operator now enforces that a storage account +name is provided in these cases and that connectionString is mutually +exclusive with other authentication parameters.

+
#9604
Optimized the deletion path so the operator begins cleaning up resources +immediately when a cluster is marked for deletion. +

This significantly reduces the time a cluster remains in Terminating status +while waiting for internal reconciliation loops.

+
#9555
Fixed an issue where replication slots were not properly dropped from +replicas when the feature was disabled or the cluster was reconfigured. +

This ensures that unused slots do not cause WAL build-up on the primary.

+
#9381
Fixed an issue where imagePullSecrets were not added to the ServiceAccount +created for the Pooler. +

Previously, these secrets were applied to the +Deployment but not the SA, which caused image pull failures in restricted +environments using certain security policies.

+
#9427
Added a check to verify ownership before the operator deletes a PodMonitor. +

This prevents the operator from accidentally deleting manually managed +monitoring resources that happen to share a name with expected CNP +resources. Contributed by @juliamertz.

+
#9340
Fixed a bug where pg_stat_archiver metrics would continue to report stale +data on standby instances after a switchover. +

The exporter now skips these metrics on standbys, as PostgreSQL only provides +valid archiver stats on the primary.

+
#9411
Clarified the interpretation of timestamp formats for recovery targetTime. +

Timestamps provided without an explicit timezone are now consistently +interpreted as UTC. Contributed by @pchovelon.

+
#8937
Fixed backup status updates to prevent "resource has been modified" errors +during concurrent updates. +#9551
Fixed event reporting to use the correct pod name when a backup pod is not +found. +#9552
Improved performance of scheduled backup operations for clusters with a very +high number of historical backups. +#9489
Fixed error handling when removing finalizers on `Database` objects. +#9431
Updated the status command to display "Disabled" when the +skipWalArchiving annotation is present on a cluster. +

This replaces +confusing "starting up" or "unknown" states when WAL archiving is +intentionally bypassed.

+
#9709
Fixed the `logs --follow` command to continue polling for new pods instead +of exiting prematurely when all current log streams complete. +#9599
+ + diff --git a/product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_27_3_rel_notes.mdx b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_27_3_rel_notes.mdx new file mode 100644 index 0000000000..f0790b47c6 --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_27_3_rel_notes.mdx @@ -0,0 +1,116 @@ +--- +# IMPORTANT: Do not edit this file directly - it is generated from yaml source. +title: EDB CloudNativePG Cluster 1.27.3 release notes +navTitle: Version 1.27.3 +originalFilePath: product_docs/docs/postgres_for_kubernetes/1/rel_notes/src/1.27.3_rel_notes.yml +editTarget: originalFilePath +--- + +Released: 10 February 2025 + +This release of EDB CloudNativePG Cluster includes the following: + +## Enhancements + + + +
DescriptionAddresses
Added support for Azure's DefaultAzureCredential authentication mechanism +for backup and recovery operations. +

This can be enabled by setting +azureCredentials.useDefaultAzureCredentials: true in the backup +configuration, simplifying authentication in Azure environments without +requiring explicit storage account keys or SAS tokens.

+
#9468
+ + +## Bug Fixes + + + + + + + + + + + + + + + + + + + + +
DescriptionAddresses
Fixed validation of PostgreSQL extension names containing underscores (e.g., +pg_partman, pg_ivm). +

Extension names with underscores are +automatically sanitized to use hyphens for Kubernetes volume names while +preserving the original name in mount paths. Webhook validation prevents +naming conflicts after sanitization. Contributed by @shusaan.

+
#9386
Fixed a critical issue where the TimelineID in the cluster status was not +reset to 1 after a major version upgrade. +

Because pg_upgrade initializes a +new timeline, keeping the old ID (e.g., timeline 2) caused replicas to attempt +to restore incompatible history files from object storage, leading to fatal +"requested timeline is not a child of this server's history" errors.

+
#9830
Fixed a bug where replicas could enter a crash-loop by attempting to download +timeline history files from future timelines. +

This occurred when stale files +remained in the WAL archive from a previous cluster life, and replicas would +incorrectly try to fetch them during recovery.

+
#9650
Fixed a race condition in `replica_cluster` setups during designated primary +transitions, preventing transient "no primary" states in the replica cluster. +#9601
The backup controller now uses the unique instance session ID to detect +instance manager restarts. +

This prevents the operator from incorrectly +assuming a backup is still progressing if the underlying container has crashed +and restarted, which previously led to orphaned backup objects.

+
#9370
Fixed a validation gap in Azure object store configurations where the +storageAccount was not required when using explicit credentials (such as a +storage key or SAS token). +

The operator now enforces that a storage account +name is provided in these cases and that connectionString is mutually +exclusive with other authentication parameters.

+
#9604
Optimized the deletion path so the operator begins cleaning up resources +immediately when a cluster is marked for deletion. +

This significantly reduces the time a cluster remains in Terminating status +while waiting for internal reconciliation loops.

+
#9555
Fixed an issue where replication slots were not properly dropped from +replicas when the feature was disabled or the cluster was reconfigured. +

This ensures that unused slots do not cause WAL build-up on the primary.

+
#9381
Fixed an issue where imagePullSecrets were not added to the ServiceAccount +created for the Pooler. +

Previously, these secrets were applied to the +Deployment but not the SA, which caused image pull failures in restricted +environments using certain security policies.

+
#9427
Added a check to verify ownership before the operator deletes a PodMonitor. +

This prevents the operator from accidentally deleting manually managed +monitoring resources that happen to share a name with expected CNP +resources. Contributed by @juliamertz.

+
#9340
Fixed a bug where pg_stat_archiver metrics would continue to report stale +data on standby instances after a switchover. +

The exporter now skips these metrics on standbys, as PostgreSQL only provides +valid archiver stats on the primary.

+
#9411
Clarified the interpretation of timestamp formats for recovery targetTime. +

Timestamps provided without an explicit timezone are now consistently +interpreted as UTC. Contributed by @pchovelon.

+
#8937
Fixed backup status updates to prevent "resource has been modified" errors +during concurrent updates. +#9551
Fixed event reporting to use the correct pod name when a backup pod is not +found. +#9552
Improved performance of scheduled backup operations for clusters with a very +high number of historical backups. +#9489
Fixed error handling when removing finalizers on `Database` objects. +#9431
Updated the status command to display "Disabled" when the +skipWalArchiving annotation is present on a cluster. +

This replaces +confusing "starting up" or "unknown" states when WAL archiving is +intentionally bypassed.

+
#9709
Fixed the `logs --follow` command to continue polling for new pods instead +of exiting prematurely when all current log streams complete. +#9599
+ + diff --git a/product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_28_1_rel_notes.mdx b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_28_1_rel_notes.mdx new file mode 100644 index 0000000000..3b5b69f889 --- /dev/null +++ b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/1_28_1_rel_notes.mdx @@ -0,0 +1,125 @@ +--- +# IMPORTANT: Do not edit this file directly - it is generated from yaml source. +title: EDB CloudNativePG Cluster 1.28.1 release notes +navTitle: Version 1.28.1 +originalFilePath: product_docs/docs/postgres_for_kubernetes/1/rel_notes/src/1.28.1_rel_notes.yml +editTarget: originalFilePath +--- + +Released: 10 February 2025 + +This release of EDB Postgres® AI for CloudNativePG™ Cluster includes the following: + +## Enhancements + + + +
DescriptionAddresses
Added support for Azure's DefaultAzureCredential authentication mechanism +for backup and recovery operations. +

This can be enabled by setting +azureCredentials.useDefaultAzureCredentials: true in the backup +configuration, simplifying authentication in Azure environments without +requiring explicit storage account keys or SAS tokens.

+
#9468
+ + +## Bug Fixes + + + + + + + + + + + + + + + + + + + + + +
DescriptionAddresses
Fixed validation of PostgreSQL extension names containing underscores (e.g., +pg_partman, pg_ivm). +

Extension names with underscores are +automatically sanitized to use hyphens for Kubernetes volume names while +preserving the original name in mount paths. Webhook validation prevents +naming conflicts after sanitization. Contributed by @shusaan.

+
#9386
Fixed a critical issue where the TimelineID in the cluster status was not +reset to 1 after a major version upgrade. +

Because pg_upgrade initializes a +new timeline, keeping the old ID (e.g., timeline 2) caused replicas to attempt +to restore incompatible history files from object storage, leading to fatal +"requested timeline is not a child of this server's history" errors.

+
#9830
Fixed an issue where stale TLS status fields in the Pooler were not cleared +after being removed from the specification. +

This was particularly critical +when upgrading to v1.28.0, where the ServerTLS field was repurposed, causing +PgBouncer to use incorrect certificates and resulting in "unsupported +certificate" errors that blocked all application connectivity. +The operator now explicitly clears ServerCA, ClientCA, ClientTLS, and +ServerTLS status fields when they are no longer configured.

+
#9397
Fixed a bug where replicas could enter a crash-loop by attempting to download +timeline history files from future timelines. +

This occurred when stale files +remained in the WAL archive from a previous cluster life, and replicas would +incorrectly try to fetch them during recovery.

+
#9650
Fixed a race condition in `replica_cluster` setups during designated primary +transitions, preventing transient "no primary" states in the replica cluster. +#9601
The backup controller now uses the unique instance session ID to detect +instance manager restarts. +

This prevents the operator from incorrectly +assuming a backup is still progressing if the underlying container has crashed +and restarted, which previously led to orphaned backup objects.

+
#9370
Fixed a validation gap in Azure object store configurations where the +storageAccount was not required when using explicit credentials (such as a +storage key or SAS token). +

The operator now enforces that a storage account +name is provided in these cases and that connectionString is mutually +exclusive with other authentication parameters.

+
#9604
Optimized the deletion path so the operator begins cleaning up resources +immediately when a cluster is marked for deletion. +

This significantly reduces the time a cluster remains in Terminating status +while waiting for internal reconciliation loops.

+
#9555
Fixed an issue where replication slots were not properly dropped from +replicas when the feature was disabled or the cluster was reconfigured. +

This ensures that unused slots do not cause WAL build-up on the primary.

+
#9381
Fixed an issue where imagePullSecrets were not added to the ServiceAccount +created for the Pooler. +

Previously, these secrets were applied to the +Deployment but not the SA, which caused image pull failures in restricted +environments using certain security policies.

+
#9427
Added a check to verify ownership before the operator deletes a PodMonitor. +

This prevents the operator from accidentally deleting manually managed +monitoring resources that happen to share a name with expected CNP +resources. Contributed by @juliamertz.

+
#9340
Fixed a bug where pg_stat_archiver metrics would continue to report stale +data on standby instances after a switchover. +

The exporter now skips these metrics on standbys, as PostgreSQL only provides +valid archiver stats on the primary.

+
#9411
Clarified the interpretation of timestamp formats for recovery targetTime. +

Timestamps provided without an explicit timezone are now consistently +interpreted as UTC. Contributed by @pchovelon.

+
#8937
Fixed backup status updates to prevent "resource has been modified" errors +during concurrent updates. +#9551
Fixed event reporting to use the correct pod name when a backup pod is not +found. +#9552
Improved performance of scheduled backup operations for clusters with a very +high number of historical backups. +#9489
Fixed error handling when removing finalizers on `Database` objects. +#9431
Updated the status command to display "Disabled" when the +skipWalArchiving annotation is present on a cluster. +

This replaces +confusing "starting up" or "unknown" states when WAL archiving is +intentionally bypassed.

+
#9709
Fixed the `logs --follow` command to continue polling for new pods instead +of exiting prematurely when all current log streams complete. +#9599
+ + diff --git a/product_docs/docs/postgres_for_kubernetes/1/rel_notes/index.mdx b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/index.mdx index 955b7323f4..abef8c8a3a 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/rel_notes/index.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/rel_notes/index.mdx @@ -7,7 +7,9 @@ indexCards: none redirects: - ../release_notes navigation: + - 1_28_1_rel_notes - 1_28_0_rel_notes + - 1_27_3_rel_notes - 1_27_2_rel_notes - 1_27_1_rel_notes - 1_27_0_rel_notes @@ -15,6 +17,7 @@ navigation: - 1_26_2_rel_notes - 1_26_1_rel_notes - 1_26_0_rel_notes + - 1_25_6_rel_notes - 1_25_5_rel_notes - 1_25_4_rel_notes - 1_25_3_rel_notes @@ -137,7 +140,9 @@ The EDB Postgres for Kubernetes documentation describes the major version of EDB | Version | Release date | Upstream merges | |---|---|---| +| [1.28.1](./1_28_1_rel_notes) | 10 Feb 2025 | Upstream [1.28.1](https://cloudnative-pg.io/docs/1.28/release_notes/v1.28/) | | [1.28.0](./1_28_0_rel_notes) | 16 Dec 2025 | Upstream [1.28.0](https://cloudnative-pg.io/docs/1.28/release_notes/v1.28/) | +| [1.27.3](./1_27_3_rel_notes) | 10 Feb 2025 | Upstream [1.27.3](https://cloudnative-pg.io/docs/1.27/release_notes/v1.27/) | | [1.27.2](./1_27_2_rel_notes) | 16 Dec 2025 | Upstream [1.27.2](https://cloudnative-pg.io/docs/1.27/release_notes/v1.27/) | | [1.27.1](./1_27_1_rel_notes) | 24 Oct 2025 | Upstream [1.27.1](https://cloudnative-pg.io/docs/1.27/release_notes/v1.27/) | | [1.27.0](./1_27_0_rel_notes) | 19 Aug 2025 | Upstream [1.27.0](https://cloudnative-pg.io/docs/1.27/release_notes/v1.27/) | @@ -145,6 +150,7 @@ The EDB Postgres for Kubernetes documentation describes the major version of EDB | [1.26.2](./1_26_2_rel_notes) | 24 Oct 2025 | Upstream [1.26.2](https://cloudnative-pg.io/docs/devel/release_notes/v1.26/) | | [1.26.1](./1_26_1_rel_notes) | 25 Jul 2025 | Upstream [1.26.1](https://cloudnative-pg.io/docs/devel/release_notes/v1.26/) | | [1.26.0](./1_26_0_rel_notes) | 23 May 2025 | Upstream [1.26.0](https://cloudnative-pg.io/docs/devel/release_notes/v1.26/) | +| [1.25.6](./1_25_6_rel_notes) | 10 Feb 2025 | None | | [1.25.5](./1_25_5_rel_notes) | 16 Dec 2025 | None | | [1.25.4](./1_25_4_rel_notes) | 24 Oct 2025 | Upstream [1.25.4](https://cloudnative-pg.io/docs/devel/release_notes/old/v1.25/) | | [1.25.3](./1_25_3_rel_notes) | 25 Jul 2025 | Upstream [1.25.3](https://cloudnative-pg.io/docs/devel/release_notes/old/v1.25/) | From d74baf4071b55675077025f3b6c59022376255cf Mon Sep 17 00:00:00 2001 From: Josh Heyer Date: Thu, 12 Feb 2026 21:19:08 +0000 Subject: [PATCH 5/6] update version --- product_docs/docs/postgres_for_kubernetes/1/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/product_docs/docs/postgres_for_kubernetes/1/index.mdx b/product_docs/docs/postgres_for_kubernetes/1/index.mdx index 6e4a1103b4..6f2392b93f 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/index.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/index.mdx @@ -4,7 +4,7 @@ description: The {{name.ln}} operator is a fork based on CloudNativePG™ which originalFilePath: src/index.md indexCards: none directoryDefaults: - version: "1.28.0" + version: "1.28.1" redirects: - /postgres_for_kubernetes/preview/:splat navigation: From 453da2df3d1176e8306ac7efe7dfe002cf131138 Mon Sep 17 00:00:00 2001 From: Josh Heyer Date: Thu, 12 Feb 2026 21:44:14 +0000 Subject: [PATCH 6/6] DOCS-3193: clarify & simplify LTS blurb --- .../docs/postgres_for_kubernetes/1/index.mdx | 20 +++++++------------ 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/product_docs/docs/postgres_for_kubernetes/1/index.mdx b/product_docs/docs/postgres_for_kubernetes/1/index.mdx index 6f2392b93f..0901b35429 100644 --- a/product_docs/docs/postgres_for_kubernetes/1/index.mdx +++ b/product_docs/docs/postgres_for_kubernetes/1/index.mdx @@ -144,19 +144,13 @@ users can expect a **"Level V - Auto Pilot"** set of capabilities from the ### Long Term Support -EDB is committed to declaring a Long Term Support (LTS) version of {{name.ln}} annually. 1.25 is the current LTS version. 1.18 was the -first. Each LTS version will -receive maintenance releases and be supported for an additional 12 months beyond -the last community release of CloudNativePG for the same version. - -For example, the 1.22 release of CloudNativePG reached End-of-Life on July -24, 2024, for the open source community. -Because it was declared an LTS version of {{name.ln}}, it -will be supported for an additional 12 months, until July 24, 2025. - -In addition, customers will always have at least 6 months to move between LTS versions. -For example, the 1.25 LTS version was released on December 23 2024, giving ample -time to users to migrate from the 1.22 LTS ahead of the End-of-life on July 2025. +EDB is committed to declaring a Long Term Support (LTS) version of {{name.ln}} annually. 1.28 is the current LTS version. Each LTS version will +receive maintenance releases and be supported for an additional 12 months beyond the standard 6 months for a total of 18 months from the initial release. + +For example, v1.25 of {{name.ln}} was released in December, 2024. +Because it was declared an LTS version, it will be supported for a total of 18 months, until June, 2026. + +For a list of currently supported versions and their statuses, see: [Platform Compatibility](https://www.enterprisedb.com/resources/platform-compatibility#edb%20postgres%C2%AE%20ai%20for%20cloudnativepg%E2%84%A2%20cluster). While we encourage customers to regularly upgrade to the latest version of the operator to take advantage of new features, having LTS versions allows customers desiring additional stability to stay on the same