Crunchy Data announces the release of the PostgreSQL Operator 4.6.2 on March 22, 2021.
The PostgreSQL Operator is released in conjunction with the Crunchy Container Suite.
PostgreSQL Operator 4.6.2 release includes the following software versions upgrades:
- Patroni is now at version 2.0.2.
- pgBouncer for CentOS 8 / UBI 8 is rebuilt to use the libc for its async DNS backend.
PostgreSQL Operator is tested against Kubernetes 1.17 - 1.20, OpenShift 3.11, OpenShift 4.4+, Google Kubernetes Engine (GKE), Amazon EKS, Microsoft AKS, and VMware Enterprise PKS 1.3+, and works on other Kubernetes distributions as well.
Changes
- The Postgres Operator and associated containers now contain defaults to use more locked down Pod and Container security context settings. These include setting
allowPrivilegeEscalation
tofalse
and explicitly stating that the container should not run asroot
. Many of these were already honored, if not defaulted, within the Postgres Operator ecosystem, but these changes make the settings explicit. This is all configuration: there are no breaking changes, and these configurations can be supported down to at least the 4.2 series. - Revert setting "UsePAM" to "yes" by default as the bug fix in Docker that required that change was applied roughly one year ago.
- On Operator boot, Automatically detect when deployed in an OpenShift environment and set
DisableFSGroup
totrue
. This makes it easier to get started with the Postgres Operator in an OpenShift environment with the default security settings (i.e.restricted
). If you use theanyuid
Security Context Constraint, you will need to explicitly setDisableFSGroup
tofalse
.
Fixes
- Ensure
archive_mode
is forced toon
when performing using the "restore in place" method. This ensures that the timeline is correctly incremented post-restore, which could manifest itself with various types of WAL archive failures. - Fix error when attempting to perform restores when using node affinity. Reported by (@gilfrade) and Cristian Chiru (@cristichiru).
- Fix issue where certain pgAdmin 4 functions did not work (e.g. taking a backup) due to
python
references in EL8 containers. Reported by (@douggutaby). - Ensure a Postgres cluster shutdown can execute even if the
status
subresource of apgclusters.crunchydata.com
custom resource is missing. - Ensure major upgrades via
crunchy-upgrade
support PostgreSQL 12 and PostgreSQL 13. Reported by (@lbartnicki92). - Fix installed RBAC permissions via OLM. Reported by Tim Bo (@timbrd), with additional analysis from Aleksander Roszig (@AleksanderRoszig) and Eric Ace (@aceeric).