Production PostgreSQL for Kubernetes, from high availability Postgres clusters to full-scale database-as-a-service.
APACHE-2.0 License
Bot releases are hidden (Show)
Published by jkatz almost 3 years ago
Published by jkatz almost 3 years ago
Published by jkatz almost 3 years ago
Published by jkatz about 3 years ago
Crunchy Data announces the release of PGO, the Postgres Operator 4.7.3.
The PostgreSQL Operator is released in conjunction with the Crunchy Container Suite.
PostgreSQL Operator 4.7.3 release includes the following software versions upgrades:
Published by jkatz about 3 years ago
Published by jkatz about 3 years ago
Published by andrewlecuyer about 3 years ago
Crunchy Data announces the release of PGO, the Postgres Operator 4.5.4.
The PostgreSQL Operator is released in conjunction with the Crunchy Container Suite.
PostgreSQL Operator 4.5.4 release includes the following software versions upgrades:
vendor
label is propagated to all PGO managed objects. Reported by @mdraijer.posix
to s3
within a new cluster.Published by andrewlecuyer about 3 years ago
Crunchy Data announces the release of PGO, the Postgres Operator 4.6.4.
The PostgreSQL Operator is released in conjunction with the Crunchy Container Suite.
PostgreSQL Operator 4.6.4 release includes the following software versions upgrades:
crunchy-postgres-gis-ha
) container.pg-pod-anti-affinity
is now removed from the userlabels
section of a pgclusters.crunchydata.com
custom resource.vendor
label is propagated to all PGO managed objects. Reported by (@mdraijer).Published by andrewlecuyer about 3 years ago
Crunchy Data announces the release of PGO, the Postgres Operator 4.6.4.
The PostgreSQL Operator is released in conjunction with the Crunchy Container Suite.
PostgreSQL Operator 4.6.4 release includes the following software versions upgrades:
crunchy-postgres-gis-ha
) container.pg-pod-anti-affinity
is now removed from the userlabels
section of a pgclusters.crunchydata.com
custom resource.vendor
label is propagated to all PGO managed objects. Reported by (@mdraijer).Published by andrewlecuyer about 3 years ago
Crunchy Data announces the release of PGO, the Postgres Operator 4.7.2.
The PostgreSQL Operator is released in conjunction with the Crunchy Container Suite.
PostgreSQL Operator 4.7.2 release includes the following software versions upgrades:
crunchy-postgres-gis-ha
) container.nss_wrapper
has been removed from the crunchy-postgres-exporter
container.Published by andrewlecuyer about 3 years ago
Crunchy Data announces the release of PGO, the Postgres Operator 4.7.2 on August 17, 2021.
The PostgreSQL Operator is released in conjunction with the Crunchy Container Suite.
PostgreSQL Operator 4.7.2 release includes the following software versions upgrades:
crunchy-postgres-gis-ha
) container.nss_wrapper
has been removed from the crunchy-postgres-exporter
container.Published by andrewlecuyer about 3 years ago
Crunchy Data announces the release of PGO, the Postgres Operator 4.7.1 on July 29, 2021.
The PostgreSQL Operator is released in conjunction with the Crunchy Container Suite.
PostgreSQL Operator 4.7.1 release includes the following software versions upgrades:
pg-pod-anti-affinity
is now removed from the userlabels
section of a pgclusters.crunchydata.com
custom resource.vendor
label is propagated to all PGO managed objects. Reported by (@mdraijer).pv/create-pv-nfs.sh
script, which helps with provisioning persistent volumes when using NFS storage. Contributed by Adrian Galbenus (@agalbenus).disable_fsgroup: false
from the default installation setup. This allows the OpenShift autodetection code to work properly.Published by jkatz about 3 years ago
Published by jkatz over 3 years ago
Crunchy Data announces the release of the PostgreSQL Operator 4.5.3 on June 2, 2021.
The PostgreSQL Operator is released in conjunction with the Crunchy Container Suite.
PostgreSQL Operator 4.5.3 release includes the following software versions upgrades:
PGOADMIN_USERNAME
, PGOADMIN_PASSWORD
, PGOADMIN_ROLENAME
credential bootstrap variables to be overriden as part of the OLM and development install process. Contributed by Mathieu Parent (@sathieu).--backup-opts
in pgo backup
. Reported by Samir Faci (@safaci2000).python
references in EL8 containers. Reported by (@douggutaby).pgo test
. Prior to this, it was identified as a "primary"; now it is "pgadmin".status
subresource of a pgclusters.crunchydata.com
custom resource is missing.crunchy-upgrade
support PostgreSQL 12 and PostgreSQL 13. Reported by (@lbartnicki92).pgo-scheduler
container shuts down in the UBI 8 base container.pgo-deployer
and Ansible installer will no longer create an initial TLS secret for the PGO apiserver. PGO apiserver has been able to self-create this for a long time, and PGO defers to that. This fixes an issue that occurred on newer builds where certificates generated by OpenSSL contained incomplete usage blocks, which could cause for these certificates to be properly outright rejected.Published by jkatz over 3 years ago
Published by jkatz over 3 years ago
Crunchy Data announces the release of the PostgreSQL Operator 4.6.3 on May 25, 2021.
The PostgreSQL Operator is released in conjunction with the Crunchy Container Suite.
PostgreSQL Operator 4.6.3 release includes the following software versions upgrades:
PGOADMIN_USERNAME
, PGOADMIN_PASSWORD
, PGOADMIN_ROLENAME
credential bootstrap variables to be overriden as part of the OLM and development install process. Contributed by Mathieu Parent (@sathieu).--backup-opts
in pgo backup
. Reported by Samir Faci (@safaci2000).sshd_config
is correctly set on an upgrade. This could have manifested with some pgBackRest functionality not working. This can be manually fixed by setting UsePAM no
in the sshd_config
file in a cluster. Reported by (@douggutaby).pgo test
. Prior to this, it was identified as a "primary"; now it is "pgadmin".pgo-scheduler
container shuts down in the UBI 8 base container.pgo-deployer
and Ansible installer will no longer create an initial TLS secret for the PGO apiserver. PGO apiserver has been able to self-create this for a long time, and PGO defers to that. This fixes an issue that occurred on newer builds where certificates generated by OpenSSL contained incomplete usage blocks, which could cause for these certificates to be properly outright rejected.Published by jkatz over 3 years ago
Crunchy Data announces the release of the PGO, the PostgreSQL Operator, 4.7.0 on May 17, 2021.
The PostgreSQL Operator is released in conjunction with the Crunchy Container Suite.
PGO 4.7.0 introduces the following software components:
PGO 4.7.0 release includes the following software versions upgrades:
Additionally, the UBI 8 builds for PGO and its components now use the ubi8-minimal
container as a base.
There are many things that can cause someone to need more storage in their database system, such as an increase in a backup retention policy or organically through data growth. In Kubernetes, this requires having to increase the size of a PVC.
This release of PGO introduces the ability to resize, i.e. increase the size of, the managed PVCs of the Postgres Operator. These PVCs included:
All of these attributes can be edited directly on the pgclusters.crunchydata.com
or pgreplicas.crunchydata.com
custom resources by editing the size
attribute in the correct storage configuration. The new PVC sizes must be larger than the previous PVC sizes. Please see the Custom Resources section of the documentation for more information.
Modifying the size of the Postgres cluster or WAL PVC will cause the Postgres Operator to use a rolling update action to minimize (or eliminate) any downtime that the cluster may have with resizing. This method not only reduces or eliminates downtime, it ensures that the PVC resize functionality is backwards compatible down to Kubernetes 1.11 / OpenShift 3.11.
It is also possible to resize the Postgres cluster, pgBackRest repo, and WAL PVC sizes using the pgo update cluster
command with the --pvc-size
, --pgbackrest-pvc-size
, and --wal-pvc-size
flags respectively.
Google Cloud Storage (GCS) is a blob storage service available in the Google Cloud Platform. pgBackRest 2.33 added native support for backup management using GCS. And now, PGO, the Postgres Operator, now natively supports storing backups in GCS!
This release brings equivalent functionality between PGO's support for S3 and GCS. In particular, Postgres Operator 4.7 adds the following attributes to the pgclusters.crunchydata.com
custom resource for configuring backup storage with GCS:
BackrestGCSBucket
(required)BackrestGCSEndpoint
BackrestGCSKeyType
The pgBackRest repository Secret now supports a key called gcs-key
, which references the GCS credential. For more information on setting up a Postgres cluster with backups stored in GCS using custom resources, please see the custom resources section of the documentation.
Similarly, additional flags are now available in the pgo create cluster
command to enable GCS support, including:
--pgbackrest-gcs-bucket
--pgbackrest-gcs-endpoint
--pgbackrest-gcs-key
--pgbackrest-gcs-key-type
Note that --pgbackrest-gcs-key
references a file path in your local environment. The GCS credential is a JSON file; for convenience, the PGO client will accept the file and handle the upload.
The two parameters that are required are the GCS bucket name and the GCS key; pgBackRest can figure out the rest.
Note that in a "hybrid" setup, you can only use "posix,gcs"; "s3,gcs" is not supported at this time. In other words, the following storage types are supported:
posix
s3
gcs
posix,s3
posix,gcs
For more information, please refer to the documentation
The Postgres Operator now allows you to create a Postgres cluster in a different namespace from the source cluster. This is useful, for example, when trying to copy data from a production cluster that is in a production namespace into a development cluster in a development namespace.
For example, to create a cluster called hippo
from data in a cluster called elephant
in namespace production
, you can execute the following command:
pgo create cluster hippo --restore-from=elephant --restore-from-namespace=production
and the Postgres Operator will create hippo
from elephant
. This also works by setting the namespace
attribute in the restoreFrom
block in the pgclusters.crunchydata.com
custom resource.
Note that the Postgres Operator needs to have sufficient privileges in both namespaces to use this feature. For more information, please read about Namespace Management in the documentation.
This release brings several enhancements to monitoring Postgres clusters managed by PGO, including support for Grafana 7.4. These include:
There are also general improvements to the overall user experience of the monitoring visualizations.
It's common to begin designing a Postgres cluster in development and then, upon bringing it to production, add TLS support to it.
This release of PGO, the Postgres Operator from Crunchy Data, allows you to enable or disable TLS in an active Postgres cluster. This has the added benefit of being able to point a Postgres cluster at different Secrets, e.g. for rotation.
The pgclusters.crunchydata.com
custom resource now allows for the following attributes in its specification to be edited:
tls.caSecret
tls.replicationTLSSecret
tls.tlsSecret
tlsOnly
Additionally, the following flags are now available on the pgo update cluster
command:
--disable-server-tls
: removes TLS from a cluster--disable-tls-only
: removes the TLS-only requirement from a cluster--enable-tls-only
: adds the TLS-only requirement to a cluster--server-ca-secret
: combined with --server-tls-secret
, enables TLS in a cluster--server-tls-secret
: combined with --server-ca-secret
, enables TLS in a cluster--replication-tls-secret
: enables certificate-based auth between Postgres instances.To enable TLS in an active Postgres cluster, you need to ensure that both the server CA Secret and the server TLS secret are set.
Note that PGO will rewrite some of your HBA rules when performing any TLS enable/disable updates. While it will do its best to preserve custom rules, this is not a guarantee, and if you have customized your HBA rules, you should inspect your config after.
--compress
/ --no-compress
flag for the pgBackRest backup options (--backup-opts
) is removed. Please use the --compress-type
flag instead.Namespace
attribute is removed from the Spec
of pgclusters
, pgreplicas
, and pgtasks
as it was superfluous.userlabels
attribute on the pgclusters.crunchydata.com
custom resource, in addition to extending this functionality of the pgo label
and pgo delete label
commands.scram-sha-256
, md5
) for PostgreSQL users can now be selected using the --password-type
flag on pgo create cluster
. The passwordType
attribute on the pgclusters.crunchydata.com
custom resource can also be used for this purpose.--pvc-size
flag on the pgo create pgadmin
command.pgo.yaml
ConfigMap in the PGAdminStorage
section, or via the --storage-config
flag on the pgo create pgadmin
command. If nothing is set, it will default to the configuration based on PrimaryStorage
.s3bucketname
attribute on the pgclusters.crunchydata.com
can now be edited in an existing cluster.readOnlyRootFileSystem
is now enabled by default on containers. This also coincides with a change in how some of the entrypoints are set in order to guarantee compatibility with OpenShift 3.11.--compress-type
flag is now supported for the backup options (--backup-opts
) for pgBackRest backups with pgo backup
. none
, gz
, bz2
, and lz4
are all supported. Presently zst
is not supported.readOnlyRootFileSystem
to true
, allowPrivilegeEscalation
to false
, and explicitly stating that the container should not run as root
. Many of these were already honored, if not defaulted, within the Postgres Operator ecosystem, but these changes make the settings explicit. This is all configuration: there are no breaking changes, and these configurations can be supported down to at least the 4.2 series.PGOADMIN_USERNAME
, PGOADMIN_PASSWORD
, PGOADMIN_ROLENAME
credential bootstrap variables to be overridden as part of the OLM and development install process. Contributed by Mathieu Parent (@sathieu).DisableFSGroup
to true
. This makes it easier to get started with the Postgres Operator in an OpenShift environment with the default security settings (i.e. restricted
). If you use the anyuid
Security Context Constraint, you will need to explicitly set DisableFSGroup
to false
.archive_mode
is forced to on
when performing using the "restore in place" method. This ensures that the timeline is correctly incremented post-restore, which could manifest itself with various types of WAL archive failures.--backup-opts
in pgo backup
. Reported by Samir Faci (@safaci2000).pgo restart
.python
references in EL8 containers. Reported by (@douggutaby).pgo test
. Prior to this, it was identified as a "primary"; now it is "pgadmin".status
subresource of a pgclusters.crunchydata.com
custom resource is missing.pg_stat_statements
support of pgMonitor. Defaults to 20, which is the pgMonitor upstream value. Contributed by Steven Siahetiong (@ssiahetiong).sshd_config
is correctly set on an upgrade. This could have manifested with some pgBackRest functionality not working. This can be manually fixed by setting UsePAM no
in the sshd_config
file in a cluster. Reported by (@douggutaby)crunchy-upgrade
support PostgreSQL 12 and PostgreSQL 13. Reported by (@lbartnicki92).pgo-deployer
and Ansible installer will no longer create an initial TLS secret for the PGO apiserver. PGO apiserver has been able to self-create this for a long time, and PGO defers to that. This fixes an issue that occurred on newer builds where certificates generated by OpenSSL contained incomplete usage blocks, which could cause for these certificates to be properly outright rejected.pgo-scheduler
container shuts down in the UBI 8 base container.Published by jkatz over 3 years ago