postgres-operator

This is a bug fix release which addressed the following issues:

• bug fixes related to deleting clusters and their PVCs when a user selects --delete-data
• fixed a bug where xlog PVCs were being allocated for backrest enabled clusters, xlog PVCs are not used when backrest is enabled on a cluster
• fixed labels when displaying pgo show cluster
• fixed pgbouncer with backrest restore bug
• reduced privaleges required in the rbac.yaml
• fixed content-type returned in the REST API.
• fixed pgo show pvc errors on second call in GKE
  #120 - Create Cluster: --pgbouncer using wrong user
  #469 - make pgbouncer credential configurable
  #536 - Returns success response but no cluster created
  #571 - Hardcoded database, pgbouncer.ini
  Documentation updates

This was mostly a bug fix release and includes the following:

• added a SCALE permission to pgorole to secure the scale and scaledown API calls
• fixed a bug where the pgtask for autofail was not being recreated after an initial failover, this would cause the 2nd autofailover to not proceed
• fixed a bug in autofail toggling where if you created a cluster with autofail not set, then set autofail=true, the pgtask for autofail was not being created, so autofail would not work on that cluster
• fixed a bug in node affinity logic where replicas were not getting the correct node affinity rule applied when a user specifies --node-label when creating a cluster
• added a --ccp-image flag to pgo create command that lets you use an alternative container image, for example, you can specify --ccp-image=crunchy-postgres-gis to create a cluster using the PostGIS version of the postgres container image (new feature)
• TLS 1.1 made the minimum version
• added pgdump and pgrestore CLI commands (new feature)
• added --node-label flag to pgo restore command (new feature)
• this release is dependent on the pgbackrest version found in the Postgres container image, 2.3.1, pgbackrest requires versions to match between the Postgres container and the Operator containers, this version of pgbackrest is now 2.10
• fixed a bug where the restored cluster was using the default primary storage config instead of one used when the original primary was created when a user specifies the storage-config command flagj
• updated the Postgres version packages used within the Operator containers to match the most recent PG 11 version used in the crunchy-containers project

#490 - failover label refactor - this change lets the failover work faster by not requiring a bounce of the PG pods within a PG cluster, see the documentation for details on this change and the impact on existing operator deployments

#481 - make replacing a replica as part of a fail-over a configurable setting in pgo.yaml and on the command line when creating a cluster

#494 - create a storage configuration setting specifically for xlog volumes, the setting is names XlogStorage within the pgo.yaml file.

#495 - support for label matching in storage configurations, this for example will let you specify different
PV types to match on to support multiple zones when using NFS.

#499 - create an autofail 'toggle', pgo update cluster --autofail=true|false is a new command that sets the autofail flag on the pgcluster CRD to enable or disable autofailover logic on a set of clusters.

#500 - fixed bug in pgbackrest restore job to accept PITR target time option, users will pass in --backup-opts="--type=time" --pitr-target="2018-12-12 14:45:58 EST" into the pgo restore command if they want to restore to a given point in time.

#506 - fixed a bug where the Postgres Port was not being able to be overrode when set in pgo.yaml

#521 - added pgbackrest shared repository architecture - with this change, a PG cluster that has pgbackrest enabled will cause a pgbackrest repository to be created as a Deployment configured to act as the pgbackrest repository for the whole Postgres cluster, this change only will work with crunchy containers version 2.3.0 and
is not backward compatible with prior crunchy container versions, see the Documentation Design section for
more details on how this integration is implemented

#505 - added an option to specify in pgo.yaml a new setting, PreferredFailoverNode, which is a selector that determines which nodes to use as 'preferred' when a fail over happens.

Notes on this version:

• server.crt and server.key are no longer included by default in the repo, instead these are generated when you run the install-rbac.sh script upon installation
• pgo-backrest-repo is a new container which holds the pgbackrest shared repository used when you deploy a PG cluster with --pgbackrest, keys are generated for pgbackrest repositories when you run install-rbac.sh upon Operator installation
• pgo-backrest-repo storage is configured via pgo.yaml setting BackrestStorage
• with this Operator version, the crunchy-postgres container image version 2.3.0 is required for pgbackrest integration within the Operator, you will need to upgrade to this latest version of crunchy-postgres for existing and all new PG clusters created by the Operator.
• documentation for the Operator was completely revised with this version
• pgo API keys are now generated when you run the install-rbac.sh script, before this release the server.key and server.crt keys were pre-generated and included into the github repository, running this script is only required
  once or unless you want to re-generate the API keys
• pgbackrest integration with this release requires sshd keys to be generated, these keys are generated when you run the install-rbac.sh script and only need to be run one time

Breaking changes were made this release, you will want to review these changes here:
https://crunchydata.github.io/postgres-operator/3.5.0/upgrade/

NOTE: new pgbackrest functionality in the 3.4.0 release will only work with crunchy-containers >= v2.2.0,
users are encouraged to upgrade their crunchy-containers to version 2.2.0.

This release adds the following:

• #404 NodePort as a service type when specifying --service-type on the pgo command line or within the pgo.yaml
• #396 - password length flag added to pgo create user command
• #405 - backups CRD specifies secret name instead of password and username for backup jobs
• #392 - add ability to specify container resource limits for helper containers, pgpool, and pgbouncer containers via pgo.yaml settings
• #338 - integration with crunchy-schedule, a cron scheduler that lets you schedule backups, integrated within the pgo CLI, the crunchy-scheduler is also now created when deploying the postgres-operator in the deploy.sh script, NOTE for pgbackrest schedules you are required to run a manual pgbackrest backup prior to creating a schedule, this only applies to pgbackrest backups and this requirement will be removed in the 3.5 release.
• #425 - changed df command to report each Pod's pgdata PVC information, cleaned up CLI output
• implemented the beta version of pgbackrest integration. This new integration is not compatible with the prior pgbackrest integration and only works with crunchy-postgres v2.2.0 or greater. See the upgrade notes for more details.
• #341 - added --backup-opts support for passing pgbasebackup options when performing pgbasebackup backups
• #420 - added workflow ID concept to create cluster command, introduces 'pgo show workflow'

This release includes the following:

• #317 - created new pgo scaledown verb to replace previous scale down command line usage
• #344 - fixed a bug where credential secrets were getting removed even if --delete-data was not specified by the user, this would cause an issue when users recreated a cluster with the same name as the prior cluster
• #268 - added missing configuration settings to the output of pgo show config
• #350 - pgbackrest volumes and data are now deleted when you run pgo delete cluster xxx --delete-data --delete-backups
• fixed a bug in pgbackrest restore where the wrong pvc name was being used causing restores not to work on block storage file systems
• #277 - add PrimaryNodeLabel and ReplicaNodeLabel fields to pgo.yaml, when set, these take effect for clusters and replicas being created, if not set, then normal behavior is used, users can still override these with command line flag (--node-label), by default they are not set in the sample pgo.yaml file.
• #262 #177 - add a command flag to backup to support pgbackrest command options like compression and incremental backups
• #349 - added error logic to pgo backup command when backrest backup is requested and when user adds a --storage-config flag which doesn't make sense with a backrest backup, also removed the prompt from the pgo CLI for doing backups.
• migrated to dep for golang dependency mgmt, removed godep
• #335 - cleaned up shorthand flag codes in pgo CLI, only a few common flags include shorthand syntax after this change
• #152 - pgo create pgpool mycluster command created to allow the addition of a pgpool to an existing cluster, likewise, pgo delete pgpool mycluster command is there to allow you to remove a pgpool
• #156 - add ability to reconfigure pgpool if a user credential changes for a managed user.
• #343 - added pgbouncer support, thanks @scrummyin 👍
• add pgo delete label command, removing this capability from pgo label command

This release includes:

• removal of CCP_IMAGE_PREFIX and CO_IMAGE_PREFIX and CO_IMAGE_TAG environment variables from the deployment.yaml file and Helm chart equvalent, instead these values will be pulled from the pgo.yaml configuraiton file mounted by both the apiserver and operator containers, see the upgrade notes for details
• #162 - added the MatchLabels attribute to the storage configuration as an optional attribute in the pgo.yaml file, when specified, it will cause a label selector to be added to the PVC of form "name=mycluster"
• #186 - added a --ccp-image-tag command line flag to the pgo scale command which allows you to specify a specific postgres image tag to be used for the scaled replicas which can now be different than the primary image
• #188 - added the pgo reload command which will cause a pg_ctl reload command to be executed on a list of matching PG databases
• added ExternalIP for Services into the 'pgo show cluster' API response to support LoadBalancer service types
• #276 - added "--service-type" command flag for creating a cluster and for scaling it, this will let users override ClusterIP with LoadBalancer in this release. The service type can be globally set in the pgo.yaml file as well.
• #274 - documented upgrade requirement for upgrading clusters from 2.6 to 3.2 releases, applies to already created clusters.
• #284 - added 'pgo show user' command, this replaces the '--show-secrets' flag on the 'pgo show cluster' command, a new permission named SHOW_SECRETS_PERM was added. pgo roles need this permission in order to see user secrets with this change.
• #283 - added API fields to support pgo-ui and also improve the pgo CLI output.
• #290 - added pgo-version label to clusters to keep track of what pgo version was used to create a cluster
• #288 - added ready status check into the pgo test command to avoid hanging at the command line when a pod is not ready
• #271 - updated command documentation
• #203 - validate pgouser roles at startup time, apiserver will not start with invalid roles after this change
• #263 - add pgo.yaml global flag for autofail, when set, will apply auto failover checks on all created clusters
• #201 - added scale down ability to pgo scale command, with this command you can selectively delete replicas
• moved the MetricsFlag in the pgo.yaml to to the Cluster section instead of the Pgo section to be more consistent with the sections of the configuration file
• #272 - added pgbadger command line flag and pgo.yaml flag, when set, will cause a crunchy-pgbadger container sidecar to be added to the database pods.
• initial ALPHA pgbackrest integration, further work will be done to support pgbackrest in future versions of the Postgres Operator, this is a trial to get feedback, future releases will build upon this initial functionality, see the Design Docs and Command Docs for more details on how this integration works
• deprecate the storage types 'existing' and 'emptydir', these are no longer very useful and will be removed in the upcoming release. This will leave 'create' and 'dynamic' as the supported storage types.
• includes updated Postgres packages in the Operator containers that require Postgres
• added changes into the collect.json template for metrics collection to support crunchy-containers 2.1.0 which introduced a new version of pgmonitor, grafana (metrics). This change requires you to upgrade to the crunchy-collect 2.1.0 container.
• updated the configuration to use the crunchy container suite 2.1.0 release as the default images

The 3.1 release includes the following new features, fixes, and improvements:

• #229 a fix for the collect container not getting added when the metrics flag is passed to 'pgo create cluster'
• #224 - clean up version numbers in docs and also described the pgo binaries for Mac and Windows in the installation docs, also updated the bash completion example file with the latest pgo commands and flags.
• #228 merged a fix for the helm chart to work again with the 3.0 changes, thanks to @blaggacao @ieugen @TomNeyland
• #231 fixed bug when a user specified a node label key that contained a slash character which is valid for a node label key.
• #239 fixed bug where collect container was not getting the postgres password supplied to it
• #167 fixed a bug where delete jobs and tasks were not getting removed when a user specified --delete-data or --delete-backups on the pgo delete cluster command
• #236 - fixed bug in df command for containers created pre-3.0
• changed default rbac rules to use role and role bindings instead of clusterrole and clusterrolebindings, essentially de-escalating privs required to deploy the operator.
• removed the use of the replica label from pods, the primary label is now used to indicate whether a pod is a primary or replica by setting the primary label value to true or false
• added logic to remove the pgreplica CRD for a replica that is promoted as part of failover
• added logic to create a new replica to replace the promoted replica as part of failover
• #247 - fixed the failover logic when validating the target database container, this was broken for cases where the target pod had more than 1 container in it (e.g. metrics sidecar).
• #245 - pgo backup confirmation added, --no-prompt flag already was present.
• print Ready status of failover pods in pgo failover query output
• operator pod now reads the pgo.yaml configuration file via a volume mount in the deployment
• #141 - added the Creation Timestamp to the *pgo show backup * command output
• #166 added pvc-name command flag into pgo backup command that allows a backup to an adhoc created PVC, useful for special backups or disaster recovery cases
• #59 added ability to apply policies specified in pgo.yaml or by a user after a database is initially created and goes into a Ready state.
• #190 - auto failover initial implementation, see docs on design description and usage'
• added new 'pgo show config' command to allow users an ability to view the pgo configuration

changes this release:

• update RHEL images to use latest RHEL image version instead of 7.4 being hardcoded, this will pick up 7.5 going forward
• new HTML documentation added and hosted on Github Pages https://crunchydata.github.io/postgres-operator/
• refactored the dep mgmt, now using godep and updated the deps to use kubernetes-1.9.7
• PVC names no longer include "-pvc" as part of the naming convention
• PVC resources include a label pg-cluster=clustername to allow selection based on pg-cluster name
• --archive command flag available to the "pgo create cluster" command which enabled archive logging to a dedicated PVC (e.g. mycluster-xlog), ArchiveTimeout, and ArchiveMode config file settings were added to allow global configuration
• pgtask CRD parameters are now stored in a map instead of a string
• added the pgo df command, see the command documentation for a description
• added the pgo status command, see the command documentation for a description
• converted to http GET calls for pgo delete commands, this impacts previous pgo clients and the apiserver REST APIj
• #215 - added vendor label to all kube resources created by the operator to let uses identify operator deployment based resources by vendor name (e.g. crunchydata)
• #191 - fixed namespace setting in deploy.sh to properly refer to namespace when creating the apiserver secret
• #211 - fixed failover pgtask removal before a 2nd failover
• #148 - fixed bug where a cluster pvc was not removed when the cluster was removed, this would prevent a new cluster with the same name from being created
• #200, #207, #210 - fixed various issues with manual failover when you performed multiple failovers

Release 2.6 includes the following changes:

• added logic for #115 - provides validation of label, cluster, and policy names against the apimachinery API
• removed code for #128 - create-secrets.sh script was deprecated and removed
• refactored code for #122 - cleaner pgo output and also removed multi-byte chars from output which didn't render on Windows correctly
• fixed #123 - cleaned up pgo backup command output
• #82 - added json output command line flag to pgo test command and also add selector command line flag to pgo test
• #117 - added logic to support filtering clusters by a policy name using the normal selector flag.
• #125 - added container resources capability to allow users to set a default resources configuration and override at the command line values for CPU/Memory for each database container when provisioned.
• #130 - renamed DEBUG env var to CRUNCHY_DEBUG to be consistent with other projects
• #77 - started a REST API section in the documentation to help people out doing custom integrations
• #68 - Kube and application RBAC changes and additions, the pgo users now have roles associated with them, see the docs for the details on how and where RBAC is implemented.
• updated the Helm chart to work with this release
• #97 added pgpool capability, updated docs
• #67 added pgo create user and pgo delete user commands, removed the previous style of command
• #137 - changed the default deployment to store the apiserver configuration files into a secret instead of a configmap
• #140 - changed pgo backup to include a "--no-prompt" flag and also changed the apiserver to remove any existing backup job if it had already existed.
• removed CO_NAMESPACE environment variable, removed Namespace setting within the pgo.yaml file, the namespace is now set within the deployment.yaml file and is determined by what namespace the operator is deployed to, there is no need to specify the namespace in any other location starting with release 2.6
• #138 - refactored the pgo scale command, starting with this release you can specify --resources-config and --storage-config flags to dictate the configurations to be used for a given replica(s)...the pgo scale command is also additive, running this command in succession will keep adding replicas to an existing postgres cluster
• #126 - changed --node-name command flag to --node-label for the pgo create cluster command, this flag is a node label which is required to be set on one of your nodes if you intend on using this command flag. This flag will cause the operator to create a node affinity clause in your pod specification which will cause the pod to be scheduled onto a specific node using the node label, if not specified, node affinity is not included in your pod definition.
• #139 - manual failover command pgo failover initial implementation, this command performs a manual failover, documentation was added for this command.
• updated the pgo-bash-completion file for the new commands that were introduced
• #131 - created a cleanup script bin/manual-cleanup.sh that can be used to permanently remove a cluster's resources

This release includes the following updates from the previous release (2.4):

• #108 - a confirmation for deletion commands allowing the user a final check before removing clusters or backups, users can override this with a --no-prompt command flag in the pgo client
• #106 - removed pgo --namespace flag, this is not implemented and could cause errors now that the namespace is determined by the apiserver configuration in this current release
• updated the bash completion file
• #103 , the default PG_LOCALE is now set to en_US.UTF8 in the default configuration files when databases are initialized
• #100 - added a TLS_NO_VERIFY env variable to pgo-apiserver, if set to true will relax the security check on client connections
• added configuration parameter BasicAuth to pgo.yaml, when set to false, will cause pgo-apiserver to not perform any BasicAuth checks, defaults to true when not specified.
• #89 - added Secrets to hold the PostgreSQL passwords that are used when creating new clusters
• #90 - removed Info level messages that showed a password in the container logs
• #92 - added global flag to include metrics collection to all newly created clusters
• #54 - added audit log messages, if a global flag is set, calls to the apiserver will be logged specifically for auditing
• #113 - fix for making all cluster secrets following the same naming convention <>-<>-secret
• updated RHEL Dockerfiles to use RHEL 7.4
• added PORT environment variable for pgo-apiserver allowing users to use a port other than 8443
• added a Windows pgo client to the release files, along with expenv binaries for Mac, Windows, Linux to support quickstart
• changed the postgres-operator service to be of type "NodePort" to better support cloud providers
• #79 - added logic to support custom Postgres configurations
• #87 - you can implement a form of DR using the new storage config mechanism
• #94 - storage configurations were added to support n-number of storage configurations, these can be referenced on the command line when creating clusters and performing backups
• added a Service Account to secure the operator deployment
• added a quickstart script to support deployment to pks and GKE environments
• fixed a bug where the backup status was not getting updated upon completion
• added a check to see if a backup job exists prior to allowing the submission of a new backup job
• revised the operator documentation

This release includes the following changes from the previous release:

• fixed a bug related to running multiple Operators in multiple Namespaces...the Operator would listen for events in all namespaces rather than the namespace it was deployed within, this would cause conflicts between multiple Operators on the same Kube cluster using the same postgres cluster names
• added a data purge feature which depends on a new CRD, pgtasks, which is created at Operator startup, with this feature users can cause a Job to be created to remove all data files for a given cluster when the cluster is deleted, this feature is enabled by a pgo delete cluster command flag "--delete-data"
• the CRD pgpolicylog was removed
• a feature to have policies applied before a data load job is created was added with the "pgo load --policies" flag
• simple JSON file load capability was added to pgo load
• csvload container was renamed pgo-load
• lspvc container was renamed pgo-lspvc
• new pgo-rmdata container was added
• template file pgo.csvload-template.json was renamed to pgo.load-template.json
• combined documentation into operator-docs
• renamed apiserver container to pgo-apiserver
• added a "--metrics" flag to the "pgo create cluster" command to add a crunchy-collect container to a database pod whereby metrics can be collected, depends on the crunchy-metrics example being deployed from the Crunchy Container Suite.
• removed gettext package dependency
• updated bash completion file

This release includes the following changes from the previous release:

• built on top of Kubernetes 1.8.5 dependendies (e.g. client-go, apimachinery, etc.)
• added TLS support for securing the apiserver, the apiserver listens on port 8443 now, sample certs/keys are included

This release includes the following changes from the previous release:

• fixed upgrade bug in the pgo client
• added BasicAuthentication as a requirement for interacting with the apiserver
• added some initial logging of authentication requests
• updated documentations
• added support for non-default image prefix (Issue 63)
• update error messages from pgo client

Note, support for TLS (https) will be added in an upcoming release.

Release 2.1 includes some major features over the 2.0 release including:

• a new REST API - running in the apiserver container on port 8080
• a new pgo client which is now a REST client
• the removal of the .pgo.yaml configuration file to the apiserver configMap, pgo no longer uses a configuration file
• various bug fixes
• updated documentation on how to setup a namespace and specify that in running the Operator

this release fixes a bug in the pgo client that prevented a namespace other than default from being used.

New features include:

• no more TPRs!, the PostgreSQL Operator is now based on CRDs (Custom Resource Definitions), this means the 1.7.0 version forward will not work on older Kubernetes versions that do not support CRDs (e.g. Kube 1.6.X) but does support Kube 1.7 and forward
• clone command is dropped, a future implementation is planned that performs the same feature
• starting with version 2.0, the pgo configuration file uses camel case instead of ALL CAPS
• works with the latest Crunchy Containers 1.6.0 release (PostgreSQL 10.0 and 9.6)
• prior TPR based version is in the 1.5.X branch but will be deprecated in the future

a bug fix release:

• fixed a bug dealing with tainting of nodes, the bug forced you to have all your Kube nodes schedulable

Significant changes in this release include:

• pgo label command - an initial implementation that lets you add user defined labels to clusters
• pgo user command - an initial implementation that lets you add users to clusters and manage passwords
• support for selectors in various commands allowing you to perform changes across a set of clusters
• pgo create cluster adds a --series command flag that lets you create a series of clusters off a base name
• initial support for password aging

This release includes a few new features and bug fixes over the 1.4 release:

• ability to specify a storageclass to be used when creating the master and replica, this allows for dynamic storage provisioning to be utilized in Postgres cluster deployment
• support for node affinity, this allows users to specify a specific Kube node they want the Postgres master to be deployed to, if not specified, normal Kube scheduling will occur
• support for deploying a Postgres replica to a different node than where the Postgres master is deployed to, this feature allows for better Postgres HA support
• converted over to using godep for the golang package management used for building the operator binaries
• upgraded the code to use the k8s client-go version 3.0.0 API, this allows for Kube 1.6/1.7 feature support

Major changes in this release include:

• bug fixes
• storage spec definitions in the configuration to better support different forms of PVC allocation
• policy feature - users can define and apply SQL-based policies against a cluster
• refactor of replica deployments, now each replica is its own Kube Deployment, this supports more advanced configurations in the future