Update ghcr.io/cloudnative-pg/cloudnative-pg Docker tag to v1.27.1

v1.27.1

Compare Source

Release date: Oct 23, 2025

Changes

• Delayed the decommissioning of native in-core support for Barman Cloud to at least version 1.29. (#​8670)

• Adopted the new format of postgres-containers and postgis-containers images and image catalog artifacts, and updated the default PostgreSQL version to 18.0-system-trixie (PostgreSQL 18 is now supported). (#​8578, #​8760, #​8558)

• Deprecated the monitoring.enablePodMonitor field in the Cluster and Pooler resources. This field will be removed in a future release. Users who rely on PodMonitor resources should create them manually instead. (#​8753)

Enhancements

• Added support for overriding the PgBouncer auth_type, server_tls_sslmode, and client_tls_sslmode settings, which were previously hardcoded. Default values remain consistent with the former behavior but can now be customized when required. (#​8674)

• Added a CHECKPOINT step before PostgreSQL smart and fast shutdowns to reduce shutdown duration and replica promotion time, especially on systems with a high checkpoint_timeout. (#​8867)

• Added a warning in the instance manager for deprecated or unsupported OS versions, based on the official postgres-containers project. (#​8601)

• Improved certificate parsing error reporting. Failures now log specific errors instead of a generic message, aiding troubleshooting. This is particularly relevant after the CVE-2025-58187 fix in Go 1.25.2 and 1.24.8, which may trigger parsing failures for invalid DNS SANs. (#​8801)

• Added a check to ensure the destination WAL archive path is empty when bootstrapping a cluster using the pg_basebackup method, consistent with other bootstrap methods. (#​8895)

• Added validation to prevent backups from running on hibernated clusters. Backups attempted on such clusters now fail with reason ClusterIsHibernated, following the standard prerequisite check pattern. (#​8870)

• Added support for pprof profiling. Instances can now enable the pprof tool by adding the alpha.cnpg.io/enableInstancePprof annotation to the Cluster resource for advanced debugging. (#​7876)

• cnpg plugin:

  • Updated the Flexible I/O Tester (FIO) image to wallnerryan/fiotools-aio:v2, as provided by Ryan Wallner. (#​8847)

  • Enhanced the cnpg status backup command to provide more detailed status information when using a barman-cloud-based backup plugin. (#​8780, #​8690)

Fixes

• Fixed backup restoration failures when using custom WAL segment sizes with parallel WAL recovery. The operator no longer manages the end-of-WAL file marker during restoration, preventing errors when backups span multiple WAL segments. (#​8873)

• Fixed a bug in major upgrades where a volume snapshot from a previous minor version could be incorrectly used to optimize replica creation. (#​8475)

• Fixed initdb to wait for the application user secret before bootstrapping a new cluster, preventing potential race conditions. (#​8663)

• Fixed quorum-based failover to work correctly in clusters with only two instances using synchronous replication. (#​8680)

• Fixed configuration hash calculation to ignore internal configuration fields, preventing unnecessary reconciliations. (#​8868)

• Fixed the connection retry logic in the cnpgi plugin. The reconciliation loop now detects connection pool changes correctly and uses exponential backoff to reduce "closed pool" errors. (#​8554)

• Fixed volume snapshot usage during replica scaling to work with backup plugins. Previously, this optimization was only available with the in-tree backup implementation, but now clusters using backup plugins can also leverage volume snapshots when creating new replicas. (#​8506)

• Fixed the Pooler templating to correctly inherit settings for the bootstrap controller init container. (#​8394)

• Fixed webhook errors to use the correct API group (postgresql.cnpg.io) in Pooler and backup webhooks, ensuring consistent API error reporting. (#​8485)

• Fixed a potential nil pointer dereference in the hibernation reconciler when handling errors. Contributed by @​PascalBourdier. (#​8756)

• Fixed an issue in the environment cache where callers could inadvertently modify shared data. The LoadEnv function now returns a copy of cached environment slices to prevent mutations from affecting the cache. (#​8880)