EDB CloudNativePG Cluster 1.28.0 release notes v1.28.0

Promoted the quorum-based failover feature, introduced experimentally in 1.27.0, to a stable API. This data-driven failover mechanism is now configured via the spec.postgresql.synchronous.failoverQuorum field, graduating from the previous alpha.k8s.enterprisedb.io/failoverQuorum annotation.

Introduced comprehensive declarative management for Foreign Data Wrappers (FDW) by extending the Database CRD. This feature adds the .spec.fdws and .spec.servers fields, allowing you to manage FDW extensions and their corresponding foreign servers directly from the Database resource. This work was implemented by Ying Zhu (@EdwinaZhu) as part of the LFX Mentorship Program 2025 Term 2.

allowing you to update the container image (including PostgreSQL version or extensions) and PostgreSQL configuration settings in the same operation. Note that when using primaryUpdateMethod: switchover, image and configuration changes must still be performed separately to avoid configuration mismatches during the switchover process.

This change helps replicas detect and recover from silent network drops more quickly. Previously, replicas could wait up to 127 seconds before detecting such failures; with the new timeout, they reconnect to the primary within 5 seconds. To preserve the previous behavior, set STANDBY_TCP_USER_TIMEOUT to 0 in the operator configuration.

(e.g., app.kubernetes.io/name) for all resources generated by EDB Postgres for Kubernetes (Clusters, Backups, Poolers, etc.). Contributed by @JefeDavis.

This provides granular control over security settings, replacing the previous cluster-wide postgres and operator user settings. Contributed by @x0ddf.

When applied, this annotation instructs the operator to permanently delete the instance by removing its Pod and PVCs, after which it will recreate the replica from the primary.

(Stage-specific options are preRestore, postRestore, dataRestore.) Contributed by @hanshal101.

This ensures that backup tools running in init containers finish preparing the data before the restore begins. The implementation correctly handles Kubernetes init container sidecars by ignoring those with RestartPolicy=Always.

This is useful for air-gapped environments or when using internal registries.

for configuring the timeout for filesystem operations such as calculating cluster size. The default remains 10 seconds but can be adjusted for large clusters where operations may take longer.

The Pooler CRD was extended with clientTLSSecret, clientCASecret,serverTLSSecret, and serverCASecret fields under .spec.pgbouncer. These fields enable users to supply their own certificates for both client-to-pooler and pooler-to-server connections, taking precedence over the operator-generated certificates.

This feature is opt-in and enabled by setting the METRICS_CERT_DIRenvironment variable, which instructs the operator to look for tls.crt andtls.key files in the specified directory. When unset, the server continues to use HTTP for backward compatibility.

All other resources (pods, secrets, config maps, events, webhooks, and OLM data) are now optional and collected on a best-efforts basis. The command gracefully handles permission errors for those resources by logging clear warnings and continuing report generation with available data, rather than failing completely. This enables least-privileged access, where users may have limited, namespace-scoped permissions.

Probes now use a caching mechanism that falls back to cached cluster definitions during brief network interruptions, preventing unnecessary pod restarts and probe failures.

Previously, this check was skipped for plugin-based implementations.

The operator now emits a Warning event and logs errors for all failure types, not just NotFound errors, improving visibility into configuration issues.

This allows customizing the DNS name used for certificate verification in environments where the plugin's certificate uses a different DNS name than the Service name.

The controller now uses SkipNameValidation for subsequent initialization attempts. Contributed by @mateusoliveira43.

Contributed by @Endevir.

The previously generated syntax was only valid for PostgreSQL 15+ and caused syntax errors on older versions.

The collector now correctly fetches previous and current logs in separate requests and gracefully handles missing previous logs (e.g., on containers with no restart history), ensuring current logs are always collected.