|
| 1 | +--- |
| 2 | +title: "CloudNativePG 1.29.0 Released!" |
| 3 | +date: 2026-03-31 |
| 4 | +draft: false |
| 5 | +authors: |
| 6 | + - gbartolini |
| 7 | +image: |
| 8 | + url: 58364dde1adc4a0a8.37186404-2048x1445.jpg |
| 9 | + attribution: from <a href="https://wordpress.org/photos/photo/58364dde1a/">Saurabh</a> |
| 10 | +tags: |
| 11 | + - release |
| 12 | + - postgresql |
| 13 | + - postgres |
| 14 | + - kubernetes |
| 15 | + - k8s |
| 16 | + - cloudnativepg |
| 17 | + - cnpg |
| 18 | + - ImageCatalog |
| 19 | + - Extensions |
| 20 | + - Artifacts |
| 21 | + - maintenance |
| 22 | +summary: CloudNativePG 1.29 is now generally available! This major update revolutionizes PostgreSQL extension management via Image Catalogs and the new artifacts ecosystem. We also announce maintenance releases 1.28.2 and the final 1.27.4. Upgrade today for enhanced security, dynamic networking, and enterprise IAM integration. |
| 23 | +--- |
| 24 | + |
| 25 | +The CloudNativePG Community is excited to announce the immediate availability |
| 26 | +of **CloudNativePG 1.29.0**! |
| 27 | + |
| 28 | +This minor release introduces a paradigm shift in how PostgreSQL extensions |
| 29 | +are managed on Kubernetes and brings powerful new capabilities for enterprise |
| 30 | +identity and network security, further establishing CloudNativePG as the |
| 31 | +standard for cloud-native PostgreSQL. |
| 32 | + |
| 33 | +We are also pleased to announce the release of maintenance versions **1.28.2** |
| 34 | +and **1.27.4**, the latter of which is the final planned release in the 1.27.x |
| 35 | +series. We encourage users on 1.27 to plan their upgrade to 1.28 or 1.29. |
| 36 | + |
| 37 | +With the release of CloudNativePG 1.29.0, the End-of-Life (EOL) date for the |
| 38 | +**CloudNativePG 1.28.x** series is confirmed as **June 30, 2026**. |
| 39 | + |
| 40 | +--- |
| 41 | + |
| 42 | +## Highlights in 1.29.0 |
| 43 | + |
| 44 | +### PostgreSQL Extensions Ecosystem and Image Catalogs |
| 45 | + |
| 46 | +The headline feature of 1.29 is the integration of **Image Catalogs** with a |
| 47 | +new, dedicated ecosystem for PostgreSQL extensions. By leveraging the |
| 48 | +[postgres-extensions-containers](https://github.com/cloudnative-pg/artifacts/tree/main/image-catalogs-extensions) |
| 49 | +project, CloudNativePG now provides a structured, automated way to distribute |
| 50 | +and manage extension-specific images. |
| 51 | + |
| 52 | +This approach ensures that the database engine and its modules are |
| 53 | +version-aligned, secure, and treated as a single cohesive unit. It centralizes |
| 54 | +the image supply chain, effectively removing the need for users to manually |
| 55 | +build and maintain complex custom PostgreSQL images just to add required |
| 56 | +functionality. |
| 57 | + |
| 58 | +### Dynamic Network Access Control via Pod Selectors |
| 59 | + |
| 60 | +We have introduced a major enhancement to PostgreSQL network security. Using |
| 61 | +the new `podSelectorRefs` field, you can now define `pg_hba.conf` rules that |
| 62 | +dynamically resolve the ephemeral IP addresses of client pods based on label |
| 63 | +selectors. This ensures that only authorized workloads in the same namespace |
| 64 | +can connect to the database, eliminating the friction of manual IP management |
| 65 | +or static CIDR ranges. |
| 66 | + |
| 67 | +### Shared ServiceAccount Support |
| 68 | + |
| 69 | +CloudNativePG 1.29 now supports referencing a pre-existing `ServiceAccount` in |
| 70 | +`Cluster` and `Pooler` resources. This enables a much smoother integration with |
| 71 | +cloud provider IAM services. Platform engineers can now manage identity and |
| 72 | +permissions once at the infrastructure level and share them across multiple |
| 73 | +clusters. This work was contributed by Salih Bozkaya ([@bozkayasalihx](https://github.com/bozkayasalihx)). |
| 74 | + |
| 75 | +--- |
| 76 | + |
| 77 | +## Notable Enhancements |
| 78 | + |
| 79 | +- **Supply Chain Security & Artifact Signing:** We have significantly |
| 80 | + strengthened the project's security posture by **signing all release |
| 81 | + artifacts** and container images. This release also includes: |
| 82 | + |
| 83 | + - **SLSA Provenance:** Added Supply-chain Levels for Software Artifacts |
| 84 | + provenance to release binaries and images. |
| 85 | + - **SBOM Generation:** Enabled Software Bill of Materials (SBOM) |
| 86 | + generation within the GoReleaser pipeline for improved dependency transparency. |
| 87 | + - **OpenSSF Integration:** Integrated the OpenSSF baseline scanner and |
| 88 | + added a `SECURITY-INSIGHTS.yaml` file to the repository to align with |
| 89 | + industry-standard security reporting. |
| 90 | + |
| 91 | +- **Advanced TLS for PgBouncer:** Added support for granular configuration of |
| 92 | + TLS cipher suites and minimum/maximum TLS versions for both client-to-pooler |
| 93 | + and pooler-to-server connections. |
| 94 | + Contributed by [@alex1989hu](https://github.com/alex1989hu). |
| 95 | + |
| 96 | +Dive into the full list of changes and fixes in the |
| 97 | +[Release notes for CloudNativePG 1.29](https://cloudnative-pg.io/documentation/1.29/release_notes/v1.29/). |
| 98 | + |
| 99 | +## Maintenance Releases: 1.28.2 & 1.27.4 |
| 100 | + |
| 101 | +In parallel with the 1.29 release, we have also shipped maintenance updates |
| 102 | +for previous stable series: |
| 103 | + |
| 104 | +- **CloudNativePG 1.28.2:** Includes various fixes and improvements backported |
| 105 | + from 1.29, including improved resilience for volume resizes and stability |
| 106 | + fixes for the `cnpg` plugin. |
| 107 | + |
| 108 | +- **CloudNativePG 1.27.4:** The final planned maintenance release for the |
| 109 | + 1.27.x series. We strongly recommend planning an upgrade to 1.28 or 1.29. |
| 110 | + |
| 111 | +We encourage all users to upgrade to the latest stable versions to benefit from |
| 112 | +the latest features, security enhancements, and bug fixes. |
| 113 | + |
| 114 | +Follow the [upgrade instructions](https://cloudnative-pg.io/docs/1.29/installation_upgrade#upgrading-to-1290-or-128x) |
| 115 | +for a smooth transition. |
| 116 | + |
| 117 | +--- |
| 118 | + |
| 119 | +## Get Involved with the Community |
| 120 | + |
| 121 | +[Join us](https://github.com/cloudnative-pg/cloudnative-pg?tab=readme-ov-file#communications) |
| 122 | +to help shape the future of cloud-native Postgres! |
| 123 | + |
| 124 | +If you're using CloudNativePG in production, consider |
| 125 | +[adding your organization as an adopter](https://github.com/cloudnative-pg/cloudnative-pg/blob/main/ADOPTERS.md) |
| 126 | +to support the project's growth and evolution. |
| 127 | + |
| 128 | +Thank you for your continued support! Upgrade today and discover how |
| 129 | +CloudNativePG can elevate your PostgreSQL experience to new heights. |
| 130 | + |
| 131 | +<!-- |
| 132 | +## About CloudNativePG |
| 133 | +
|
| 134 | +[CloudNativePG](https://cloudnative-pg.io) is an open-source Kubernetes |
| 135 | +Operator specifically designed for PostgreSQL workloads. It manages the entire |
| 136 | +lifecycle of a PostgreSQL cluster, including bootstrapping, configuration, high |
| 137 | +availability, connection routing, and comprehensive backup and disaster |
| 138 | +recovery mechanisms. By leveraging PostgreSQL's native streaming replication, |
| 139 | +CloudNativePG efficiently distributes data across pods, nodes, and zones using |
| 140 | +standard Kubernetes patterns, enabling seamless scaling of replicas in a |
| 141 | +Kubernetes-native manner. Originally developed and supported by |
| 142 | +[EDB](https://www.enterprisedb.com/), CloudNativePG is a CNCF Sandbox project |
| 143 | +and the sole PostgreSQL operator in this category. |
| 144 | +--> |
0 commit comments