chore(deps): update helm release cloudnative-pg to v0.28.2 by renovate[bot] · Pull Request #415 · goingdark-social/IaC

renovate · 2026-05-11T17:53:10Z

This PR contains the following updates:

Package	Type	Update	Change
cloudnative-pg (source)	HelmChart	patch	`0.28.0` → `0.28.2`

Release Notes

cloudnative-pg/charts (cloudnative-pg)

`v0.28.2`

Compare Source

CloudNativePG Operator Helm Chart

What's Changed

fix(cloudnative-pg): drop stray trailing quote in pg_replication query by @mnencia in #870
Release cloudnative-pg-v0.28.2 by @cnpg-bot in #871

Full Changelog: cloudnative-pg/charts@cloudnative-pg-v0.28.1...cloudnative-pg-v0.28.2

`v0.28.1`

Compare Source

CloudNativePG Operator Helm Chart

What's Changed

docs: add plugin-barman-cloud by @leonardoce in #853
feat(plugin-barman-cloud): add possibility to unset runAsUser and runAsGroup by @Pidu2 in #742
Release cloudnative-pg-v0.28.1 by @cnpg-bot in #864

New Contributors

@Pidu2 made their first contribution in #742

Full Changelog: cloudnative-pg/charts@plugin-barman-cloud-v0.6.0...cloudnative-pg-v0.28.1

Configuration

📅 Schedule: (UTC)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

goingdark-sync · 2026-05-12T16:37:33Z

Kubechecks Report

ArgoCD Application Checks: `infra-database` ❗

running pre-upgrade check Error ❗

⚠️ Error while running pre-upgrade check ⚠️

Invalid Semantic Version

Check kubechecks application logs for more information.

Show kubeconform report: Failed 🔴

Validated against Kubernetes Version: v1.33.10.0

🔴 Error: v1 Namespace cnpg-system - could not find schema for Namespace
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition backups.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition clusterimagecatalogs.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition clusters.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition databases.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition failoverquorums.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition imagecatalogs.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition objectstores.barmancloud.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition poolers.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition publications.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition scheduledbackups.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition subscriptions.postgresql.cnpg.io
🔴 Error: v1 ServiceAccount cloudnative-pg - could not find schema for ServiceAccount
🔴 Error: v1 ServiceAccount plugin-barman-cloud - could not find schema for ServiceAccount
🔴 Error: rbac.authorization.k8s.io/v1 Role leader-election-role - could not find schema for Role
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole cloudnative-pg - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole cloudnative-pg-edit - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole cloudnative-pg-view - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole metrics-auth-role - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole metrics-reader - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole objectstore-editor-role - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole objectstore-viewer-role - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole plugin-barman-cloud - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 RoleBinding leader-election-rolebinding - could not find schema for RoleBinding
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRoleBinding cloudnative-pg - could not find schema for ClusterRoleBinding
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRoleBinding metrics-auth-rolebinding - could not find schema for ClusterRoleBinding
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRoleBinding plugin-barman-cloud-binding - could not find schema for ClusterRoleBinding
🔴 Error: v1 ConfigMap cnpg-controller-manager-config - could not find schema for ConfigMap
🔴 Error: v1 ConfigMap cnpg-default-monitoring - could not find schema for ConfigMap
🔴 Error: v1 ConfigMap cnpg-grafana-dashboard - could not find schema for ConfigMap
🔴 Error: v1 Secret plugin-barman-cloud-gt85cmh99d - could not find schema for Secret
🔴 Error: v1 Service barman-cloud - could not find schema for Service
🔴 Error: v1 Service cnpg-webhook-service - could not find schema for Service
🔴 Error: apps/v1 Deployment barman-cloud - could not find schema for Deployment
🔴 Error: apps/v1 Deployment cloudnative-pg - could not find schema for Deployment
✅ Passed: argoproj.io/v1alpha1 AppProject database
✅ Passed: cert-manager.io/v1 Certificate barman-cloud-client
✅ Passed: cert-manager.io/v1 Certificate barman-cloud-server
✅ Passed: cert-manager.io/v1 Issuer selfsigned-issuer
✅ Passed: monitoring.coreos.com/v1 PodMonitor cloudnative-pg
✅ Passed: monitoring.coreos.com/v1 PrometheusRule cnpg-default-alerts
🔴 Error: admissionregistration.k8s.io/v1 MutatingWebhookConfiguration cnpg-mutating-webhook-configuration - could not find schema for MutatingWebhookConfiguration
🔴 Error: admissionregistration.k8s.io/v1 ValidatingWebhookConfiguration cnpg-validating-webhook-configuration - could not find schema for ValidatingWebhookConfiguration

0 added, 14 modified, 0 removed

===== /ConfigMap cnpg-system/cnpg-controller-manager-config ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cnpg-controller-manager-config
   namespace: cnpg-system
===== /ConfigMap cnpg-system/cnpg-default-monitoring ======
@@ -22,9 +22,9 @@
             , usename
             , COALESCE(application_name, '') AS application_name
-            , COUNT(*)
-            , COALESCE(EXTRACT (EPOCH FROM (max(now() - xact_start))), 0) AS max_tx_secs
+            , pg_catalog.count(*)
+            , COALESCE(EXTRACT (EPOCH FROM (pg_catalog.max(pg_catalog.now() OPERATOR(pg_catalog.-) xact_start))), 0) AS max_tx_secs
           FROM pg_catalog.pg_stat_activity
           GROUP BY datname, state, usename, application_name
-        ) sa ON states.state = sa.state
+        ) sa ON states.state OPERATOR(pg_catalog.=) sa.state
         WHERE sa.usename IS NOT NULL
       metrics:
@@ -50,8 +50,8 @@
     backends_waiting:
       query: |
-        SELECT count(*) AS total
+        SELECT pg_catalog.count(*) AS total
         FROM pg_catalog.pg_locks blocked_locks
         JOIN pg_catalog.pg_locks blocking_locks
-          ON blocking_locks.locktype = blocked_locks.locktype
+          ON blocking_locks.locktype OPERATOR(pg_catalog.=) blocked_locks.locktype
           AND blocking_locks.database IS NOT DISTINCT FROM blocked_locks.database
           AND blocking_locks.relation IS NOT DISTINCT FROM blocked_locks.relation
@@ -63,6 +63,6 @@
           AND blocking_locks.objid IS NOT DISTINCT FROM blocked_locks.objid
           AND blocking_locks.objsubid IS NOT DISTINCT FROM blocked_locks.objsubid
-          AND blocking_locks.pid != blocked_locks.pid
-        JOIN pg_catalog.pg_stat_activity blocking_activity ON blocking_activity.pid = blocking_locks.pid
+          AND blocking_locks.pid OPERATOR(pg_catalog.<>) blocked_locks.pid
+        JOIN pg_catalog.pg_stat_activity blocking_activity ON blocking_activity.pid OPERATOR(pg_catalog.=) blocking_locks.pid
         WHERE NOT blocked_locks.granted
       metrics:
@@ -106,12 +106,12 @@
         SELECT CASE WHEN (
             NOT pg_catalog.pg_is_in_recovery()
-            OR pg_catalog.pg_last_wal_receive_lsn() = pg_catalog.pg_last_wal_replay_lsn())
+            OR pg_catalog.pg_last_wal_receive_lsn() OPERATOR(pg_catalog.=) pg_catalog.pg_last_wal_replay_lsn())
           THEN 0
           ELSE GREATEST (0,
-            EXTRACT(EPOCH FROM (now() - pg_catalog.pg_last_xact_replay_timestamp())))
+            EXTRACT(EPOCH FROM (pg_catalog.now() OPERATOR(pg_catalog.-) pg_catalog.pg_last_xact_replay_timestamp())))
           END AS lag,
           pg_catalog.pg_is_in_recovery() AS in_recovery,
-          EXISTS (TABLE pg_stat_wal_receiver) AS is_wal_receiver_up,
-          (SELECT count(*) FROM pg_catalog.pg_stat_replication) AS streaming_replicas
+          EXISTS (TABLE pg_catalog.pg_stat_wal_receiver) AS is_wal_receiver_up,
+          (SELECT pg_catalog.count(*) FROM pg_catalog.pg_stat_replication) AS streaming_replicas
       metrics:
         - lag:
@@ -161,15 +161,15 @@
         SELECT archived_count
           , failed_count
-          , COALESCE(EXTRACT(EPOCH FROM (now() - last_archived_time)), -1) AS seconds_since_last_archival
-          , COALESCE(EXTRACT(EPOCH FROM (now() - last_failed_time)), -1) AS seconds_since_last_failure
+          , COALESCE(EXTRACT(EPOCH FROM (pg_catalog.now() OPERATOR(pg_catalog.-) last_archived_time)), -1) AS seconds_since_last_archival
+          , COALESCE(EXTRACT(EPOCH FROM (pg_catalog.now() OPERATOR(pg_catalog.-) last_failed_time)), -1) AS seconds_since_last_failure
           , COALESCE(EXTRACT(EPOCH FROM last_archived_time), -1) AS last_archived_time
           , COALESCE(EXTRACT(EPOCH FROM last_failed_time), -1) AS last_failed_time
-          , COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_archived_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_archived_wal_start_lsn
-          , COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_failed_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_failed_wal_start_lsn
+          , COALESCE(CAST(CAST('x' OPERATOR(pg_catalog.||) pg_catalog.right(pg_catalog.split_part(last_archived_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_archived_wal_start_lsn
+          , COALESCE(CAST(CAST('x' OPERATOR(pg_catalog.||) pg_catalog.right(pg_catalog.split_part(last_failed_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_failed_wal_start_lsn
           , EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time
         FROM pg_catalog.pg_stat_archiver
       predicate_query: |
         SELECT NOT pg_catalog.pg_is_in_recovery()
-          OR pg_catalog.current_setting('archive_mode') = 'always'
+          OR pg_catalog.current_setting('archive_mode') OPERATOR(pg_catalog.=) 'always'
       metrics:
         - archived_count:
@@ -457,10 +457,10 @@
       query: |
         SELECT
-          current_database() as datname,
+          pg_catalog.current_database() as datname,
           name as extname,
           default_version,
           installed_version,
           CASE
-            WHEN default_version = installed_version THEN 0
+            WHEN default_version OPERATOR(pg_catalog.=) installed_version THEN 0
             ELSE 1
         END AS update_available
@@ -491,8 +491,8 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
     cnpg.io/reload: ""
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cnpg-default-monitoring
   namespace: cnpg-system
===== /Service cnpg-system/cnpg-webhook-service ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cnpg-webhook-service
   namespace: cnpg-system
===== /ServiceAccount cnpg-system/cloudnative-pg ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg
   namespace: cnpg-system
===== admissionregistration.k8s.io/MutatingWebhookConfiguration /cnpg-mutating-webhook-configuration ======
@@ -7,7 +7,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cnpg-mutating-webhook-configuration
   resourceVersion: "153164240"
===== admissionregistration.k8s.io/ValidatingWebhookConfiguration /cnpg-validating-webhook-configuration ======
@@ -7,7 +7,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cnpg-validating-webhook-configuration
   resourceVersion: "153164245"
===== apiextensions.k8s.io/CustomResourceDefinition /clusters.postgresql.cnpg.io ======
@@ -5718,5 +5718,4 @@
                       The default value is Default which uses the container runtime defaults for
                       readonly paths and masked paths.
-                      This requires the ProcMountType feature flag to be enabled.
                       Note that this field cannot be set when spec.os.name is windows.
                     type: string
===== apiextensions.k8s.io/CustomResourceDefinition /poolers.postgresql.cnpg.io ======
@@ -2885,5 +2885,4 @@
                                     The default value is Default which uses the container runtime defaults for
                                     readonly paths and masked paths.
-                                    This requires the ProcMountType feature flag to be enabled.
                                     Note that this field cannot be set when spec.os.name is windows.
                                   type: string
@@ -4456,5 +4455,4 @@
                                     The default value is Default which uses the container runtime defaults for
                                     readonly paths and masked paths.
-                                    This requires the ProcMountType feature flag to be enabled.
                                     Note that this field cannot be set when spec.os.name is windows.
                                   type: string
@@ -4940,5 +4938,4 @@
                           mitigating container breakout vulnerabilities even allowing users to run their
                           containers as root without actually having root privileges on the host.
-                          This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
                         type: boolean
                       hostname:
@@ -6110,5 +6107,4 @@
                                     The default value is Default which uses the container runtime defaults for
                                     readonly paths and masked paths.
-                                    This requires the ProcMountType feature flag to be enabled.
                                     Note that this field cannot be set when spec.os.name is windows.
                                   type: string
@@ -6679,4 +6675,12 @@
                             It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
                             Containers that need access to the ResourceClaim reference it with this name.
+
+                            When the DRAWorkloadResourceClaims feature gate is enabled and this Pod
+                            belongs to a PodGroup, a PodResourceClaim is matched to a
+                            PodGroupResourceClaim if all of their fields are equal (Name,
+                            ResourceClaimName, and ResourceClaimTemplateName). A matched claim references
+                            a single ResourceClaim shared across all Pods in the PodGroup, reserved for
+                            the PodGroup in ResourceClaimStatus.ReservedFor rather than for individual
+                            Pods.
                           properties:
                             name:
@@ -6703,4 +6707,14 @@
                                 generated component, will be used to form a unique name for the
                                 ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
+
+                                When the DRAWorkloadResourceClaims feature gate is enabled and the pod
+                                belongs to a PodGroup that defines a PodGroupResourceClaim with the same
+                                Name and ResourceClaimTemplateName, this PodResourceClaim resolves to the
+                                ResourceClaim generated for the PodGroup. All pods in the group that
+                                define an equivalent PodResourceClaim matching the
+                                PodGroupResourceClaim's Name and ResourceClaimTemplateName share the same
+                                generated ResourceClaim. ResourceClaims generated for a PodGroup are
+                                owned by the PodGroup and their lifecycles are tied to the PodGroup
+                                instead of any individual pod.
 
                                 This field is immutable and no changes will be made to the
@@ -6829,4 +6843,26 @@
                         - name
                         x-kubernetes-list-type: map
+                      schedulingGroup:
+                        description: |-
+                          SchedulingGroup provides a reference to the immediate scheduling runtime
+                          grouping object that this Pod belongs to.
+                          This field is used by the scheduler to identify the group and apply the
+                          correct group scheduling policies. The association with a group also
+                          impacts other lifecycle aspects of a Pod that are relevant in a wider context
+                          of scheduling like preemption, resource attachment, etc. If not specified,
+                          the Pod is treated as a single unit in all of these aspects.
+                          The group object referenced by this field may not exist at the time the
+                          Pod is created.
+                          This field is immutable, but a group object with the same name may be
+                          recreated with different policies. Doing this during pod scheduling
+                          may result in the placement not conforming to the expected policies.
+                        properties:
+                          podGroupName:
+                            description: |-
+                              PodGroupName specifies the name of the standalone PodGroup object
+                              that represents the runtime instance of this group.
+                              Must be a DNS subdomain.
+                            type: string
+                        type: object
                       securityContext:
                         description: |-
@@ -8257,5 +8293,5 @@
                                 The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
                                 The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
-                                The volume will be mounted read-only (ro) and non-executable files (noexec).
+                                The volume will be mounted read-only (ro).
                                 Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33.
                                 The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
@@ -8429,6 +8465,5 @@
                                 portworxVolume represents a portworx volume attached and mounted on kubelets host machine.
                                 Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type
-                                are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate
-                                is on.
+                                are redirected to the pxd.portworx.com CSI driver.
                               properties:
                                 fsType:
@@ -9253,40 +9288,4 @@
                         - name
                         x-kubernetes-list-type: map
-                      workloadRef:
-                        description: |-
-                          WorkloadRef provides a reference to the Workload object that this Pod belongs to.
-                          This field is used by the scheduler to identify the PodGroup and apply the
-                          correct group scheduling policies. The Workload object referenced
-                          by this field may not exist at the time the Pod is created.
-                          This field is immutable, but a Workload object with the same name
-                          may be recreated with different policies. Doing this during pod scheduling
-                          may result in the placement not conforming to the expected policies.
-                        properties:
-                          name:
-                            description: |-
-                              Name defines the name of the Workload object this Pod belongs to.
-                              Workload must be in the same namespace as the Pod.
-                              If it doesn't match any existing Workload, the Pod will remain unschedulable
-                              until a Workload object is created and observed by the kube-scheduler.
-                              It must be a DNS subdomain.
-                            type: string
-                          podGroup:
-                            description: |-
-                              PodGroup is the name of the PodGroup within the Workload that this Pod
-                              belongs to. If it doesn't match any existing PodGroup within the Workload,
-                              the Pod will remain unschedulable until the Workload object is recreated
-                              and observed by the kube-scheduler. It must be a DNS label.
-                            type: string
-                          podGroupReplicaKey:
-                            description: |-
-                              PodGroupReplicaKey specifies the replica key of the PodGroup to which this
-                              Pod belongs. It is used to distinguish pods belonging to different replicas
-                              of the same pod group. The pod group policy is applied separately to each replica.
-                              When set, it must be a DNS label.
-                            type: string
-                        required:
-                        - name
-                        - podGroup
-                        type: object
                     required:
                     - containers
===== apps/Deployment cnpg-system/cloudnative-pg ======
@@ -9,7 +9,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg
   namespace: cnpg-system
@@ -32,7 +32,7 @@
     metadata:
       annotations:
-        checksum/config: 5947c43b65b3290b2f73f34f8694cdab726747b821c3596a0784b1af5ca93e2b
-        checksum/monitoring-config: 29cbd0bcc3d5838f54c59937443fd77c48bcd77e4d1caddad833155161449685
-        checksum/rbac: 6ddf1345f953cc7cb5175c0ba5f6f314dd66495c6cc44edf885801001112297e
+        checksum/config: 904d2cf17720ad88a7d135fcc1d6616b8855560c1a8885f99632af04802cdf30
+        checksum/monitoring-config: 0c2d351dbf2fa8785c473d4ce19286c8f8a3346766e1abcee226c166f06c4975
+        checksum/rbac: a84d0dea594271c343f106f458f5fc63c18244de31a6f4c8851a75e415adfb70
         kubectl.kubernetes.io/restartedAt: "2025-11-05T13:40:38+01:00"
       labels:
@@ -51,5 +51,5 @@
         env:
         - name: OPERATOR_IMAGE_NAME
-          value: ghcr.io/cloudnative-pg/cloudnative-pg:1.29.0
+          value: ghcr.io/cloudnative-pg/cloudnative-pg:1.29.1
         - name: OPERATOR_NAMESPACE
           valueFrom:
@@ -63,5 +63,5 @@
         - name: NO_PROXY
           value: localhost,127.0.0.1,10.0.96.1,.svc,.svc.cluster.local,cluster.local
-        image: ghcr.io/cloudnative-pg/cloudnative-pg:1.29.0
+        image: ghcr.io/cloudnative-pg/cloudnative-pg:1.29.1
         imagePullPolicy: IfNotPresent
         livenessProbe:
===== monitoring.coreos.com/PodMonitor cnpg-system/cloudnative-pg ======
@@ -7,7 +7,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg
   namespace: cnpg-system
===== rbac.authorization.k8s.io/ClusterRole /cloudnative-pg ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg
   resourceVersion: "153164227"
===== rbac.authorization.k8s.io/ClusterRole /cloudnative-pg-edit ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg-edit
   resourceVersion: "153164225"
===== rbac.authorization.k8s.io/ClusterRole /cloudnative-pg-view ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg-view
   resourceVersion: "153164226"
===== rbac.authorization.k8s.io/ClusterRoleBinding /cloudnative-pg ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg
   resourceVersion: "153164230"

Done. CommitSHA: 27a082a

goingdark-sync · 2026-05-12T16:37:33Z

Kubechecks Report

ArgoCD Application Checks: `infra-database` ❗

running pre-upgrade check Error ❗

⚠️ Error while running pre-upgrade check ⚠️

Invalid Semantic Version

Check kubechecks application logs for more information.

Show kubeconform report: Failed 🔴

Validated against Kubernetes Version: v1.33.10.0

🔴 Error: v1 Namespace cnpg-system - could not find schema for Namespace
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition backups.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition clusterimagecatalogs.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition clusters.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition databases.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition failoverquorums.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition imagecatalogs.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition objectstores.barmancloud.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition poolers.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition publications.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition scheduledbackups.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition subscriptions.postgresql.cnpg.io
🔴 Error: v1 ServiceAccount cloudnative-pg - could not find schema for ServiceAccount
🔴 Error: v1 ServiceAccount plugin-barman-cloud - could not find schema for ServiceAccount
🔴 Error: rbac.authorization.k8s.io/v1 Role leader-election-role - could not find schema for Role
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole cloudnative-pg - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole cloudnative-pg-edit - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole cloudnative-pg-view - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole metrics-auth-role - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole metrics-reader - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole objectstore-editor-role - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole objectstore-viewer-role - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole plugin-barman-cloud - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 RoleBinding leader-election-rolebinding - could not find schema for RoleBinding
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRoleBinding cloudnative-pg - could not find schema for ClusterRoleBinding
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRoleBinding metrics-auth-rolebinding - could not find schema for ClusterRoleBinding
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRoleBinding plugin-barman-cloud-binding - could not find schema for ClusterRoleBinding
🔴 Error: v1 ConfigMap cnpg-controller-manager-config - could not find schema for ConfigMap
🔴 Error: v1 ConfigMap cnpg-default-monitoring - could not find schema for ConfigMap
🔴 Error: v1 ConfigMap cnpg-grafana-dashboard - could not find schema for ConfigMap
🔴 Error: v1 Secret plugin-barman-cloud-gt85cmh99d - could not find schema for Secret
🔴 Error: v1 Service barman-cloud - could not find schema for Service
🔴 Error: v1 Service cnpg-webhook-service - could not find schema for Service
🔴 Error: apps/v1 Deployment barman-cloud - could not find schema for Deployment
🔴 Error: apps/v1 Deployment cloudnative-pg - could not find schema for Deployment
✅ Passed: argoproj.io/v1alpha1 AppProject database
✅ Passed: cert-manager.io/v1 Certificate barman-cloud-client
✅ Passed: cert-manager.io/v1 Certificate barman-cloud-server
✅ Passed: cert-manager.io/v1 Issuer selfsigned-issuer
✅ Passed: monitoring.coreos.com/v1 PodMonitor cloudnative-pg
✅ Passed: monitoring.coreos.com/v1 PrometheusRule cnpg-default-alerts
🔴 Error: admissionregistration.k8s.io/v1 MutatingWebhookConfiguration cnpg-mutating-webhook-configuration - could not find schema for MutatingWebhookConfiguration
🔴 Error: admissionregistration.k8s.io/v1 ValidatingWebhookConfiguration cnpg-validating-webhook-configuration - could not find schema for ValidatingWebhookConfiguration

0 added, 14 modified, 0 removed

===== /ConfigMap cnpg-system/cnpg-controller-manager-config ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cnpg-controller-manager-config
   namespace: cnpg-system
===== /ConfigMap cnpg-system/cnpg-default-monitoring ======
@@ -22,9 +22,9 @@
             , usename
             , COALESCE(application_name, '') AS application_name
-            , COUNT(*)
-            , COALESCE(EXTRACT (EPOCH FROM (max(now() - xact_start))), 0) AS max_tx_secs
+            , pg_catalog.count(*)
+            , COALESCE(EXTRACT (EPOCH FROM (pg_catalog.max(pg_catalog.now() OPERATOR(pg_catalog.-) xact_start))), 0) AS max_tx_secs
           FROM pg_catalog.pg_stat_activity
           GROUP BY datname, state, usename, application_name
-        ) sa ON states.state = sa.state
+        ) sa ON states.state OPERATOR(pg_catalog.=) sa.state
         WHERE sa.usename IS NOT NULL
       metrics:
@@ -50,8 +50,8 @@
     backends_waiting:
       query: |
-        SELECT count(*) AS total
+        SELECT pg_catalog.count(*) AS total
         FROM pg_catalog.pg_locks blocked_locks
         JOIN pg_catalog.pg_locks blocking_locks
-          ON blocking_locks.locktype = blocked_locks.locktype
+          ON blocking_locks.locktype OPERATOR(pg_catalog.=) blocked_locks.locktype
           AND blocking_locks.database IS NOT DISTINCT FROM blocked_locks.database
           AND blocking_locks.relation IS NOT DISTINCT FROM blocked_locks.relation
@@ -63,6 +63,6 @@
           AND blocking_locks.objid IS NOT DISTINCT FROM blocked_locks.objid
           AND blocking_locks.objsubid IS NOT DISTINCT FROM blocked_locks.objsubid
-          AND blocking_locks.pid != blocked_locks.pid
-        JOIN pg_catalog.pg_stat_activity blocking_activity ON blocking_activity.pid = blocking_locks.pid
+          AND blocking_locks.pid OPERATOR(pg_catalog.<>) blocked_locks.pid
+        JOIN pg_catalog.pg_stat_activity blocking_activity ON blocking_activity.pid OPERATOR(pg_catalog.=) blocking_locks.pid
         WHERE NOT blocked_locks.granted
       metrics:
@@ -106,12 +106,12 @@
         SELECT CASE WHEN (
             NOT pg_catalog.pg_is_in_recovery()
-            OR pg_catalog.pg_last_wal_receive_lsn() = pg_catalog.pg_last_wal_replay_lsn())
+            OR pg_catalog.pg_last_wal_receive_lsn() OPERATOR(pg_catalog.=) pg_catalog.pg_last_wal_replay_lsn())
           THEN 0
           ELSE GREATEST (0,
-            EXTRACT(EPOCH FROM (now() - pg_catalog.pg_last_xact_replay_timestamp())))
+            EXTRACT(EPOCH FROM (pg_catalog.now() OPERATOR(pg_catalog.-) pg_catalog.pg_last_xact_replay_timestamp())))
           END AS lag,
           pg_catalog.pg_is_in_recovery() AS in_recovery,
-          EXISTS (TABLE pg_stat_wal_receiver) AS is_wal_receiver_up,
-          (SELECT count(*) FROM pg_catalog.pg_stat_replication) AS streaming_replicas
+          EXISTS (TABLE pg_catalog.pg_stat_wal_receiver) AS is_wal_receiver_up,
+          (SELECT pg_catalog.count(*) FROM pg_catalog.pg_stat_replication) AS streaming_replicas
       metrics:
         - lag:
@@ -161,15 +161,15 @@
         SELECT archived_count
           , failed_count
-          , COALESCE(EXTRACT(EPOCH FROM (now() - last_archived_time)), -1) AS seconds_since_last_archival
-          , COALESCE(EXTRACT(EPOCH FROM (now() - last_failed_time)), -1) AS seconds_since_last_failure
+          , COALESCE(EXTRACT(EPOCH FROM (pg_catalog.now() OPERATOR(pg_catalog.-) last_archived_time)), -1) AS seconds_since_last_archival
+          , COALESCE(EXTRACT(EPOCH FROM (pg_catalog.now() OPERATOR(pg_catalog.-) last_failed_time)), -1) AS seconds_since_last_failure
           , COALESCE(EXTRACT(EPOCH FROM last_archived_time), -1) AS last_archived_time
           , COALESCE(EXTRACT(EPOCH FROM last_failed_time), -1) AS last_failed_time
-          , COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_archived_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_archived_wal_start_lsn
-          , COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_failed_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_failed_wal_start_lsn
+          , COALESCE(CAST(CAST('x' OPERATOR(pg_catalog.||) pg_catalog.right(pg_catalog.split_part(last_archived_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_archived_wal_start_lsn
+          , COALESCE(CAST(CAST('x' OPERATOR(pg_catalog.||) pg_catalog.right(pg_catalog.split_part(last_failed_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_failed_wal_start_lsn
           , EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time
         FROM pg_catalog.pg_stat_archiver
       predicate_query: |
         SELECT NOT pg_catalog.pg_is_in_recovery()
-          OR pg_catalog.current_setting('archive_mode') = 'always'
+          OR pg_catalog.current_setting('archive_mode') OPERATOR(pg_catalog.=) 'always'
       metrics:
         - archived_count:
@@ -457,10 +457,10 @@
       query: |
         SELECT
-          current_database() as datname,
+          pg_catalog.current_database() as datname,
           name as extname,
           default_version,
           installed_version,
           CASE
-            WHEN default_version = installed_version THEN 0
+            WHEN default_version OPERATOR(pg_catalog.=) installed_version THEN 0
             ELSE 1
         END AS update_available
@@ -491,8 +491,8 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
     cnpg.io/reload: ""
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cnpg-default-monitoring
   namespace: cnpg-system
===== /Service cnpg-system/cnpg-webhook-service ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cnpg-webhook-service
   namespace: cnpg-system
===== /ServiceAccount cnpg-system/cloudnative-pg ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg
   namespace: cnpg-system
===== admissionregistration.k8s.io/MutatingWebhookConfiguration /cnpg-mutating-webhook-configuration ======
@@ -7,7 +7,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cnpg-mutating-webhook-configuration
   resourceVersion: "153164240"
===== admissionregistration.k8s.io/ValidatingWebhookConfiguration /cnpg-validating-webhook-configuration ======
@@ -7,7 +7,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cnpg-validating-webhook-configuration
   resourceVersion: "153164245"
===== apiextensions.k8s.io/CustomResourceDefinition /clusters.postgresql.cnpg.io ======
@@ -5718,5 +5718,4 @@
                       The default value is Default which uses the container runtime defaults for
                       readonly paths and masked paths.
-                      This requires the ProcMountType feature flag to be enabled.
                       Note that this field cannot be set when spec.os.name is windows.
                     type: string
===== apiextensions.k8s.io/CustomResourceDefinition /poolers.postgresql.cnpg.io ======
@@ -2885,5 +2885,4 @@
                                     The default value is Default which uses the container runtime defaults for
                                     readonly paths and masked paths.
-                                    This requires the ProcMountType feature flag to be enabled.
                                     Note that this field cannot be set when spec.os.name is windows.
                                   type: string
@@ -4456,5 +4455,4 @@
                                     The default value is Default which uses the container runtime defaults for
                                     readonly paths and masked paths.
-                                    This requires the ProcMountType feature flag to be enabled.
                                     Note that this field cannot be set when spec.os.name is windows.
                                   type: string
@@ -4940,5 +4938,4 @@
                           mitigating container breakout vulnerabilities even allowing users to run their
                           containers as root without actually having root privileges on the host.
-                          This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
                         type: boolean
                       hostname:
@@ -6110,5 +6107,4 @@
                                     The default value is Default which uses the container runtime defaults for
                                     readonly paths and masked paths.
-                                    This requires the ProcMountType feature flag to be enabled.
                                     Note that this field cannot be set when spec.os.name is windows.
                                   type: string
@@ -6679,4 +6675,12 @@
                             It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
                             Containers that need access to the ResourceClaim reference it with this name.
+
+                            When the DRAWorkloadResourceClaims feature gate is enabled and this Pod
+                            belongs to a PodGroup, a PodResourceClaim is matched to a
+                            PodGroupResourceClaim if all of their fields are equal (Name,
+                            ResourceClaimName, and ResourceClaimTemplateName). A matched claim references
+                            a single ResourceClaim shared across all Pods in the PodGroup, reserved for
+                            the PodGroup in ResourceClaimStatus.ReservedFor rather than for individual
+                            Pods.
                           properties:
                             name:
@@ -6703,4 +6707,14 @@
                                 generated component, will be used to form a unique name for the
                                 ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
+
+                                When the DRAWorkloadResourceClaims feature gate is enabled and the pod
+                                belongs to a PodGroup that defines a PodGroupResourceClaim with the same
+                                Name and ResourceClaimTemplateName, this PodResourceClaim resolves to the
+                                ResourceClaim generated for the PodGroup. All pods in the group that
+                                define an equivalent PodResourceClaim matching the
+                                PodGroupResourceClaim's Name and ResourceClaimTemplateName share the same
+                                generated ResourceClaim. ResourceClaims generated for a PodGroup are
+                                owned by the PodGroup and their lifecycles are tied to the PodGroup
+                                instead of any individual pod.
 
                                 This field is immutable and no changes will be made to the
@@ -6829,4 +6843,26 @@
                         - name
                         x-kubernetes-list-type: map
+                      schedulingGroup:
+                        description: |-
+                          SchedulingGroup provides a reference to the immediate scheduling runtime
+                          grouping object that this Pod belongs to.
+                          This field is used by the scheduler to identify the group and apply the
+                          correct group scheduling policies. The association with a group also
+                          impacts other lifecycle aspects of a Pod that are relevant in a wider context
+                          of scheduling like preemption, resource attachment, etc. If not specified,
+                          the Pod is treated as a single unit in all of these aspects.
+                          The group object referenced by this field may not exist at the time the
+                          Pod is created.
+                          This field is immutable, but a group object with the same name may be
+                          recreated with different policies. Doing this during pod scheduling
+                          may result in the placement not conforming to the expected policies.
+                        properties:
+                          podGroupName:
+                            description: |-
+                              PodGroupName specifies the name of the standalone PodGroup object
+                              that represents the runtime instance of this group.
+                              Must be a DNS subdomain.
+                            type: string
+                        type: object
                       securityContext:
                         description: |-
@@ -8257,5 +8293,5 @@
                                 The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
                                 The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
-                                The volume will be mounted read-only (ro) and non-executable files (noexec).
+                                The volume will be mounted read-only (ro).
                                 Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33.
                                 The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
@@ -8429,6 +8465,5 @@
                                 portworxVolume represents a portworx volume attached and mounted on kubelets host machine.
                                 Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type
-                                are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate
-                                is on.
+                                are redirected to the pxd.portworx.com CSI driver.
                               properties:
                                 fsType:
@@ -9253,40 +9288,4 @@
                         - name
                         x-kubernetes-list-type: map
-                      workloadRef:
-                        description: |-
-                          WorkloadRef provides a reference to the Workload object that this Pod belongs to.
-                          This field is used by the scheduler to identify the PodGroup and apply the
-                          correct group scheduling policies. The Workload object referenced
-                          by this field may not exist at the time the Pod is created.
-                          This field is immutable, but a Workload object with the same name
-                          may be recreated with different policies. Doing this during pod scheduling
-                          may result in the placement not conforming to the expected policies.
-                        properties:
-                          name:
-                            description: |-
-                              Name defines the name of the Workload object this Pod belongs to.
-                              Workload must be in the same namespace as the Pod.
-                              If it doesn't match any existing Workload, the Pod will remain unschedulable
-                              until a Workload object is created and observed by the kube-scheduler.
-                              It must be a DNS subdomain.
-                            type: string
-                          podGroup:
-                            description: |-
-                              PodGroup is the name of the PodGroup within the Workload that this Pod
-                              belongs to. If it doesn't match any existing PodGroup within the Workload,
-                              the Pod will remain unschedulable until the Workload object is recreated
-                              and observed by the kube-scheduler. It must be a DNS label.
-                            type: string
-                          podGroupReplicaKey:
-                            description: |-
-                              PodGroupReplicaKey specifies the replica key of the PodGroup to which this
-                              Pod belongs. It is used to distinguish pods belonging to different replicas
-                              of the same pod group. The pod group policy is applied separately to each replica.
-                              When set, it must be a DNS label.
-                            type: string
-                        required:
-                        - name
-                        - podGroup
-                        type: object
                     required:
                     - containers
===== apps/Deployment cnpg-system/cloudnative-pg ======
@@ -9,7 +9,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg
   namespace: cnpg-system
@@ -32,7 +32,7 @@
     metadata:
       annotations:
-        checksum/config: 5947c43b65b3290b2f73f34f8694cdab726747b821c3596a0784b1af5ca93e2b
-        checksum/monitoring-config: 29cbd0bcc3d5838f54c59937443fd77c48bcd77e4d1caddad833155161449685
-        checksum/rbac: 6ddf1345f953cc7cb5175c0ba5f6f314dd66495c6cc44edf885801001112297e
+        checksum/config: 904d2cf17720ad88a7d135fcc1d6616b8855560c1a8885f99632af04802cdf30
+        checksum/monitoring-config: 0c2d351dbf2fa8785c473d4ce19286c8f8a3346766e1abcee226c166f06c4975
+        checksum/rbac: a84d0dea594271c343f106f458f5fc63c18244de31a6f4c8851a75e415adfb70
         kubectl.kubernetes.io/restartedAt: "2025-11-05T13:40:38+01:00"
       labels:
@@ -51,5 +51,5 @@
         env:
         - name: OPERATOR_IMAGE_NAME
-          value: ghcr.io/cloudnative-pg/cloudnative-pg:1.29.0
+          value: ghcr.io/cloudnative-pg/cloudnative-pg:1.29.1
         - name: OPERATOR_NAMESPACE
           valueFrom:
@@ -63,5 +63,5 @@
         - name: NO_PROXY
           value: localhost,127.0.0.1,10.0.96.1,.svc,.svc.cluster.local,cluster.local
-        image: ghcr.io/cloudnative-pg/cloudnative-pg:1.29.0
+        image: ghcr.io/cloudnative-pg/cloudnative-pg:1.29.1
         imagePullPolicy: IfNotPresent
         livenessProbe:
===== monitoring.coreos.com/PodMonitor cnpg-system/cloudnative-pg ======
@@ -7,7 +7,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg
   namespace: cnpg-system
===== rbac.authorization.k8s.io/ClusterRole /cloudnative-pg ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg
   resourceVersion: "153164227"
===== rbac.authorization.k8s.io/ClusterRole /cloudnative-pg-edit ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg-edit
   resourceVersion: "153164225"
===== rbac.authorization.k8s.io/ClusterRole /cloudnative-pg-view ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg-view
   resourceVersion: "153164226"
===== rbac.authorization.k8s.io/ClusterRoleBinding /cloudnative-pg ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg
   resourceVersion: "153164230"

Done. CommitSHA: 27a082a

goingdark-sync · 2026-05-12T16:37:33Z

Kubechecks Report

ArgoCD Application Checks: `infra-database` ❗

running pre-upgrade check Error ❗

⚠️ Error while running pre-upgrade check ⚠️

Invalid Semantic Version

Check kubechecks application logs for more information.

Show kubeconform report: Failed 🔴

Validated against Kubernetes Version: v1.33.10.0

🔴 Error: v1 Namespace cnpg-system - could not find schema for Namespace
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition backups.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition clusterimagecatalogs.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition clusters.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition databases.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition failoverquorums.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition imagecatalogs.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition objectstores.barmancloud.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition poolers.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition publications.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition scheduledbackups.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition subscriptions.postgresql.cnpg.io
🔴 Error: v1 ServiceAccount cloudnative-pg - could not find schema for ServiceAccount
🔴 Error: v1 ServiceAccount plugin-barman-cloud - could not find schema for ServiceAccount
🔴 Error: rbac.authorization.k8s.io/v1 Role leader-election-role - could not find schema for Role
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole cloudnative-pg - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole cloudnative-pg-edit - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole cloudnative-pg-view - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole metrics-auth-role - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole metrics-reader - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole objectstore-editor-role - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole objectstore-viewer-role - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole plugin-barman-cloud - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 RoleBinding leader-election-rolebinding - could not find schema for RoleBinding
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRoleBinding cloudnative-pg - could not find schema for ClusterRoleBinding
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRoleBinding metrics-auth-rolebinding - could not find schema for ClusterRoleBinding
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRoleBinding plugin-barman-cloud-binding - could not find schema for ClusterRoleBinding
🔴 Error: v1 ConfigMap cnpg-controller-manager-config - could not find schema for ConfigMap
🔴 Error: v1 ConfigMap cnpg-default-monitoring - could not find schema for ConfigMap
🔴 Error: v1 ConfigMap cnpg-grafana-dashboard - could not find schema for ConfigMap
🔴 Error: v1 Secret plugin-barman-cloud-gt85cmh99d - could not find schema for Secret
🔴 Error: v1 Service barman-cloud - could not find schema for Service
🔴 Error: v1 Service cnpg-webhook-service - could not find schema for Service
🔴 Error: apps/v1 Deployment barman-cloud - could not find schema for Deployment
🔴 Error: apps/v1 Deployment cloudnative-pg - could not find schema for Deployment
✅ Passed: argoproj.io/v1alpha1 AppProject database
✅ Passed: cert-manager.io/v1 Certificate barman-cloud-client
✅ Passed: cert-manager.io/v1 Certificate barman-cloud-server
✅ Passed: cert-manager.io/v1 Issuer selfsigned-issuer
✅ Passed: monitoring.coreos.com/v1 PodMonitor cloudnative-pg
✅ Passed: monitoring.coreos.com/v1 PrometheusRule cnpg-default-alerts
🔴 Error: admissionregistration.k8s.io/v1 MutatingWebhookConfiguration cnpg-mutating-webhook-configuration - could not find schema for MutatingWebhookConfiguration
🔴 Error: admissionregistration.k8s.io/v1 ValidatingWebhookConfiguration cnpg-validating-webhook-configuration - could not find schema for ValidatingWebhookConfiguration

0 added, 14 modified, 0 removed

===== /ConfigMap cnpg-system/cnpg-controller-manager-config ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cnpg-controller-manager-config
   namespace: cnpg-system
===== /ConfigMap cnpg-system/cnpg-default-monitoring ======
@@ -22,9 +22,9 @@
             , usename
             , COALESCE(application_name, '') AS application_name
-            , COUNT(*)
-            , COALESCE(EXTRACT (EPOCH FROM (max(now() - xact_start))), 0) AS max_tx_secs
+            , pg_catalog.count(*)
+            , COALESCE(EXTRACT (EPOCH FROM (pg_catalog.max(pg_catalog.now() OPERATOR(pg_catalog.-) xact_start))), 0) AS max_tx_secs
           FROM pg_catalog.pg_stat_activity
           GROUP BY datname, state, usename, application_name
-        ) sa ON states.state = sa.state
+        ) sa ON states.state OPERATOR(pg_catalog.=) sa.state
         WHERE sa.usename IS NOT NULL
       metrics:
@@ -50,8 +50,8 @@
     backends_waiting:
       query: |
-        SELECT count(*) AS total
+        SELECT pg_catalog.count(*) AS total
         FROM pg_catalog.pg_locks blocked_locks
         JOIN pg_catalog.pg_locks blocking_locks
-          ON blocking_locks.locktype = blocked_locks.locktype
+          ON blocking_locks.locktype OPERATOR(pg_catalog.=) blocked_locks.locktype
           AND blocking_locks.database IS NOT DISTINCT FROM blocked_locks.database
           AND blocking_locks.relation IS NOT DISTINCT FROM blocked_locks.relation
@@ -63,6 +63,6 @@
           AND blocking_locks.objid IS NOT DISTINCT FROM blocked_locks.objid
           AND blocking_locks.objsubid IS NOT DISTINCT FROM blocked_locks.objsubid
-          AND blocking_locks.pid != blocked_locks.pid
-        JOIN pg_catalog.pg_stat_activity blocking_activity ON blocking_activity.pid = blocking_locks.pid
+          AND blocking_locks.pid OPERATOR(pg_catalog.<>) blocked_locks.pid
+        JOIN pg_catalog.pg_stat_activity blocking_activity ON blocking_activity.pid OPERATOR(pg_catalog.=) blocking_locks.pid
         WHERE NOT blocked_locks.granted
       metrics:
@@ -106,12 +106,12 @@
         SELECT CASE WHEN (
             NOT pg_catalog.pg_is_in_recovery()
-            OR pg_catalog.pg_last_wal_receive_lsn() = pg_catalog.pg_last_wal_replay_lsn())
+            OR pg_catalog.pg_last_wal_receive_lsn() OPERATOR(pg_catalog.=) pg_catalog.pg_last_wal_replay_lsn())
           THEN 0
           ELSE GREATEST (0,
-            EXTRACT(EPOCH FROM (now() - pg_catalog.pg_last_xact_replay_timestamp())))
+            EXTRACT(EPOCH FROM (pg_catalog.now() OPERATOR(pg_catalog.-) pg_catalog.pg_last_xact_replay_timestamp())))
           END AS lag,
           pg_catalog.pg_is_in_recovery() AS in_recovery,
-          EXISTS (TABLE pg_stat_wal_receiver) AS is_wal_receiver_up,
-          (SELECT count(*) FROM pg_catalog.pg_stat_replication) AS streaming_replicas
+          EXISTS (TABLE pg_catalog.pg_stat_wal_receiver) AS is_wal_receiver_up,
+          (SELECT pg_catalog.count(*) FROM pg_catalog.pg_stat_replication) AS streaming_replicas
       metrics:
         - lag:
@@ -161,15 +161,15 @@
         SELECT archived_count
           , failed_count
-          , COALESCE(EXTRACT(EPOCH FROM (now() - last_archived_time)), -1) AS seconds_since_last_archival
-          , COALESCE(EXTRACT(EPOCH FROM (now() - last_failed_time)), -1) AS seconds_since_last_failure
+          , COALESCE(EXTRACT(EPOCH FROM (pg_catalog.now() OPERATOR(pg_catalog.-) last_archived_time)), -1) AS seconds_since_last_archival
+          , COALESCE(EXTRACT(EPOCH FROM (pg_catalog.now() OPERATOR(pg_catalog.-) last_failed_time)), -1) AS seconds_since_last_failure
           , COALESCE(EXTRACT(EPOCH FROM last_archived_time), -1) AS last_archived_time
           , COALESCE(EXTRACT(EPOCH FROM last_failed_time), -1) AS last_failed_time
-          , COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_archived_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_archived_wal_start_lsn
-          , COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_failed_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_failed_wal_start_lsn
+          , COALESCE(CAST(CAST('x' OPERATOR(pg_catalog.||) pg_catalog.right(pg_catalog.split_part(last_archived_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_archived_wal_start_lsn
+          , COALESCE(CAST(CAST('x' OPERATOR(pg_catalog.||) pg_catalog.right(pg_catalog.split_part(last_failed_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_failed_wal_start_lsn
           , EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time
         FROM pg_catalog.pg_stat_archiver
       predicate_query: |
         SELECT NOT pg_catalog.pg_is_in_recovery()
-          OR pg_catalog.current_setting('archive_mode') = 'always'
+          OR pg_catalog.current_setting('archive_mode') OPERATOR(pg_catalog.=) 'always'
       metrics:
         - archived_count:
@@ -457,10 +457,10 @@
       query: |
         SELECT
-          current_database() as datname,
+          pg_catalog.current_database() as datname,
           name as extname,
           default_version,
           installed_version,
           CASE
-            WHEN default_version = installed_version THEN 0
+            WHEN default_version OPERATOR(pg_catalog.=) installed_version THEN 0
             ELSE 1
         END AS update_available
@@ -491,8 +491,8 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
     cnpg.io/reload: ""
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cnpg-default-monitoring
   namespace: cnpg-system
===== /Service cnpg-system/cnpg-webhook-service ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cnpg-webhook-service
   namespace: cnpg-system
===== /ServiceAccount cnpg-system/cloudnative-pg ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg
   namespace: cnpg-system
===== admissionregistration.k8s.io/MutatingWebhookConfiguration /cnpg-mutating-webhook-configuration ======
@@ -7,7 +7,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cnpg-mutating-webhook-configuration
   resourceVersion: "153164240"
===== admissionregistration.k8s.io/ValidatingWebhookConfiguration /cnpg-validating-webhook-configuration ======
@@ -7,7 +7,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cnpg-validating-webhook-configuration
   resourceVersion: "153164245"
===== apiextensions.k8s.io/CustomResourceDefinition /clusters.postgresql.cnpg.io ======
@@ -5718,5 +5718,4 @@
                       The default value is Default which uses the container runtime defaults for
                       readonly paths and masked paths.
-                      This requires the ProcMountType feature flag to be enabled.
                       Note that this field cannot be set when spec.os.name is windows.
                     type: string
===== apiextensions.k8s.io/CustomResourceDefinition /poolers.postgresql.cnpg.io ======
@@ -2885,5 +2885,4 @@
                                     The default value is Default which uses the container runtime defaults for
                                     readonly paths and masked paths.
-                                    This requires the ProcMountType feature flag to be enabled.
                                     Note that this field cannot be set when spec.os.name is windows.
                                   type: string
@@ -4456,5 +4455,4 @@
                                     The default value is Default which uses the container runtime defaults for
                                     readonly paths and masked paths.
-                                    This requires the ProcMountType feature flag to be enabled.
                                     Note that this field cannot be set when spec.os.name is windows.
                                   type: string
@@ -4940,5 +4938,4 @@
                           mitigating container breakout vulnerabilities even allowing users to run their
                           containers as root without actually having root privileges on the host.
-                          This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
                         type: boolean
                       hostname:
@@ -6110,5 +6107,4 @@
                                     The default value is Default which uses the container runtime defaults for
                                     readonly paths and masked paths.
-                                    This requires the ProcMountType feature flag to be enabled.
                                     Note that this field cannot be set when spec.os.name is windows.
                                   type: string
@@ -6679,4 +6675,12 @@
                             It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
                             Containers that need access to the ResourceClaim reference it with this name.
+
+                            When the DRAWorkloadResourceClaims feature gate is enabled and this Pod
+                            belongs to a PodGroup, a PodResourceClaim is matched to a
+                            PodGroupResourceClaim if all of their fields are equal (Name,
+                            ResourceClaimName, and ResourceClaimTemplateName). A matched claim references
+                            a single ResourceClaim shared across all Pods in the PodGroup, reserved for
+                            the PodGroup in ResourceClaimStatus.ReservedFor rather than for individual
+                            Pods.
                           properties:
                             name:
@@ -6703,4 +6707,14 @@
                                 generated component, will be used to form a unique name for the
                                 ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
+
+                                When the DRAWorkloadResourceClaims feature gate is enabled and the pod
+                                belongs to a PodGroup that defines a PodGroupResourceClaim with the same
+                                Name and ResourceClaimTemplateName, this PodResourceClaim resolves to the
+                                ResourceClaim generated for the PodGroup. All pods in the group that
+                                define an equivalent PodResourceClaim matching the
+                                PodGroupResourceClaim's Name and ResourceClaimTemplateName share the same
+                                generated ResourceClaim. ResourceClaims generated for a PodGroup are
+                                owned by the PodGroup and their lifecycles are tied to the PodGroup
+                                instead of any individual pod.
 
                                 This field is immutable and no changes will be made to the
@@ -6829,4 +6843,26 @@
                         - name
                         x-kubernetes-list-type: map
+                      schedulingGroup:
+                        description: |-
+                          SchedulingGroup provides a reference to the immediate scheduling runtime
+                          grouping object that this Pod belongs to.
+                          This field is used by the scheduler to identify the group and apply the
+                          correct group scheduling policies. The association with a group also
+                          impacts other lifecycle aspects of a Pod that are relevant in a wider context
+                          of scheduling like preemption, resource attachment, etc. If not specified,
+                          the Pod is treated as a single unit in all of these aspects.
+                          The group object referenced by this field may not exist at the time the
+                          Pod is created.
+                          This field is immutable, but a group object with the same name may be
+                          recreated with different policies. Doing this during pod scheduling
+                          may result in the placement not conforming to the expected policies.
+                        properties:
+                          podGroupName:
+                            description: |-
+                              PodGroupName specifies the name of the standalone PodGroup object
+                              that represents the runtime instance of this group.
+                              Must be a DNS subdomain.
+                            type: string
+                        type: object
                       securityContext:
                         description: |-
@@ -8257,5 +8293,5 @@
                                 The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
                                 The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
-                                The volume will be mounted read-only (ro) and non-executable files (noexec).
+                                The volume will be mounted read-only (ro).
                                 Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33.
                                 The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
@@ -8429,6 +8465,5 @@
                                 portworxVolume represents a portworx volume attached and mounted on kubelets host machine.
                                 Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type
-                                are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate
-                                is on.
+                                are redirected to the pxd.portworx.com CSI driver.
                               properties:
                                 fsType:
@@ -9253,40 +9288,4 @@
                         - name
                         x-kubernetes-list-type: map
-                      workloadRef:
-                        description: |-
-                          WorkloadRef provides a reference to the Workload object that this Pod belongs to.
-                          This field is used by the scheduler to identify the PodGroup and apply the
-                          correct group scheduling policies. The Workload object referenced
-                          by this field may not exist at the time the Pod is created.
-                          This field is immutable, but a Workload object with the same name
-                          may be recreated with different policies. Doing this during pod scheduling
-                          may result in the placement not conforming to the expected policies.
-                        properties:
-                          name:
-                            description: |-
-                              Name defines the name of the Workload object this Pod belongs to.
-                              Workload must be in the same namespace as the Pod.
-                              If it doesn't match any existing Workload, the Pod will remain unschedulable
-                              until a Workload object is created and observed by the kube-scheduler.
-                              It must be a DNS subdomain.
-                            type: string
-                          podGroup:
-                            description: |-
-                              PodGroup is the name of the PodGroup within the Workload that this Pod
-                              belongs to. If it doesn't match any existing PodGroup within the Workload,
-                              the Pod will remain unschedulable until the Workload object is recreated
-                              and observed by the kube-scheduler. It must be a DNS label.
-                            type: string
-                          podGroupReplicaKey:
-                            description: |-
-                              PodGroupReplicaKey specifies the replica key of the PodGroup to which this
-                              Pod belongs. It is used to distinguish pods belonging to different replicas
-                              of the same pod group. The pod group policy is applied separately to each replica.
-                              When set, it must be a DNS label.
-                            type: string
-                        required:
-                        - name
-                        - podGroup
-                        type: object
                     required:
                     - containers
===== apps/Deployment cnpg-system/cloudnative-pg ======
@@ -9,7 +9,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg
   namespace: cnpg-system
@@ -32,7 +32,7 @@
     metadata:
       annotations:
-        checksum/config: 5947c43b65b3290b2f73f34f8694cdab726747b821c3596a0784b1af5ca93e2b
-        checksum/monitoring-config: 29cbd0bcc3d5838f54c59937443fd77c48bcd77e4d1caddad833155161449685
-        checksum/rbac: 6ddf1345f953cc7cb5175c0ba5f6f314dd66495c6cc44edf885801001112297e
+        checksum/config: 904d2cf17720ad88a7d135fcc1d6616b8855560c1a8885f99632af04802cdf30
+        checksum/monitoring-config: 0c2d351dbf2fa8785c473d4ce19286c8f8a3346766e1abcee226c166f06c4975
+        checksum/rbac: a84d0dea594271c343f106f458f5fc63c18244de31a6f4c8851a75e415adfb70
         kubectl.kubernetes.io/restartedAt: "2025-11-05T13:40:38+01:00"
       labels:
@@ -51,5 +51,5 @@
         env:
         - name: OPERATOR_IMAGE_NAME
-          value: ghcr.io/cloudnative-pg/cloudnative-pg:1.29.0
+          value: ghcr.io/cloudnative-pg/cloudnative-pg:1.29.1
         - name: OPERATOR_NAMESPACE
           valueFrom:
@@ -63,5 +63,5 @@
         - name: NO_PROXY
           value: localhost,127.0.0.1,10.0.96.1,.svc,.svc.cluster.local,cluster.local
-        image: ghcr.io/cloudnative-pg/cloudnative-pg:1.29.0
+        image: ghcr.io/cloudnative-pg/cloudnative-pg:1.29.1
         imagePullPolicy: IfNotPresent
         livenessProbe:
===== monitoring.coreos.com/PodMonitor cnpg-system/cloudnative-pg ======
@@ -7,7 +7,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg
   namespace: cnpg-system
===== rbac.authorization.k8s.io/ClusterRole /cloudnative-pg ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg
   resourceVersion: "153164227"
===== rbac.authorization.k8s.io/ClusterRole /cloudnative-pg-edit ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg-edit
   resourceVersion: "153164225"
===== rbac.authorization.k8s.io/ClusterRole /cloudnative-pg-view ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg-view
   resourceVersion: "153164226"
===== rbac.authorization.k8s.io/ClusterRoleBinding /cloudnative-pg ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg
   resourceVersion: "153164230"

Done. CommitSHA: 27a082a

goingdark-sync · 2026-05-12T16:37:34Z

Kubechecks Report

ArgoCD Application Checks: `infra-database` ❗

running pre-upgrade check Error ❗

⚠️ Error while running pre-upgrade check ⚠️

Invalid Semantic Version

Check kubechecks application logs for more information.

Show kubeconform report: Failed 🔴

Validated against Kubernetes Version: v1.33.10.0

🔴 Error: v1 Namespace cnpg-system - could not find schema for Namespace
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition backups.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition clusterimagecatalogs.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition clusters.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition databases.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition failoverquorums.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition imagecatalogs.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition objectstores.barmancloud.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition poolers.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition publications.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition scheduledbackups.postgresql.cnpg.io
:skip: Skipped: apiextensions.k8s.io/v1 CustomResourceDefinition subscriptions.postgresql.cnpg.io
🔴 Error: v1 ServiceAccount cloudnative-pg - could not find schema for ServiceAccount
🔴 Error: v1 ServiceAccount plugin-barman-cloud - could not find schema for ServiceAccount
🔴 Error: rbac.authorization.k8s.io/v1 Role leader-election-role - could not find schema for Role
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole cloudnative-pg - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole cloudnative-pg-edit - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole cloudnative-pg-view - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole metrics-auth-role - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole metrics-reader - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole objectstore-editor-role - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole objectstore-viewer-role - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRole plugin-barman-cloud - could not find schema for ClusterRole
🔴 Error: rbac.authorization.k8s.io/v1 RoleBinding leader-election-rolebinding - could not find schema for RoleBinding
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRoleBinding cloudnative-pg - could not find schema for ClusterRoleBinding
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRoleBinding metrics-auth-rolebinding - could not find schema for ClusterRoleBinding
🔴 Error: rbac.authorization.k8s.io/v1 ClusterRoleBinding plugin-barman-cloud-binding - could not find schema for ClusterRoleBinding
🔴 Error: v1 ConfigMap cnpg-controller-manager-config - could not find schema for ConfigMap
🔴 Error: v1 ConfigMap cnpg-default-monitoring - could not find schema for ConfigMap
🔴 Error: v1 ConfigMap cnpg-grafana-dashboard - could not find schema for ConfigMap
🔴 Error: v1 Secret plugin-barman-cloud-gt85cmh99d - could not find schema for Secret
🔴 Error: v1 Service barman-cloud - could not find schema for Service
🔴 Error: v1 Service cnpg-webhook-service - could not find schema for Service
🔴 Error: apps/v1 Deployment barman-cloud - could not find schema for Deployment
🔴 Error: apps/v1 Deployment cloudnative-pg - could not find schema for Deployment
✅ Passed: argoproj.io/v1alpha1 AppProject database
✅ Passed: cert-manager.io/v1 Certificate barman-cloud-client
✅ Passed: cert-manager.io/v1 Certificate barman-cloud-server
✅ Passed: cert-manager.io/v1 Issuer selfsigned-issuer
✅ Passed: monitoring.coreos.com/v1 PodMonitor cloudnative-pg
✅ Passed: monitoring.coreos.com/v1 PrometheusRule cnpg-default-alerts
🔴 Error: admissionregistration.k8s.io/v1 MutatingWebhookConfiguration cnpg-mutating-webhook-configuration - could not find schema for MutatingWebhookConfiguration
🔴 Error: admissionregistration.k8s.io/v1 ValidatingWebhookConfiguration cnpg-validating-webhook-configuration - could not find schema for ValidatingWebhookConfiguration

0 added, 14 modified, 0 removed

===== /ConfigMap cnpg-system/cnpg-controller-manager-config ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cnpg-controller-manager-config
   namespace: cnpg-system
===== /ConfigMap cnpg-system/cnpg-default-monitoring ======
@@ -22,9 +22,9 @@
             , usename
             , COALESCE(application_name, '') AS application_name
-            , COUNT(*)
-            , COALESCE(EXTRACT (EPOCH FROM (max(now() - xact_start))), 0) AS max_tx_secs
+            , pg_catalog.count(*)
+            , COALESCE(EXTRACT (EPOCH FROM (pg_catalog.max(pg_catalog.now() OPERATOR(pg_catalog.-) xact_start))), 0) AS max_tx_secs
           FROM pg_catalog.pg_stat_activity
           GROUP BY datname, state, usename, application_name
-        ) sa ON states.state = sa.state
+        ) sa ON states.state OPERATOR(pg_catalog.=) sa.state
         WHERE sa.usename IS NOT NULL
       metrics:
@@ -50,8 +50,8 @@
     backends_waiting:
       query: |
-        SELECT count(*) AS total
+        SELECT pg_catalog.count(*) AS total
         FROM pg_catalog.pg_locks blocked_locks
         JOIN pg_catalog.pg_locks blocking_locks
-          ON blocking_locks.locktype = blocked_locks.locktype
+          ON blocking_locks.locktype OPERATOR(pg_catalog.=) blocked_locks.locktype
           AND blocking_locks.database IS NOT DISTINCT FROM blocked_locks.database
           AND blocking_locks.relation IS NOT DISTINCT FROM blocked_locks.relation
@@ -63,6 +63,6 @@
           AND blocking_locks.objid IS NOT DISTINCT FROM blocked_locks.objid
           AND blocking_locks.objsubid IS NOT DISTINCT FROM blocked_locks.objsubid
-          AND blocking_locks.pid != blocked_locks.pid
-        JOIN pg_catalog.pg_stat_activity blocking_activity ON blocking_activity.pid = blocking_locks.pid
+          AND blocking_locks.pid OPERATOR(pg_catalog.<>) blocked_locks.pid
+        JOIN pg_catalog.pg_stat_activity blocking_activity ON blocking_activity.pid OPERATOR(pg_catalog.=) blocking_locks.pid
         WHERE NOT blocked_locks.granted
       metrics:
@@ -106,12 +106,12 @@
         SELECT CASE WHEN (
             NOT pg_catalog.pg_is_in_recovery()
-            OR pg_catalog.pg_last_wal_receive_lsn() = pg_catalog.pg_last_wal_replay_lsn())
+            OR pg_catalog.pg_last_wal_receive_lsn() OPERATOR(pg_catalog.=) pg_catalog.pg_last_wal_replay_lsn())
           THEN 0
           ELSE GREATEST (0,
-            EXTRACT(EPOCH FROM (now() - pg_catalog.pg_last_xact_replay_timestamp())))
+            EXTRACT(EPOCH FROM (pg_catalog.now() OPERATOR(pg_catalog.-) pg_catalog.pg_last_xact_replay_timestamp())))
           END AS lag,
           pg_catalog.pg_is_in_recovery() AS in_recovery,
-          EXISTS (TABLE pg_stat_wal_receiver) AS is_wal_receiver_up,
-          (SELECT count(*) FROM pg_catalog.pg_stat_replication) AS streaming_replicas
+          EXISTS (TABLE pg_catalog.pg_stat_wal_receiver) AS is_wal_receiver_up,
+          (SELECT pg_catalog.count(*) FROM pg_catalog.pg_stat_replication) AS streaming_replicas
       metrics:
         - lag:
@@ -161,15 +161,15 @@
         SELECT archived_count
           , failed_count
-          , COALESCE(EXTRACT(EPOCH FROM (now() - last_archived_time)), -1) AS seconds_since_last_archival
-          , COALESCE(EXTRACT(EPOCH FROM (now() - last_failed_time)), -1) AS seconds_since_last_failure
+          , COALESCE(EXTRACT(EPOCH FROM (pg_catalog.now() OPERATOR(pg_catalog.-) last_archived_time)), -1) AS seconds_since_last_archival
+          , COALESCE(EXTRACT(EPOCH FROM (pg_catalog.now() OPERATOR(pg_catalog.-) last_failed_time)), -1) AS seconds_since_last_failure
           , COALESCE(EXTRACT(EPOCH FROM last_archived_time), -1) AS last_archived_time
           , COALESCE(EXTRACT(EPOCH FROM last_failed_time), -1) AS last_failed_time
-          , COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_archived_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_archived_wal_start_lsn
-          , COALESCE(CAST(CAST('x'||pg_catalog.right(pg_catalog.split_part(last_failed_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_failed_wal_start_lsn
+          , COALESCE(CAST(CAST('x' OPERATOR(pg_catalog.||) pg_catalog.right(pg_catalog.split_part(last_archived_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_archived_wal_start_lsn
+          , COALESCE(CAST(CAST('x' OPERATOR(pg_catalog.||) pg_catalog.right(pg_catalog.split_part(last_failed_wal, '.', 1), 16) AS pg_catalog.bit(64)) AS pg_catalog.int8), -1) AS last_failed_wal_start_lsn
           , EXTRACT(EPOCH FROM stats_reset) AS stats_reset_time
         FROM pg_catalog.pg_stat_archiver
       predicate_query: |
         SELECT NOT pg_catalog.pg_is_in_recovery()
-          OR pg_catalog.current_setting('archive_mode') = 'always'
+          OR pg_catalog.current_setting('archive_mode') OPERATOR(pg_catalog.=) 'always'
       metrics:
         - archived_count:
@@ -457,10 +457,10 @@
       query: |
         SELECT
-          current_database() as datname,
+          pg_catalog.current_database() as datname,
           name as extname,
           default_version,
           installed_version,
           CASE
-            WHEN default_version = installed_version THEN 0
+            WHEN default_version OPERATOR(pg_catalog.=) installed_version THEN 0
             ELSE 1
         END AS update_available
@@ -491,8 +491,8 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
     cnpg.io/reload: ""
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cnpg-default-monitoring
   namespace: cnpg-system
===== /Service cnpg-system/cnpg-webhook-service ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cnpg-webhook-service
   namespace: cnpg-system
===== /ServiceAccount cnpg-system/cloudnative-pg ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg
   namespace: cnpg-system
===== admissionregistration.k8s.io/MutatingWebhookConfiguration /cnpg-mutating-webhook-configuration ======
@@ -7,7 +7,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cnpg-mutating-webhook-configuration
   resourceVersion: "153164240"
===== admissionregistration.k8s.io/ValidatingWebhookConfiguration /cnpg-validating-webhook-configuration ======
@@ -7,7 +7,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cnpg-validating-webhook-configuration
   resourceVersion: "153164245"
===== apiextensions.k8s.io/CustomResourceDefinition /clusters.postgresql.cnpg.io ======
@@ -5718,5 +5718,4 @@
                       The default value is Default which uses the container runtime defaults for
                       readonly paths and masked paths.
-                      This requires the ProcMountType feature flag to be enabled.
                       Note that this field cannot be set when spec.os.name is windows.
                     type: string
===== apiextensions.k8s.io/CustomResourceDefinition /poolers.postgresql.cnpg.io ======
@@ -2885,5 +2885,4 @@
                                     The default value is Default which uses the container runtime defaults for
                                     readonly paths and masked paths.
-                                    This requires the ProcMountType feature flag to be enabled.
                                     Note that this field cannot be set when spec.os.name is windows.
                                   type: string
@@ -4456,5 +4455,4 @@
                                     The default value is Default which uses the container runtime defaults for
                                     readonly paths and masked paths.
-                                    This requires the ProcMountType feature flag to be enabled.
                                     Note that this field cannot be set when spec.os.name is windows.
                                   type: string
@@ -4940,5 +4938,4 @@
                           mitigating container breakout vulnerabilities even allowing users to run their
                           containers as root without actually having root privileges on the host.
-                          This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
                         type: boolean
                       hostname:
@@ -6110,5 +6107,4 @@
                                     The default value is Default which uses the container runtime defaults for
                                     readonly paths and masked paths.
-                                    This requires the ProcMountType feature flag to be enabled.
                                     Note that this field cannot be set when spec.os.name is windows.
                                   type: string
@@ -6679,4 +6675,12 @@
                             It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
                             Containers that need access to the ResourceClaim reference it with this name.
+
+                            When the DRAWorkloadResourceClaims feature gate is enabled and this Pod
+                            belongs to a PodGroup, a PodResourceClaim is matched to a
+                            PodGroupResourceClaim if all of their fields are equal (Name,
+                            ResourceClaimName, and ResourceClaimTemplateName). A matched claim references
+                            a single ResourceClaim shared across all Pods in the PodGroup, reserved for
+                            the PodGroup in ResourceClaimStatus.ReservedFor rather than for individual
+                            Pods.
                           properties:
                             name:
@@ -6703,4 +6707,14 @@
                                 generated component, will be used to form a unique name for the
                                 ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
+
+                                When the DRAWorkloadResourceClaims feature gate is enabled and the pod
+                                belongs to a PodGroup that defines a PodGroupResourceClaim with the same
+                                Name and ResourceClaimTemplateName, this PodResourceClaim resolves to the
+                                ResourceClaim generated for the PodGroup. All pods in the group that
+                                define an equivalent PodResourceClaim matching the
+                                PodGroupResourceClaim's Name and ResourceClaimTemplateName share the same
+                                generated ResourceClaim. ResourceClaims generated for a PodGroup are
+                                owned by the PodGroup and their lifecycles are tied to the PodGroup
+                                instead of any individual pod.
 
                                 This field is immutable and no changes will be made to the
@@ -6829,4 +6843,26 @@
                         - name
                         x-kubernetes-list-type: map
+                      schedulingGroup:
+                        description: |-
+                          SchedulingGroup provides a reference to the immediate scheduling runtime
+                          grouping object that this Pod belongs to.
+                          This field is used by the scheduler to identify the group and apply the
+                          correct group scheduling policies. The association with a group also
+                          impacts other lifecycle aspects of a Pod that are relevant in a wider context
+                          of scheduling like preemption, resource attachment, etc. If not specified,
+                          the Pod is treated as a single unit in all of these aspects.
+                          The group object referenced by this field may not exist at the time the
+                          Pod is created.
+                          This field is immutable, but a group object with the same name may be
+                          recreated with different policies. Doing this during pod scheduling
+                          may result in the placement not conforming to the expected policies.
+                        properties:
+                          podGroupName:
+                            description: |-
+                              PodGroupName specifies the name of the standalone PodGroup object
+                              that represents the runtime instance of this group.
+                              Must be a DNS subdomain.
+                            type: string
+                        type: object
                       securityContext:
                         description: |-
@@ -8257,5 +8293,5 @@
                                 The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
                                 The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
-                                The volume will be mounted read-only (ro) and non-executable files (noexec).
+                                The volume will be mounted read-only (ro).
                                 Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33.
                                 The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
@@ -8429,6 +8465,5 @@
                                 portworxVolume represents a portworx volume attached and mounted on kubelets host machine.
                                 Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type
-                                are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate
-                                is on.
+                                are redirected to the pxd.portworx.com CSI driver.
                               properties:
                                 fsType:
@@ -9253,40 +9288,4 @@
                         - name
                         x-kubernetes-list-type: map
-                      workloadRef:
-                        description: |-
-                          WorkloadRef provides a reference to the Workload object that this Pod belongs to.
-                          This field is used by the scheduler to identify the PodGroup and apply the
-                          correct group scheduling policies. The Workload object referenced
-                          by this field may not exist at the time the Pod is created.
-                          This field is immutable, but a Workload object with the same name
-                          may be recreated with different policies. Doing this during pod scheduling
-                          may result in the placement not conforming to the expected policies.
-                        properties:
-                          name:
-                            description: |-
-                              Name defines the name of the Workload object this Pod belongs to.
-                              Workload must be in the same namespace as the Pod.
-                              If it doesn't match any existing Workload, the Pod will remain unschedulable
-                              until a Workload object is created and observed by the kube-scheduler.
-                              It must be a DNS subdomain.
-                            type: string
-                          podGroup:
-                            description: |-
-                              PodGroup is the name of the PodGroup within the Workload that this Pod
-                              belongs to. If it doesn't match any existing PodGroup within the Workload,
-                              the Pod will remain unschedulable until the Workload object is recreated
-                              and observed by the kube-scheduler. It must be a DNS label.
-                            type: string
-                          podGroupReplicaKey:
-                            description: |-
-                              PodGroupReplicaKey specifies the replica key of the PodGroup to which this
-                              Pod belongs. It is used to distinguish pods belonging to different replicas
-                              of the same pod group. The pod group policy is applied separately to each replica.
-                              When set, it must be a DNS label.
-                            type: string
-                        required:
-                        - name
-                        - podGroup
-                        type: object
                     required:
                     - containers
===== apps/Deployment cnpg-system/cloudnative-pg ======
@@ -9,7 +9,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg
   namespace: cnpg-system
@@ -32,7 +32,7 @@
     metadata:
       annotations:
-        checksum/config: 5947c43b65b3290b2f73f34f8694cdab726747b821c3596a0784b1af5ca93e2b
-        checksum/monitoring-config: 29cbd0bcc3d5838f54c59937443fd77c48bcd77e4d1caddad833155161449685
-        checksum/rbac: 6ddf1345f953cc7cb5175c0ba5f6f314dd66495c6cc44edf885801001112297e
+        checksum/config: 904d2cf17720ad88a7d135fcc1d6616b8855560c1a8885f99632af04802cdf30
+        checksum/monitoring-config: 0c2d351dbf2fa8785c473d4ce19286c8f8a3346766e1abcee226c166f06c4975
+        checksum/rbac: a84d0dea594271c343f106f458f5fc63c18244de31a6f4c8851a75e415adfb70
         kubectl.kubernetes.io/restartedAt: "2025-11-05T13:40:38+01:00"
       labels:
@@ -51,5 +51,5 @@
         env:
         - name: OPERATOR_IMAGE_NAME
-          value: ghcr.io/cloudnative-pg/cloudnative-pg:1.29.0
+          value: ghcr.io/cloudnative-pg/cloudnative-pg:1.29.1
         - name: OPERATOR_NAMESPACE
           valueFrom:
@@ -63,5 +63,5 @@
         - name: NO_PROXY
           value: localhost,127.0.0.1,10.0.96.1,.svc,.svc.cluster.local,cluster.local
-        image: ghcr.io/cloudnative-pg/cloudnative-pg:1.29.0
+        image: ghcr.io/cloudnative-pg/cloudnative-pg:1.29.1
         imagePullPolicy: IfNotPresent
         livenessProbe:
===== monitoring.coreos.com/PodMonitor cnpg-system/cloudnative-pg ======
@@ -7,7 +7,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg
   namespace: cnpg-system
===== rbac.authorization.k8s.io/ClusterRole /cloudnative-pg ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg
   resourceVersion: "153164227"
===== rbac.authorization.k8s.io/ClusterRole /cloudnative-pg-edit ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg-edit
   resourceVersion: "153164225"
===== rbac.authorization.k8s.io/ClusterRole /cloudnative-pg-view ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg-view
   resourceVersion: "153164226"
===== rbac.authorization.k8s.io/ClusterRoleBinding /cloudnative-pg ======
@@ -6,7 +6,7 @@
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: cloudnative-pg
-    app.kubernetes.io/version: 1.29.0
+    app.kubernetes.io/version: 1.29.1
     argocd.argoproj.io/instance: infra-database
-    helm.sh/chart: cloudnative-pg-0.28.0
+    helm.sh/chart: cloudnative-pg-0.28.2
   name: cloudnative-pg
   resourceVersion: "153164230"

Done. CommitSHA: 27a082a

This comment has been minimized.

Sign in to view

chore(deps): update helm release cloudnative-pg to v0.28.2

27a082a

renovate Bot changed the title ~~chore(deps): update helm release cloudnative-pg to v0.28.1~~ chore(deps): update helm release cloudnative-pg to v0.28.2 May 12, 2026

renovate Bot force-pushed the renovate/cloudnative-pg-0.x branch from 086e799 to 27a082a Compare May 12, 2026 16:37

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update helm release cloudnative-pg to v0.28.2#415

chore(deps): update helm release cloudnative-pg to v0.28.2#415
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/cloudnative-pg-0.x

renovate Bot commented May 11, 2026 •

edited

Loading

Uh oh!

This comment has been minimized.

This comment has been minimized.

goingdark-sync Bot commented May 12, 2026 •

edited

Loading

ArgoCD Application Checks: `infra-database` ❗

Uh oh!

goingdark-sync Bot commented May 12, 2026 •

edited

Loading

ArgoCD Application Checks: `infra-database` ❗

Uh oh!

goingdark-sync Bot commented May 12, 2026 •

edited

Loading

ArgoCD Application Checks: `infra-database` ❗

Uh oh!

goingdark-sync Bot commented May 12, 2026 •

edited

Loading

ArgoCD Application Checks: `infra-database` ❗

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

renovate Bot commented May 11, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v0.28.2

What's Changed

v0.28.1

What's Changed

New Contributors

Configuration

Uh oh!

This comment has been minimized.

This comment has been minimized.

goingdark-sync Bot commented May 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Kubechecks Report

ArgoCD Application Checks: infra-database ❗

Uh oh!

goingdark-sync Bot commented May 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Kubechecks Report

ArgoCD Application Checks: infra-database ❗

Uh oh!

goingdark-sync Bot commented May 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Kubechecks Report

ArgoCD Application Checks: infra-database ❗

Uh oh!

goingdark-sync Bot commented May 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Kubechecks Report

ArgoCD Application Checks: infra-database ❗

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

renovate Bot commented May 11, 2026 •

edited

Loading

`v0.28.2`

`v0.28.1`

goingdark-sync Bot commented May 12, 2026 •

edited

Loading

ArgoCD Application Checks: `infra-database` ❗

goingdark-sync Bot commented May 12, 2026 •

edited

Loading

ArgoCD Application Checks: `infra-database` ❗

goingdark-sync Bot commented May 12, 2026 •

edited

Loading

ArgoCD Application Checks: `infra-database` ❗

goingdark-sync Bot commented May 12, 2026 •

edited

Loading

ArgoCD Application Checks: `infra-database` ❗