v1.16.1

Bugs Fixed

• K8SPXC-1536: Fix a bug where scheduled backups were not working due to a bug in the Operator that was creating Kubernetes resources with the names exceeding the allowed length (Thanks to Vlad Gusev for contribution)

Supported Platforms

The Operator was developed and tested with Percona XtraDB Cluster versions 8.4.2-2.1 (Tech preview), 8.0.39-30.1, and 5.7.44-31.65. Other options may also work but have not been tested. Other software components include:

• Percona XtraBackup versions 8.4.0-1, 8.0.35-30.1 and 2.4.29
• HAProxy 2.8.11
• ProxySQL 2.7.1
• LogCollector based on fluent-bit 3.2.2
• PMM Client 2.44.0

Percona Operators are designed for compatibility with all CNCF-certified Kubernetes distributions. Our release process includes targeted testing and validation on major cloud provider platforms and OpenShift, as detailed below for Operator version 1.16.0:

• Google Kubernetes Engine (GKE) 1.28 - 1.30
• Amazon Elastic Container Service for Kubernetes (EKS) 1.28 - 1.31
• Azure Kubernetes Service (AKS) 1.28 - 1.31
• OpenShift 4.14.42 - 4.17.8
• Minikube 1.34.0 based on Kubernetes 1.31.0

This list only includes the platforms that the Percona Operators are specifically tested on as part of the release process. Other Kubernetes flavors and versions depend on the backward compatibility offered by Kubernetes itself.

v1.16.0

Release Highlights

Declarative user management (technical preview)

Before the Operator version 1.16.0 custom MySQL users had to be created manually. Now the declarative creation of custom MySQL users is supported via the users subsection in the Custom Resource. You can specify a new user in deploy/cr.yaml manifest, setting the user’s login name and hosts this user is allowed to connect from, PasswordSecretRef (a reference to a key in a Secret resource containing user’s password) and as well as databases the user is going to have access to and the appropriate permissions:

users:
- name: my-user
  dbs:
  - db1
  - db2
  hosts:
  - localhost
  grants:
  - SELECT
  - DELETE
  - INSERT
  withGrantOption: true
  passwordSecretRef:
    name: my-user-pwd
    key: my-user-pwd-key
...

See documentation to find more details about this feature with additional explanations and the list of current limitations.

Percona XtraDB Cluster 8.4 support (technical preview)

Percona XtraDB Cluster based on Percona Server for MySQL 8.4 versions is now supported by the Operator in addition to 8.0 and 5.7 versions. The appropriate images for Percona XtraDB Cluster and Percona XtraBackup are included into the list of Percona-certified images. Being a technical preview, Percona XtraDB Cluster 8.4 is not yet recommended for production environments.

New Features

• K8SPXC-377: It is now possible to create and manage users via the Custom Resource
• K8SPXC-1456: Now the user can run Percona XtraDB Cluster Pods initContainers with a security context different from the Pods security context, useful to customize deployment on tuned Kubernetes environments (Thanks to Vlad Gusev for contribution)

Improvements

• K8SPXC-1230 and K8SPXC-1378: Now the Operator assigns labels to all Kubernetes objects it creates (backups/restores, Secrets, Volumes, etc.) to make them clearly distinguishable
• K8SPXC-1411: Enabling/disabling TLS on a running cluster is now possible simply by toggling the appropriate Custom Resource option
• K8SPXC-1451: The automated storage scaling is now disabled by default and needs to be explicitly enabled with the enableVolumeExpansion Custom Resource option
• K8SPXC-1462: A restart of Percona XtraDB Cluster Pods is now triggered by the monitor user’s password change if the user secret is used within a sidecar container, which can be useful for custom monitoring solutions (Thanks to Vlad Gusev for contribution)
• K8SPXC-1503: Improved logic saves logs from the appearance of a number of temporary non-critical errors related to ProxySQL user sync and non-presence of point-in-time recovery files (Thanks to dcaputo-harmoni for contribution)
• K8SPXC-1500: A new backup.activeDeadlineSeconds Custom Resource option was added to fail the backup job automatically after the specified timeout (Thanks to Vlad Gusev for contribution)
• K8SPXC-1532: The peer-list tool used by the Operator was removed from standard HAProxy, ProxySQL and PXC Docker images because recent Operator versions are adding it with the initContainer approach

Bugs Fixed

• K8SPXC-1222: Fix a bug where upgrading a cluster with hundreds of thousands of tables would fail due to a timeout
• K8SPXC-1398: Fix a bug which sporadically prevented the scheduled backup job Pod from successfully completing the process
• K8SPXC-1413 and K8SPXC-1458: Fix the Operator Pod segfault which was occurring when restoring a backup without backupSource Custom Resource subsection or without storage specified in the backupSource
• K8SPXC-1416: Fix a bug where disabling parallel backups in Custom Resource caused all backups to get stuck in presence of any failed backup
• K8SPXC-1420: Fix a bug where HAProxy exposed at the time of point-in-time restore could make conflicting transactions, causing the PITR Pod stuck on the duplicate key error
• K8SPXC-1422: Fix the cluster endpoint change from the external IP to the service name when upgrading the Operator
• K8SPXC-1444: Fix a bug where Percona XtraDB Cluster initial creation state was changing to “error” if the backup restore was taking too long
• K8SPXC-1454: Fix a bug where the Operator erroneously generated SSL secrets when upgrading from 1.14.0 to 1.15.0 with allowUnsafeConfigurations: true Custom Resource option

Deprecation, Rename and Removal

• Operator versions older than 1.14.1 become incompatible with new HAProxy, ProxySQL and PXC Docker images due to the absence of the peer-list tool in them. If you are still using the older Operator version, make sure to update the Operator before switching to the latest database and proxy images. You can see the list of Percona certified images for the current release, and check image versions certified for previous releases in the documentation archive.

Supported Platforms

The Operator was developed and tested with Percona XtraDB Cluster versions 8.4.2-2.1 (Tech preview), 8.0.39-30.1, and 5.7.44-31.65. Other options may also work but have not been tested. Other software components include:

• Percona XtraBackup versions 8.4.0-1, 8.0.35-30.1 and 2.4.29
• HAProxy 2.8.11
• ProxySQL 2.7.1
• LogCollector based on fluent-bit 3.2.2
• PMM Client 2.44.0

Percona Operators are designed for compatibility with all CNCF-certified Kubernetes distributions. Our release process includes targeted testing and validation on major cloud provider platforms and OpenShift, as detailed below for Operator version 1.16.0:

• Google Kubernetes Engine (GKE) 1.28 - 1.30
• Amazon Elastic Container Service for Kubernetes (EKS) 1.28 - 1.31
• Azure Kubernetes Service (AKS) 1.28 - 1.31
• OpenShift 4.14.42 - 4.17.8
• Minikube 1.34.0 based on Kubernetes 1.31.0

This list only includes the platforms that the Percona Operators are specifically tested on as part of the release process. Other Kubernetes flavors and versions depend on the backward compatibility offered by Kubernetes itself.

v1.14.1

Bugs Fixed

• K8SPXC-1476: Fix a bug where upgrade could put the cluster into a non-operational state if using Storage Classes without the Volume expansion capabilities, by introducing a new enableVolumeExpansion Custom Resource option toggling this functionality

Deprecation, Change, Rename and Removal

• The new enableVolumeExpansion Custom Resource option allows to disable the automated storage scaling with Volume Expansion capability. The default value of this option is false, which means that the automated scaling is turned off by default.

Supported Platforms

The Operator was developed and tested with Percona XtraDB Cluster versions 8.0.35-27.1 and 5.7.44-31.65. Other options may also work but have not been tested. Other software components include:

• Percona XtraBackup versions 2.4.29-1 and 8.0.35-30.1
• HAProxy 2.8.5-1
• ProxySQL 2.5.5-1.1
• LogCollector based on fluent-bit 2.1.10-1
• PMM Client 2.41.1

The following platforms were tested and are officially supported by the Operator 1.14.1:

• Google Kubernetes Engine (GKE) 1.25 - 1.29
• Amazon Elastic Container Service for Kubernetes (EKS) 1.24 - 1.29
• Azure Kubernetes Service (AKS) 1.26 - 1.28
• OpenShift 4.12.50 - 4.14.13
• Minikube 1.32.0

This list only includes the platforms that the Percona Operators are specifically tested on as part of the release process. Other Kubernetes flavors and versions depend on the backward compatibility offered by Kubernetes itself.

v1.15.1

Bugs Fixed

• K8SPXC-1476: Fix a bug where upgrade could put the cluster into a non-operational state if using Storage Classes without the Volume expansion capabilities, by introducing a new enableVolumeExpansion Custom Resource option toggling this functionality

Deprecation, Change, Rename and Removal

• The new enableVolumeExpansion Custom Resource option allows to disable the automated storage scaling with Volume Expansion capability. The default value of this option is false, which means that the automated scaling is turned off by default.

Supported Platforms

The Operator was developed and tested with Percona XtraDB Cluster versions 8.0.36-28.1 and 5.7.44-31.65. Other options may also work but have not been tested. Other software components include:

• Percona XtraBackup versions 8.0.35-30.1 and 2.4.29-1
• HAProxy 2.8.5
• ProxySQL 2.5.5
• LogCollector based on fluent-bit 3.1.4
• PMM Client 2.42.0

The following platforms were tested and are officially supported by the Operator 1.15.0:

• Google Kubernetes Engine (GKE) 1.27 - 1.30
• Amazon Elastic Container Service for Kubernetes (EKS) 1.28 - 1.30
• Azure Kubernetes Service (AKS) 1.28 - 1.30
• OpenShift 4.13.46 - 4.16.7
• Minikube 1.33.1 based on Kubernetes 1.30.0

This list only includes the platforms that the Percona Operators are specifically tested on as part of the release process. Other Kubernetes flavors and versions depend on the backward compatibility offered by Kubernetes itself.

v1.15.0

Release Highlights

General availability of the automated volume resizing

The possibility to resize Persistent Volumes by just changing the value of the resources.requests.storage option in the PerconaXtraDBCluster custom resource, introduced in the previous release as a technical preview, graduates to general availability.

Allowing haproxy-replica Service to cycle through the reader instances only

By default haproxy-replica Service directs connections to all Pods of the database cluster in a round-robin manner. The new haproxy.exposeReplicas.onlyReaders Custom Resource option allows to modify this behavior: setting it to true excludes current MySQL primary instance (writer) from the list, leaving only the reader instances. By default the option is set to false, which means that haproxy-replicas sends traffic to all Pods, including the active writer. The feature can be useful to simplify the application logic by splitting read and write MySQL traffic on the Kubernetes level.

Also, it should be noted that changing haproxy.exposeReplicas.onlyReaders value will cause HAProxy Pods to restart.

Fixing the overloaded allowUnsafeConfigurations flag

In the previous Operator versions allowUnsafeConfigurations Custom Resource option was used to allow configuring a cluster with unsafe parameters, such as starting it with less than 3 Percona XtraDB Cluster instances. In fact, setting this option to true resulted in a wide range of reduced safety features without the user’s explicit intent: disabling TLS, allowing backups in unhealthy clusters, etc.

With this release, a separate unsafeFlags Custom Resource section is introduced for the fine-grained control of the safety loosening features:

unsafeFlags:
  tls: false
  pxcSize: false
  proxySize: false
  backupIfUnhealthy: false

If the appropriate option is set to false and the Operator detects unsafe parameters, it sets cluster status to error, and prints an error message in the log.

Also, TLS configuration is now enabled or disabled by setting unsafeFlags.tls and tls.enabled Custom Resource options to true or false.

New Features

• K8SPXC-1330: A new haproxy.exposeReplicas.onlyReaders Custom Resource option makes haproxy-replicas Service to forward requests to reader instances of the MySQL cluster, avoiding the primary (writer) instance.
• K8SPXC-1355: Finalizers were renamed to contain fully qualified domain names (FQDNs), avoiding potential conflicts with other finalizer names in the same Kubernetes environment

Improvements

• K8SPXC-1357: HAProxy Pod no longer restarts when the operator user’s password changes, which is useful or the applications with persistent connection to MySQL
• K8SPXC-1358: Removing allowUnsafeConfigurations Custom Resource option in favor of fine-grained safety control in the unsafeFlags subsection
• K8SPXC-1368: Kubernetes PVC DataSources for Percona XtraDB Cluster Volumes are now officially supported via the pxc.volumeSpec.persistentVolumeClaim.dataSource subsection in the Custom Resource
• K8SPXC-1385: Dynamic Volume resize now checks resource quotas and the PVC storage limits
• K8SPXC-1423: The percona.com/delete-pxc-pvc finalizer is now able to delete also temporary secrets created by the Operator

Bugs Fixed

• K8SPXC-1067: Fix a bug where changing gracePeriod, nodeSelector, priorityClassName, runtimeClassName, and schedulerName fields in the haproxy Custom Resource subsection didn’t propagate changes to the haproxy StatefulSet
• K8SPXC-1338: Fix a bug where binary log collector Pod had unnecessary restart during the Percona XtraDB Cluster rolling restart
• K8SPXC-1364: Fix a bug where log rotation functionality didn’t work when the proxy_protocol_networks option was enabled in the Percona XtraDB Cluster custom configuration
• K8SPXC-1365: Fix pxc-operator Helm chart bug where it wasn’t able to create namespaces if multiple namespaces were specified in the watchNamespace option
• K8SPXC-1371: Fix a bug in pxc-db Helm chart which had wrong Percona XtraDB Cluster version for the 1.14.0 release and tried to downgrade the database in case of the helm chart upgrade
• K8SPXC-1380: Fix a bug due to which values in the resources requests for the restore job Pod were overwritten by the resources limits ones
• K8SPXC-1381: Fix a bug where HAProxy check script was not correctly identifying all the possible ”offline” state of a PXC instance, causing applications connects to an instance NOT able to serve the query
• K8SPXC-1382: Fix a bug where creating a backup on S3 storage failed automatically if s3.credentialsSecret Custom Resource option was not present
• K8SPXC-1396: The xtrabackup user didn’t have rights to grant privileges available in its own privilege level to other users, which caused the point-in-time recovery fail due to access denied
• K8SPXC-1408: Fix a bug where the Operator blocked all restores (including ones without PiTR) in case of a binlog gap detected, instead of only blocking PiTR restores
• K8SPXC-1418: Fix a bug where CA Certificate generated by cert-manager had expiration period of 1 year instead of the 3 years period used by the Operator for other generated certificates, including ones used for internal and external communications

Deprecation, Rename and Removal

• Starting from now, allowUnsafeConfigurations Custom Resource option is deprecated in favor of a number of options under the unsafeFlags subsection. Also, starting from now the Operator will not set safe defaults automatically. Upgrading existing clusters with allowUnsafeConfiguration=false and a configuration considered unsafe (i.e. pxc.size<3 or tls.enabled=false) will print errors in the log and the cluster will have error status until the values are fixed.

• Finalizers were renamed to contain fully qualified domain names:

  • delete-pxc-pods-in-order renamed to percona.com/delete-pxc-pods-in-order
  • delete-ssl renamed to percona.com/delete-ssl
  • delete-proxysql-pvc renamed to percona.com/delete-proxysql-pvc
  • delete-pxc-pvc renamed to percona.com/delete-pxc-pvc

• The pxc-operator Helm chart now has createNamespace option now is set to false by default, resulting in not creating any namespaces unless explicitly allowed to do so by the user

Supported Platforms

The Operator was developed and tested with Percona XtraDB Cluster versions 8.0.36-28.1 and 5.7.44-31.65. Other options may also work but have not been tested. Other software components include:

• Percona XtraBackup versions 8.0.35-30.1 and 2.4.29-1
• HAProxy 2.8.5
• ProxySQL 2.5.5
• LogCollector based on fluent-bit 3.1.4
• PMM Client 2.42.0

The following platforms were tested and are officially supported by the Operator 1.15.0:

• Google Kubernetes Engine (GKE) 1.27 - 1.30
• Amazon Elastic Container Service for Kubernetes (EKS) 1.28 - 1.30
• Azure Kubernetes Service (AKS) 1.28 - 1.30
• OpenShift 4.13.46 - 4.16.7
• Minikube 1.33.1 based on Kubernetes 1.30.0

This list only includes the platforms that the Percona Operators are specifically tested on as part of the release process. Other Kubernetes flavors and versions depend on the backward compatibility offered by Kubernetes itself.