fix(helm): update cnpg group

[renovate]

This PR contains the following updates:

Package	Update	Change
cloudnative-pg (source)	patch	0.26.0 -> 0.26.1
cloudnative-pg/cloudnative-pg	patch	v1.27.0 -> v1.27.1

---

Release Notes

cloudnative-pg/charts (cloudnative-pg)

v0.26.1

Compare Source

CloudNativePG Operator Helm Chart

What's Changed

• chore(deps): update actions/checkout action to v5 by @​renovate[bot] in #​646
• chore(deps): update dependency python to 3.13 by @​renovate[bot] in #​641
• fix(cloudnative-pg): allow access to clusters/status subresource in rbac by @​Preisschild in #​662
• chore(deps): update actions/setup-python action to v6 by @​renovate[bot] in #​678
• chore(deps): update sigstore/cosign-installer action to v3.10.0 by @​renovate[bot] in #​677
• chore(deps): update kyverno/action-install-chainsaw action to v0.2.13 by @​renovate[bot] in #​676
• chore(deps): update azure/setup-helm action to v4.3.1 by @​renovate[bot] in #​675
• chore(deps): update docker/login-action action to v3.6.0 by @​renovate[bot] in #​635
• Update Documentation URL to Current Version by @​shusaan in #​664
• Release cloudnative-pg-v0.26.1 by @​github-actions[bot] in #​696

New Contributors

• @​Preisschild made their first contribution in #​662
• @​shusaan made their first contribution in #​664

Full Changelog: cloudnative-pg/charts@plugin-barman-cloud-v0.2.0...cloudnative-pg-v0.26.1

cloudnative-pg/cloudnative-pg (cloudnative-pg/cloudnative-pg)

v1.27.1

Compare Source

Release date: Oct 23, 2025

Changes

• Delayed the decommissioning of native in-core support for Barman Cloud to at least version 1.29. (#​8670)

• Adopted the new format of postgres-containers and postgis-containers images and image catalog artifacts, and updated the default PostgreSQL version to 18.0-system-trixie (PostgreSQL 18 is now supported). (#​8578, #​8760, #​8558)

• Deprecated the monitoring.enablePodMonitor field in the Cluster and Pooler resources. This field will be removed in a future release. Users who rely on PodMonitor resources should create them manually instead. (#​8753)

Enhancements

• Added support for overriding the PgBouncer auth_type, server_tls_sslmode, and client_tls_sslmode settings, which were previously hardcoded. Default values remain consistent with the former behavior but can now be customized when required. (#​8674)

• Added a CHECKPOINT step before PostgreSQL smart and fast shutdowns to reduce shutdown duration and replica promotion time, especially on systems with a high checkpoint_timeout. (#​8867)

• Added a warning in the instance manager for deprecated or unsupported OS versions, based on the official postgres-containers project. (#​8601)

• Improved certificate parsing error reporting. Failures now log specific errors instead of a generic message, aiding troubleshooting. This is particularly relevant after the CVE-2025-58187 fix in Go 1.25.2 and 1.24.8, which may trigger parsing failures for invalid DNS SANs. (#​8801)

• Added a check to ensure the destination WAL archive path is empty when bootstrapping a cluster using the pg_basebackup method, consistent with other bootstrap methods. (#​8895)

• Added validation to prevent backups from running on hibernated clusters. Backups attempted on such clusters now fail with reason ClusterIsHibernated, following the standard prerequisite check pattern. (#​8870)

• Added support for pprof profiling. Instances can now enable the pprof tool by adding the alpha.cnpg.io/enableInstancePprof annotation to the Cluster resource for advanced debugging. (#​7876)

• cnpg plugin:

  • Updated the Flexible I/O Tester (FIO) image to wallnerryan/fiotools-aio:v2, as provided by Ryan Wallner. (#​8847)

  • Enhanced the cnpg status backup command to provide more detailed status information when using a barman-cloud-based backup plugin. (#​8780, #​8690)

Fixes

• Fixed backup restoration failures when using custom WAL segment sizes with parallel WAL recovery. The operator no longer manages the end-of-WAL file marker during restoration, preventing errors when backups span multiple WAL segments. (#​8873)

• Fixed a bug in major upgrades where a volume snapshot from a previous minor version could be incorrectly used to optimize replica creation. (#​8475)

• Fixed initdb to wait for the application user secret before bootstrapping a new cluster, preventing potential race conditions. (#​8663)

• Fixed quorum-based failover to work correctly in clusters with only two instances using synchronous replication. (#​8680)

• Fixed configuration hash calculation to ignore internal configuration fields, preventing unnecessary reconciliations. (#​8868)

• Fixed the connection retry logic in the cnpgi plugin. The reconciliation loop now detects connection pool changes correctly and uses exponential backoff to reduce "closed pool" errors. (#​8554)

• Fixed volume snapshot usage during replica scaling to work with backup plugins. Previously, this optimization was only available with the in-tree backup implementation, but now clusters using backup plugins can also leverage volume snapshots when creating new replicas. (#​8506)

• Fixed the Pooler templating to correctly inherit settings for the bootstrap controller init container. (#​8394)

• Fixed webhook errors to use the correct API group (postgresql.cnpg.io) in Pooler and backup webhooks, ensuring consistent API error reporting. (#​8485)

• Fixed a potential nil pointer dereference in the hibernation reconciler when handling errors. Contributed by @​PascalBourdier. (#​8756)

• Fixed an issue in the environment cache where callers could inadvertently modify shared data. The LoadEnv function now returns a copy of cached environment slices to prevent mutations from affecting the cache. (#​8880)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[skibidi-renovate]

--- HelmRelease: default/cloudnative-pg ClusterRole: default/cloudnative-pg-view

+++ HelmRelease: default/cloudnative-pg ClusterRole: default/cloudnative-pg-view

@@ -10,12 +10,13 @@

 rules:
 - apiGroups:
   - postgresql.cnpg.io
   resources:
   - backups
   - clusters
+  - clusters/status
   - databases
   - failoverquorums
   - poolers
   - publications
   - scheduledbackups
   - imagecatalogs
--- HelmRelease: default/cloudnative-pg ClusterRole: default/cloudnative-pg-edit

+++ HelmRelease: default/cloudnative-pg ClusterRole: default/cloudnative-pg-edit

@@ -10,12 +10,13 @@

 rules:
 - apiGroups:
   - postgresql.cnpg.io
   resources:
   - backups
   - clusters
+  - clusters/status
   - databases
   - failoverquorums
   - poolers
   - publications
   - scheduledbackups
   - imagecatalogs
--- HelmRelease: default/cloudnative-pg Deployment: default/cloudnative-pg

+++ HelmRelease: default/cloudnative-pg Deployment: default/cloudnative-pg

@@ -14,14 +14,14 @@

     matchLabels:
       app.kubernetes.io/name: cloudnative-pg
       app.kubernetes.io/instance: cloudnative-pg
   template:
     metadata:
       annotations:
-        checksum/rbac: 233dbe38b259ca5579c2b2cf351dd3375513fa0e1f622ec34aabe1c3a8a8103f
-        checksum/monitoring-config: 464e492b29f27ecae2f02003bda9cb7ee82e78294841640d183b33f6c7d37f37
+        checksum/rbac: c1ae5214d5eb64a7900e01f24451017766c772e94dcdca8f5f7a79c409502088
+        checksum/monitoring-config: 5f3b11a95681dfdbbdc793227909c4a35d2894b55f6a45c6e387b4ac7d40b577
       labels:
         app.kubernetes.io/name: cloudnative-pg
         app.kubernetes.io/instance: cloudnative-pg
     spec:
       containers:
       - args:
@@ -31,20 +31,20 @@

         - --config-map-name=cnpg-controller-manager-config
         - --webhook-port=9443
         command:
         - /manager
         env:
         - name: OPERATOR_IMAGE_NAME
-          value: ghcr.io/cloudnative-pg/cloudnative-pg:1.27.0
+          value: ghcr.io/cloudnative-pg/cloudnative-pg:1.27.1
         - name: OPERATOR_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
         - name: MONITORING_QUERIES_CONFIGMAP
           value: cnpg-default-monitoring
-        image: ghcr.io/cloudnative-pg/cloudnative-pg:1.27.0
+        image: ghcr.io/cloudnative-pg/cloudnative-pg:1.27.1
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
             path: /readyz
             port: 9443
             scheme: HTTPS