Release Notes for Couchbase Kubernetes Operator 2.9

The cluster UUID is no longer required when creating remote cluster connections.

You can now specify the cao.couchbase.com/additionalArgs annotation on CouchbaseBackup and CouchbaseRestore resources to pass additional cbbackupmgr arguments to the container.

You can now specify the Couchbase Server password policy using the CouchbaseCluster resource.

You can now specify to preserve the CouchbaseBackupRestore resource after the restore completes.

New TCP tunables (tcpKeepAliveIdle, tcpKeepAliveInterval, tcpKeepAliveProbes, tcpUserTimeout) are now available through the CouchbaseCluster resource when using Couchbase Server 8.0.

Added the logging.configNameReleasePrefix boolean to the Helm chart. The default value is false. When set to true, the Operator prefixes the Fluent Bit configuration with the release name.

You can now specify environment variables for the CouchbaseBackup and CouchbaseBackupRestore pods to allow cbbackupmgr tuning.

spec.monitoring is deprecated and no longer attaches an exporter sidecar to the Couchbase Server pod.

If couchbasecluster.spec.buckets.managed is set to false, restoring from backup automatically creates buckets.

New REST API bucket settings for the Data Service are now available in Couchbase Server 8.0.

You can now specify a merge schedule on the CouchbaseBackup resource.

You can now set the Query Service CompletedStreamSize using the CouchbaseCluster resource.

When using Couchbase Server 8.0, you can no longer create Memcached buckets.

Added RBAC roles for users to match new roles added in Couchbase Server 8.0.

You can now specify default and disk_io_optimized for the Data Service reader threads.

You can now set overheadMemory for autoResourceAllocation to specify a static overhead amount.

cao.couchbase.com/autoCompaction.magmaFragmentationPercentage has been replaced by a field in the CouchbaseCluster CRD.

You can now disable DNS resolution verification when creating pods before activating them in the cluster.

Fixed a bug that caused a panic when a member pod became unresponsive.

Added an upgrade stanza to the CouchbaseCluster resource to give users more control over upgrades.

Updated spec.networking.addressFamily to accept IPv4Only, IPv4Priority, IPv6Only, and IPv6Priority. The existing IPv4 and IPv6 values retain the IPv4Only and IPv6Only behavior, so no change is required for existing configurations.

The MirWatchdog is an out-of-band check that provides additional alerting. It is used when the Operator cannot reconcile a cluster due to reasons outside its control and requires manual user intervention. Scenarios include, but are not limited to, TLS expiration, Couchbase authentication errors, and loss of quorum. This feature is disabled by default but can be enabled and configured by using the mirWatchdog field in the CouchbaseCluster CRD. If the cluster enters this condition, it will:

Added support for the Encryption at Rest feature of Couchbase Server 8.0.

The CouchbaseUser resource now includes an enabled flag to allow administrators to enable or disable user accounts.

The CouchbaseUser resource now allows the administrators to enforce password change on a user’s first login using the couchbaseuser.spec.userPassword.requireInitialChange field.

CouchbaseBucket resources now support durabilityImpossibleFallback with values disabled and fallbackToActiveAck.

Added multiple settings to CouchbaseBucket resources to configure XDCR Conflict Logging.

Added a CouchbaseCluster resource setting that enables auto‑failover of Ephemeral Buckets with no replicas in Couchbase Server 8.0 and later versions.

Added data.diskUsageLimit to the CouchbaseCluster resource to enable Disk Usage Guardrails.

Added support for SDK Telemetry settings in Couchbase Server 8.0 and later versions.

For CouchbaseBuckets, now the default storage engine is magma and the vBucketCount is 128.

In the earlier versions of Couchbase Kubernetes Operator, the metrics port annotation prometheus.io/port was set to 8091, even when TLS was enabled. It now correctly sets to 18091.

EvictionPolicy changes can now be applied to an online bucket during a swap rebalance.

Operator 2.9.0 allows you to set spec.cluster.analytics.numReplicas. This feature is supported only on Couchbase Server 7.6 and later versions.

Fixed an issue where metrics scrapes became too large when the Operator managed many clusters.

Full backups can now be resumed.

Fixed an issue where the Operator failed to remove pods from the cluster.

Fixed an issue where log message tags were inconsistent.

Fixed an issue that caused upgrades to fail when image definitions used SHA256 digests.

Removing a server group from a cluster that uses InPlaceUpgrades can cause the Operator to fail to reconcile the cluster.

The CouchbaseCluster CRD now exceeds the size limit for client-side apply. Use the --server-side option with kubectl apply to apply the resource.

When running in mixed mode and before the upgrade to 8.0 completes, creating a Memcached bucket can cause the Operator to fail reconciliation.

Upgrading the Couchbase Kubernetes Operator while the cluster is not fully upgraded causes the Operator to complete the cluster upgrade immediately.

The CouchbaseRestore resource status may fail to update from Couchbase Backup containers. This does not prevent the restore from occurring.

Changing the server groups applied to a server class while the Operator is recovering a pod can block reconciliation.

Operator must be paused when using cao create pod. Otherwise, the Operator identifies the pod as foreign and removes it.

Editing a Couchbase bucket storage backend while enabling or disabling BucketMigrationRoutines on a CouchbaseCluster can trigger a race condition that leads to an unreconcilable state.

When spec.networking.addressFamily is set to IPv6Priority or IPv6Only, the Operator creates the cluster Service as IPv4 SingleStack, which causes pod launch failures. Patching the Service to PreferDualStack (IPv4, IPv6) allows the cluster to be created.

Attempting to change bucket settings during a storage backend migration causes the Operator to fail to reconcile the cluster.

The admission controller allows you to set the collectionHistoryDefault value on Couchstore buckets. This setting has no effect on Couchstore buckets.

Attempting to change the evictionPolicy setting during a storage backend migration while OnlineEvictionPolicyChange is true can lead to an unreconcilable state.

Manually editing a bucket’s storage backend with BucketMigrationRoutines disabled can prevent the Operator from reconciling the cluster.

You can start a Couchbase Server upgrade while a Bucket Storage Backend Migration is in progress. This can result in an unreconcilable state.

Manual Intervention Watchdog does not clear the rebalancing condition when entering the Manual Intervention Required condition.

Reconciliation can begin before the Manual Intervention Watchdog is fully disabled.

During stabilization, the Operator reconciles some, but not all CouchbaseCluster settings.

It is possible to set replicas lower than the minimum required for a CouchbaseCluster when using an Ephemeral bucket.

The dynamic admission controller treats the default bucket storage backend as Couchstore, even on 8.0 clusters.

The order of password policy updates and user password changes can affect whether the Operator can make these changes successfully.

It’s possible to rotate admin credentials to a password that does not meet the cluster password policy, which can prevent the Operator from reconciling the cluster.

Setting reader and writer threads to balanced during an upgrade from Couchbase Server 7.6 to 8.0 can cause memcached to crash. Removing the reader and writer thread settings from the CRD resolves the issue.

Enabling shard affinity in mixed mode, before the cluster fully supports the setting, can cause the Operator to fail reconciliation.

The Operator may not clear the unreconcilable condition after the resource is fixed.

Holding a cluster in mixed mode between 7.2.x and 7.6.x can prevent the Operator from reconciling some cluster settings.

Remaining in mixed mode on older Couchbase Server versions can cause the Operator to log errors due to incorrect version checks.

You cannot currently specify Arbiter nodes in the services order during an upgrade.

The Operator can update Index Storage settings twice accidentally.

The Operator can update the Fluent Bit configuration accidentally.

While processing a bucket migration, the Operator does not send the correct online change flag for modifications to Couchbase Server when changing the Eviction Policy.

The admission controller allows encryption at rest to be enabled in mixed mode.

The admission controller allows use of the Couchbase User spec.user field for users that reference clusters not running version 8.0.0.