docs: release 1.28.1 and 1.27.3

Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>

Author: mnencia

website/versioned_docs/version-1.27/appendixes/_category_.json

@@ -0,0 +1,7 @@
+{
+  "label": "Appendixes",
+  "position": 600,
+  "link": {
+    "type": "generated-index"
+  }
+}

website/versioned_docs/version-1.27/appendixes/object_stores.md

@@ -27,6 +27,16 @@ You can also use any compatible implementation of the supported services.
 The required setup depends on the chosen storage provider and is
 discussed in the following sections.
 
+:::note Authentication Methods
+CloudNativePG does not independently test all authentication methods
+supported by `barman-cloud`. CloudNativePG's responsibility is limited to passing
+the provided credentials to `barman-cloud`, which then handles authentication
+according to its own implementation. Users should refer to the
+[Barman Cloud documentation](https://docs.pgbarman.org/release/latest/) to
+verify that their chosen authentication method is supported and properly
+configured.
+:::
+
 ## AWS S3
 
 [AWS Simple Storage Service (S3)](https://aws.amazon.com/s3/) is
@@ -195,17 +205,15 @@ spec:
 [Azure Blob Storage](https://azure.microsoft.com/en-us/services/storage/blobs/) is the
 object storage service provided by Microsoft.
 
-In order to access your storage account for backup and recovery of
-CloudNativePG managed databases, you will need one of the following
-combinations of credentials:
+CloudNativePG supports the following authentication methods for Azure Blob Storage:
 
 - [Connection String](https://docs.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string#configure-a-connection-string-for-an-azure-storage-account)
-- Storage account name and [Storage account access key](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage)
-- Storage account name and [Storage account SAS Token](https://docs.microsoft.com/en-us/azure/storage/blobs/sas-service-create)
-- Storage account name and [Azure AD Workload Identity](https://azure.github.io/azure-workload-identity/docs/introduction.html)
-properly configured.
+- Storage Account Name + [Storage Account Access Key](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage)
+- Storage Account Name + [Storage Account SAS Token](https://docs.microsoft.com/en-us/azure/storage/blobs/sas-service-create)
+- [Azure AD Managed Identity](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview)
+- [Default Azure Credentials](https://learn.microsoft.com/en-us/python/api/azure-identity/azure.identity.defaultazurecredential?view=azure-python)
 
-Using **Azure AD Workload Identity**, you can avoid saving the credentials into a Kubernetes Secret,
+Using **Azure AD Managed Identity**, you can avoid saving the credentials into a Kubernetes Secret,
 and have a Cluster configuration adding the `inheritFromAzureAD` as follows:
 
 ```yaml
@@ -220,6 +228,23 @@ spec:
         inheritFromAzureAD: true
 ```
 
+Alternatively, you can use the **Default Azure Credentials** authentication mechanism, which provides
+a seamless authentication experience by supporting multiple authentication methods including environment
+variables, managed identities, and Azure CLI credentials. Add the `useDefaultAzureCredentials` flag
+as follows:
+
+```yaml
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+[...]
+spec:
+  backup:
+    barmanObjectStore:
+      destinationPath: "<destination path here>"
+      azureCredentials:
+        useDefaultAzureCredentials: true
+```
+
 On the other side, using both **Storage account access key** or **Storage account SAS Token**,
 the credentials need to be stored inside a Kubernetes Secret, adding data entries only when
 needed. The following command performs that:

website/versioned_docs/version-1.27/cloudnative-pg.v1.md

@@ -971,7 +971,7 @@ _Appears in:_
 
 | Field | Description | Required | Default | Validation |
 | --- | --- | --- | --- | --- |
-| `name` _string_ | The name of the extension, required | True |  | MinLength: 1 <br />Pattern: `^[a-z0-9]([-a-z0-9]*[a-z0-9])?$` <br /> |
+| `name` _string_ | The name of the extension, required | True |  | MinLength: 1 <br />Pattern: `^[a-z0-9]([-a-z0-9_]*[a-z0-9])?$` <br /> |
 | `image` _[ImageVolumeSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#imagevolumesource-v1-core)_ | The image containing the extension, required | True |  |  |
 | `extension_control_path` _string array_ | The list of directories inside the image which should be added to extension_control_path.<br />If not defined, defaults to "/share". |  |  |  |
 | `dynamic_library_path` _string array_ | The list of directories inside the image which should be added to dynamic_library_path.<br />If not defined, defaults to "/lib". |  |  |  |
@@ -1200,6 +1200,7 @@ _Appears in:_
 | --- | --- | --- | --- | --- |
 | `podName` _string_ | The pod name |  |  |  |
 | `ContainerID` _string_ | The container ID |  |  |  |
+| `sessionID` _string_ | The instance manager session ID. This is a unique identifier generated at instance manager<br />startup and changes on every restart (including container reboots). Used to detect if<br />the instance manager was restarted during long-running operations like backups, which<br />would terminate any running backup process. |  |  |  |
 
 
 #### InstanceReportedState
@@ -2167,7 +2168,7 @@ _Appears in:_
 | `targetXID` _string_ | The target transaction ID |  |  |  |
 | `targetName` _string_ | The target name (to be previously created<br />with `pg_create_restore_point`) |  |  |  |
 | `targetLSN` _string_ | The target LSN (Log Sequence Number) |  |  |  |
-| `targetTime` _string_ | The target time as a timestamp in the RFC3339 standard |  |  |  |
+| `targetTime` _string_ | The target time as a timestamp in RFC3339 format or PostgreSQL timestamp format.<br />Timestamps without an explicit timezone are interpreted as UTC. |  |  |  |
 | `targetImmediate` _boolean_ | End recovery as soon as a consistent state is reached |  |  |  |
 | `exclusive` _boolean_ | Set the target to be exclusive. If omitted, defaults to false, so that<br />in Postgres, `recovery_target_inclusive` will be true |  |  |  |
 

website/versioned_docs/version-1.27/cncf-projects/_category_.json

@@ -0,0 +1,7 @@
+{
+  "label": "CNCF Projects Integrations",
+  "position": 590,
+  "link": {
+    "type": "generated-index"
+  }
+}

website/versioned_docs/version-1.27/cnpg_i.md

@@ -200,7 +200,7 @@ must include this DNS name in its Subject Alternative Names (SAN).
 
 To enable a plugin, configure the `.spec.plugins` section in your `Cluster`
 resource. Refer to the CloudNativePG API Reference for the full
-[PluginConfiguration](https://cloudnative-pg.io/documentation/current/cloudnative-pg.v1/#postgresql-cnpg-io-v1-PluginConfiguration)
+[PluginConfiguration](https://cloudnative-pg.io/docs/devel/cloudnative-pg.v1/#pluginconfiguration)
 specification.
 
 Example:

website/versioned_docs/version-1.27/connection_pooling.md

@@ -197,15 +197,38 @@ GRANT EXECUTE ON FUNCTION public.user_search(text)
 
 ## Pod templates
 
-You can take advantage of pod templates specification in the `template`
-section of a `Pooler` resource. For details, see
-[`PoolerSpec`](cloudnative-pg.v1.md#poolerspec) in the API reference.
 
-Using templates, you can configure pods as you like, including fine control
-over affinity and anti-affinity rules for pods and nodes. By default,
-containers use images from `ghcr.io/cloudnative-pg/pgbouncer`.
+The `Pooler` resource allows you to customize the underlying pods via the
+`template` section. This provides full access to the Kubernetes `PodSpec` for
+advanced configurations like scheduling constraints, custom security contexts,
+or resource overrides.
 
-This example shows `Pooler` specifying `PodAntiAffinity``:
+For a complete list of supported fields, see the
+[`PoolerSpec`](cloudnative-pg.v1.md#poolerspec) API reference.
+
+### Key requirements
+
+- **The `pgbouncer` container name:** When overriding container settings (like
+  images or resources), the name of the container **must** be set to
+  `pgbouncer`. The operator looks for this specific name to manage the
+  PgBouncer process.
+
+- **Mandatory `containers` field:** Since `template` follows the standard
+  Kubernetes `PodSpec` schema, the `containers` field is mandatory.
+
+- If you aren't modifying container-level settings, you must set it to an empty
+  array: `containers: []`.
+
+- If the `containers` field is missing, the API server will throw a
+  `ValidationError`.
+
+### Examples
+
+#### High availability with pod anti-affinity
+
+This configuration uses `podAntiAffinity` to ensure that PgBouncer pods are
+distributed across different nodes, preventing a single node failure from
+taking down the entire pool.
 
 ```yaml
 apiVersion: postgresql.cnpg.io/v1
@@ -236,16 +259,10 @@ spec:
             topologyKey: "kubernetes.io/hostname"
 ```
 
-:::note
-    Explicitly set `.spec.template.spec.containers` to `[]` when not modified,
-    as it's a required field for a `PodSpec`. If `.spec.template.spec.containers`
-    isn't set, the Kubernetes api-server returns the following error when trying to
-    apply the manifest:`error validating "pooler.yaml": error validating data:
-    ValidationError(Pooler.spec.template.spec): missing required field
-    "containers"`
-:::
+#### Custom image and resource limits
 
-This example sets resources and changes the used image:
+You can specify a custom image and define resource requests/limits. Note that
+the container name is explicitly set to `pgbouncer`.
 
 ```yaml
 apiVersion: postgresql.cnpg.io/v1
@@ -264,6 +281,7 @@ spec:
         app: pooler
     spec:
       containers:
+        # This name MUST be "pgbouncer"
         - name: pgbouncer
           image: my-pgbouncer:latest
           resources:
@@ -624,9 +642,10 @@ spec:
 
 ### Deprecation of Automatic `PodMonitor` Creation
 
-!!!warning "Feature Deprecation Notice"
+:::warning[Feature Deprecation Notice]
     The `.spec.monitoring.enablePodMonitor` field in the `Pooler` resource is
     now deprecated and will be removed in a future version of the operator.
+:::
 
 If you are currently using this feature, we strongly recommend you either
 remove or set `.spec.monitoring.enablePodMonitor` to `false` and manually

website/versioned_docs/version-1.27/imagevolume_extensions.md

@@ -138,9 +138,17 @@ spec:
 
 The `name` field is **mandatory** and **must be unique within the cluster**, as
 it determines the mount path (`/extensions/foo` in this example). It must
-consist of *lowercase alphanumeric characters or hyphens (`-`)* and must start
+consist of *lowercase alphanumeric characters, underscores (`_`) or hyphens (`-`)* and must start
 and end with an alphanumeric character.
 
+:::note
+Extension names containing underscores (e.g., `pg_ivm`) are converted to use
+hyphens (e.g., `pg-ivm`) for Kubernetes volume names to comply with RFC 1123
+DNS label requirements. Do not use extension names that become identical after
+sanitization (e.g., `pg_ivm` and `pg-ivm` both sanitize to `pg-ivm`). The
+webhook validation will prevent such conflicts.
+:::
+
 The `image` stanza follows the [Kubernetes `ImageVolume` API](https://kubernetes.io/docs/tasks/configure-pod-container/image-volumes/).
 The `reference` must point to a valid container registry path for the extension
 image.

website/versioned_docs/version-1.27/installation_upgrade.md

@@ -14,12 +14,12 @@ title: Installation and upgrades
 The operator can be installed like any other resource in Kubernetes,
 through a YAML manifest applied via `kubectl`.
 
-You can install the [latest operator manifest](https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.27/releases/cnpg-1.27.2.yaml)
+You can install the [latest operator manifest](https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.27/releases/cnpg-1.27.3.yaml)
 for this minor release as follows:
 
 ```sh
 kubectl apply --server-side -f \
-  https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.27/releases/cnpg-1.27.2.yaml
+  https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.27/releases/cnpg-1.27.3.yaml
 ```
 
 You can verify that with:

website/versioned_docs/version-1.27/kubectl-plugin.md

@@ -38,11 +38,11 @@ them in your systems.
 
 #### Debian packages
 
-For example, let's install the 1.27.2 release of the plugin, for an Intel based
+For example, let's install the 1.27.3 release of the plugin, for an Intel based
 64 bit server. First, we download the right `.deb` file.
 
 ```sh
-wget https://github.com/cloudnative-pg/cloudnative-pg/releases/download/v1.27.2/kubectl-cnpg_1.27.2_linux_x86_64.deb \
+wget https://github.com/cloudnative-pg/cloudnative-pg/releases/download/v1.27.3/kubectl-cnpg_1.27.3_linux_x86_64.deb \
   --output-document kube-plugin.deb
 ```
 
@@ -53,17 +53,17 @@ $ sudo dpkg -i kube-plugin.deb
 Selecting previously unselected package cnpg.
 (Reading database ... 6688 files and directories currently installed.)
 Preparing to unpack kube-plugin.deb ...
-Unpacking cnpg (1.27.2) ...
-Setting up cnpg (1.27.2) ...
+Unpacking cnpg (1.27.3) ...
+Setting up cnpg (1.27.3) ...
 ```
 
 #### RPM packages
 
-As in the example for `.rpm` packages, let's install the 1.27.2 release for an
+As in the example for `.rpm` packages, let's install the 1.27.3 release for an
 Intel 64 bit machine. Note the `--output` flag to provide a file name.
 
 ```sh
-curl -L https://github.com/cloudnative-pg/cloudnative-pg/releases/download/v1.27.2/kubectl-cnpg_1.27.2_linux_x86_64.rpm \
+curl -L https://github.com/cloudnative-pg/cloudnative-pg/releases/download/v1.27.3/kubectl-cnpg_1.27.3_linux_x86_64.rpm \
   --output kube-plugin.rpm
 ```
 
@@ -77,7 +77,7 @@ Dependencies resolved.
  Package            Architecture         Version                   Repository                  Size
 ====================================================================================================
 Installing:
- cnpg               x86_64               1.27.2                  @commandline                20 M
+ cnpg               x86_64               1.27.3                  @commandline                20 M
 
 Transaction Summary
 ====================================================================================================
@@ -306,9 +306,9 @@ sandbox-3  0/604DE38  0/604DE38  0/604DE38  0/604DE38   00:00:00   00:00:00   00
 Instances status
 Name       Current LSN  Replication role  Status  QoS         Manager Version  Node
 ----       -----------  ----------------  ------  ---         ---------------  ----
-sandbox-1  0/604DE38    Primary           OK      BestEffort  1.27.2           k8s-eu-worker
-sandbox-2  0/604DE38    Standby (async)   OK      BestEffort  1.27.2           k8s-eu-worker2
-sandbox-3  0/604DE38    Standby (async)   OK      BestEffort  1.27.2           k8s-eu-worker
+sandbox-1  0/604DE38    Primary           OK      BestEffort  1.27.3           k8s-eu-worker
+sandbox-2  0/604DE38    Standby (async)   OK      BestEffort  1.27.3           k8s-eu-worker2
+sandbox-3  0/604DE38    Standby (async)   OK      BestEffort  1.27.3           k8s-eu-worker
 ```
 
 If you require more detailed status information, use the `--verbose` option (or
@@ -362,9 +362,9 @@ sandbox-primary  primary  1              1                1
 Instances status
 Name       Current LSN  Replication role  Status  QoS         Manager Version  Node
 ----       -----------  ----------------  ------  ---         ---------------  ----
-sandbox-1  0/6053720    Primary           OK      BestEffort  1.27.2           k8s-eu-worker
-sandbox-2  0/6053720    Standby (async)   OK      BestEffort  1.27.2           k8s-eu-worker2
-sandbox-3  0/6053720    Standby (async)   OK      BestEffort  1.27.2           k8s-eu-worker
+sandbox-1  0/6053720    Primary           OK      BestEffort  1.27.3           k8s-eu-worker
+sandbox-2  0/6053720    Standby (async)   OK      BestEffort  1.27.3           k8s-eu-worker2
+sandbox-3  0/6053720    Standby (async)   OK      BestEffort  1.27.3           k8s-eu-worker
 ```
 
 With an additional `-v` (e.g. `kubectl cnpg status sandbox -v -v`), you can
@@ -600,12 +600,12 @@ Archive:  report_operator_<TIMESTAMP>.zip
 
 ```output
 ====== Beginning of Previous Log =====
-2023-03-28T12:56:41.251711811Z {"level":"info","ts":"2023-03-28T12:56:41Z","logger":"setup","msg":"Starting CloudNativePG Operator","version":"1.27.2","build":{"Version":"1.27.2+dev107","Commit":"cc9bab17","Date":"2023-03-28"}}
+2023-03-28T12:56:41.251711811Z {"level":"info","ts":"2023-03-28T12:56:41Z","logger":"setup","msg":"Starting CloudNativePG Operator","version":"1.27.3","build":{"Version":"1.27.3+dev107","Commit":"cc9bab17","Date":"2023-03-28"}}
 2023-03-28T12:56:41.251851909Z {"level":"info","ts":"2023-03-28T12:56:41Z","logger":"setup","msg":"Starting pprof HTTP server","addr":"0.0.0.0:6060"}
   <snipped …>
 
 ====== End of Previous Log =====
-2023-03-28T12:57:09.854306024Z {"level":"info","ts":"2023-03-28T12:57:09Z","logger":"setup","msg":"Starting CloudNativePG Operator","version":"1.27.2","build":{"Version":"1.27.2+dev107","Commit":"cc9bab17","Date":"2023-03-28"}}
+2023-03-28T12:57:09.854306024Z {"level":"info","ts":"2023-03-28T12:57:09Z","logger":"setup","msg":"Starting CloudNativePG Operator","version":"1.27.3","build":{"Version":"1.27.3+dev107","Commit":"cc9bab17","Date":"2023-03-28"}}
 2023-03-28T12:57:09.854363943Z {"level":"info","ts":"2023-03-28T12:57:09Z","logger":"setup","msg":"Starting pprof HTTP server","addr":"0.0.0.0:6060"}
 ```
 

website/versioned_docs/version-1.27/monitoring.md

@@ -104,9 +104,10 @@ spec:
 
 #### Deprecation of Automatic `PodMonitor` Creation
 
-!!!warning "Feature Deprecation Notice"
+:::warning[Feature Deprecation Notice]
     The `.spec.monitoring.enablePodMonitor` field in the `Cluster` resource is
     now deprecated and will be removed in a future version of the operator.
+:::
 
 If you are currently using this feature, we strongly recommend you either
 remove or set `.spec.monitoring.enablePodMonitor` to `false` and manually