zalando · idanovinda · Jan 20, 2026 · Jan 23, 2026 · Jan 23, 2026 · Jan 23, 2026
@@ -29,13 +29,13 @@ pipelines with no access to Kubernetes API directly, promoting infrastructure as
 
 ### PostgreSQL features
 
-* Supports PostgreSQL 17, starting from 13+
+* Supports PostgreSQL 18, starting from 14+
 * Streaming replication cluster via Patroni
 * Point-In-Time-Recovery with
-[pg_basebackup](https://www.postgresql.org/docs/17/app-pgbasebackup.html) /
+[pg_basebackup](https://www.postgresql.org/docs/18/app-pgbasebackup.html) /
 [WAL-G](https://github.com/wal-g/wal-g) or [WAL-E](https://github.com/wal-e/wal-e) via [Spilo](https://github.com/zalando/spilo)
 * Preload libraries: [bg_mon](https://github.com/CyberDem0n/bg_mon),
-[pg_stat_statements](https://www.postgresql.org/docs/17/pgstatstatements.html),
+[pg_stat_statements](https://www.postgresql.org/docs/18/pgstatstatements.html),
 [pgextwlist](https://github.com/dimitri/pgextwlist),
 [pg_auth_mon](https://github.com/RafiaSabih/pg_auth_mon)
 * Incl. popular Postgres extensions such as

@@ -84,11 +84,11 @@ spec:
                   "limit_iops": 16000,
                   "limit_throughput": 1000,
                   "postgresql_versions": [
+                    "18",
                     "17",
                     "16",
                     "15",
                     "14",
-                    "13"
                   ]
                 }
             {{- if .Values.extraEnvs }}

@@ -68,7 +68,7 @@ spec:
                   type: string
               docker_image:
                 type: string
-                default: "ghcr.io/zalando/spilo-17:4.0-p3"
+                default: "ghcr.io/zalando/spilo-18-dev:6a722f01"
               enable_crd_registration:
                 type: boolean
                 default: true
@@ -174,10 +174,10 @@ spec:
                       type: string
                   minimal_major_version:
                     type: string
-                    default: "13"
+                    default: "14"
                   target_major_version:
                     type: string
-                    default: "17"
+                    default: "18"
               kubernetes:
                 type: object
                 properties:

@@ -374,11 +374,11 @@ spec:
                   version:
                     type: string
                     enum:
-                      - "13"
                       - "14"
                       - "15"
                       - "16"
                       - "17"
+                      - "18"
                   parameters:
                     type: object
                     additionalProperties:

@@ -31,14 +31,12 @@ configGeneral:
   enable_pgversion_env_var: true
   # start any new database pod without limitations on shm memory
   enable_shm_volume: true
-  # enables backwards compatible path between Spilo 12 and Spilo 13+ images
-  enable_spilo_wal_path_compat: false
   # operator will sync only clusters where name starts with teamId prefix
   enable_team_id_clustername_prefix: false
   # etcd connection string for Patroni. Empty uses K8s-native DCS.
   etcd_host: ""
   # Spilo docker image
-  docker_image: ghcr.io/zalando/spilo-17:4.0-p3
+  docker_image: ghcr.io/zalando/spilo-18-dev:6a722f01
 
   # key name for annotation to ignore globally configured instance limits
   # ignore_instance_limits_annotation_key: ""
@@ -96,9 +94,9 @@ configMajorVersionUpgrade:
   # - acid
 
   # minimal Postgres major version that will not automatically be upgraded
-  minimal_major_version: "13"
+  minimal_major_version: "14"
   # target Postgres major version when upgrading clusters automatically
-  target_major_version: "17"
+  target_major_version: "18"
 
 configKubernetes:
   # list of additional capabilities for postgres container

@@ -1312,7 +1312,7 @@ aws_or_gcp:
 
 If cluster members have to be (re)initialized restoring physical backups
 happens automatically either from the backup location or by running
-[pg_basebackup](https://www.postgresql.org/docs/17/app-pgbasebackup.html)
+[pg_basebackup](https://www.postgresql.org/docs/18/app-pgbasebackup.html)
 on one of the other running instances (preferably replicas if they do not lag
 behind). You can test restoring backups by [cloning](user.md#how-to-clone-an-existing-postgresql-cluster)
 clusters.

@@ -647,7 +647,7 @@ the global configuration before adding the `tls` section'.
 ## Change data capture streams
 
 This sections enables change data capture (CDC) streams via Postgres' 
-[logical decoding](https://www.postgresql.org/docs/17/logicaldecoding.html)
+[logical decoding](https://www.postgresql.org/docs/18/logicaldecoding.html)
 feature and `pgoutput` plugin. While the Postgres operator takes responsibility
 for providing the setup to publish change events, it relies on external tools
 to consume them. At Zalando, we are using a workflow based on
@@ -680,7 +680,7 @@ can have the following properties:
   The CDC operator is following the [outbox pattern](https://debezium.io/blog/2019/02/19/reliable-microservices-data-exchange-with-the-outbox-pattern/).
   The application is responsible for putting events into a (JSON/B or VARCHAR)
   payload column of the outbox table in the structure of the specified target
-  event type. The operator will create a [PUBLICATION](https://www.postgresql.org/docs/17/logical-replication-publication.html)
+  event type. The operator will create a [PUBLICATION](https://www.postgresql.org/docs/18/logical-replication-publication.html)
   in Postgres for all tables specified for one `database` and `applicationId`.
   The CDC operator will consume from it shortly after transactions are
   committed to the outbox table. The `idColumn` will be used in telemetry for

@@ -268,12 +268,12 @@ CRD-configuration, they are grouped under the `major_version_upgrade` key.
 
 * **minimal_major_version**
   The minimal Postgres major version that will not automatically be upgraded
-  when `major_version_upgrade_mode` is set to `"full"`. The default is `"13"`.
+  when `major_version_upgrade_mode` is set to `"full"`. The default is `"14"`.
 
 * **target_major_version**
   The target Postgres major version when upgrading clusters automatically
   which violate the configured allowed `minimal_major_version` when
-  `major_version_upgrade_mode` is set to `"full"`. The default is `"17"`.
+  `major_version_upgrade_mode` is set to `"full"`. The default is `"18"`.
 
 ## Kubernetes resources
 

@@ -30,7 +30,7 @@ spec:
   databases:
     foo: zalando
   postgresql:
-    version: "17"
+    version: "18"
 ```
 
 Once you cloned the Postgres Operator [repository](https://github.com/zalando/postgres-operator)
@@ -109,7 +109,7 @@ metadata:
 spec:
   [...]
   postgresql:
-    version: "17"
+    version: "18"
     parameters:
       password_encryption: scram-sha-256
 ```
@@ -517,7 +517,7 @@ Postgres Operator will create the following NOLOGIN roles:
 
 The `<dbname>_owner` role is the database owner and should be used when creating
 new database objects. All members of the `admin` role, e.g. teams API roles, can
-become the owner with the `SET ROLE` command. [Default privileges](https://www.postgresql.org/docs/17/sql-alterdefaultprivileges.html)
+become the owner with the `SET ROLE` command. [Default privileges](https://www.postgresql.org/docs/18/sql-alterdefaultprivileges.html)
 are configured for the owner role so that the `<dbname>_reader` role
 automatically gets read-access (SELECT) to new tables and sequences and the
 `<dbname>_writer` receives write-access (INSERT, UPDATE, DELETE on tables,
@@ -594,7 +594,7 @@ spec:
 
 ### Schema `search_path` for default roles
 
-The schema [`search_path`](https://www.postgresql.org/docs/17/ddl-schemas.html#DDL-SCHEMAS-PATH)
+The schema [`search_path`](https://www.postgresql.org/docs/18/ddl-schemas.html#DDL-SCHEMAS-PATH)
 for each role will include the role name and the schemas, this role should have
 access to. So `foo_bar_writer` does not have to schema-qualify tables from
 schemas `foo_bar_writer, bar`, while `foo_writer` can look up `foo_writer` and
@@ -695,7 +695,7 @@ handle it.
 
 ### HugePages support
 
-The operator supports [HugePages](https://www.postgresql.org/docs/17/kernel-resources.html#LINUX-HUGEPAGES).
+The operator supports [HugePages](https://www.postgresql.org/docs/18/kernel-resources.html#LINUX-HUGEPAGES).
 To enable HugePages, set the matching resource requests and/or limits in the manifest:
 
 ```yaml
@@ -757,7 +757,7 @@ If you need to define a `nodeAffinity` for all your Postgres clusters use the
 
 ## In-place major version upgrade
 
-Starting with Spilo 13, operator supports in-place major version upgrade to a
+Starting with Spilo 14, operator supports in-place major version upgrade to a
 higher major version (e.g. from PG 14 to PG 16). To trigger the upgrade,
 simply increase the version in the manifest. It is your responsibility to test
 your applications against the new version before the upgrade; downgrading is
@@ -792,7 +792,7 @@ spec:
   clone:
     uid: "efd12e58-5786-11e8-b5a7-06148230260c"
     cluster: "acid-minimal-cluster"
-    timestamp: "2017-12-19T12:40:33+01:00"
+    timestamp: "2025-12-19T12:40:33+01:00"
 ```
 
 Here `cluster` is a name of a source cluster that is going to be cloned. A new
@@ -827,7 +827,7 @@ spec:
   clone:
     uid: "efd12e58-5786-11e8-b5a7-06148230260c"
     cluster: "acid-minimal-cluster"
-    timestamp: "2017-12-19T12:40:33+01:00"
+    timestamp: "2025-12-19T12:40:33+01:00"
     s3_wal_path: "s3://custom/path/to/bucket"
     s3_endpoint: https://s3.acme.org
     s3_access_key_id: 0123456789abcdef0123456789abcdef
@@ -838,7 +838,7 @@ spec:
 ### Clone directly
 
 Another way to get a fresh copy of your source DB cluster is via
-[pg_basebackup](https://www.postgresql.org/docs/17/app-pgbasebackup.html). To
+[pg_basebackup](https://www.postgresql.org/docs/18/app-pgbasebackup.html). To
 use this feature simply leave out the timestamp field from the clone section.
 The operator will connect to the service of the source cluster by name. If the
 cluster is called test, then the connection string will look like host=test

@@ -8,7 +8,7 @@ IFS=$'\n\t'
 
 readonly cluster_name="postgres-operator-e2e-tests"
 readonly kubeconfig_path="${HOME}/kind-config-${cluster_name}"
-readonly spilo_image="registry.opensource.zalan.do/acid/spilo-17-e2e:0.3"
+readonly spilo_image="ghcr.io/zalando/spilo-18-dev:6a722f01"
 readonly e2e_test_runner_image="ghcr.io/zalando/postgres-operator-e2e-tests-runner:latest"
 
 export GOPATH=${GOPATH-~/go}

@@ -12,9 +12,9 @@
 from tests.k8s_api import K8s
 from kubernetes.client.rest import ApiException
 
-SPILO_CURRENT = "registry.opensource.zalan.do/acid/spilo-17-e2e:0.3"
-SPILO_LAZY = "registry.opensource.zalan.do/acid/spilo-17-e2e:0.4"
-SPILO_FULL_IMAGE = "ghcr.io/zalando/spilo-17:4.0-p3"
+SPILO_CURRENT = "ghcr.io/zalando/spilo-18-dev:6a722f01"
+SPILO_LAZY = "ghcr.io/zalando/spilo-17:4.0-p3"
+SPILO_FULL_IMAGE = "ghcr.io/zalando/spilo-18-dev:6a722f01"
 
 def to_selector(labels):
     return ",".join(["=".join(lbl) for lbl in labels.items()])
@@ -72,7 +72,7 @@ def eventuallyTrue(self, f, m, retries=60, interval=2):
                 time.sleep(interval)
 
     @classmethod
-    @timeout_decorator.timeout(TEST_TIMEOUT_SEC)
+    @timeout_decorator.timeout(1800)
     def setUpClass(cls):
         '''
         Deploy operator to a "kind" cluster created by run.sh using examples from /manifests.
@@ -151,6 +151,18 @@ def setUpClass(cls):
             'default', label_selector='name=postgres-operator').items[0].spec.containers[0].image
         print("Tested operator image: {}".format(actual_operator_image))  # shows up after tests finish
 
+        # load minimal Postgres manifest and wait for cluster to be up and running
+        with open("manifests/minimal-postgres-manifest.yaml", 'r') as f:
+            postgres_manifest = yaml.safe_load(f)
+
+        # specify SPILO_PROVIDER to local to avoid S3 connection attempts in tests
+        postgres_manifest.setdefault("spec", {})["env"] = [
+            {"name": "SPILO_PROVIDER", "value": "local"}
+        ]
+
+        with open("manifests/minimal-postgres-manifest.yaml", 'w') as f:
+            yaml.dump(postgres_manifest, f, Dumper=yaml.Dumper)
+
         result = k8s.create_with_kubectl("manifests/minimal-postgres-manifest.yaml")
         print('stdout: {}, stderr: {}'.format(result.stdout, result.stderr))
         try:
@@ -1211,25 +1223,25 @@ def get_annotations():
         k8s.create_with_kubectl("manifests/minimal-postgres-lowest-version-manifest.yaml")
         self.eventuallyEqual(lambda: k8s.count_running_pods(labels=cluster_label), 2, "No 2 pods running")
         self.eventuallyEqual(lambda: k8s.get_operator_state(), {"0": "idle"}, "Operator does not get in sync")
-        self.eventuallyEqual(check_version, 13, "Version is not correct")
+        self.eventuallyEqual(check_version, 14, "Version is not correct")
 
         master_nodes, _ = k8s.get_cluster_nodes(cluster_labels=cluster_label)
         # should upgrade immediately
-        pg_patch_version_14 = {
+        pg_patch_version_higher_version = {
             "spec": {
                 "postgresql": {
-                    "version": "14"
+                    "version": "15"
                 }
             }
         }
         k8s.api.custom_objects_api.patch_namespaced_custom_object(
-            "acid.zalan.do", "v1", "default", "postgresqls", "acid-upgrade-test", pg_patch_version_14)
+            "acid.zalan.do", "v1", "default", "postgresqls", "acid-upgrade-test", pg_patch_version_higher_version)
         self.eventuallyEqual(lambda: k8s.get_operator_state(), {"0": "idle"}, "Operator does not get in sync")
 
         k8s.wait_for_pod_failover(master_nodes, 'spilo-role=replica,' + cluster_label)
         k8s.wait_for_pod_start('spilo-role=master,' + cluster_label)
         k8s.wait_for_pod_start('spilo-role=replica,' + cluster_label)
-        self.eventuallyEqual(check_version, 14, "Version should be upgraded from 13 to 14")
+        self.eventuallyEqual(check_version, 15, "Version should be upgraded from 14 to 15")
 
         # check if annotation for last upgrade's success is set
         annotations = get_annotations()
@@ -1238,34 +1250,34 @@ def get_annotations():
         # should not upgrade because current time is not in maintenanceWindow
         current_time = datetime.now()
         maintenance_window_future = f"{(current_time+timedelta(minutes=60)).strftime('%H:%M')}-{(current_time+timedelta(minutes=120)).strftime('%H:%M')}"
-        pg_patch_version_15_outside_mw = {
+        pg_patch_version_higher_version_outside_mw = {
             "spec": {
                 "postgresql": {
-                    "version": "15"
+                    "version": "16"
                 },
                 "maintenanceWindows": [
                     maintenance_window_future
                 ]
             }
         }
         k8s.api.custom_objects_api.patch_namespaced_custom_object(
-            "acid.zalan.do", "v1", "default", "postgresqls", "acid-upgrade-test", pg_patch_version_15_outside_mw)
+            "acid.zalan.do", "v1", "default", "postgresqls", "acid-upgrade-test", pg_patch_version_higher_version_outside_mw)
         self.eventuallyEqual(lambda: k8s.get_operator_state(), {"0": "idle"}, "Operator does not get in sync")
 
         # no pod replacement outside of the maintenance window
         k8s.wait_for_pod_start('spilo-role=master,' + cluster_label)
         k8s.wait_for_pod_start('spilo-role=replica,' + cluster_label)
-        self.eventuallyEqual(check_version, 14, "Version should not be upgraded")
+        self.eventuallyEqual(check_version, 15, "Version should not be upgraded")
 
         second_annotations = get_annotations()
         self.assertIsNone(second_annotations.get("last-major-upgrade-failure"), "Annotation for last upgrade's failure should not be set")
 
         # change maintenanceWindows to current
         maintenance_window_current = f"{(current_time-timedelta(minutes=30)).strftime('%H:%M')}-{(current_time+timedelta(minutes=30)).strftime('%H:%M')}"
-        pg_patch_version_15_in_mw = {
+        pg_patch_version_higher_version_in_mw = {
             "spec": {
                 "postgresql": {
-                    "version": "15"
+                    "version": "16"
                 },
                 "maintenanceWindows": [
                     maintenance_window_current
@@ -1274,50 +1286,50 @@ def get_annotations():
         }
 
         k8s.api.custom_objects_api.patch_namespaced_custom_object(
-            "acid.zalan.do", "v1", "default", "postgresqls", "acid-upgrade-test", pg_patch_version_15_in_mw)
+            "acid.zalan.do", "v1", "default", "postgresqls", "acid-upgrade-test", pg_patch_version_higher_version_in_mw)
         self.eventuallyEqual(lambda: k8s.get_operator_state(), {"0": "idle"}, "Operator does not get in sync")
 
         k8s.wait_for_pod_failover(master_nodes, 'spilo-role=master,' + cluster_label)
         k8s.wait_for_pod_start('spilo-role=master,' + cluster_label)
         k8s.wait_for_pod_start('spilo-role=replica,' + cluster_label)
-        self.eventuallyEqual(check_version, 15, "Version should be upgraded from 14 to 15")
+        self.eventuallyEqual(check_version, 16, "Version should be upgraded from 15 to 16")
 
         # check if annotation for last upgrade's success is updated after second upgrade
         third_annotations = get_annotations()
         self.assertIsNotNone(third_annotations.get("last-major-upgrade-success"), "Annotation for last upgrade's success is not set")
         self.assertNotEqual(annotations.get("last-major-upgrade-success"), third_annotations.get("last-major-upgrade-success"), "Annotation for last upgrade's success is not updated")
 
         # test upgrade with failed upgrade annotation
-        pg_patch_version_17 = {
+        pg_patch_version_highest_version = {
             "metadata": {
                 "annotations": {
                     "last-major-upgrade-failure": "2024-01-02T15:04:05Z"
                 },
             },
             "spec": {
                 "postgresql": {
-                    "version": "17"
+                    "version": "18"
                 },
             },
         }
         k8s.api.custom_objects_api.patch_namespaced_custom_object(
-            "acid.zalan.do", "v1", "default", "postgresqls", "acid-upgrade-test", pg_patch_version_17)
+            "acid.zalan.do", "v1", "default", "postgresqls", "acid-upgrade-test", pg_patch_version_highest_version)
         self.eventuallyEqual(lambda: k8s.get_operator_state(), {"0": "idle"}, "Operator does not get in sync")
 
         k8s.wait_for_pod_failover(master_nodes, 'spilo-role=replica,' + cluster_label)
         k8s.wait_for_pod_start('spilo-role=master,' + cluster_label)
         k8s.wait_for_pod_start('spilo-role=replica,' + cluster_label)
-        self.eventuallyEqual(check_version, 15, "Version should not be upgraded because annotation for last upgrade's failure is set")
+        self.eventuallyEqual(check_version, 16, "Version should not be upgraded because annotation for last upgrade's failure is set")
 
-        # change the version back to 15 and should remove failure annotation
+        # change the version back to 16 and should remove failure annotation
         k8s.api.custom_objects_api.patch_namespaced_custom_object(
-            "acid.zalan.do", "v1", "default", "postgresqls", "acid-upgrade-test", pg_patch_version_15_in_mw)
+            "acid.zalan.do", "v1", "default", "postgresqls", "acid-upgrade-test", pg_patch_version_higher_version_in_mw)
         self.eventuallyEqual(lambda: k8s.get_operator_state(), {"0": "idle"}, "Operator does not get in sync")
 
         k8s.wait_for_pod_start('spilo-role=master,' + cluster_label)
         k8s.wait_for_pod_start('spilo-role=replica,' + cluster_label)
 
-        self.eventuallyEqual(check_version, 15, "Version should not be upgraded from 15")
+        self.eventuallyEqual(check_version, 16, "Version should not be upgraded from 16")
         fourth_annotations = get_annotations()
         self.assertIsNone(fourth_annotations.get("last-major-upgrade-failure"), "Annotation for last upgrade's failure is not removed")