couchbase · rao-shwe · Dec 11, 2025 · Dec 11, 2025 · Dec 11, 2025 · Dec 11, 2025
diff --git a/modules/ROOT/pages/release-notes.adoc b/modules/ROOT/pages/release-notes.adoc
@@ -1,68 +1,200 @@
+= Release Notes for Couchbase Kubernetes Operator 2.9
+
+This page summarizes the fixes and changes in Couchbase Kubernetes Operator 2.9, and links to the associated issues and documentation.
+
+== New Features
+
+For information about new features and major improvements made in Couchbase Kubernetes Operator 2.9, see xref:whats-new.adoc[What's New].
+
 [#release-290]
-== Release 2.9.0 (November 2025)
+== Release 2.9 (December 2025)
 
-Couchbase Operator 2.9.0 was released in November 2025.
-This maintenance release contains fixes to issues.
+Couchbase Kubernetes Operator 2.9 was released in December 2025.
+This release contains fixes to issues.
 
 [#fixed-issues-v290]
-== Fixed Issues
+== Fixed Issues in 2.9
+
+The issues fixed in this release are as follows.
+
+*https://jira.issues.couchbase.com/browse/K8S-1537/[K8S-1537]*::
+
+The cluster UUID is no longer required when creating remote cluster connections.
+
+*https://jira.issues.couchbase.com/browse/K8S-2829/[K8S-2829]*::
+
+You can now specify the `cao.couchbase.com/additionalArgs` annotation on CouchbaseBackup and CouchbaseRestore resources to pass additional `cbbackupmgr` arguments to the container.
 
+*https://jira.issues.couchbase.com/browse/K8S-3016/[K8S-3016]*::
+
+You can now specify the Couchbase Server password policy using the CouchbaseCluster resource.
+
+*https://jira.issues.couchbase.com/browse/K8S-3121/[K8S-3121]*::
+
+You can now specify to preserve the CouchbaseBackupRestore resource after the restore completes.
+
+*https://jira.issues.couchbase.com/browse/K8S-3153/[K8S-3153]*::
+
+New TCP tunables (`tcpKeepAliveIdle`, `tcpKeepAliveInterval`, `tcpKeepAliveProbes`, `tcpUserTimeout`) are now available through the CouchbaseCluster resource when using Couchbase Server 8.0.
 
 *https://jira.issues.couchbase.com/browse/K8S-3258/[K8S-3258]*::
 
-Added a new `logging.configNameReleasePrefix` boolean to the helm chart.
-This defaults to false, but setting it to true will prefix the fluent-bit config with the release name.
-Setting this to true for existing clusters will trigger recreation of all pods so should only really be used for new clusters.
+Added the `logging.configNameReleasePrefix` boolean to the Helm chart.
+The default value is `false`.
+When set to `true`, the Operator prefixes the Fluent Bit configuration with the release name.
++
+Couchbase recommends enabling this setting only on new clusters because enabling it on existing clusters triggers recreation of all pods.
 
-*https://jira.issues.couchbase.com/browse/K8S-4091/[K8S-4091]*::
+*https://jira.issues.couchbase.com/browse/K8S-3371/[K8S-3371]*::
+
+You can now specify environment variables for the CouchbaseBackup and CouchbaseBackupRestore pods to allow `cbbackupmgr` tuning.
+
+*https://jira.issues.couchbase.com/browse/K8S-3434/[K8S-3434]*::
+
+`spec.monitoring` is deprecated and no longer attaches an exporter sidecar to the Couchbase Server pod.
+
+*https://jira.issues.couchbase.com/browse/K8S-3535/[K8S-3535]*::
+
+If `couchbasecluster.spec.buckets.managed` is set to `false`, restoring from backup automatically creates buckets.
+
+*https://jira.issues.couchbase.com/browse/K8S-3616/[K8S-3616]*::
+
+New REST API bucket settings for the Data Service are now available in Couchbase Server 8.0.
+
+*https://jira.issues.couchbase.com/browse/K8S-3638/[K8S-3638]*::
+
+You can now specify a merge schedule on the CouchbaseBackup resource.
+
+*https://jira.issues.couchbase.com/browse/K8S-3646/[K8S-3646]*::
+
+You can now set the Query Service `CompletedStreamSize` using the CouchbaseCluster resource.
+
+*https://jira.issues.couchbase.com/browse/K8S-3650/[K8S-3650]*::
+
+When using Couchbase Server 8.0, you can no longer create Memcached buckets.
+
+*https://jira.issues.couchbase.com/browse/K8S-3715/[K8S-3715]*::
+
+Added RBAC roles for users to match new roles added in Couchbase Server 8.0.
+
+*https://jira.issues.couchbase.com/browse/K8S-3786/[K8S-3786]*::
+
+You can now specify `default` and `disk_io_optimized` for the Data Service reader threads.
+
+*https://jira.issues.couchbase.com/browse/K8S-3917/[K8S-3917]*::
+
+You can now set `overheadMemory` for `autoResourceAllocation` to specify a static overhead amount.
+
+*https://jira.issues.couchbase.com/browse/K8S-3951/[K8S-3951]*::
 
-Updated the `spec.networking.addressFamily` field to accept `IPv4Only`, `IPv4Priority`, `IPv6Only` and `IPv6Priority`.
-The current `IPv4/IPv6` values will have the `Ipv4/6Only` functionality.
-I.e.
-customers that have set the fields will not see any change.
+`cao.couchbase.com/autoCompaction.magmaFragmentationPercentage` has been replaced by a field in the CouchbaseCluster CRD.
 
+*https://jira.issues.couchbase.com/browse/K8S-4013/[K8S-4013]*::
+
+You can now disable DNS resolution verification when creating pods before activating them in the cluster.
+
+*https://jira.issues.couchbase.com/browse/K8S-4016/[K8S-4016]*::
+
+Fixed a bug that caused a panic when a member pod became unresponsive.
+
+*https://jira.issues.couchbase.com/browse/K8S-4028/[K8S-4028]*::
+
+Added an upgrade stanza to the CouchbaseCluster resource to give users more control over upgrades.
+
+*https://jira.issues.couchbase.com/browse/K8S-4091/[K8S-4091]*::
+
+Updated `spec.networking.addressFamily` to accept `IPv4Only`, `IPv4Priority`, `IPv6Only`, and `IPv6Priority`.
+The existing `IPv4` and `IPv6` values retain the `IPv4Only` and `IPv6Only` behavior, so no change is required for existing configurations.
++
+These values are deprecated and will be removed in a future release.
 +
-These should be considered deprecated and will be removed in a future release.
- +
-The priority/only choice determines whether `addressFamilyOnly` is true or false.
+The priority or only option determines whether `addressFamilyOnly` is set to `true` or `false`.
 
 *https://jira.issues.couchbase.com/browse/K8S-4097/[K8S-4097]*::
 
-The MirWatchdog is an out-of-band check that allows for additional alerting to be in place in the unlikely scenario that an Operator is unable to reconcile a cluster due to reasons outside of its controls/capabilities and which therefore require manual intervention by a user to resolve.
-Scenarios include but are not limited to, tls expiration, couchbase authentication errors and loss of quorum.
-By default this is disabled, but can be enabled and configured using the `mirWatchdog` field in the couchbase cluster CRD.
+The MirWatchdog is an out-of-band check that provides additional alerting.
+It is used when the Operator cannot reconcile a cluster due to reasons outside its control and requires manual user intervention.
+Scenarios include, but are not limited to, TLS expiration, Couchbase authentication errors, and loss of quorum.
+This feature is disabled by default but can be enabled and configured by using the `mirWatchdog` field in the CouchbaseCluster CRD.
 If the cluster enters this condition, it will:
 +
-* Set the cluster_manual_intervention gauge metric to 1
-* Add (where possible) the `ManualInterventionRequired` condition to the cluster, with a message detailing the reason for entering the MIR state.
-* Raise a `ManualInterventionRequired` Kubernetes event, with the event message set to the reason for entering manual intervention
-* Optionally, reconciliation will be skipped until the manual intervention required state has been resolved, i.e.
-the issue that put the cluster into that condition has been fixed.
+* Set the `cluster_manual_intervention` gauge metric to `1`.
+* Add the `ManualInterventionRequired` condition to the cluster, where possible, with a message describing the reason for entering the MIR state.
+* Raise a `ManualInterventionRequired` Kubernetes event, with the message describing the reason for entering manual intervention.
+* Optionally, skips reconciliation until the manual intervention required state is resolved, that is, until the issue that caused the condition is fixed.
+
+*https://jira.issues.couchbase.com/browse/K8S-4101/[K8S-4101]*::
+
+Added support for the Encryption at Rest feature of Couchbase Server 8.0.
+
+*https://jira.issues.couchbase.com/browse/K8S-4108/[K8S-4108]*::
+
+The CouchbaseUser resource now includes an `enabled` flag to allow administrators to enable or disable user accounts.
+
+*https://jira.issues.couchbase.com/browse/K8S-4109/[K8S-4109]*::
+
+The CouchbaseUser resource now allows the administrators to enforce password change on a user’s first login using the `couchbaseuser.spec.userPassword.requireInitialChange` field.
+
+*https://jira.issues.couchbase.com/browse/K8S-4111/[K8S-4111]*::
+
+CouchbaseBucket resources now support `durabilityImpossibleFallback` with values `disabled` and `fallbackToActiveAck`.
+
+*https://jira.issues.couchbase.com/browse/K8S-4112/[K8S-4112]*::
+
+Added multiple settings to CouchbaseBucket resources to configure XDCR Conflict Logging.
+
+*https://jira.issues.couchbase.com/browse/K8S-4114/[K8S-4114]*::
+
+Added a CouchbaseCluster resource setting that enables auto‑failover of Ephemeral Buckets with no replicas in Couchbase Server 8.0 and later versions.
+
+*https://jira.issues.couchbase.com/browse/K8S-4117/[K8S-4117]*::
+
+Added `data.diskUsageLimit` to the CouchbaseCluster resource to enable Disk Usage Guardrails.
+
+*https://jira.issues.couchbase.com/browse/K8S-4118/[K8S-4118]*::
+
+Added support for SDK Telemetry settings in Couchbase Server 8.0 and later versions.
+
+*https://jira.issues.couchbase.com/browse/K8S-4120/[K8S-4120]*::
+
+For CouchbaseBuckets, now the default storage engine is `magma` and the vBucketCount is `128`.
 
 *https://jira.issues.couchbase.com/browse/K8S-4144/[K8S-4144]*::
 
-In prior versions of Couchbase Operator, the metrics port annotation (`prometheus.io/port`) was set to 8091, even if TLS was enabled.
- It will now correctly set to 18091.
+In the earlier versions of Couchbase Operator, the metrics port annotation `prometheus.io/port` was set to `8091`, even when TLS was enabled.
+It now correctly sets to `18091`.
+
+*https://jira.issues.couchbase.com/browse/K8S-4158/[K8S-4158]*::
+
+EvictionPolicy changes can now be applied to an online bucket during a swap rebalance.
 
 *https://jira.issues.couchbase.com/browse/K8S-4161/[K8S-4161]*::
 
-Operator 2.9.0 now allows you to set `spec.cluster.analytics.numReplicas`.
-This feature is only supported for couchbase server versions 7.6+.
+Operator 2.9.0 allows you to set `spec.cluster.analytics.numReplicas`.
+This feature is supported only on Couchbase Server 7.6 and later versions.
+
+*https://jira.issues.couchbase.com/browse/K8S-4203/[K8S-4203]*::
+
+Fixed an issue where metrics scrapes became too large when the Operator managed many clusters.
+
+*https://jira.issues.couchbase.com/browse/K8S-4209/[K8S-4209]*::
+
+Full backups can now be resumed.
+
+*https://jira.issues.couchbase.com/browse/K8S-4273/[K8S-4273]*::
+
+Fixed an issue where the Operator failed to remove pods from the cluster.
 
-*https://jira.issues.couchbase.com/browse/K8S-4270/[K8S-4270]*::
+*https://jira.issues.couchbase.com/browse/K8S-4279/[K8S-4279]*::
 
-Potentially where we use `kubectl apply` for CRDS, we add a note that this error is possible in 2.9+, and to add `--server-side` to the `kubectl apply` command.
+Fixed an issue where log message tags were inconsistent.
 
-*https://jira.issues.couchbase.com/browse/K8S-4286/[K8S-4286]*::
+*https://jira.issues.couchbase.com/browse/K8S-4349/[K8S-4349]*::
 
-In the latest build,
-the mirWatchdog feature is now set to off by default.
-The sequence has been adjusted to move the skip function after the validationRunner,
-and changes have been included in the CRD.
-Additionally,
-the system now skips the DAC during status changes.
-These updates aim to streamline operations and improve efficiency.
-// Generated by [chatgpt:gpt-4o]
+The CouchbaseCluster CRD now exceeds the size limit for client-side apply.
+Use the `--server-side` option with `kubectl apply` to apply the resource.
 
+*https://jira.issues.couchbase.com/browse/K8S-4404/[K8S-4404]*::
 
+Fixed an issue that caused upgrades to fail when image definitions used SHA256 digests.
 
diff --git a/modules/ROOT/pages/whats-new.adoc b/modules/ROOT/pages/whats-new.adoc
@@ -1,26 +1,70 @@
 = What's New?
-include::partial$constants.adoc[]
 
-Autonomous Operator {operator-version-minor} introduces our new Cluster Migration functionality well as a number of other improvements and minor fixes.
+Couchbase Kubernetes Operator 2.9.0 was released in December 2025.
+New features and improvements are described below.
 
-== Cluster Migration
+For information about fixed and known issues, see the xref:release-notes.adoc[Release Notes].
 
-Cluster Migration allows you to transfer a currently-unmanaged Couchbase Server cluster over to being managed by the Operator, with zero downtime.
+[#whats-new-290]
+== New Features and Enhancements in 2.9.0
 
-See xref:concept-migration.adoc[Couchbase Cluster Migration] for more details.
+Couchbase Kubernetes Operator 2.9.0 adds support for Couchbase Server 8.0 features and
+introduces a circuit breaker called Manual Intervention Required (MIR) mode.
+This release also improves the upgrade process by introducing a new upgrade object that enables more resilient automated upgrades.
 
-== Admission Controller Improvements
+=== Support for Couchbase Server 8.0 Features
 
-The Dynamic Admission Controller (DAC) will now warn if any cluster settings don't match our xref:best-practices.adoc#production-deployments[Best Practices for Production Deployments].
+Couchbase Server 8.0 introduces several key features, listed in xref:server:introduction:whats-new.adoc[What's New in Version 8.0], which are now configurable through Couchbase Kubernetes Operator 2.9.0.
+These are the highlights:
 
-The DAC will now prevent changes to the `CouchbaseCluster` spec while a hibernation is taking place.
-If hibernation is enabled while a cluster is migrating, upgrading, scaling, or rebalancing, that process will conclude before the cluster enters hibernation. The DAC will warn when this is the case, and it will be visible in the operator logs.
+* *Encryption at Rest:* Added support for a new `CouchbaseEncryptionKey` custom resource to manage encryption keys
+and to specify which keys are used for each unit, such as buckets, configuration data, and logs.
 
-To prevent any invalid resources failing to reconcile (i.e. if the DAC is not deployed in the current environment), the DAC Validation is now run at the beginning of the reconciliation loop.
-Any invalid resources will be skipped for reconciliation, marked as `NotValid`, and logged.
+* *Magma as the Default Storage Engine:* In Couchbase Server 8.0, magma with 128 vBuckets is the default storage engine for new buckets.
+Therefore, for CouchbaseBuckets, now the default storage engine is `magma` and the vBucketCount is `128`.
+Couchbase recommends setting the vBucket count to `1024` for high-throughput workloads.
 
-== Miscellaneous Improvements
+* *XDCR Conflict Logging for Active-Active Setups:* Added multiple settings to the CouchbaseBucket resource to set up XDCR Conflict Logging.
+
+* Other features such as enabling and disabling user accounts, and new bucket settings such as for warmup.
+
+=== Manual Intervention Required (MIR) Mode
+
+The MirWatchdog is an out-of-band check that provides additional alerting.
+It's used when the Operator cannot reconcile a cluster due to reasons outside its control and requires manual user intervention.
+Scenarios include TLS expiration, Couchbase authentication errors, and rebalance failures.
+
+This feature is disabled by default but can be enabled and configured by using the `mirWatchdog` field in the CouchbaseCluster CRD.
+
+For more information, see xref:tutorial-mirwatchdog.adoc[Monitor for Manual Intervention Scenarios].
+
+=== Upgrade Process Improvements
+
+Autonomous upgrades now provide improved user input and control through a new `upgrade` object in the CouchbaseCluster specification,
+which contains all configurations for upgrading a cluster.
+The previous ServerClass image-based approach is now hard deprecated.
+
+This consolidation clarifies how to control and manage future upgrades.
+All existing upgrade fields `upgradeProcess`, `upgradeStrategy`, and `rollingUpgrade` are deprecated, and moved under the `upgrade` object.
+
+The new `upgrade` object has the following new fields:
+
+* `UpgradeOrderType`: The unit of upgrade that can be a Node, ServerGroup, ServerClass, or Service.
+* `UpgradeOrder`: The upgrade order of specified upgrade units.  
+* `stabilizationPeriod`: The wait time in seconds before upgrading the next unit. 
+* `previousVersionPodCount`: The number of pods to keep running on the previous version at the end of upgrade.
+
+For more information, see xref:concept-upgrade.adoc[Upgrade Couchbase Server] and xref:howto-couchbase-upgrade.adoc[Upgrade a Couchbase Deployment].
+
+=== Other Improvements
+
+The following are additional important improvements:
+
+* Support for changing the bucket eviction policy online without requiring a bucket restart.
+* The ability to disable DNS resolution verification when creating pods before activating them in the cluster.
+* Support for specifying `overheadMemory` for `autoResourceAllocation` to define a static overhead amount.
+* Operator-backup now supports Periodic Merge in addition to Full Only and Full Incremental.
+This strategy is better suited for some larger clusters.
+You can specify a merge schedule on the CouchbaseBackup resource.
+* Support for specifying the `cao.couchbase.com/additionalArgs` annotation on CouchbaseBackup and CouchbaseRestore resources to pass additional `cbbackupmgr` arguments to the container.
 
-* Pod Disruption Budgets can now be set per-Server Class by enabling xref:resource/couchbasecluster.adoc#couchbaseclusters-spec-perserviceclasspdb[`couchbaseclusters.spec.perServiceClassPDB`].
-* Sample Buckets can now be loaded via the xref:resource/couchbasebucket.adoc[`CouchbaseBucket`] resource, by using the xref:reference-annotations.adoc#cao-couchbase-comsamplebucket[`cao.couchbase.com/sampleBucket`] annotation.
-* Query-related RBAC roles (`query_use_sequential_scans`, `query_use_sequences`, and `query_manage_sequences`) have now been added to  xref:resource/couchbasegroup.adoc#couchbasegroups-spec-roles-name[`couchbasegroups.spec.roles.name`].
diff --git a/preview/HEAD.yml b/preview/HEAD.yml
@@ -3,4 +3,4 @@ sources:
     branches: [release/8.0]
 
   docs-operator:
-    branches: [DOC-13656-Create-release-note-for-Couchbase-Operator-2.9.0, release/2.8]
+    branches: [DOC-13826-release-notes-cao-2-9-0, release/2.8]