# Panfactum Changelog — edge.24-07-08

> Simplifies AWS EKS configuration with bootstrap mode, adds Fledged for node image caching, introduces PVC annotator for StatefulSet PVC management, and fixes various credential handling and utility command issues.

## Highlights

- [`aws_eks`](https://panfactum.com/docs/edge/reference/infrastructure-modules/direct/aws/aws_eks) simplified — removed custom instance type/count in favor of `bootstrap_mode_enabled` flag
- New [`kube_fledged`](https://panfactum.com/docs/edge/reference/infrastructure-modules/direct/kubernetes/kube_fledged) for pre-pulling images to nodes
- New [`kube_pvc_annotator`](https://panfactum.com/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_pvc_annotator) for managing StatefulSet PVC metadata
- Multiple variable renames in `aws_eks` — update your Terragrunt inputs

## Breaking Changes

- [`aws_eks`](https://panfactum.com/docs/edge/reference/infrastructure-modules/direct/aws/aws_eks) has been refactored to reduce unnecessary options. Users can no longer set the instance type and count for EKS
  - Impacts: iac-module `aws_eks` — Simplified config with bootstrap_mode_enabled and variable renames
- Incorporating [`kube_pvc_annotator`](https://panfactum.com/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_pvc_annotator) into Panfactum modules requires redeploying StatefulSets. See upgrade instructions for the full process.
  - Impacts: iac-module `kube_pvc_annotator` — Requires StatefulSet redeployment for integration

## Additions

- Adds [`kube_fledged`](https://panfactum.com/docs/edge/reference/infrastructure-modules/direct/kubernetes/kube_fledged) to the core stack. The kube-fledged controller adds the ability to pre-pull images to every node to improve
- Adds the [`kube_pvc_annotator`](https://panfactum.com/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_pvc_annotator) submodule that provisions a CronJob to sync metadata across PVCs created by immutable templates.
  - Impacts: iac-module `kube_pvc_annotator` — New submodule for syncing StatefulSet PVC metadata
- Adds `persistence_backups_enabled` (default: `true`) to [`kube_redis_sentinel`](https://panfactum.com/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_redis_sentinel) to support disabling EBS snapshot backups.
  - Impacts: iac-module `kube_redis_sentinel` — New option to disable EBS snapshot backups
- Adds `node_image_cache_enabled` common variable to Panfactum modules to enable pre-pulling images via kube_fledged.
- Adds the `pf-buildkit-clear-cache` command for removing unused BuildKit caches.
  - Impacts: cli `buildkit clear-cache` — New command for clearing unused BuildKit caches

## Fixes

- Fixes handling of public ECR registries and ECR token caching in `docker-credential-panfactum`.
  - Impacts: cli `docker credential-helper` — Fix for public ECR and token caching issues
  - Reference (issue-report): [ECR token caching and public registry handling issues](https://github.com/Panfactum/stack/issues/70)
- Fixes `pf-get-open-port` to be platform-agnostic.
  - Reference (issue-report): [pf-get-open-port not platform-agnostic](https://github.com/Panfactum/stack/issues/68)
- Fixes image paths in the Authentik dashboard for applications provisioned by Panfactum modules.
  - Reference (issue-report): [Authentik dashboard application logos broken](https://github.com/Panfactum/stack/issues/66)

## Upgrade Instructions

## Redeploy StatefulSets for PVC Annotator Integration

Incorporating
[`kube_pvc_annotator`](https://panfactum.com/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_pvc_annotator) into
Panfactum modules requires redeploying StatefulSets. Follow these steps carefully to avoid downtime or data loss.

1. Create a Velero backup of the cluster by running `velero create backup -w <backup_name>` to recover in case of
   mistakes.

2. The following StatefulSets need to be deleted **in this order**, **with `kubectl delete --cascade=orphan`**, and
   **immediately restored** with a subsequent `terragrunt apply` to their defining module:

   - The Vault StatefulSet created by `kube_vault`

   - The Redis cluster StatefulSet for Authentik created by `kube_authentik`

   - The BuildKit StatefulSets created by `kube_buildkit`

   - Any StatefulSets you have provisioned with
     [`kube_stateful_set`](https://panfactum.com/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_stateful_set)

   - Any Redis cluster StatefulSets you have provisioned with
     [`kube_redis_sentinel`](https://panfactum.com/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_redis_sentinel)

   As long as you use `--cascade=orphan` and minimize the time between `kubectl delete` and `terragrunt apply`, there
   will not be any downtime during this operation.

3. After completing step 2, delete the backing PVCs from each module **one at a time** by deleting the PVC and then
   deleting its bound pod. The controller will automatically provision a new PVC with the correct labels and
   annotations.

   After deleting each pod, ensure a new pod is provisioned and becomes healthy **before** proceeding to the next.
   Proceeding one at a time will not cause downtime or data loss.

4. Delete the Velero backup created in step 1 by running `velero delete backup <backup_name>`.

## Related Resources

- [JSON Data](https://panfactum.com/docs/changelog/edge.24-07-08.json): Machine-readable data
- [Channel Release List](https://panfactum.com/docs/changelog/edge.json): All releases in this channel