{ "id": "edge.24-09-12", "name": "edge.24-09-12", "summary": "Replaces Secrets CSI with Vault Secrets Operator for better security and performance, renames credential outputs for clarity, improves Terragrunt provider management, and adds support for sourcing environment variables from ConfigMaps and Secrets.", "skip": false, "highlights": [ "`kube_secrets_csi` deprecated and should be removed — saves ~150MB memory per node", "`pf-providers-enable` renamed to `pf-tf-init` with expanded functionality", "Credential outputs renamed: `superuser_username/password` → `root_username/password` in `kube_pg_cluster` and `kube_redis_sentinel`", "Provider configuration no longer needs to be manually enabled via `module.yaml`" ], "changes": [ { "id": "e24a035d-6f2d-4d08-84ae-d13e7b2644c6", "type": "breaking_change", "summary": "[`kube_secrets_csi`](/docs/edge/reference/infrastructure-modules/direct/kubernetes/kube_secrets_csi) has been deprecated and should be removed from your clusters. The Vault Secrets Operator replaces its functionality with improved" }, { "id": "42ffd471-706c-424c-b5df-98d140f65b85", "type": "breaking_change", "summary": "[`kube_pg_cluster`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_pg_cluster) and [`kube_redis_sentinel`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_redis_sentinel) outputs `superuser_username` and `superuser_password` have been renamed to `root_username` and `root_password`.", "impacts": [ { "type": "iac-module", "component": "kube_pg_cluster", "summary": "Outputs renamed from superuser_* to root_*" }, { "type": "iac-module", "component": "kube_redis_sentinel", "summary": "Outputs renamed from superuser_* to root_*" } ] }, { "id": "74a171d5-2102-475d-affc-b6243900dc2c", "type": "breaking_change", "summary": "`pf-providers-enable` has been renamed to `pf-tf-init` with expanded functionality: now influences every module in the directory tree, runs `init -upgrade`" }, { "id": "b25fd731-98ea-42d7-a945-ba383a0e880d", "type": "breaking_change", "summary": "You no longer need to manually enable providers via the `providers` array in `module.yaml`. Terragrunt now automatically detects required providers", "impacts": [ { "type": "configuration", "component": "module.yaml", "summary": "Manual provider configuration via providers array no longer needed" } ] }, { "id": "97f0944e-1184-45fc-b667-28e011a496ca", "type": "addition", "summary": "Adds `common_env_from_config_maps` and `common_env_from_secrets` inputs to all standard workload submodules to source environment variables from existing ConfigMaps and Secrets, respectively." }, { "id": "d41e8c70-f4ad-4246-bfad-e585040cef55", "type": "addition", "summary": "[`kube_pg_cluster`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_pg_cluster) and [`kube_redis_sentinel`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_redis_sentinel) now support using Vault-generated credentials to authenticate from other workloads.", "impacts": [ { "type": "iac-module", "component": "kube_pg_cluster", "summary": "Added Vault-generated credential support for workload auth" }, { "type": "iac-module", "component": "kube_redis_sentinel", "summary": "Added Vault-generated credential support for workload auth" } ] }, { "id": "46b45469-f6ac-4a17-ba8d-7614364d120a", "type": "fix", "summary": "Adds a controller node preference to pods with `controller_nodes_enabled` set to `true`, optimizing resource efficiency by preferring to fill controller" } ], "on_upgrade_path": true, "list_url": "/docs/changelog/edge.json", "llm_txt_url": "/docs/changelog/edge.24-09-12/llm.txt", "next": "/docs/changelog/edge.24-09-30.json", "prev": "/docs/changelog/edge.24-09-10.json" }