# Panfactum Changelog — edge.24-10-15 > Introduces the Panfactum provider to greatly simplify module development, upgrades to OpenTofu v1.8, adds CDN capabilities with CloudFront integration, and significantly improves DNS and ingress routing configuration. ## Highlights - New [Panfactum provider](https://registry.terraform.io/providers/Panfactum/pf/latest) eliminates boilerplate in first-party modules - OpenTofu upgraded to v1.8 — variables now supported in module `source` fields - New [`kube_aws_cdn`](https://panfactum.com/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_aws_cdn) and [`aws_cdn`](https://panfactum.com/docs/edge/reference/infrastructure-modules/submodule/aws/aws_cdn) modules for CloudFront CDN - [`kube_ingress`](https://panfactum.com/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_ingress) `domains` moved to top-level and `rewrite_rules` replaced with `redirect_rules` ## Breaking Changes - This release integrates the new Panfactum provider and upgrades OpenTofu to v1.8. The templating system and `pf-update-iac` have been removed. - [`kube_ingress`](https://panfactum.com/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_ingress) no longer allows `rewrite_rules` on `ingress_configs`. The new top-level `redirect_rules` variable has enhanced capabilities including full URL pattern matching - Impacts: iac-module `kube_ingress` — Replaced rewrite_rules with top-level redirect_rules variable - [`kube_ingress`](https://panfactum.com/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_ingress) `domains` is now a top-level variable rather than being specified on individual `ingress_configs`. - Impacts: iac-module `kube_ingress` — Moved domains from ingress_configs to top-level variable ## Additions - New module [`kube_aws_cdn`](https://panfactum.com/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_aws_cdn) for setting up a CloudFront distribution in front of Ingress resources. [`kube_ingress`](https://panfactum.com/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_ingress) updated to support CDN settings. - Impacts: iac-module `kube_aws_cdn` — New module for CloudFront CDN in front of Ingress resources - Impacts: iac-module `kube_ingress` — Updated to support CDN configuration settings - New module [`aws_cdn`](https://panfactum.com/docs/edge/reference/infrastructure-modules/submodule/aws/aws_cdn) for non-Kubernetes CDN use cases. - Impacts: iac-module `aws_cdn` — New module for non-Kubernetes CloudFront CDN use cases - New module [`aws_dns_zones`](https://panfactum.com/docs/edge/reference/infrastructure-modules/direct/aws/aws_dns_zones) for creating Route53 zones that have a non-AWS registrar. - Impacts: iac-module `aws_dns_zones` — New module for Route53 zones with non-AWS registrars - Adds Cloudflare support in [`kube_external_dns`](https://panfactum.com/docs/edge/reference/infrastructure-modules/direct/kubernetes/kube_external_dns) and `kube_cert_issuers`. - Impacts: iac-module `kube_external_dns` — Added Cloudflare DNS provider support - Impacts: iac-module `kube_cert_issuers` — Added Cloudflare DNS challenge support ## Improvements - `tls_1_2_enabled` now defaults to `true` in [`kube_ingress_nginx`](https://panfactum.com/docs/edge/reference/infrastructure-modules/direct/kubernetes/kube_ingress_nginx) to support CDNs like CloudFront that do not yet support TLSv1.3. - Impacts: iac-module `kube_ingress_nginx` — Default tls_1_2_enabled changed to true for CDN compatibility ## Fixes - The internal logic of [`aws_dns_records`](https://panfactum.com/docs/edge/reference/infrastructure-modules/direct/aws/aws_dns_records) has been updated so that each record is managed independently, fixing an issue where adding - Impacts: iac-module `aws_dns_records` — Records now managed independently to prevent unnecessary recreation - `pf-wf-git-checkout` no longer automatically appends `.git` to repo URLs, which is incompatible with some git hosting providers (e.g., Azure DevOps). - Impacts: devshell `pf-wf-git-checkout` — Stopped auto-appending .git to repo URLs - Reference (issue-report): [pf-wf-git-checkout appends .git to repo URLs](https://github.com/Panfactum/stack/issues/160) ## Upgrade Instructions ## Panfactum Provider Integration This release integrates the new [Panfactum provider](https://registry.terraform.io/providers/Panfactum/pf/latest) and removes the need to pass many different variables through the module tree. Additionally, [OpenTofu has been upgraded to v1.8](https://opentofu.org/blog/opentofu-1-8-0/) which now supports variables in module `source` fields. Two new inputs are now passed to every module by default: `pf_module_source` and `pf_module_ref`. **Before:** ```hcl module "namespace" { source = "github.com/Panfactum/stack.git//packages/infrastructure/kube_namespace?ref=c817073e165fd67a5f9af5ac2d997962b7c20367" #pf-update namespace = "example" # pf-generate: pass_vars pf_stack_version = var.pf_stack_version pf_stack_commit = var.pf_stack_commit environment = var.environment region = var.region pf_root_module = var.pf_root_module is_local = var.is_local extra_tags = var.extra_tags # end-generate } ``` **After:** ```hcl module "namespace" { source = "${var.pf_module_source}kube_namespace${var.pf_module_ref}" namespace = "example" } ``` ### Removed Module Inputs Terragrunt no longer passes the following inputs to modules by default (they are now accessed via the Panfactum provider): - `pf_stack_version` - `pf_stack_commit` - `environment` - `region` - `pf_root_module` - `is_local` ### Removed Tooling The templating system and `pf-update-iac` have been removed as they are no longer necessary. For more information, see the [updated first-party IaC development documentation.](https://panfactum.com/docs/edge/guides/iac/first-party-modules#writing-modules) ## `kube_ingress` Changes [`kube_ingress`](https://panfactum.com/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_ingress) has two breaking changes: 1. `rewrite_rules` on `ingress_configs` has been replaced with a top-level `redirect_rules` variable that supports pattern matching against the full URL and specifies permanent vs temporary redirects. 2. `domains` can no longer be specified on individual `ingress_configs`. It is now a top-level variable. ## Related Resources - [JSON Data](https://panfactum.com/docs/changelog/edge.24-10-15.json): Machine-readable data - [Channel Release List](https://panfactum.com/docs/changelog/edge.json): All releases in this channel