edge.24-11-13
Introduces Kyverno policy engine as a core component, replaces Fledged and Reflector with Kyverno-based alternatives, improves PostgreSQL autoscaling capabilities, and enhances pod scheduling with automatic ARM64 and spot instance tolerations.
This release introduces Kyverno. We discovered several issues with the initial architecture that could cause degenerate cluster behavior eventually resulting in a full cluster shutdown.
Generally, this takes days to occur, so it is safe to upgrade to this release so long as you immediately continue to upgrade to subsequent releases where the issues are resolved. All issues were fully resolved in the edge.25-01-04 release.
Install Kyverno
You must install Kyverno by following the new bootstrapping guide section. Many modules now depend on Kyverno and will not function without it.
Remove kube_fledged and kube_reflector
Both kube_fledged and kube_reflector have been deprecated in favor of Kyverno-based alternatives.
Important: These modules must be removed from your clusters before upgrading to the next version. Do not remove them until Kyverno is installed.
- Replacement for
kube_fledged: Follow this guide and use the newkube_node_image_cachemodule. - Replacement for
kube_reflector:- To sync ConfigMaps, use
kube_sync_config_map. - To sync Secrets, use
kube_sync_secret.
- To sync ConfigMaps, use
Update kube_pg_cluster VPA Inputs
Vertical pod autoscaling now works for PostgreSQL clusters. The following variables have been removed:
pg_memory_mbpg_cpu_millicores
And the following variables have been added:
pg_minimum_memory_mbpg_maximum_memory_mbpg_minimum_cpu_millicorespg_maximum_cpu_millicorespgbouncer_minimum_memory_mbpgbouncer_maximum_memory_mbpgbouncer_minimum_cpu_millicorespgbouncer_maximum_cpu_millicores
Automatic ARM64 and Spot Tolerations
All pods in Panfactum clusters will now automatically tolerate arm64 and spot node taints regardless of whether they were created by Panfactum modules. To disable these tolerations for a specific pod, add the labels:
panfactum.com/arm64-enabled = "false"to disable arm64 tolerancepanfactum.com/spot-enabled = "false"to disable spot tolerance