{ "channel": "edge", "total_releases": 46, "releases": [ { "id": "edge.24-05-12", "name": "edge.24-05-12", "url": "/docs/changelog/edge.24-05-12", "json_url": "/docs/changelog/edge.24-05-12.json", "llm_txt_url": "/docs/changelog/edge.24-05-12/llm.txt", "summary": "The initial edge release of the Panfactum stack.", "skip": false, "on_upgrade_path": false, "highlights": [ "The initial edge release of the Panfactum stack!" ], "change_counts": { "addition": 1 } }, { "id": "edge.24-05-15", "name": "edge.24-05-15", "url": "/docs/changelog/edge.24-05-15", "json_url": "/docs/changelog/edge.24-05-15.json", "llm_txt_url": "/docs/changelog/edge.24-05-15/llm.txt", "summary": "Updates Vault domain configuration, adds the Reflector module for cross-namespace synchronization, and fixes PostgreSQL graceful shutdown issues.", "skip": false, "on_upgrade_path": false, "highlights": [ "[`kube_vault`](/docs/edge/reference/infrastructure-modules/direct/kubernetes/kube_vault) now takes `vault_domain` as an input instead of `environment_domains`", "New [`kube_reflector`](/docs/edge/reference/infrastructure-modules/direct/kubernetes/kube_reflector) module for cross-namespace ConfigMap/Secret synchronization", "Fixed graceful shutdown for PostgreSQL clusters on spot instances" ], "change_counts": { "breaking_change": 1, "addition": 2, "fix": 1 } }, { "id": "edge.24-05-23", "name": "edge.24-05-23", "url": "/docs/changelog/edge.24-05-23", "json_url": "/docs/changelog/edge.24-05-23.json", "llm_txt_url": "/docs/changelog/edge.24-05-23/llm.txt", "summary": "Adds the Reflector module for cross-namespace synchronization, introduces PostgreSQL shutdown timeout configuration, and fixes graceful shutdown issues in PostgreSQL clusters.", "skip": false, "on_upgrade_path": false, "highlights": [ "New [`kube_reflector`](/docs/edge/reference/infrastructure-modules/direct/kubernetes/kube_reflector) module for cross-namespace ConfigMap/Secret synchronization", "New `pg_shutdown_timeout` input for [`kube_pg_cluster`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_pg_cluster)", "Fixed graceful shutdown for PostgreSQL clusters on spot instances" ], "change_counts": { "addition": 2, "fix": 1 } }, { "id": "edge.24-05-30", "name": "edge.24-05-30", "url": "/docs/changelog/edge.24-05-30", "json_url": "/docs/changelog/edge.24-05-30.json", "llm_txt_url": "/docs/changelog/edge.24-05-30/llm.txt", "summary": "Reduces default Vault storage size, adds Loki logging backend, introduces PVC Autoresizer for automatic EBS volume expansion, and fixes Karpenter scheduling issues.", "skip": false, "on_upgrade_path": false, "highlights": [ "Default `vault_storage_size_gb` changed from `20` to `2` — manual update required if you used the old default", "New [`kube_logging`](/docs/edge/reference/infrastructure-modules/direct/kubernetes/kube_logging) module with Loki backend (Alpha)", "New [`kube_pvc_autoresizer`](/docs/edge/reference/infrastructure-modules/direct/kubernetes/kube_pvc_autoresizer) for automatic EBS volume expansion" ], "change_counts": { "breaking_change": 1, "addition": 3, "fix": 1 } }, { "id": "edge.24-06-02", "name": "edge.24-06-02", "url": "/docs/changelog/edge.24-06-02", "json_url": "/docs/changelog/edge.24-06-02.json", "llm_txt_url": "/docs/changelog/edge.24-06-02/llm.txt", "summary": "Replaces EKS CoreDNS with a custom module, adds monitoring stack with Prometheus and Grafana, introduces Argo Workflow engine, and makes significant improvements to cluster resource utilization and stability.", "skip": false, "on_upgrade_path": true, "upgrade_instructions_url": "/docs/changelog/edge.24-06-02/upgrade", "highlights": [ "EKS CoreDNS addon replaced by [`kube_core_dns`](/docs/edge/reference/infrastructure-modules/direct/kubernetes/kube_core_dns) — manual migration required", "New monitoring stack with Prometheus, Thanos, and Grafana via [`kube_monitoring`](/docs/edge/reference/infrastructure-modules/direct/kubernetes/kube_monitoring) (Alpha)", "New Argo Workflow engine via [`kube_argo`](/docs/edge/reference/infrastructure-modules/direct/kubernetes/kube_argo) (Alpha)", "New [`kube_vault_proxy`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_vault_proxy) to add SSO to web assets without integrated SSO", "`pgbouncer_read_only_enabled` now defaults to `false` — breaking change for read-only pooler users" ], "change_counts": { "breaking_change": 3, "addition": 4, "improvement": 3, "fix": 1 } }, { "id": "edge.24-06-04", "name": "edge.24-06-04", "url": "/docs/changelog/edge.24-06-04", "json_url": "/docs/changelog/edge.24-06-04.json", "llm_txt_url": "/docs/changelog/edge.24-06-04/llm.txt", "summary": "Upgrades to devenv 1.0, improves Redis sentinel configuration, significantly speeds up devenv rebuilds on macOS, and fixes several issues with Karpenter autoscaling and ExternalDNS.", "skip": false, "on_upgrade_path": false, "highlights": [ "Upgraded to devenv 1.0 — `.env` values can no longer be referenced directly inside `.nix` files", "macOS devenv rebuilds now 10-15x faster (from 10+ minutes down to ~45 seconds)", "Fixed Karpenter autoscaling issue when `extra_tags` was provided" ], "change_counts": { "breaking_change": 1, "addition": 2, "fix": 7 } }, { "id": "edge.24-06-06", "name": "edge.24-06-06", "url": "/docs/changelog/edge.24-06-06", "json_url": "/docs/changelog/edge.24-06-06.json", "llm_txt_url": "/docs/changelog/edge.24-06-06/llm.txt", "summary": "Introduces workload utility submodule for standardized pod specs, disables VPC flow logs by default, improves environment setup with scaffolding script, and fixes several environment and resource-related issues.", "skip": false, "on_upgrade_path": false, "highlights": [ "New [`kube_workload_utility`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_workload_utility) submodule for production-hardened Pod specs", "VPC flow logs now disabled by default in [`aws_vpc`](/docs/edge/reference/infrastructure-modules/direct/aws/aws_vpc)", "New `pf-env-scaffold` script for environment bootstrapping setup" ], "change_counts": { "breaking_change": 3, "addition": 6, "fix": 3 } }, { "id": "edge.24-06-08", "name": "edge.24-06-08", "url": "/docs/changelog/edge.24-06-08", "json_url": "/docs/changelog/edge.24-06-08.json", "llm_txt_url": "/docs/changelog/edge.24-06-08/llm.txt", "summary": "Deprecates kube_trust_manager in favor of kube_reflector, adds domain contact type configuration, simplifies EKS reset process with new command, and fixes VPC and CoreDNS-related issues.", "skip": false, "on_upgrade_path": false, "highlights": [ "[`kube_trust_manager`](/docs/edge/reference/infrastructure-modules/direct/kubernetes/kube_trust_manager) deprecated in favor of [`kube_reflector`](/docs/edge/reference/infrastructure-modules/direct/kubernetes/kube_reflector)", "New `pf-eks-reset` command consolidates manual cluster reset steps" ], "change_counts": { "breaking_change": 1, "addition": 3, "fix": 2 } }, { "id": "edge.24-06-13", "name": "edge.24-06-13", "url": "/docs/changelog/edge.24-06-13", "json_url": "/docs/changelog/edge.24-06-13.json", "llm_txt_url": "/docs/changelog/edge.24-06-13/llm.txt", "summary": "Adds PgBouncer configuration options, introduces cost-saving opportunities with enhanced_ha_enabled flag, adds OpenCost for Kubernetes cost analysis, and fixes various issues with VPC, Authentik, and pod scheduling.", "skip": false, "on_upgrade_path": false, "highlights": [ "New `enhanced_ha_enabled` input to core modules — disable for ~$50/month savings with minor availability tradeoff", "New [`kube_open_cost`](/docs/edge/reference/infrastructure-modules/direct/kubernetes/kube_open_cost) module for Kubernetes cost analysis", "Many new PgBouncer configuration inputs in [`kube_pg_cluster`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_pg_cluster)" ], "change_counts": { "addition": 5, "fix": 5 } }, { "id": "edge.24-06-20", "name": "edge.24-06-20", "url": "/docs/changelog/edge.24-06-20", "json_url": "/docs/changelog/edge.24-06-20.json", "llm_txt_url": "/docs/changelog/edge.24-06-20/llm.txt", "summary": "Introduces an alternative Kubernetes scheduler that significantly improves pod bin-packing for 25-33% cost reduction, adds integrated descheduling for underutilized nodes, and fixes Karpenter deployment issues.", "skip": false, "on_upgrade_path": false, "highlights": [ "New [`kube_scheduler`](/docs/edge/reference/infrastructure-modules/direct/kubernetes/kube_scheduler) for 25-33% node cost reduction via improved bin-packing", "New `panfactum_scheduler_enabled` input (default `false`) to opt in to the new scheduler per module", "Automatic descheduling of pods from low-utilization nodes when scheduler is enabled" ], "change_counts": { "addition": 3, "fix": 3 } }, { "id": "edge.24-07-01", "name": "edge.24-07-01", "url": "/docs/changelog/edge.24-07-01", "json_url": "/docs/changelog/edge.24-07-01.json", "llm_txt_url": "/docs/changelog/edge.24-07-01/llm.txt", "summary": "Graduates BuildKit to beta status, updates ECR repository configuration for better customization, adds Argo Events components, introduces several helpful CLI tools, and improves ARM support across core components.", "skip": false, "on_upgrade_path": false, "highlights": [ "[`kube_buildkit`](/docs/edge/reference/infrastructure-modules/direct/kubernetes/kube_buildkit) graduates to Beta status", "ECR repository input format changed to support per-repository configuration", "New [`kube_argo_sensor`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_argo_sensor) and [`kube_argo_event_source`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_argo_event_source) submodules (Alpha)", "All core cluster components now support both amd64 and arm64 nodes" ], "change_counts": { "breaking_change": 2, "addition": 10, "fix": 2 } }, { "id": "edge.24-07-08", "name": "edge.24-07-08", "url": "/docs/changelog/edge.24-07-08", "json_url": "/docs/changelog/edge.24-07-08.json", "llm_txt_url": "/docs/changelog/edge.24-07-08/llm.txt", "summary": "Simplifies AWS EKS configuration with bootstrap mode, adds Fledged for node image caching, introduces PVC annotator for StatefulSet PVC management, and fixes various credential handling and utility command issues.", "skip": false, "on_upgrade_path": true, "upgrade_instructions_url": "/docs/changelog/edge.24-07-08/upgrade", "highlights": [ "[`aws_eks`](/docs/edge/reference/infrastructure-modules/direct/aws/aws_eks) simplified — removed custom instance type/count in favor of `bootstrap_mode_enabled` flag", "New [`kube_fledged`](/docs/edge/reference/infrastructure-modules/direct/kubernetes/kube_fledged) for pre-pulling images to nodes", "New [`kube_pvc_annotator`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_pvc_annotator) for managing StatefulSet PVC metadata", "Multiple variable renames in `aws_eks` — update your Terragrunt inputs" ], "change_counts": { "breaking_change": 2, "addition": 5, "fix": 3 } }, { "id": "edge.24-08-12", "name": "edge.24-08-12", "url": "/docs/changelog/edge.24-08-12", "json_url": "/docs/changelog/edge.24-08-12.json", "llm_txt_url": "/docs/changelog/edge.24-08-12/llm.txt", "summary": "Moves repository variables to panfactum.yaml for improved CI/CD integration, introduces Workflow Engine and Event Bus addons, and upgrades Argo-related modules to Beta status.", "skip": false, "on_upgrade_path": true, "upgrade_instructions_url": "/docs/changelog/edge.24-08-12/upgrade", "highlights": [ "Repository variables moved from `devenv.nix` to `panfactum.yaml` at repo root — breaking change", "New [Workflow Engine addon](/docs/edge/guides/addons/workflow-engine/installing) (Argo Workflows) and [Event Bus addon](/docs/edge/guides/addons/event-bus/installing) (Argo Events)", "Multiple Argo-related modules graduated to Beta status" ], "change_counts": { "breaking_change": 1, "addition": 4 } }, { "id": "edge.24-08-13", "name": "edge.24-08-13", "url": "/docs/changelog/edge.24-08-13", "json_url": "/docs/changelog/edge.24-08-13.json", "llm_txt_url": "/docs/changelog/edge.24-08-13/llm.txt", "summary": "Improves PostgreSQL storage configuration and memory tuning, simplifies Karpenter node pool management, adds support for custom PostgreSQL parameters and schemas, and fixes several bootstrapping and environment issues.", "skip": false, "on_upgrade_path": false, "highlights": [ "`pg_storage_increase_percent` renamed to `pg_storage_increase_gb` in [`kube_pg_cluster`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_pg_cluster)", "`pg_storage_gb` renamed to `pg_initial_storage_gb` in [`kube_pg_cluster`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_pg_cluster)", "Node pool inputs (`node_vpc_id`, `node_subnets`, `node_security_group_id`) moved from `kube_karpenter` to `kube_karpenter_node_pools`" ], "change_counts": { "breaking_change": 3, "addition": 3, "fix": 3 } }, { "id": "edge.24-08-15", "name": "edge.24-08-15", "url": "/docs/changelog/edge.24-08-15", "json_url": "/docs/changelog/edge.24-08-15.json", "llm_txt_url": "/docs/changelog/edge.24-08-15/llm.txt", "summary": "Improves PostgreSQL failover speed with enhanced shutdown logic, adds workflow composition capabilities with template references, and fixes repository working directory issues in CI/CD workflows.", "skip": false, "on_upgrade_path": false, "highlights": [ "`pg_shutdown_timeout` renamed to `pg_smart_shutdown_timeout` in [`kube_pg_cluster`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_pg_cluster)", "New shutdown/failover logic reduces PostgreSQL downtime from 60-120s to <5s", "Adds `templateRef` support to [`wf_spec`](/docs/main/reference/infrastructure-modules/submodule/workflow/wf_spec) for Workflow composition" ], "change_counts": { "breaking_change": 1, "addition": 3, "fix": 2 } }, { "id": "edge.24-08-22", "name": "edge.24-08-22", "url": "/docs/changelog/edge.24-08-22", "json_url": "/docs/changelog/edge.24-08-22.json", "llm_txt_url": "/docs/changelog/edge.24-08-22/llm.txt", "summary": "Improves Redis persistence strategy for faster recovery, adds disruption window controller for scheduling maintenance periods, introduces PostgreSQL synchronous replication, and enhances Velero backup reliability.", "skip": false, "on_upgrade_path": false, "highlights": [ "Redis AOF persistence removed in favor of RDB-only — faster recovery, `redis_appendfsync` input removed", "`token_lifetime_seconds` renamed to `token_lifetime_hours` in [`vault_auth_oidc`](/docs/edge/reference/infrastructure-modules/direct/vault/vault_auth_oidc)", "New [`kube_disruption_window_controller`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_disruption_window_controller) for time-based maintenance windows", "New `pg_sync_replication_enabled` input for PostgreSQL synchronous replication" ], "change_counts": { "breaking_change": 3, "addition": 2, "fix": 2 } }, { "id": "edge.24-08-23", "name": "edge.24-08-23", "url": "/docs/changelog/edge.24-08-23", "json_url": "/docs/changelog/edge.24-08-23.json", "llm_txt_url": "/docs/changelog/edge.24-08-23/llm.txt", "summary": "Fixes PgBouncer permission issues when creating new PostgreSQL clusters.", "skip": false, "on_upgrade_path": false, "highlights": [ "Fixed PgBouncer permissions on new PostgreSQL cluster creation" ], "change_counts": { "fix": 1 } }, { "id": "edge.24-08-24", "name": "edge.24-08-24", "url": "/docs/changelog/edge.24-08-24", "json_url": "/docs/changelog/edge.24-08-24.json", "llm_txt_url": "/docs/changelog/edge.24-08-24/llm.txt", "summary": "Improves Authentik stability by preventing deployment failures during initial creation and eliminating downtime during database failovers.", "skip": false, "on_upgrade_path": false, "highlights": [ "Fixed [`authentik_core_resources`](/docs/edge/reference/infrastructure-modules/direct/authentik/authentik_core_resources) first-create deployment failure", "Authentik no longer experiences downtime during database failover events" ], "change_counts": { "fix": 2 } }, { "id": "edge.24-08-27", "name": "edge.24-08-27", "url": "/docs/changelog/edge.24-08-27", "json_url": "/docs/changelog/edge.24-08-27.json", "llm_txt_url": "/docs/changelog/edge.24-08-27/llm.txt", "summary": "Makes S3 backups mandatory for PostgreSQL clusters, adds native database restoration capabilities, creates immediate base backups for new databases, and fixes failover disruption issues.", "skip": false, "on_upgrade_path": false, "highlights": [ "S3 backups are now mandatory for [`kube_pg_cluster`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_pg_cluster) — the ability to disable them has been removed", "Added native backup restoration support to [`kube_pg_cluster`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_pg_cluster)", "New databases now get an immediate base backup on creation" ], "change_counts": { "breaking_change": 1, "addition": 2, "fix": 2 } }, { "id": "edge.24-09-04", "name": "edge.24-09-04", "url": "/docs/changelog/edge.24-09-04", "json_url": "/docs/changelog/edge.24-09-04.json", "llm_txt_url": "/docs/changelog/edge.24-09-04/llm.txt", "summary": "Standardizes naming conventions across modules, enables core Panfactum features by default, improves node scheduling with controller taints, and fixes EBS volume detachment issues to prevent pod rescheduling delays.", "skip": false, "on_upgrade_path": true, "upgrade_instructions_url": "/docs/changelog/edge.24-09-04/upgrade", "highlights": [ "Extensive variable renames in workload submodules — `ready_check_*` → `readiness_probe_*`, `image`/`image_version` split, and more", "Core features (`spot_nodes_enabled`, `arm_nodes_enabled`, `vpa_enabled`, `panfactum_scheduler_enabled`) now enabled by default", "EKS Node Group nodes now tainted with `controller=true:NoSchedule` — add `controller_nodes_enabled` where needed", "Remove BuildKit StatefulSets before applying this release" ], "change_counts": { "breaking_change": 5, "addition": 2, "fix": 2 } }, { "id": "edge.24-09-10", "name": "edge.24-09-10", "url": "/docs/changelog/edge.24-09-10", "json_url": "/docs/changelog/edge.24-09-10.json", "llm_txt_url": "/docs/changelog/edge.24-09-10/llm.txt", "summary": "Updates Karpenter CRD specification requiring manual intervention during upgrade, restructures ports configuration in workload modules, adds Kubernetes Service submodule, and fixes PostgreSQL credential access issues.", "skip": false, "on_upgrade_path": true, "upgrade_instructions_url": "/docs/changelog/edge.24-09-10/upgrade", "highlights": [ "Karpenter CRD update requires manual state manipulation — see upgrade instructions", "`ports` input moved to container-level in [`kube_deployment`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_deployment) and [`kube_stateful_set`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_stateful_set)", "New [`kube_service`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_service) submodule for optimized Kubernetes Services" ], "change_counts": { "breaking_change": 2, "addition": 2, "fix": 2 } }, { "id": "edge.24-09-12", "name": "edge.24-09-12", "url": "/docs/changelog/edge.24-09-12", "json_url": "/docs/changelog/edge.24-09-12.json", "llm_txt_url": "/docs/changelog/edge.24-09-12/llm.txt", "summary": "Replaces Secrets CSI with Vault Secrets Operator for better security and performance, renames credential outputs for clarity, improves Terragrunt provider management, and adds support for sourcing environment variables from ConfigMaps and Secrets.", "skip": false, "on_upgrade_path": true, "upgrade_instructions_url": "/docs/changelog/edge.24-09-12/upgrade", "highlights": [ "`kube_secrets_csi` deprecated and should be removed — saves ~150MB memory per node", "`pf-providers-enable` renamed to `pf-tf-init` with expanded functionality", "Credential outputs renamed: `superuser_username/password` → `root_username/password` in `kube_pg_cluster` and `kube_redis_sentinel`", "Provider configuration no longer needs to be manually enabled via `module.yaml`" ], "change_counts": { "breaking_change": 4, "addition": 2, "fix": 1 } }, { "id": "edge.24-09-30", "name": "edge.24-09-30", "url": "/docs/changelog/edge.24-09-30", "json_url": "/docs/changelog/edge.24-09-30.json", "llm_txt_url": "/docs/changelog/edge.24-09-30/llm.txt", "summary": "Adds self-hosted GitHub Action runners addon and EKS cluster suspend/resume commands, while fixing voluntary disruption window namespace limitations.", "skip": false, "on_upgrade_path": false, "highlights": [ "New [GitHub Action runners addon](/docs/edge/guides/addons/github-actions/installing) for self-hosted CI", "New `pf-eks-suspend` and `pf-eks-resume` commands for cluster lifecycle management", "Fixed disruption windows to work in all namespaces (previously only worked in `argo`)" ], "change_counts": { "addition": 2, "fix": 1 } }, { "id": "edge.24-10-09", "name": "edge.24-10-09", "url": "/docs/changelog/edge.24-10-09", "json_url": "/docs/changelog/edge.24-10-09.json", "llm_txt_url": "/docs/changelog/edge.24-10-09/llm.txt", "summary": "Adds support for local Stack module development, loosens git provider requirements, makes environment bootstrapping idempotent, and fixes EKS bootstrap mode and installation issues.", "skip": false, "on_upgrade_path": false, "highlights": [ "New `pf_stack_local_path` Terragrunt variable for testing local Panfactum module changes", "`pf-env-bootstrap` is now idempotent — safe to re-run if it fails midway" ], "change_counts": { "addition": 1, "improvement": 2, "fix": 3 } }, { "id": "edge.24-10-15", "name": "edge.24-10-15", "url": "/docs/changelog/edge.24-10-15", "json_url": "/docs/changelog/edge.24-10-15.json", "llm_txt_url": "/docs/changelog/edge.24-10-15/llm.txt", "summary": "Introduces the Panfactum provider to greatly simplify module development, upgrades to OpenTofu v1.8, adds CDN capabilities with CloudFront integration, and significantly improves DNS and ingress routing configuration.", "skip": false, "on_upgrade_path": true, "upgrade_instructions_url": "/docs/changelog/edge.24-10-15/upgrade", "highlights": [ "New [Panfactum provider](https://registry.terraform.io/providers/Panfactum/pf/latest) eliminates boilerplate in first-party modules", "OpenTofu upgraded to v1.8 — variables now supported in module `source` fields", "New [`kube_aws_cdn`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_aws_cdn) and [`aws_cdn`](/docs/edge/reference/infrastructure-modules/submodule/aws/aws_cdn) modules for CloudFront CDN", "[`kube_ingress`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_ingress) `domains` moved to top-level and `rewrite_rules` replaced with `redirect_rules`" ], "change_counts": { "breaking_change": 3, "addition": 4, "improvement": 1, "fix": 2 } }, { "id": "edge.24-10-18", "name": "edge.24-10-18", "url": "/docs/changelog/edge.24-10-18", "json_url": "/docs/changelog/edge.24-10-18.json", "llm_txt_url": "/docs/changelog/edge.24-10-18/llm.txt", "summary": "Replaces devenv with plain nix flakes for significantly improved performance, upgrades Cilium and AWS EBS CSI drivers, adds CDN support for core components, and fixes various resource utilization and git-related issues.", "skip": false, "on_upgrade_path": true, "upgrade_instructions_url": "/docs/changelog/edge.24-10-18/upgrade", "highlights": [ "devenv replaced with plain nix flakes — macOS initial install now ~5 minutes (down from 45+)", "`pf-get-version-hash` renamed to `pf-get-commit-hash` with updated argument format", "`pgadmin4` removed from devShell — choose your own database client", "Cilium upgraded to v1.16.3 — 75MB per-node memory reduction" ], "change_counts": { "breaking_change": 3, "improvement": 3, "addition": 2, "fix": 3 } }, { "id": "edge.24-10-21", "name": "edge.24-10-21", "url": "/docs/changelog/edge.24-10-21", "json_url": "/docs/changelog/edge.24-10-21.json", "llm_txt_url": "/docs/changelog/edge.24-10-21/llm.txt", "summary": "Improves Karpenter node size management with instance type anti-affinity and maximum size limits, fixes EBS volume mount performance, and addresses issues with Cilium memory limits and Ingress NGINX on large CPU nodes.", "skip": false, "on_upgrade_path": false, "highlights": [ "`instance_type_spread_required` renamed to `instance_type_anti_affinity_required` in all submodules", "New `max_node_memory_mb` and `max_node_cpu` limits in `kube_karpenter_node_pools` (defaults: 64GB/32 CPUs)", "Fixed slow EBS PV mount times — fix applies to new PVs only" ], "change_counts": { "breaking_change": 2, "fix": 4 } }, { "id": "edge.24-10-23", "name": "edge.24-10-23", "url": "/docs/changelog/edge.24-10-23", "json_url": "/docs/changelog/edge.24-10-23.json", "llm_txt_url": "/docs/changelog/edge.24-10-23/llm.txt", "summary": "Updates minimum Nix version requirement, dramatically improves module download efficiency, adds S3 public website hosting capabilities, enhances CloudFront CDN functionality, and fixes ECR Helm chart authentication.", "skip": false, "on_upgrade_path": false, "highlights": [ "Minimum Nix version bumped to >= 2.23 — a check is now enforced in `.envrc`", "Panfactum modules now downloaded as gzipped tarballs — 90%+ bandwidth reduction, dramatically faster init", "New [`aws_s3_public_website`](/docs/edge/reference/infrastructure-modules/submodule/aws/aws_s3_public_website) module for serving files from S3 via CloudFront" ], "change_counts": { "breaking_change": 1, "improvement": 1, "addition": 2, "fix": 2 } }, { "id": "edge.24-10-25", "name": "edge.24-10-25", "url": "/docs/changelog/edge.24-10-25", "json_url": "/docs/changelog/edge.24-10-25.json", "llm_txt_url": "/docs/changelog/edge.24-10-25/llm.txt", "summary": "Release contains a critical bug that can cause a complete cluster crash due to issues with the Kyverno policy engine. Skip this release and use edge.24-11-13 instead.", "skip": true, "on_upgrade_path": false, "highlights": [ "Skip this release — critical Kyverno bug can cause complete cluster crash. Use `edge.24-11-13` instead." ], "change_counts": {} }, { "id": "edge.24-11-13", "name": "edge.24-11-13", "url": "/docs/changelog/edge.24-11-13", "json_url": "/docs/changelog/edge.24-11-13.json", "llm_txt_url": "/docs/changelog/edge.24-11-13/llm.txt", "summary": "Introduces Kyverno policy engine as a core component, replaces Fledged and Reflector with Kyverno-based alternatives, improves PostgreSQL autoscaling capabilities, and enhances pod scheduling with automatic ARM64 and spot instance tolerations.", "skip": false, "on_upgrade_path": true, "upgrade_instructions_url": "/docs/changelog/edge.24-11-13/upgrade", "highlights": [ "Kyverno policy engine added as a core Panfactum component — **must install before other modules work**", "`kube_fledged` and `kube_reflector` deprecated — must remove before upgrading to next version", "`pg_memory_mb` and `pg_cpu_millicores` replaced with min/max VPA inputs in `kube_pg_cluster`", "All pods now automatically tolerate arm64 and spot node taints cluster-wide" ], "change_counts": { "breaking_change": 5, "addition": 1, "improvement": 2, "fix": 2 } }, { "id": "edge.24-12-05", "name": "edge.24-12-05", "url": "/docs/changelog/edge.24-12-05", "json_url": "/docs/changelog/edge.24-12-05.json", "llm_txt_url": "/docs/changelog/edge.24-12-05/llm.txt", "summary": "Major Linkerd upgrade that improves security and startup times, replaces NATS backend for Argo EventBus, and adds support for NATS Jetstream message broker along with numerous improvements to node image caching and AWS EKS features.", "skip": false, "on_upgrade_path": true, "upgrade_instructions_url": "/docs/changelog/edge.24-12-05/upgrade", "highlights": [ "Major Linkerd upgrade — removes privileged `proxy-init` container, reduces pod startup by 5-20s", "NATS backend for `kube_argo_event_bus` replaced with [`kube_nats`](/docs/edge/reference/infrastructure-modules/submodule/kubernetes/kube_nats) — EventBus deletion required", "`kube_fledged` and `kube_reflector` removed (deprecated in `edge.24-11-13`)", "Must update modules in specific order — see upgrade instructions" ], "change_counts": { "breaking_change": 4, "addition": 4, "improvement": 1, "fix": 3 } }, { "id": "edge.24-12-10", "name": "edge.24-12-10", "url": "/docs/changelog/edge.24-12-10", "json_url": "/docs/changelog/edge.24-12-10.json", "llm_txt_url": "/docs/changelog/edge.24-12-10/llm.txt", "summary": "Changes TLS certificate provisioning architecture to avoid rate limits on large clusters, adds backwards compatibility for EKS cluster creator privileges, and improves Authentik stability during PostgreSQL failovers.", "skip": false, "on_upgrade_path": true, "upgrade_instructions_url": "/docs/changelog/edge.24-12-10/upgrade", "highlights": [ "TLS certificate provisioning architecture changed — must upgrade `kube_cert_issuers` then `kube_ingress_nginx` in order", "New `bootstrap_cluster_creator_admin_privileges` input in `aws_eks` for backwards compatibility" ], "change_counts": { "breaking_change": 1, "fix": 2 } }, { "id": "edge.24-12-11", "name": "edge.24-12-11", "url": "/docs/changelog/edge.24-12-11", "json_url": "/docs/changelog/edge.24-12-11.json", "llm_txt_url": "/docs/changelog/edge.24-12-11/llm.txt", "summary": "Upgrades numerous core components including Kubernetes 1.30, Authentik 2024.6, Karpenter 1.1, and PostgreSQL 16.6, adds node EBS volume size configuration, and improves cluster recovery after disruptions.", "skip": false, "on_upgrade_path": true, "upgrade_instructions_url": "/docs/changelog/edge.24-12-11/upgrade", "highlights": [ "Kubernetes upgraded to 1.30, Authentik to 2024.6.4, Karpenter to 1.1, PostgreSQL to 16.6", "All Terraform provider versions upgraded — first-party IaC modules must update their provider versions", "New `node_ebs_volume_size_gb` input for `aws_eks` and `kube_karpenter_node_pools`" ], "change_counts": { "breaking_change": 2, "addition": 1, "fix": 1 } }, { "id": "edge.24-12-13", "name": "edge.24-12-13", "url": "/docs/changelog/edge.24-12-13", "json_url": "/docs/changelog/edge.24-12-13.json", "llm_txt_url": "/docs/changelog/edge.24-12-13/llm.txt", "summary": "Replaces kube_rbac with EKS access entries, consolidates priority classes into kube_policies, upgrades Authentik to 2024.8.2, and fixes Argo Workflows permissions and NATS connection issues.", "skip": false, "on_upgrade_path": true, "upgrade_instructions_url": "/docs/changelog/edge.24-12-13/upgrade", "highlights": [ "`kube_rbac` deprecated — destroy it after upgrading `aws_eks` which now uses EKS access entries", "`kube_priority_classes` consolidated into `kube_policies` — destroy it before upgrading `kube_policies`", "Provider versions updated: `pf` 0.0.4→0.0.5, `authentik` 2024.6.1→2024.8.4", "`eks_cluster_name` removed from most submodules — now resolved dynamically" ], "change_counts": { "breaking_change": 4, "improvement": 1, "fix": 3 } }, { "id": "edge.24-12-19", "name": "edge.24-12-19", "url": "/docs/changelog/edge.24-12-19", "json_url": "/docs/changelog/edge.24-12-19.json", "llm_txt_url": "/docs/changelog/edge.24-12-19/llm.txt", "summary": "Introduces SLA Target Levels for cost-to-availability tradeoffs, adds advanced path rewriting capabilities for ingress and CDN modules, improves support for private ECR repositories, and fixes several Redis and environment variable issues.", "skip": false, "on_upgrade_path": true, "upgrade_instructions_url": "/docs/changelog/edge.24-12-19/upgrade", "highlights": [ "New `sla_target` Terragrunt variable replaces `enhanced_ha_enabled` — controls cost-to-availability tradeoff", "Provider version updated: `pf` 0.0.5→0.0.7", "New arbitrary path rewriting support in `kube_ingress`, `kube_aws_cdn`, `aws_cdn`, and `aws_s3_public_website`", "`wf_dockerfile_build` now supports private ECR base images" ], "change_counts": { "breaking_change": 2, "addition": 4, "fix": 3 } }, { "id": "edge.25-01-04", "name": "edge.25-01-04", "url": "/docs/changelog/edge.25-01-04", "json_url": "/docs/changelog/edge.25-01-04.json", "llm_txt_url": "/docs/changelog/edge.25-01-04/llm.txt", "summary": "Adds Grist spreadsheet module, introduces alternative AWS credential management, supports voluntary disruption windows, and fixes critical Kyverno cluster deadlock and Cilium deployment issues.", "skip": false, "on_upgrade_path": true, "upgrade_instructions_url": "/docs/changelog/edge.25-01-04/upgrade", "highlights": [ "Apply `vault_auth_oidc` before any other module — required ordering for this release", "`kube_rbac` and `kube_priority_classes` removed — remove deployments before applying", "New [`kube_grist`](/docs/edge/reference/infrastructure-modules/direct/kubernetes/kube_grist) module for deploying Grist spreadsheets", "Fixed critical Kyverno cluster deadlock that required manual intervention" ], "change_counts": { "breaking_change": 2, "addition": 3, "fix": 5 } }, { "id": "edge.25-01-09", "name": "edge.25-01-09", "url": "/docs/changelog/edge.25-01-09", "json_url": "/docs/changelog/edge.25-01-09.json", "llm_txt_url": "/docs/changelog/edge.25-01-09/llm.txt", "summary": "Adds cluster-wide environment variable injection capability, pins Bottlerocket OS AMIs to prevent node crashes from unexpected AWS updates, and fixes EKS module conditions for low SLA targets.", "skip": false, "on_upgrade_path": false, "highlights": [ "New `common_env` and `common_secrets` inputs in `kube_policies` for cluster-wide environment variable injection", "Bottlerocket OS AMIs now pinned to prevent unexpected node crashes from AWS AMI updates" ], "change_counts": { "addition": 1, "fix": 2 } }, { "id": "edge.25-02-07", "name": "edge.25-02-07", "url": "/docs/changelog/edge.25-02-07", "json_url": "/docs/changelog/edge.25-02-07.json", "llm_txt_url": "/docs/changelog/edge.25-02-07/llm.txt", "summary": "Contains a VPA CRD bug that affects upgrades - skip this release. Improves VPA pod eviction policies, adds PostgreSQL CPU update thresholds to prevent autoscaling thrash, and fixes several deployment issues.", "skip": true, "on_upgrade_path": false, "highlights": [ "Skip this release — VPA CRD bug makes upgrading to the next release difficult without manual intervention" ], "change_counts": { "improvement": 2, "addition": 1, "fix": 4 } }, { "id": "edge.25-02-10", "name": "edge.25-02-10", "url": "/docs/changelog/edge.25-02-10", "json_url": "/docs/changelog/edge.25-02-10.json", "llm_txt_url": "/docs/changelog/edge.25-02-10/llm.txt", "summary": "Adds wait options to speed up deployments, fixes VPA CRD management issues, ensures bastion high availability with two replicas, and resolves policy deployment conflicts during bootstrapping.", "skip": false, "on_upgrade_path": true, "upgrade_instructions_url": "/docs/changelog/edge.25-02-10/upgrade", "highlights": [ "Apply `kube_vpa` before any other module — required ordering for this release", "New `wait` input on Kubernetes modules — set to `false` to skip readiness checks for faster deploys", "`kube_bastion` now always uses two replicas for immediate tunnel reconnection" ], "change_counts": { "breaking_change": 1, "addition": 1, "fix": 3 } }, { "id": "edge.25-02-18", "name": "edge.25-02-18", "url": "/docs/changelog/edge.25-02-18", "json_url": "/docs/changelog/edge.25-02-18.json", "llm_txt_url": "/docs/changelog/edge.25-02-18/llm.txt", "summary": "Contains CI/CD pipeline issues (fixed in next release). Improves provider metadata handling, fixes version pinning in first-party modules, properly respects external replica changes, and resolves cert-manager webhook configuration.", "skip": true, "on_upgrade_path": false, "highlights": [ "Skip this release — causes issues in CI/CD pipelines for IaC deployments (resolved in next release)" ], "change_counts": { "fix": 4 } }, { "id": "edge.25-02-21", "name": "edge.25-02-21", "url": "/docs/changelog/edge.25-02-21", "json_url": "/docs/changelog/edge.25-02-21.json", "llm_txt_url": "/docs/changelog/edge.25-02-21/llm.txt", "summary": "Adds private git repository support for first-party modules, enables cluster-wide pod labels and annotations, improves DaemonSet update performance, and fixes CI/CD pipeline and region configuration issues.", "skip": false, "on_upgrade_path": false, "highlights": [ "First-party IaC modules now support private git repositories via `GIT_USERNAME`/`GIT_PASSWORD` env vars", "New `common_pod_labels` and `common_pod_annotations` inputs in `kube_policies` for cluster-wide pod metadata", "DaemonSet updates now take constant time (previously scaled with node count, causing timeouts)" ], "change_counts": { "addition": 2, "fix": 4 } }, { "id": "edge.25-02-28", "name": "edge.25-02-28", "url": "/docs/changelog/edge.25-02-28", "json_url": "/docs/changelog/edge.25-02-28.json", "llm_txt_url": "/docs/changelog/edge.25-02-28/llm.txt", "summary": "Adds SSO modules for MongoDB Atlas and GitHub, enhances PostgreSQL WAL retention and S3 access configuration, enables node-local image caching by default, and fixes Argo event source service account issues.", "skip": false, "on_upgrade_path": false, "highlights": [ "New [`authentik_atlas_mongodb_sso`](/docs/edge/reference/infrastructure-modules/direct/authentik/authentik_mongodb_atlas_sso) and [`authentik_github_sso`](/docs/edge/reference/infrastructure-modules/direct/authentik/authentik_github_sso) SSO modules", "Node-local image caching now enabled by default in Panfactum submodules", "New `pg_wal_keep_size_gb` and `s3_bucket_access_policy` inputs for `kube_pg_cluster`" ], "change_counts": { "addition": 3, "improvement": 1, "fix": 1 } }, { "id": "edge.25-03-04", "name": "edge.25-03-04", "url": "/docs/changelog/edge.25-03-04", "json_url": "/docs/changelog/edge.25-03-04.json", "llm_txt_url": "/docs/changelog/edge.25-03-04/llm.txt", "summary": "Prevents unnecessary MongoDB provider generation and fixes certificate issuers to properly use Cloudflare zones when creating TLS certificates.", "skip": false, "on_upgrade_path": false, "highlights": [ "Fixed `kube_cert_issuer` to correctly use `cloudflare_zones` input when generating certificates" ], "change_counts": { "fix": 2 } }, { "id": "edge.25-03-26", "name": "edge.25-03-26", "url": "/docs/changelog/edge.25-03-26", "json_url": "/docs/changelog/edge.25-03-26.json", "llm_txt_url": "/docs/changelog/edge.25-03-26/llm.txt", "summary": "Separates burstable and spot instance options, improves PostgreSQL backup performance 100x with explicit backup directories, adds automatic PV garbage collection, and enhances Node.js applications with automatic memory limit configuration.", "skip": false, "on_upgrade_path": true, "upgrade_instructions_url": "/docs/changelog/edge.25-03-26/upgrade", "highlights": [ "`burstable_nodes_enabled` no longer implies spot — must now set `spot_nodes_enabled = true` explicitly", "PostgreSQL backup directory is now explicit via `pg_backup_directory` — set this to preserve existing backups", "PostgreSQL backup throughput improved 100x", "Automatic garbage collection of orphaned persistent volumes via `kube_policies`", "Node.js heap size now automatically configured from container memory limits" ], "change_counts": { "breaking_change": 2, "addition": 8, "fix": 3 } }, { "id": "edge.25-04-03", "name": "edge.25-04-03", "url": "/docs/changelog/edge.25-04-03", "json_url": "/docs/changelog/edge.25-04-03.json", "llm_txt_url": "/docs/changelog/edge.25-04-03/llm.txt", "summary": "Improves Argo Events and NATS messaging reliability, adds JetStream configuration options, enables single-platform Docker builds with skipping for existing images, and adds PostgreSQL recovery from alternate backup buckets.", "skip": false, "on_upgrade_path": true, "branch": "stable.25-04", "highlights": [ "Event stream replication fixed in `kube_argo_event_bus` — events now properly replicated across all NATS servers", "Fixed NATS ACK bug that could prevent event publishing entirely", "New single-platform image support and skip-if-exists logic in `wf_dockerfile_build`", "New `min_node_cpu` input for `kube_karpenter_node_pools`" ], "change_counts": { "improvement": 1, "addition": 5, "fix": 6 } }, { "id": "edge.26-04-05", "name": "edge.26-04-05", "url": "/docs/changelog/edge.26-04-05", "json_url": "/docs/changelog/edge.26-04-05.json", "llm_txt_url": "/docs/changelog/edge.26-04-05/llm.txt", "summary": "Launches the new `pf` CLI with guided wizards for environment, cluster, domain, and SSO provisioning, upgrades Kubernetes to 1.33 and AWS provider to 6.x, migrates legacy devshell scripts to TypeScript, and consolidates several IaC modules.", "skip": false, "on_upgrade_path": true, "upgrade_instructions_url": "/docs/changelog/edge.26-04-05/upgrade", "highlights": [ "New `pf` CLI tool with guided installers — `pf env add`, `pf cluster add`, `pf domain add`, and `pf sso add` automate end-to-end infrastructure provisioning", "`kube_cert_manager` and `kube_cert_issuers` consolidated into `kube_certificates` — state migration required", "Kubernetes default upgraded to 1.33 — review the [K8s 1.33 changelog](https://kubernetes.io/blog/2025/04/23/kubernetes-v1-33-release/) for deprecated APIs", "Node image cache modules (`kube_node_image_cache`, `kube_node_image_cache_controller`) removed — destroy existing deployments before upgrading", "Legacy bash devshell scripts migrated to `pf` subcommands — IaC modules now call `pf buildkit`, `pf wf`, and `pf kube` commands", "OpenTofu upgraded to 1.9.1 and AWS provider to 6.x — re-apply all modules after upgrading", "KEDA added to base cluster — deploy [`kube_keda`](/docs/main/reference/infrastructure-modules/direct/kubernetes/kube_keda) before applying other modules" ], "change_counts": { "breaking_change": 22, "addition": 28, "improvement": 36, "fix": 90, "update": 9 } } ] }