Edge Release List

Introduces SLA Target Levels for cost-to-availability tradeoffs, adds advanced path rewriting capabilities for ingress and CDN modules, improves support for private ECR repositories, and fixes several Redis and environment variable issues.

• New sla_target Terragrunt variable replaces enhanced_ha_enabled — controls cost-to-availability tradeoff
• Provider version updated: pf 0.0.5→0.0.7
• New arbitrary path rewriting support in kube_ingress, kube_aws_cdn, aws_cdn, and aws_s3_public_website
• wf_dockerfile_build now supports private ECR base images

Replaces kube_rbac with EKS access entries, consolidates priority classes into kube_policies, upgrades Authentik to 2024.8.2, and fixes Argo Workflows permissions and NATS connection issues.

• kube_rbac deprecated — destroy it after upgrading aws_eks which now uses EKS access entries
• kube_priority_classes consolidated into kube_policies — destroy it before upgrading kube_policies
• Provider versions updated: pf 0.0.4→0.0.5, authentik 2024.6.1→2024.8.4
• eks_cluster_name removed from most submodules — now resolved dynamically

Upgrades numerous core components including Kubernetes 1.30, Authentik 2024.6, Karpenter 1.1, and PostgreSQL 16.6, adds node EBS volume size configuration, and improves cluster recovery after disruptions.

• Kubernetes upgraded to 1.30, Authentik to 2024.6.4, Karpenter to 1.1, PostgreSQL to 16.6
• All Terraform provider versions upgraded — first-party IaC modules must update their provider versions
• New node_ebs_volume_size_gb input for aws_eks and kube_karpenter_node_pools

Changes TLS certificate provisioning architecture to avoid rate limits on large clusters, adds backwards compatibility for EKS cluster creator privileges, and improves Authentik stability during PostgreSQL failovers.

• TLS certificate provisioning architecture changed — must upgrade kube_cert_issuers then kube_ingress_nginx in order
• New bootstrap_cluster_creator_admin_privileges input in aws_eks for backwards compatibility

Major Linkerd upgrade that improves security and startup times, replaces NATS backend for Argo EventBus, and adds support for NATS Jetstream message broker along with numerous improvements to node image caching and AWS EKS features.

• Major Linkerd upgrade — removes privileged proxy-init container, reduces pod startup by 5-20s
• NATS backend for kube_argo_event_bus replaced with kube_nats — EventBus deletion required
• kube_fledged and kube_reflector removed (deprecated in edge.24-11-13)
• Must update modules in specific order — see upgrade instructions

Introduces Kyverno policy engine as a core component, replaces Fledged and Reflector with Kyverno-based alternatives, improves PostgreSQL autoscaling capabilities, and enhances pod scheduling with automatic ARM64 and spot instance tolerations.

• Kyverno policy engine added as a core Panfactum component — must install before other modules work
• kube_fledged and kube_reflector deprecated — must remove before upgrading to next version
• pg_memory_mb and pg_cpu_millicores replaced with min/max VPA inputs in kube_pg_cluster
• All pods now automatically tolerate arm64 and spot node taints cluster-wide

Replaces devenv with plain nix flakes for significantly improved performance, upgrades Cilium and AWS EBS CSI drivers, adds CDN support for core components, and fixes various resource utilization and git-related issues.

• devenv replaced with plain nix flakes — macOS initial install now ~5 minutes (down from 45+)
• pf-get-version-hash renamed to pf-get-commit-hash with updated argument format
• pgadmin4 removed from devShell — choose your own database client
• Cilium upgraded to v1.16.3 — 75MB per-node memory reduction