Edge Release List

Releases marked with this icon are on the upgrade path and include upgrade instructions you should follow.

edge.24-10-15

Upgrade Instructions

Introduces the Panfactum provider to greatly simplify module development, upgrades to OpenTofu v1.8, adds CDN capabilities with CloudFront integration, and significantly improves DNS and ingress routing configuration.

  • New Panfactum provider eliminates boilerplate in first-party modules
  • OpenTofu upgraded to v1.8 — variables now supported in module source fields
  • New kube_aws_cdn and aws_cdn modules for CloudFront CDN
  • kube_ingress domains moved to top-level and rewrite_rules replaced with redirect_rules

edge.24-10-09

Adds support for local Stack module development, loosens git provider requirements, makes environment bootstrapping idempotent, and fixes EKS bootstrap mode and installation issues.

  • New pf_stack_local_path Terragrunt variable for testing local Panfactum module changes
  • pf-env-bootstrap is now idempotent — safe to re-run if it fails midway

edge.24-09-30

Adds self-hosted GitHub Action runners addon and EKS cluster suspend/resume commands, while fixing voluntary disruption window namespace limitations.

  • New GitHub Action runners addon for self-hosted CI
  • New pf-eks-suspend and pf-eks-resume commands for cluster lifecycle management
  • Fixed disruption windows to work in all namespaces (previously only worked in argo)

edge.24-09-12

Upgrade Instructions

Replaces Secrets CSI with Vault Secrets Operator for better security and performance, renames credential outputs for clarity, improves Terragrunt provider management, and adds support for sourcing environment variables from ConfigMaps and Secrets.

  • kube_secrets_csi deprecated and should be removed — saves ~150MB memory per node
  • pf-providers-enable renamed to pf-tf-init with expanded functionality
  • Credential outputs renamed: superuser_username/passwordroot_username/password in kube_pg_cluster and kube_redis_sentinel
  • Provider configuration no longer needs to be manually enabled via module.yaml

edge.24-09-10

Upgrade Instructions

Updates Karpenter CRD specification requiring manual intervention during upgrade, restructures ports configuration in workload modules, adds Kubernetes Service submodule, and fixes PostgreSQL credential access issues.

  • Karpenter CRD update requires manual state manipulation — see upgrade instructions
  • ports input moved to container-level in kube_deployment and kube_stateful_set
  • New kube_service submodule for optimized Kubernetes Services

edge.24-09-04

Upgrade Instructions

Standardizes naming conventions across modules, enables core Panfactum features by default, improves node scheduling with controller taints, and fixes EBS volume detachment issues to prevent pod rescheduling delays.

  • Extensive variable renames in workload submodules — ready_check_*readiness_probe_*, image/image_version split, and more
  • Core features (spot_nodes_enabled, arm_nodes_enabled, vpa_enabled, panfactum_scheduler_enabled) now enabled by default
  • EKS Node Group nodes now tainted with controller=true:NoSchedule — add controller_nodes_enabled where needed
  • Remove BuildKit StatefulSets before applying this release

edge.24-08-27

Makes S3 backups mandatory for PostgreSQL clusters, adds native database restoration capabilities, creates immediate base backups for new databases, and fixes failover disruption issues.

  • S3 backups are now mandatory for kube_pg_cluster — the ability to disable them has been removed
  • Added native backup restoration support to kube_pg_cluster
  • New databases now get an immediate base backup on creation

edge.24-08-24

Improves Authentik stability by preventing deployment failures during initial creation and eliminating downtime during database failovers.

  • Fixed authentik_core_resources first-create deployment failure
  • Authentik no longer experiences downtime during database failover events

edge.24-08-23

Fixes PgBouncer permission issues when creating new PostgreSQL clusters.

  • Fixed PgBouncer permissions on new PostgreSQL cluster creation

edge.24-08-22

Improves Redis persistence strategy for faster recovery, adds disruption window controller for scheduling maintenance periods, introduces PostgreSQL synchronous replication, and enhances Velero backup reliability.

  • Redis AOF persistence removed in favor of RDB-only — faster recovery, redis_appendfsync input removed
  • token_lifetime_seconds renamed to token_lifetime_hours in vault_auth_oidc
  • New kube_disruption_window_controller for time-based maintenance windows
  • New pg_sync_replication_enabled input for PostgreSQL synchronous replication
← Previous 1 2 3 4 5 Next →