From 3b778c25b1cf162f823534735582538c0c6ad49d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 5 Jun 2023 19:36:34 +0000 Subject: [PATCH 01/51] feat(charts): update helm release kong to v2.23.0 (#2068) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index e03dfff5b..428feda8a 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -54,7 +54,7 @@ dependencies: version: 2.10.2 repository: https://kedacore.github.io/charts - name: kong - version: 2.22.0 + version: 2.23.0 repository: https://charts.konghq.com - name: kube-prometheus-stack version: 46.6.0 From fdab6d8cb241ec0d8a7fd8827217c8e662deebff Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 6 Jun 2023 10:14:20 +0000 Subject: [PATCH 02/51] feat(charts): update helm release traefik to v23.1.0 (#2069) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 428feda8a..da4f80a9a 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -105,7 +105,7 @@ dependencies: version: v3.26.0 repository: https://docs.projectcalico.org/charts - name: traefik - version: 23.0.1 + version: 23.1.0 repository: https://helm.traefik.io/traefik - name: memcached version: 6.5.2 From e089e895423dc0ac3d5d89858e9d46217cd20eab Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 6 Jun 2023 14:58:07 +0000 Subject: [PATCH 03/51] fix(charts): update helm release loki to v5.6.2 (#2070) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index da4f80a9a..c4370e4ab 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -72,7 +72,7 @@ dependencies: version: 30.8.4 repository: https://helm.linkerd.io/stable - name: loki - version: 5.6.1 + version: 5.6.2 repository: https://grafana.github.io/helm-charts - name: promtail version: 6.11.2 From f52b00a7a1724cf96f89da12ff5d9ede065e2c7a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 7 Jun 2023 16:57:38 +0000 Subject: [PATCH 04/51] fix(charts): update helm release loki to v5.6.3 (#2071) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index c4370e4ab..60492a0d9 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -72,7 +72,7 @@ dependencies: version: 30.8.4 repository: https://helm.linkerd.io/stable - name: loki - version: 5.6.2 + version: 5.6.3 repository: https://grafana.github.io/helm-charts - name: promtail version: 6.11.2 From 3baf8ecc5410f5ef0469472ee62dad9147c0f833 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 7 Jun 2023 20:40:38 +0000 Subject: [PATCH 05/51] feat(charts): update helm release kube-prometheus-stack to v46.7.0 (#2073) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 60492a0d9..24fad73e6 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -57,7 +57,7 @@ dependencies: version: 2.23.0 repository: https://charts.konghq.com - name: kube-prometheus-stack - version: 46.6.0 + version: 46.7.0 repository: https://prometheus-community.github.io/helm-charts - name: linkerd2-cni version: 30.8.3 From 170d26f123c140cb09f39d28ca70850655f7ed17 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 7 Jun 2023 20:43:05 +0000 Subject: [PATCH 06/51] feat(charts): update helm release external-dns to v1.13.0 (#2072) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 24fad73e6..45da309c9 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -33,7 +33,7 @@ dependencies: version: 9.29.0 repository: https://kubernetes.github.io/autoscaler - name: external-dns - version: 1.12.2 + version: 1.13.0 repository: https://kubernetes-sigs.github.io/external-dns/ - name: flux version: 1.13.3 From c29dba6dcbdacee021cbdafd7d87a66739e26875 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 8 Jun 2023 03:38:34 +0000 Subject: [PATCH 07/51] fix(charts): update helm release promtail to v6.11.3 (#2074) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 45da309c9..79123c0e2 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -75,7 +75,7 @@ dependencies: version: 5.6.3 repository: https://grafana.github.io/helm-charts - name: promtail - version: 6.11.2 + version: 6.11.3 repository: https://grafana.github.io/helm-charts - name: metrics-server version: 3.10.0 From be5fa2f1e9655fb1de6cfe7f251df8fc1378f131 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 8 Jun 2023 06:56:28 +0000 Subject: [PATCH 08/51] fix(charts): update helm release velero to v4.0.3 (#2075) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 79123c0e2..0d3cafa8f 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -111,7 +111,7 @@ dependencies: version: 6.5.2 repository: https://charts.bitnami.com/bitnami - name: velero - version: 4.0.2 + version: 4.0.3 repository: https://vmware-tanzu.github.io/helm-charts - name: victoria-metrics-k8s-stack version: 0.16.3 From 4fcff00af44b596993e6616598917c82d04a73d8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 8 Jun 2023 11:44:15 +0000 Subject: [PATCH 09/51] fix(charts): update helm release loki to v5.6.4 (#2076) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 0d3cafa8f..e6881138c 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -72,7 +72,7 @@ dependencies: version: 30.8.4 repository: https://helm.linkerd.io/stable - name: loki - version: 5.6.3 + version: 5.6.4 repository: https://grafana.github.io/helm-charts - name: promtail version: 6.11.3 From 7af66d8d8a6f1f1ad60815a13d86575229d0d5ae Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 8 Jun 2023 11:46:57 +0000 Subject: [PATCH 10/51] feat(charts): update helm release prometheus-blackbox-exporter to v7.10.0 (#2078) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index e6881138c..e85ca1f8e 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -90,7 +90,7 @@ dependencies: version: 0.25.0 repository: https://prometheus-community.github.io/helm-charts - name: prometheus-blackbox-exporter - version: 7.9.0 + version: 7.10.0 repository: https://prometheus-community.github.io/helm-charts - name: scaleway-webhook version: v0.0.1 From 6faaf9c392e4f050cc83100760c126788d8f8a98 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 8 Jun 2023 11:49:26 +0000 Subject: [PATCH 11/51] feat(charts): update helm release kube-prometheus-stack to v46.8.0 (#2077) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index e85ca1f8e..e4990588b 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -57,7 +57,7 @@ dependencies: version: 2.23.0 repository: https://charts.konghq.com - name: kube-prometheus-stack - version: 46.7.0 + version: 46.8.0 repository: https://prometheus-community.github.io/helm-charts - name: linkerd2-cni version: 30.8.3 From 62d44b7e4da21243b853e73b386bbdb8146eef8d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 9 Jun 2023 00:52:17 +0000 Subject: [PATCH 12/51] fix(charts): update helm release aws-efs-csi-driver to v2.4.5 (#2079) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index e4990588b..6dd934e6f 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -12,7 +12,7 @@ dependencies: version: 2.19.0 repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver - name: aws-efs-csi-driver - version: 2.4.4 + version: 2.4.5 repository: https://kubernetes-sigs.github.io/aws-efs-csi-driver - name: aws-for-fluent-bit version: 0.1.24 From f00db068c567c4c260456a99da6be1c52a58886d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 14 Jun 2023 12:11:25 +0000 Subject: [PATCH 13/51] fix(charts): update helm release cluster-autoscaler to v9.29.1 (#2080) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 6dd934e6f..9e76470e6 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -30,7 +30,7 @@ dependencies: version: v0.5.0 repository: https://charts.jetstack.io - name: cluster-autoscaler - version: 9.29.0 + version: 9.29.1 repository: https://kubernetes.github.io/autoscaler - name: external-dns version: 1.13.0 From 3773ae653efbc63c65da5737b9e91b18c0e0ff3f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 14 Jun 2023 12:13:52 +0000 Subject: [PATCH 14/51] feat(charts): update helm release loki to v5.8.0 (#2084) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 9e76470e6..1cae20f9f 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -72,7 +72,7 @@ dependencies: version: 30.8.4 repository: https://helm.linkerd.io/stable - name: loki - version: 5.6.4 + version: 5.8.0 repository: https://grafana.github.io/helm-charts - name: promtail version: 6.11.3 From 7c7af9a0bead5b00367c1652b6daf745e2ce5942 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 14 Jun 2023 12:16:12 +0000 Subject: [PATCH 15/51] fix(charts): update helm release thanos to v12.6.3 (#2082) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 1cae20f9f..011c16d6b 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -99,7 +99,7 @@ dependencies: version: 2.9.0 repository: https://bitnami-labs.github.io/sealed-secrets - name: thanos - version: 12.6.2 + version: 12.6.3 repository: https://charts.bitnami.com/bitnami - name: tigera-operator version: v3.26.0 From 9a1efa9fe6125285410445645a77b8882ebd6aea Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 14 Jun 2023 12:18:57 +0000 Subject: [PATCH 16/51] fix(charts): update helm release secrets-store-csi-driver to v1.3.4 (#2081) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 011c16d6b..09e6d041e 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -6,7 +6,7 @@ dependencies: version: 0.13.2 repository: https://charts.admiralty.io - name: secrets-store-csi-driver - version: 1.3.3 + version: 1.3.4 repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts - name: aws-ebs-csi-driver version: 2.19.0 From 316c432e4c1782661d136e606df9ed0a8741ac7a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 14 Jun 2023 12:21:52 +0000 Subject: [PATCH 17/51] fix(charts): update karpenter docker tag to v0.27.6 (#2083) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 09e6d041e..8f85f3594 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -48,7 +48,7 @@ dependencies: version: 1.7.2 repository: https://charts.helm.sh/stable - name: karpenter - version: v0.27.5 + version: v0.27.6 repository: oci://public.ecr.aws/karpenter - name: keda version: 2.10.2 From 6280dff5194337504c516ea1e041ab595f41bc54 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 15 Jun 2023 01:48:05 +0000 Subject: [PATCH 18/51] feat(charts): update karpenter docker tag to v0.28.0 (#2085) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 8f85f3594..d2588f285 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -48,7 +48,7 @@ dependencies: version: 1.7.2 repository: https://charts.helm.sh/stable - name: karpenter - version: v0.27.6 + version: v0.28.0 repository: oci://public.ecr.aws/karpenter - name: keda version: 2.10.2 From 30b739d29b4903f5dca7faf8c46de0fe82c3e02e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 15 Jun 2023 15:03:33 +0000 Subject: [PATCH 19/51] feat(charts): update helm release sealed-secrets to v2.10.0 (#2086) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index d2588f285..473ba0132 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -96,7 +96,7 @@ dependencies: version: v0.0.1 repository: https://particuleio.github.io/charts - name: sealed-secrets - version: 2.9.0 + version: 2.10.0 repository: https://bitnami-labs.github.io/sealed-secrets - name: thanos version: 12.6.3 From f14ced4298a4bb610ff61e96f1f791184149acbb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 15 Jun 2023 21:52:59 +0000 Subject: [PATCH 20/51] fix(charts): update helm release aws-for-fluent-bit to v0.1.25 (#2088) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 473ba0132..e8287fde2 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -15,7 +15,7 @@ dependencies: version: 2.4.5 repository: https://kubernetes-sigs.github.io/aws-efs-csi-driver - name: aws-for-fluent-bit - version: 0.1.24 + version: 0.1.25 repository: https://aws.github.io/eks-charts - name: aws-load-balancer-controller version: 1.5.3 From 97cc4f11cff00d33ac3d2882229aff79ee68da45 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 16 Jun 2023 06:29:20 +0000 Subject: [PATCH 21/51] fix(charts): update helm release memcached to v6.5.3 (#2089) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index e8287fde2..e34740777 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -108,7 +108,7 @@ dependencies: version: 23.1.0 repository: https://helm.traefik.io/traefik - name: memcached - version: 6.5.2 + version: 6.5.3 repository: https://charts.bitnami.com/bitnami - name: velero version: 4.0.3 From 72165050ac765cfd7388f1a39ad9c7651aaeaea4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 16 Jun 2023 13:07:47 +0000 Subject: [PATCH 22/51] fix(charts): update helm release prometheus-cloudwatch-exporter to v0.25.1 (#2090) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index e34740777..5d701e54a 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -87,7 +87,7 @@ dependencies: version: 4.2.0 repository: https://prometheus-community.github.io/helm-charts - name: prometheus-cloudwatch-exporter - version: 0.25.0 + version: 0.25.1 repository: https://prometheus-community.github.io/helm-charts - name: prometheus-blackbox-exporter version: 7.10.0 From 6675462eb61adeceafd3c764d24711a9d6f3184e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 16 Jun 2023 17:25:05 +0000 Subject: [PATCH 23/51] fix(charts): update helm release cert-manager to v1.12.2 (#2091) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 5d701e54a..3a8073606 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -24,7 +24,7 @@ dependencies: version: 0.21.0 repository: https://aws.github.io/eks-charts - name: cert-manager - version: v1.12.1 + version: v1.12.2 repository: https://charts.jetstack.io - name: cert-manager-csi-driver version: v0.5.0 From f9d2f9094954398ce971a843f59ff30ef2b2d5a4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 17 Jun 2023 21:29:11 +0000 Subject: [PATCH 24/51] fix(charts): update helm release tigera-operator to v3.26.1 (#2092) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 3a8073606..aa14a6922 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -102,7 +102,7 @@ dependencies: version: 12.6.3 repository: https://charts.bitnami.com/bitnami - name: tigera-operator - version: v3.26.0 + version: v3.26.1 repository: https://docs.projectcalico.org/charts - name: traefik version: 23.1.0 From 9877edee8fd12be3e0a402f6ca050b6eed3b5675 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 19 Jun 2023 02:05:11 +0000 Subject: [PATCH 25/51] fix(charts): update helm release aws-for-fluent-bit to v0.1.26 (#2093) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index aa14a6922..2f46b1487 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -15,7 +15,7 @@ dependencies: version: 2.4.5 repository: https://kubernetes-sigs.github.io/aws-efs-csi-driver - name: aws-for-fluent-bit - version: 0.1.25 + version: 0.1.26 repository: https://aws.github.io/eks-charts - name: aws-load-balancer-controller version: 1.5.3 From 50830ecc4670e3c134c59adb6f0aba9aa11c1ee4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 19 Jun 2023 17:45:39 +0000 Subject: [PATCH 26/51] feat(charts): update helm release thanos to v12.7.0 (#2094) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 2f46b1487..cb38be306 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -99,7 +99,7 @@ dependencies: version: 2.10.0 repository: https://bitnami-labs.github.io/sealed-secrets - name: thanos - version: 12.6.3 + version: 12.7.0 repository: https://charts.bitnami.com/bitnami - name: tigera-operator version: v3.26.1 From d2d380962a878dfdf863067fd6ceebf7663b9627 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 19 Jun 2023 22:13:48 +0000 Subject: [PATCH 27/51] fix(charts): update helm release aws-efs-csi-driver to v2.4.6 (#2095) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index cb38be306..c42a8afae 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -12,7 +12,7 @@ dependencies: version: 2.19.0 repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver - name: aws-efs-csi-driver - version: 2.4.5 + version: 2.4.6 repository: https://kubernetes-sigs.github.io/aws-efs-csi-driver - name: aws-for-fluent-bit version: 0.1.26 From 9ca909de53276f874d70c5a9c0b93c45d136709e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 20 Jun 2023 14:19:40 +0000 Subject: [PATCH 28/51] feat(charts): update helm release thanos to v12.8.0 (#2098) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index c42a8afae..24fc4110a 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -99,7 +99,7 @@ dependencies: version: 2.10.0 repository: https://bitnami-labs.github.io/sealed-secrets - name: thanos - version: 12.7.0 + version: 12.8.0 repository: https://charts.bitnami.com/bitnami - name: tigera-operator version: v3.26.1 From 7d031c1232b952ec102405002da4b75fe5a4dded Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 20 Jun 2023 14:22:20 +0000 Subject: [PATCH 29/51] fix(charts): update helm release loki to v5.8.1 (#2097) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 24fc4110a..722ded071 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -72,7 +72,7 @@ dependencies: version: 30.8.4 repository: https://helm.linkerd.io/stable - name: loki - version: 5.8.0 + version: 5.8.1 repository: https://grafana.github.io/helm-charts - name: promtail version: 6.11.3 From c4f1e3b8b76e621d4fbaaf2bcd83ffb40e2625ee Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 20 Jun 2023 18:01:54 +0000 Subject: [PATCH 30/51] fix(charts): update helm release loki to v5.8.2 (#2099) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 722ded071..85c8e3625 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -72,7 +72,7 @@ dependencies: version: 30.8.4 repository: https://helm.linkerd.io/stable - name: loki - version: 5.8.1 + version: 5.8.2 repository: https://grafana.github.io/helm-charts - name: promtail version: 6.11.3 From 3ca01760019943639c7330351ce5bd7f1169b07e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 20 Jun 2023 18:04:20 +0000 Subject: [PATCH 31/51] feat(charts): update helm release aws-ebs-csi-driver to v2.20.0 (#2100) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 85c8e3625..5aeb6a26d 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -9,7 +9,7 @@ dependencies: version: 1.3.4 repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts - name: aws-ebs-csi-driver - version: 2.19.0 + version: 2.20.0 repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver - name: aws-efs-csi-driver version: 2.4.6 From bdad753380844dccbc0cca0761018f6a18e9a9ba Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 21 Jun 2023 08:49:10 +0000 Subject: [PATCH 32/51] fix(charts): update helm release node-problem-detector to v2.3.5 (#2101) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 5aeb6a26d..8b5a8b092 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -81,7 +81,7 @@ dependencies: version: 3.10.0 repository: https://kubernetes-sigs.github.io/metrics-server/ - name: node-problem-detector - version: 2.3.4 + version: 2.3.5 repository: https://charts.deliveryhero.io/ - name: prometheus-adapter version: 4.2.0 From 04f958bd0faecfbaf13c77c49a3d86a5b9cb2255 Mon Sep 17 00:00:00 2001 From: Oleksii Morozenko Date: Wed, 21 Jun 2023 05:58:58 -0400 Subject: [PATCH 33/51] feat: Add optional role parameter for cert-manager add-on (#2087) * Add optional role for cert-manager addon Signed-off-by: Oleksii Morozenko * Add configuration option Signed-off-by: Oleksii Morozenko --------- Signed-off-by: Oleksii Morozenko Co-authored-by: Kevin Lefevre --- modules/aws/cert-manager.tf | 36 ++++++++++--------- .../cert-manager-cluster-issuers.yaml.tpl | 6 ++++ 2 files changed, 25 insertions(+), 17 deletions(-) diff --git a/modules/aws/cert-manager.tf b/modules/aws/cert-manager.tf index 215bcbe5c..74ae1bd33 100644 --- a/modules/aws/cert-manager.tf +++ b/modules/aws/cert-manager.tf @@ -3,23 +3,24 @@ locals { cert-manager = merge( local.helm_defaults, { - name = local.helm_dependencies[index(local.helm_dependencies.*.name, "cert-manager")].name - chart = local.helm_dependencies[index(local.helm_dependencies.*.name, "cert-manager")].name - repository = local.helm_dependencies[index(local.helm_dependencies.*.name, "cert-manager")].repository - chart_version = local.helm_dependencies[index(local.helm_dependencies.*.name, "cert-manager")].version - namespace = "cert-manager" - service_account_name = "cert-manager" - create_iam_resources_irsa = true - enabled = false - iam_policy_override = null - default_network_policy = true - acme_email = "contact@acme.com" - acme_http01_enabled = true - acme_http01_ingress_class = "nginx" - acme_dns01_enabled = true - allowed_cidrs = ["0.0.0.0/0"] - csi_driver = false - name_prefix = "${var.cluster-name}-cert-manager" + name = local.helm_dependencies[index(local.helm_dependencies.*.name, "cert-manager")].name + chart = local.helm_dependencies[index(local.helm_dependencies.*.name, "cert-manager")].name + repository = local.helm_dependencies[index(local.helm_dependencies.*.name, "cert-manager")].repository + chart_version = local.helm_dependencies[index(local.helm_dependencies.*.name, "cert-manager")].version + namespace = "cert-manager" + service_account_name = "cert-manager" + create_iam_resources_irsa = true + enabled = false + iam_policy_override = null + default_network_policy = true + acme_email = "contact@acme.com" + acme_http01_enabled = true + acme_http01_ingress_class = "nginx" + acme_dns01_enabled = true + cluster_issuer_assume_role_arn = "" + allowed_cidrs = ["0.0.0.0/0"] + csi_driver = false + name_prefix = "${var.cluster-name}-cert-manager" }, var.cert-manager ) @@ -151,6 +152,7 @@ data "kubectl_path_documents" "cert-manager_cluster_issuers" { acme_http01_enabled = local.cert-manager["acme_http01_enabled"] acme_http01_ingress_class = local.cert-manager["acme_http01_ingress_class"] acme_dns01_enabled = local.cert-manager["acme_dns01_enabled"] + role_arn = local.cert-manager["cluster_issuer_assume_role_arn"] } } diff --git a/modules/aws/templates/cert-manager-cluster-issuers.yaml.tpl b/modules/aws/templates/cert-manager-cluster-issuers.yaml.tpl index 3619a4a25..96905c871 100644 --- a/modules/aws/templates/cert-manager-cluster-issuers.yaml.tpl +++ b/modules/aws/templates/cert-manager-cluster-issuers.yaml.tpl @@ -14,6 +14,9 @@ spec: - dns01: route53: region: '${aws_region}' + %{ if role_arn != "" } + role: '${role_arn}' + %{ endif } %{ endif } %{ if acme_http01_enabled } - http01: @@ -41,6 +44,9 @@ spec: - dns01: route53: region: '${aws_region}' + %{ if role_arn != "" } + role: '${role_arn}' + %{ endif } %{ endif } %{ if acme_http01_enabled } - http01: From 7b339e8d5d43fe8ecf83a805154065a53e279e6b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 21 Jun 2023 10:01:45 +0000 Subject: [PATCH 34/51] feat(charts): update helm release kube-prometheus-stack to v47 (#2096) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 8b5a8b092..1f910208a 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -57,7 +57,7 @@ dependencies: version: 2.23.0 repository: https://charts.konghq.com - name: kube-prometheus-stack - version: 46.8.0 + version: 47.0.0 repository: https://prometheus-community.github.io/helm-charts - name: linkerd2-cni version: 30.8.3 From 6bae490c35ad605c0fe0d24a1704fb0c95f557bf Mon Sep 17 00:00:00 2001 From: rayanebel Date: Wed, 21 Jun 2023 14:59:56 +0200 Subject: [PATCH 35/51] feat: add cert-manager addons for google cloud (#2102) Signed-off-by: Rayane Bellazaar Co-authored-by: Rayane Bellazaar --- modules/google/README.md | 109 +++++++ modules/google/cert-manager.tf | 282 ++++++++++++++++++ modules/google/helm-dependencies.yaml | 1 + modules/google/locals.tf | 1 + modules/google/priority-class.tf | 1 + .../cert-manager-cluster-issuers.yaml.j2 | 66 ++++ modules/google/variables.tf | 1 + modules/google/versions.tf | 17 ++ 8 files changed, 478 insertions(+) create mode 100644 modules/google/README.md create mode 100644 modules/google/cert-manager.tf create mode 120000 modules/google/helm-dependencies.yaml create mode 120000 modules/google/locals.tf create mode 120000 modules/google/priority-class.tf create mode 100644 modules/google/templates/cert-manager-cluster-issuers.yaml.j2 create mode 120000 modules/google/variables.tf create mode 100644 modules/google/versions.tf diff --git a/modules/google/README.md b/modules/google/README.md new file mode 100644 index 000000000..421f8698c --- /dev/null +++ b/modules/google/README.md @@ -0,0 +1,109 @@ +# terraform-kubernetes-addons:google + +[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/terraform-kubernetes-addons) +[![terraform-kubernetes-addons](https://github.com/particuleio/terraform-kubernetes-addons/workflows/terraform-kubernetes-addons/badge.svg)](https://github.com/particuleio/terraform-kubernetes-addons/actions?query=workflow%3Aterraform-kubernetes-addons) + +## About + +Provides various addons that are often used on Kubernetes with Google and GKE. + +## Documentation + +User guides, feature documentation and examples are available [here](https://github.com/particuleio/tkap/) + +## Terraform docs + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.0 | +| [google](#requirement\_google) | >= 4.69 | +| [google-beta](#requirement\_google-beta) | >= 4.69 | +| [helm](#requirement\_helm) | ~> 2.0 | +| [jinja](#requirement\_jinja) | ~> 1.15 | +| [kubectl](#requirement\_kubectl) | ~> 1.0 | +| [kubernetes](#requirement\_kubernetes) | ~> 2.0, != 2.12 | + +## Providers + +| Name | Version | +|------|---------| +| [google](#provider\_google) | 4.70.0 | +| [helm](#provider\_helm) | 2.10.1 | +| [jinja](#provider\_jinja) | 1.15.0 | +| [kubectl](#provider\_kubectl) | 1.14.0 | +| [kubernetes](#provider\_kubernetes) | 2.21.1 | +| [time](#provider\_time) | 0.9.1 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [cert\_manager\_workload\_identity](#module\_cert\_manager\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> v26.1.1 | + +## Resources + +| Name | Type | +|------|------| +| [google_dns_managed_zone_iam_member.cert_manager_cloud_dns_iam_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_managed_zone_iam_member) | resource | +| [helm_release.cert-manager](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [kubectl_manifest.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | +| [kubernetes_namespace.cert-manager](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | +| [kubernetes_network_policy.cert-manager_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | +| [kubernetes_network_policy.cert-manager_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | +| [kubernetes_network_policy.cert-manager_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | +| [kubernetes_network_policy.cert-manager_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | +| [kubernetes_priority_class.kubernetes_addons](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/priority_class) | resource | +| [kubernetes_priority_class.kubernetes_addons_ds](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/priority_class) | resource | +| [time_sleep.cert-manager_sleep](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | +| [jinja_template.cert-manager_cluster_issuers](https://registry.terraform.io/providers/NikolaLohinski/jinja/latest/docs/data-sources/template) | data source | +| [kubectl_file_documents.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [admiralty](#input\_admiralty) | Customize admiralty chart, see `admiralty.tf` for supported values | `any` | `{}` | no | +| [cert-manager](#input\_cert-manager) | Customize cert-manager chart, see `cert-manager.tf` for supported values | `any` | `{}` | no | +| [cert-manager-csi-driver](#input\_cert-manager-csi-driver) | Customize cert-manager-csi-driver chart, see `cert-manager.tf` for supported values | `any` | `{}` | no | +| [cluster-autoscaler](#input\_cluster-autoscaler) | Customize cluster-autoscaler chart, see `cluster-autoscaler.tf` for supported values | `any` | `{}` | no | +| [cluster-name](#input\_cluster-name) | Name of the Kubernetes cluster | `string` | `"sample-cluster"` | no | +| [csi-external-snapshotter](#input\_csi-external-snapshotter) | Customize csi-external-snapshotter, see `csi-external-snapshotter.tf` for supported values | `any` | `{}` | no | +| [external-dns](#input\_external-dns) | Map of map for external-dns configuration: see `external_dns.tf` for supported values | `any` | `{}` | no | +| [flux2](#input\_flux2) | Customize Flux chart, see `flux2.tf` for supported values | `any` | `{}` | no | +| [helm\_defaults](#input\_helm\_defaults) | Customize default Helm behavior | `any` | `{}` | no | +| [ingress-nginx](#input\_ingress-nginx) | Customize ingress-nginx chart, see `nginx-ingress.tf` for supported values | `any` | `{}` | no | +| [k8gb](#input\_k8gb) | Customize k8gb chart, see `k8gb.tf` for supported values | `any` | `{}` | no | +| [karma](#input\_karma) | Customize karma chart, see `karma.tf` for supported values | `any` | `{}` | no | +| [keda](#input\_keda) | Customize keda chart, see `keda.tf` for supported values | `any` | `{}` | no | +| [kong](#input\_kong) | Customize kong-ingress chart, see `kong.tf` for supported values | `any` | `{}` | no | +| [kube-prometheus-stack](#input\_kube-prometheus-stack) | Customize kube-prometheus-stack chart, see `kube-prometheus-stack.tf` for supported values | `any` | `{}` | no | +| [labels\_prefix](#input\_labels\_prefix) | Custom label prefix used for network policy namespace matching | `string` | `"particule.io"` | no | +| [linkerd](#input\_linkerd) | Customize linkerd chart, see `linkerd.tf` for supported values | `any` | `{}` | no | +| [linkerd-viz](#input\_linkerd-viz) | Customize linkerd-viz chart, see `linkerd-viz.tf` for supported values | `any` | `{}` | no | +| [linkerd2](#input\_linkerd2) | Customize linkerd2 chart, see `linkerd2.tf` for supported values | `any` | `{}` | no | +| [linkerd2-cni](#input\_linkerd2-cni) | Customize linkerd2-cni chart, see `linkerd2-cni.tf` for supported values | `any` | `{}` | no | +| [loki-stack](#input\_loki-stack) | Customize loki-stack chart, see `loki-stack.tf` for supported values | `any` | `{}` | no | +| [metrics-server](#input\_metrics-server) | Customize metrics-server chart, see `metrics_server.tf` for supported values | `any` | `{}` | no | +| [npd](#input\_npd) | Customize node-problem-detector chart, see `npd.tf` for supported values | `any` | `{}` | no | +| [priority-class](#input\_priority-class) | Customize a priority class for addons | `any` | `{}` | no | +| [priority-class-ds](#input\_priority-class-ds) | Customize a priority class for addons daemonsets | `any` | `{}` | no | +| [prometheus-adapter](#input\_prometheus-adapter) | Customize prometheus-adapter chart, see `prometheus-adapter.tf` for supported values | `any` | `{}` | no | +| [prometheus-blackbox-exporter](#input\_prometheus-blackbox-exporter) | Customize prometheus-blackbox-exporter chart, see `prometheus-blackbox-exporter.tf` for supported values | `any` | `{}` | no | +| [promtail](#input\_promtail) | Customize promtail chart, see `loki-stack.tf` for supported values | `any` | `{}` | no | +| [sealed-secrets](#input\_sealed-secrets) | Customize sealed-secrets chart, see `sealed-secrets.tf` for supported values | `any` | `{}` | no | +| [secrets-store-csi-driver](#input\_secrets-store-csi-driver) | Customize secrets-store-csi-driver chart, see `secrets-store-csi-driver.tf` for supported values | `any` | `{}` | no | +| [thanos](#input\_thanos) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no | +| [thanos-memcached](#input\_thanos-memcached) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no | +| [thanos-storegateway](#input\_thanos-storegateway) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no | +| [thanos-tls-querier](#input\_thanos-tls-querier) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no | +| [tigera-operator](#input\_tigera-operator) | Customize tigera-operator chart, see `tigera-operator.tf` for supported values | `any` | `{}` | no | +| [traefik](#input\_traefik) | Customize traefik chart, see `traefik.tf` for supported values | `any` | `{}` | no | +| [victoria-metrics-k8s-stack](#input\_victoria-metrics-k8s-stack) | Customize Victoria Metrics chart, see `victoria-metrics-k8s-stack.tf` for supported values | `any` | `{}` | no | + +## Outputs + +No outputs. + diff --git a/modules/google/cert-manager.tf b/modules/google/cert-manager.tf new file mode 100644 index 000000000..97910cd36 --- /dev/null +++ b/modules/google/cert-manager.tf @@ -0,0 +1,282 @@ +locals { + cert-manager = merge( + local.helm_defaults, + { + name = local.helm_dependencies[index(local.helm_dependencies.*.name, "cert-manager")].name + chart = local.helm_dependencies[index(local.helm_dependencies.*.name, "cert-manager")].name + repository = local.helm_dependencies[index(local.helm_dependencies.*.name, "cert-manager")].repository + chart_version = local.helm_dependencies[index(local.helm_dependencies.*.name, "cert-manager")].version + namespace = "cert-manager" + service_account_name = "cert-manager" + project_id = "default-0" + create_iam_resources = true + enable_monitoring = false + enabled = false + iam_policy_override = null + default_network_policy = true + managed_zone = "default" + acme_email = "contact@acme.com" + acme_http01_enabled = true + acme_http01_ingress_class = "nginx" + acme_dns01_enabled = true + acme_dns01_provider = "clouddns" + acme_dns01_provider_clouddns = { + project_id = "default-0" + dns_zone_name = "default" + } + acme_dns01_provider_route53 = { + aws_region = "eu-west1" + } + allowed_cidrs = ["0.0.0.0/0"] + csi_driver = false + name_prefix = "${var.cluster-name}-cert-manager" + }, + var.cert-manager + ) + + + values_cert-manager = < Date: Wed, 21 Jun 2023 13:03:04 +0000 Subject: [PATCH 36/51] fix(charts): update helm release thanos to v12.8.1 (#2103) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 1f910208a..a30a0d80e 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -99,7 +99,7 @@ dependencies: version: 2.10.0 repository: https://bitnami-labs.github.io/sealed-secrets - name: thanos - version: 12.8.0 + version: 12.8.1 repository: https://charts.bitnami.com/bitnami - name: tigera-operator version: v3.26.1 From e3ddfe277121dbcc09af60255d4521ad24c1b5bc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 21 Jun 2023 17:02:44 +0000 Subject: [PATCH 37/51] fix(charts): update helm release thanos to v12.8.2 (#2105) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index a30a0d80e..02ed82d9f 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -99,7 +99,7 @@ dependencies: version: 2.10.0 repository: https://bitnami-labs.github.io/sealed-secrets - name: thanos - version: 12.8.1 + version: 12.8.2 repository: https://charts.bitnami.com/bitnami - name: tigera-operator version: v3.26.1 From 4ef7dfa59cf5e70f062d2a249a213d48664b6aa6 Mon Sep 17 00:00:00 2001 From: rayanebel Date: Thu, 22 Jun 2023 09:19:35 +0200 Subject: [PATCH 38/51] feat: add external-dns addons for google cloud (#2104) Signed-off-by: Rayane Bellazaar Co-authored-by: Rayane Bellazaar --- modules/google/README.md | 7 ++ modules/google/external-dns.tf | 211 +++++++++++++++++++++++++++++++++ 2 files changed, 218 insertions(+) create mode 100644 modules/google/external-dns.tf diff --git a/modules/google/README.md b/modules/google/README.md index 421f8698c..ffd98fc50 100644 --- a/modules/google/README.md +++ b/modules/google/README.md @@ -42,19 +42,26 @@ User guides, feature documentation and examples are available [here](https://git | Name | Source | Version | |------|--------|---------| | [cert\_manager\_workload\_identity](#module\_cert\_manager\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> v26.1.1 | +| [external\_dns\_workload\_identity](#module\_external\_dns\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> v26.1.1 | ## Resources | Name | Type | |------|------| | [google_dns_managed_zone_iam_member.cert_manager_cloud_dns_iam_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_managed_zone_iam_member) | resource | +| [google_dns_managed_zone_iam_member.external_dns_cloud_dns_iam_permissions](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_managed_zone_iam_member) | resource | | [helm_release.cert-manager](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [helm_release.external-dns](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [kubectl_manifest.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | | [kubernetes_namespace.cert-manager](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | +| [kubernetes_namespace.external-dns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_network_policy.cert-manager_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.cert-manager_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.cert-manager_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_network_policy.cert-manager_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | +| [kubernetes_network_policy.external-dns_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | +| [kubernetes_network_policy.external-dns_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | +| [kubernetes_network_policy.external-dns_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | | [kubernetes_priority_class.kubernetes_addons](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/priority_class) | resource | | [kubernetes_priority_class.kubernetes_addons_ds](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/priority_class) | resource | | [time_sleep.cert-manager_sleep](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | diff --git a/modules/google/external-dns.tf b/modules/google/external-dns.tf new file mode 100644 index 000000000..f3756acdb --- /dev/null +++ b/modules/google/external-dns.tf @@ -0,0 +1,211 @@ +locals { + + external-dns = { for k, v in var.external-dns : k => merge( + local.helm_defaults, + { + chart = local.helm_dependencies[index(local.helm_dependencies.*.name, "external-dns")].name + repository = local.helm_dependencies[index(local.helm_dependencies.*.name, "external-dns")].repository + chart_version = local.helm_dependencies[index(local.helm_dependencies.*.name, "external-dns")].version + project_id = "default-0" + name = k + namespace = k + service_account_name = "external-dns" + enable_monitoring = false + enabled = false + managed_zones = [] + create_iam_resources = true + iam_policy_override = null + default_network_policy = true + name_prefix = "${var.cluster-name}" + }, + v, + ) } + + values_external-dns = { for k, v in local.external-dns : k => merge( + { + values = <<-VALUES + provider: google + txtPrefix: "ext-dns-" + txtOwnerId: ${var.cluster-name} + logFormat: json + policy: sync + serviceAccount: + name: ${v.service_account_name} + annotations: + iam.gke.io/gcp-service-account: '${module.external_dns_workload_identity[k].gcp_service_account_email}' + serviceMonitor: + enabled: ${v.enable_monitoring} + priorityClassName: ${local.priority-class["create"] ? kubernetes_priority_class.kubernetes_addons[0].metadata[0].name : ""} + VALUES + }, + v, + ) if v.enabled } + + test = { for k, v in local.external-dns : k => merge( + { + values = <<-VALUES + provider: ${k} + txtPrefix: "ext-dns-" + VALUES + }, + {} + ) + } + + managed_zones_by_instance = flatten([ + for k, v in local.external-dns : [ + for idx, zone in lookup(v, "managed_zones", []) : { + zone_name = zone + instance = k + project_id = v.project_id + } + ] if v.enabled && v.create_iam_resources]) +} + +# This module will create a Google Service account and configure the right permissions +# to be allowed to use the workload identity on GKE. +module "external_dns_workload_identity" { + source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity" + version = "~> v26.1.1" + + for_each = { for k, v in local.external-dns : k => v if v.enabled && v.create_iam_resources } + + name = each.value.service_account_name + namespace = each.value.namespace + project_id = each.value.project_id + roles = ["roles/dns.reader"] + use_existing_k8s_sa = true + annotate_k8s_sa = false +} + +# This module will configure the required IAM permissions for external-dns service account +# to deal with Cloud DNS. The IAM permissions will be set at the resource level (DNS zone) and not at the project +# level. +resource "google_dns_managed_zone_iam_member" "external_dns_cloud_dns_iam_permissions" { + for_each = { for idx, item in local.managed_zones_by_instance : "${item.instance}-${item.zone_name}" => item } + project = each.value.project_id + managed_zone = each.value.zone_name + role = "roles/dns.admin" + member = "serviceAccount:${module.external_dns_workload_identity[each.value.instance].gcp_service_account_email}" +} + + +# This resource will create a dedicated namespace for each external-dns instance. +resource "kubernetes_namespace" "external-dns" { + for_each = { for k, v in local.external-dns : k => v if v.enabled } + + metadata { + labels = { + name = each.value.namespace + } + + name = each.value.namespace + } +} + +# This resource will create a helm release for each external-dns instance. +resource "helm_release" "external-dns" { + for_each = { for k, v in local.external-dns : k => v if v.enabled } + repository = each.value.repository + name = each.value.name + chart = each.value.chart + version = each.value.chart_version + timeout = each.value.timeout + force_update = each.value.force_update + recreate_pods = each.value.recreate_pods + wait = each.value.wait + atomic = each.value.atomic + cleanup_on_fail = each.value.cleanup_on_fail + dependency_update = each.value.dependency_update + disable_crd_hooks = each.value.disable_crd_hooks + disable_webhooks = each.value.disable_webhooks + render_subchart_notes = each.value.render_subchart_notes + replace = each.value.replace + reset_values = each.value.reset_values + reuse_values = each.value.reuse_values + skip_crds = each.value.skip_crds + verify = each.value.verify + values = [ + local.values_external-dns[each.key].values, + each.value.extra_values + ] + namespace = kubernetes_namespace.external-dns[each.key].metadata.0.name +} + +# This resource will create for each external-dns instance a network policy to deny all ingress traffic +# by default in the namespace. +resource "kubernetes_network_policy" "external-dns_default_deny" { + for_each = { for k, v in local.external-dns : k => v if v.enabled && v.default_network_policy } + + metadata { + name = "${kubernetes_namespace.external-dns[each.key].metadata.0.name}-default-deny" + namespace = kubernetes_namespace.external-dns[each.key].metadata.0.name + } + + spec { + pod_selector { + } + policy_types = ["Ingress"] + } +} + +# This resource will create for each external-dns instance a network policy to allow the +# workloads to communicate each other inside the external-dns namespace. +resource "kubernetes_network_policy" "external-dns_allow_namespace" { + for_each = { for k, v in local.external-dns : k => v if v.enabled && v.default_network_policy } + + metadata { + name = "${kubernetes_namespace.external-dns[each.key].metadata.0.name}-allow-namespace" + namespace = kubernetes_namespace.external-dns[each.key].metadata.0.name + } + + spec { + pod_selector { + } + + ingress { + from { + namespace_selector { + match_labels = { + name = kubernetes_namespace.external-dns[each.key].metadata.0.name + } + } + } + } + + policy_types = ["Ingress"] + } +} + +# This resource will create for each external-dns instance a network policy to allow the +# monitoring agent to collect metrics. +resource "kubernetes_network_policy" "external-dns_allow_monitoring" { + for_each = { for k, v in local.external-dns : k => v if v.enabled && v.default_network_policy } + + metadata { + name = "${kubernetes_namespace.external-dns[each.key].metadata.0.name}-allow-monitoring" + namespace = kubernetes_namespace.external-dns[each.key].metadata.0.name + } + + spec { + pod_selector { + } + + ingress { + ports { + port = "http" + protocol = "TCP" + } + + from { + namespace_selector { + match_labels = { + "${local.labels_prefix}/component" = "monitoring" + } + } + } + } + + policy_types = ["Ingress"] + } +} From 04780b35b79b935d261698ca22f2e2112c8965b8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 22 Jun 2023 07:22:26 +0000 Subject: [PATCH 39/51] fix(charts): update helm release promtail to v6.11.5 (#2106) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 02ed82d9f..56aba5044 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -75,7 +75,7 @@ dependencies: version: 5.8.2 repository: https://grafana.github.io/helm-charts - name: promtail - version: 6.11.3 + version: 6.11.5 repository: https://grafana.github.io/helm-charts - name: metrics-server version: 3.10.0 From 489793b73a2a655db5e85e341ba100eba6767067 Mon Sep 17 00:00:00 2001 From: rayanebel Date: Thu, 22 Jun 2023 09:51:06 +0200 Subject: [PATCH 40/51] fix: remove unused test code (#2107) Signed-off-by: Rayane Bellazaar Co-authored-by: Rayane Bellazaar --- modules/google/external-dns.tf | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/modules/google/external-dns.tf b/modules/google/external-dns.tf index f3756acdb..8d18ca6dc 100644 --- a/modules/google/external-dns.tf +++ b/modules/google/external-dns.tf @@ -41,17 +41,6 @@ locals { v, ) if v.enabled } - test = { for k, v in local.external-dns : k => merge( - { - values = <<-VALUES - provider: ${k} - txtPrefix: "ext-dns-" - VALUES - }, - {} - ) - } - managed_zones_by_instance = flatten([ for k, v in local.external-dns : [ for idx, zone in lookup(v, "managed_zones", []) : { From 0b13dc1486621c49afa78bba2f3b6c7df436ae26 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 22 Jun 2023 15:03:35 +0000 Subject: [PATCH 41/51] fix(charts): update helm release thanos to v12.8.3 (#2108) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 56aba5044..d6ba53dcb 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -99,7 +99,7 @@ dependencies: version: 2.10.0 repository: https://bitnami-labs.github.io/sealed-secrets - name: thanos - version: 12.8.2 + version: 12.8.3 repository: https://charts.bitnami.com/bitnami - name: tigera-operator version: v3.26.1 From a1b1ecff4daf592b684f980af05587eddb6be566 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 22 Jun 2023 22:41:59 +0000 Subject: [PATCH 42/51] feat(charts): update helm release keda to v2.11.0 (#2110) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index d6ba53dcb..971f1d1e1 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -51,7 +51,7 @@ dependencies: version: v0.28.0 repository: oci://public.ecr.aws/karpenter - name: keda - version: 2.10.2 + version: 2.11.0 repository: https://kedacore.github.io/charts - name: kong version: 2.23.0 From 759f409d27c89a3b17de563c9f6fcac0ec3f64b8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 22 Jun 2023 22:44:50 +0000 Subject: [PATCH 43/51] fix(charts): update karpenter docker tag to v0.28.1 (#2109) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 971f1d1e1..d8463795f 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -48,7 +48,7 @@ dependencies: version: 1.7.2 repository: https://charts.helm.sh/stable - name: karpenter - version: v0.28.0 + version: v0.28.1 repository: oci://public.ecr.aws/karpenter - name: keda version: 2.11.0 From c9500d3f50495e2c095a43003751a068d70ef608 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 23 Jun 2023 04:22:19 +0000 Subject: [PATCH 44/51] fix(charts): update helm release aws-load-balancer-controller to v1.5.4 (#2111) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index d8463795f..44c761b15 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -18,7 +18,7 @@ dependencies: version: 0.1.26 repository: https://aws.github.io/eks-charts - name: aws-load-balancer-controller - version: 1.5.3 + version: 1.5.4 repository: https://aws.github.io/eks-charts - name: aws-node-termination-handler version: 0.21.0 From b8f7ff7f1c7c201b287cd6e7b004a2760e95380c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 23 Jun 2023 04:24:59 +0000 Subject: [PATCH 45/51] fix(charts): update helm release linkerd-control-plane to v1.12.5 (#2112) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 44c761b15..f66a9de93 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -63,7 +63,7 @@ dependencies: version: 30.8.3 repository: https://helm.linkerd.io/stable - name: linkerd-control-plane - version: 1.12.4 + version: 1.12.5 repository: https://helm.linkerd.io/stable - name: linkerd-crds version: 1.6.1 From 492b4911843c95c5b13b99097390cd16dcb93468 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 23 Jun 2023 04:27:29 +0000 Subject: [PATCH 46/51] fix(charts): update helm release linkerd-viz to v30.8.5 (#2113) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index f66a9de93..06e2cecbb 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -69,7 +69,7 @@ dependencies: version: 1.6.1 repository: https://helm.linkerd.io/stable - name: linkerd-viz - version: 30.8.4 + version: 30.8.5 repository: https://helm.linkerd.io/stable - name: loki version: 5.8.2 From 37c72fbf92aaba317da82147100fa4efecc04702 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 23 Jun 2023 09:41:06 +0000 Subject: [PATCH 47/51] fix(charts): update helm release loki to v5.8.4 (#2115) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index 06e2cecbb..ea852d45b 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -72,7 +72,7 @@ dependencies: version: 30.8.5 repository: https://helm.linkerd.io/stable - name: loki - version: 5.8.2 + version: 5.8.4 repository: https://grafana.github.io/helm-charts - name: promtail version: 6.11.5 From 97a00b17f8cb4868e32a6a27f20e4f7a9d2498b7 Mon Sep 17 00:00:00 2001 From: rayanebel Date: Fri, 23 Jun 2023 12:29:24 +0200 Subject: [PATCH 48/51] fix: missing condition in cert-manager addons for google (#2116) Signed-off-by: Rayane Bellazaar Co-authored-by: Rayane Bellazaar --- modules/google/cert-manager.tf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/google/cert-manager.tf b/modules/google/cert-manager.tf index 97910cd36..d77bba31c 100644 --- a/modules/google/cert-manager.tf +++ b/modules/google/cert-manager.tf @@ -41,7 +41,7 @@ global: serviceAccount: name: ${local.cert-manager.service_account_name} annotations: - iam.gke.io/gcp-service-account: "${module.cert_manager_workload_identity.0.gcp_service_account_email}" + iam.gke.io/gcp-service-account: "${local.cert-manager.create_iam_resources && local.cert-manager.enabled ? module.cert_manager_workload_identity[0].gcp_service_account_email : ""}" prometheus: servicemonitor: enabled: ${local.cert-manager.enable_monitoring} @@ -55,7 +55,7 @@ VALUES # This module will create a Google Service account and configure the right permissions # to be allowed to use the workload identity on GKE. module "cert_manager_workload_identity" { - count = local.cert-manager.create_iam_resources ? 1 : 0 + count = local.cert-manager.create_iam_resources && local.cert-manager.enabled ? 1 : 0 source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity" version = "~> v26.1.1" name = local.cert-manager.service_account_name @@ -70,6 +70,7 @@ module "cert_manager_workload_identity" { # to deal with Cloud DNS. The IAM permissions will be set at the resource level (DNS zone) and not at the project # level. resource "google_dns_managed_zone_iam_member" "cert_manager_cloud_dns_iam_permissions" { + count = local.cert-manager.create_iam_resources && local.cert-manager.enabled ? 1 : 0 project = local.cert-manager.project_id managed_zone = local.cert-manager.managed_zone role = "roles/dns.admin" From 868a9817ad36d2afc7cb27ee1ff420cea9e1c522 Mon Sep 17 00:00:00 2001 From: rayanebel Date: Fri, 23 Jun 2023 12:39:35 +0200 Subject: [PATCH 49/51] feat: add IP masq agent addons for google (#2114) * feat: add IP masq agent addons for google Signed-off-by: Rayane Bellazaar * feat: add IP mask agent addons for google Signed-off-by: Rayane Bellazaar * docs: update README Signed-off-by: Rayane Bellazaar --------- Signed-off-by: Rayane Bellazaar Co-authored-by: Rayane Bellazaar --- README.md | 1 + modules/aws/README.md | 1 + modules/azure/README.md | 1 + modules/google/README.md | 3 ++ modules/google/ip-masq-agent.tf | 17 +++++++ .../gke-ip-masq/ip-masq-agent-configmap.yaml | 14 ++++++ .../gke-ip-masq/ip-masq-agent-daemonset.yaml | 45 +++++++++++++++++++ modules/scaleway/README.md | 1 + variables.tf | 6 +++ 9 files changed, 89 insertions(+) create mode 100644 modules/google/ip-masq-agent.tf create mode 100644 modules/google/manifests/gke-ip-masq/ip-masq-agent-configmap.yaml create mode 100644 modules/google/manifests/gke-ip-masq/ip-masq-agent-daemonset.yaml diff --git a/README.md b/README.md index 72f9dbea1..8cf711e0d 100644 --- a/README.md +++ b/README.md @@ -281,6 +281,7 @@ No modules. | [flux2](#input\_flux2) | Customize Flux chart, see `flux2.tf` for supported values | `any` | `{}` | no | | [helm\_defaults](#input\_helm\_defaults) | Customize default Helm behavior | `any` | `{}` | no | | [ingress-nginx](#input\_ingress-nginx) | Customize ingress-nginx chart, see `nginx-ingress.tf` for supported values | `any` | `{}` | no | +| [ip-masq-agent](#input\_ip-masq-agent) | Configure ip masq agent chart, see `ip-masq-agent.tf` for supported values. This addon works only on GCP. | `any` | `{}` | no | | [k8gb](#input\_k8gb) | Customize k8gb chart, see `k8gb.tf` for supported values | `any` | `{}` | no | | [karma](#input\_karma) | Customize karma chart, see `karma.tf` for supported values | `any` | `{}` | no | | [keda](#input\_keda) | Customize keda chart, see `keda.tf` for supported values | `any` | `{}` | no | diff --git a/modules/aws/README.md b/modules/aws/README.md index 614fa57cf..cd391e654 100644 --- a/modules/aws/README.md +++ b/modules/aws/README.md @@ -373,6 +373,7 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing- | [flux2](#input\_flux2) | Customize Flux chart, see `flux2.tf` for supported values | `any` | `{}` | no | | [helm\_defaults](#input\_helm\_defaults) | Customize default Helm behavior | `any` | `{}` | no | | [ingress-nginx](#input\_ingress-nginx) | Customize ingress-nginx chart, see `nginx-ingress.tf` for supported values | `any` | `{}` | no | +| [ip-masq-agent](#input\_ip-masq-agent) | Configure ip masq agent chart, see `ip-masq-agent.tf` for supported values. This addon works only on GCP. | `any` | `{}` | no | | [k8gb](#input\_k8gb) | Customize k8gb chart, see `k8gb.tf` for supported values | `any` | `{}` | no | | [karma](#input\_karma) | Customize karma chart, see `karma.tf` for supported values | `any` | `{}` | no | | [karpenter](#input\_karpenter) | Customize karpenter chart, see `karpenter.tf` for supported values | `any` | `{}` | no | diff --git a/modules/azure/README.md b/modules/azure/README.md index a38fb442f..48685c803 100644 --- a/modules/azure/README.md +++ b/modules/azure/README.md @@ -191,6 +191,7 @@ No modules. | [flux2](#input\_flux2) | Customize Flux chart, see `flux2.tf` for supported values | `any` | `{}` | no | | [helm\_defaults](#input\_helm\_defaults) | Customize default Helm behavior | `any` | `{}` | no | | [ingress-nginx](#input\_ingress-nginx) | Customize ingress-nginx chart, see `nginx-ingress.tf` for supported values | `any` | `{}` | no | +| [ip-masq-agent](#input\_ip-masq-agent) | Configure ip masq agent chart, see `ip-masq-agent.tf` for supported values. This addon works only on GCP. | `any` | `{}` | no | | [k8gb](#input\_k8gb) | Customize k8gb chart, see `k8gb.tf` for supported values | `any` | `{}` | no | | [karma](#input\_karma) | Customize karma chart, see `karma.tf` for supported values | `any` | `{}` | no | | [keda](#input\_keda) | Customize keda chart, see `keda.tf` for supported values | `any` | `{}` | no | diff --git a/modules/google/README.md b/modules/google/README.md index ffd98fc50..24f6e674d 100644 --- a/modules/google/README.md +++ b/modules/google/README.md @@ -53,6 +53,7 @@ User guides, feature documentation and examples are available [here](https://git | [helm_release.cert-manager](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.external-dns](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [kubectl_manifest.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | +| [kubectl_manifest.ip_masq_agent](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource | | [kubernetes_namespace.cert-manager](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_namespace.external-dns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource | | [kubernetes_network_policy.cert-manager_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource | @@ -67,6 +68,7 @@ User guides, feature documentation and examples are available [here](https://git | [time_sleep.cert-manager_sleep](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | | [jinja_template.cert-manager_cluster_issuers](https://registry.terraform.io/providers/NikolaLohinski/jinja/latest/docs/data-sources/template) | data source | | [kubectl_file_documents.cert-manager_cluster_issuers](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/file_documents) | data source | +| [kubectl_filename_list.ip_masq_agent_manifests](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/data-sources/filename_list) | data source | ## Inputs @@ -82,6 +84,7 @@ User guides, feature documentation and examples are available [here](https://git | [flux2](#input\_flux2) | Customize Flux chart, see `flux2.tf` for supported values | `any` | `{}` | no | | [helm\_defaults](#input\_helm\_defaults) | Customize default Helm behavior | `any` | `{}` | no | | [ingress-nginx](#input\_ingress-nginx) | Customize ingress-nginx chart, see `nginx-ingress.tf` for supported values | `any` | `{}` | no | +| [ip-masq-agent](#input\_ip-masq-agent) | Configure ip masq agent chart, see `ip-masq-agent.tf` for supported values. This addon works only on GCP. | `any` | `{}` | no | | [k8gb](#input\_k8gb) | Customize k8gb chart, see `k8gb.tf` for supported values | `any` | `{}` | no | | [karma](#input\_karma) | Customize karma chart, see `karma.tf` for supported values | `any` | `{}` | no | | [keda](#input\_keda) | Customize keda chart, see `keda.tf` for supported values | `any` | `{}` | no | diff --git a/modules/google/ip-masq-agent.tf b/modules/google/ip-masq-agent.tf new file mode 100644 index 000000000..7593a3f0f --- /dev/null +++ b/modules/google/ip-masq-agent.tf @@ -0,0 +1,17 @@ +locals { + ip-masq-agent = merge( + { + enabled = false + }, + var.ip-masq-agent + ) +} + +data "kubectl_filename_list" "ip_masq_agent_manifests" { + pattern = "./manifests/gke-ip-masq/*.yaml" +} + +resource "kubectl_manifest" "ip_masq_agent" { + count = local.ip-masq-agent.enabled ? length(data.kubectl_filename_list.ip_masq_agent_manifests.matches) : 0 + yaml_body = file(element(data.kubectl_filename_list.ip_masq_agent_manifests.matches, count.index)) +} diff --git a/modules/google/manifests/gke-ip-masq/ip-masq-agent-configmap.yaml b/modules/google/manifests/gke-ip-masq/ip-masq-agent-configmap.yaml new file mode 100644 index 000000000..faf39e636 --- /dev/null +++ b/modules/google/manifests/gke-ip-masq/ip-masq-agent-configmap.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: ip-masq-agent + namespace: kube-system +data: + config: | + nonMasqueradeCIDRs: + - 10.0.0.0/8 + - 172.16.0.0/12 + - 192.168.0.0/16 + resyncInterval: 60s + masqLinkLocal: false diff --git a/modules/google/manifests/gke-ip-masq/ip-masq-agent-daemonset.yaml b/modules/google/manifests/gke-ip-masq/ip-masq-agent-daemonset.yaml new file mode 100644 index 000000000..519e28487 --- /dev/null +++ b/modules/google/manifests/gke-ip-masq/ip-masq-agent-daemonset.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: ip-masq-agent + namespace: kube-system +spec: + selector: + matchLabels: + k8s-app: ip-masq-agent + template: + metadata: + labels: + k8s-app: ip-masq-agent + spec: + hostNetwork: true + containers: + - name: ip-masq-agent + image: gke.gcr.io/ip-masq-agent:v2.9.3-v0.2.4-gke.5 + args: + # The masq-chain must be IP-MASQ + - --masq-chain=IP-MASQ + # To non-masquerade reserved IP ranges by default, + # uncomment the following line. + # - --nomasq-all-reserved-ranges + securityContext: + privileged: true + volumeMounts: + - name: config-volume + mountPath: /etc/config + volumes: + - name: config-volume + configMap: + name: ip-masq-agent + optional: true + items: + - key: config + path: ip-masq-agent + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + - key: "CriticalAddonsOnly" + operator: "Exists" diff --git a/modules/scaleway/README.md b/modules/scaleway/README.md index e93d06c8b..cb8097d30 100644 --- a/modules/scaleway/README.md +++ b/modules/scaleway/README.md @@ -222,6 +222,7 @@ No modules. | [flux2](#input\_flux2) | Customize Flux chart, see `flux2.tf` for supported values | `any` | `{}` | no | | [helm\_defaults](#input\_helm\_defaults) | Customize default Helm behavior | `any` | `{}` | no | | [ingress-nginx](#input\_ingress-nginx) | Customize ingress-nginx chart, see `nginx-ingress.tf` for supported values | `any` | `{}` | no | +| [ip-masq-agent](#input\_ip-masq-agent) | Configure ip masq agent chart, see `ip-masq-agent.tf` for supported values. This addon works only on GCP. | `any` | `{}` | no | | [k8gb](#input\_k8gb) | Customize k8gb chart, see `k8gb.tf` for supported values | `any` | `{}` | no | | [kapsule](#input\_kapsule) | Kapsule cluster inputs | `any` | `{}` | no | | [karma](#input\_karma) | Customize karma chart, see `karma.tf` for supported values | `any` | `{}` | no | diff --git a/variables.tf b/variables.tf index d19cdee61..780d64c81 100644 --- a/variables.tf +++ b/variables.tf @@ -219,3 +219,9 @@ variable "victoria-metrics-k8s-stack" { type = any default = {} } + +variable "ip-masq-agent" { + description = "Configure ip masq agent chart, see `ip-masq-agent.tf` for supported values. This addon works only on GCP." + type = any + default = {} +} From fe3d56f21328e13908bfb60053c1a04f33f4350e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 23 Jun 2023 20:08:50 +0000 Subject: [PATCH 50/51] fix(charts): update helm release aws-for-fluent-bit to v0.1.27 (#2117) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm-dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml index ea852d45b..7673c7792 100644 --- a/helm-dependencies.yaml +++ b/helm-dependencies.yaml @@ -15,7 +15,7 @@ dependencies: version: 2.4.6 repository: https://kubernetes-sigs.github.io/aws-efs-csi-driver - name: aws-for-fluent-bit - version: 0.1.26 + version: 0.1.27 repository: https://aws.github.io/eks-charts - name: aws-load-balancer-controller version: 1.5.4 From 625c957dfbad711fdbb9ad0ae4a15c822f497314 Mon Sep 17 00:00:00 2001 From: Oleksii Morozenko Date: Sun, 25 Jun 2023 20:07:41 -0400 Subject: [PATCH 51/51] fix: move karpenter ECR auth token and provider out of the module (#2067) * fix(tigera-operator): do not manage CRDs by default It should not be needed anymore and can lead to issues. It was fixed in https://github.com/projectcalico/calico/pull/7216 Signed-off-by: Kevin Lefevre Signed-off-by: Oleksii Morozenko * fix(aws/tigera-operator): do not manage CRDs by default It should not be needed anymore and can lead to issues. It was fixed in projectcalico/calico#7216 Signed-off-by: Kevin Lefevre Signed-off-by: Oleksii Morozenko * fix: move karpenter ECR auth token and provider out of the module Signed-off-by: Oleksii Morozenko * fix: move karpenter ECR auth token and provider out of the module Signed-off-by: Oleksii Morozenko * Fix pre-commit docs hook Signed-off-by: Oleksii Morozenko * feat(charts): update helm release kong to v2.23.0 (#2068) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Oleksii Morozenko * feat(charts): update helm release traefik to v23.1.0 (#2069) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Oleksii Morozenko * fix(charts): update helm release loki to v5.6.2 (#2070) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Oleksii Morozenko * fix(charts): update helm release loki to v5.6.3 (#2071) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Oleksii Morozenko * feat(charts): update helm release kube-prometheus-stack to v46.7.0 (#2073) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Oleksii Morozenko * feat(charts): update helm release external-dns to v1.13.0 (#2072) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Oleksii Morozenko * fix(charts): update helm release promtail to v6.11.3 (#2074) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Oleksii Morozenko * fix(charts): update helm release velero to v4.0.3 (#2075) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Oleksii Morozenko * fix(charts): update helm release loki to v5.6.4 (#2076) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Oleksii Morozenko * feat(charts): update helm release prometheus-blackbox-exporter to v7.10.0 (#2078) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Oleksii Morozenko * feat(charts): update helm release kube-prometheus-stack to v46.8.0 (#2077) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Oleksii Morozenko * fix(charts): update helm release aws-efs-csi-driver to v2.4.5 (#2079) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Oleksii Morozenko * fix(charts): update helm release cluster-autoscaler to v9.29.1 (#2080) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Oleksii Morozenko * feat(charts): update helm release loki to v5.8.0 (#2084) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Oleksii Morozenko * fix(charts): update helm release thanos to v12.6.3 (#2082) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Oleksii Morozenko * fix(charts): update helm release secrets-store-csi-driver to v1.3.4 (#2081) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Oleksii Morozenko * fix(charts): update karpenter docker tag to v0.27.6 (#2083) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Oleksii Morozenko * feat(charts): update karpenter docker tag to v0.28.0 (#2085) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Oleksii Morozenko * Update terrafodm docs Signed-off-by: Oleksii Morozenko * feat(charts): update helm release sealed-secrets to v2.10.0 (#2086) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Oleksii Morozenko * Restore modules/aws/.terraform-docs.yml Signed-off-by: Oleksii Morozenko --------- Signed-off-by: Kevin Lefevre Signed-off-by: Oleksii Morozenko Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Kevin Lefevre Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- modules/aws/README.md | 2 -- modules/aws/karpenter.tf | 17 +++++------------ 2 files changed, 5 insertions(+), 14 deletions(-) diff --git a/modules/aws/README.md b/modules/aws/README.md index cd391e654..6acf6ae73 100644 --- a/modules/aws/README.md +++ b/modules/aws/README.md @@ -35,7 +35,6 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing- | Name | Version | |------|---------| | [aws](#provider\_aws) | >= 4.42 | -| [aws.ecr\_public](#provider\_aws.ecr\_public) | >= 4.42 | | [flux](#provider\_flux) | 1.0.0-rc.5 | | [github](#provider\_github) | ~> 5.0 | | [helm](#provider\_helm) | ~> 2.0 | @@ -310,7 +309,6 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing- | [tls_self_signed_cert.thanos-tls-querier-ca-cert](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource | | [tls_self_signed_cert.webhook_issuer_tls](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/self_signed_cert) | resource | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_ecrpublic_authorization_token.token](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ecrpublic_authorization_token) | data source | | [aws_iam_policy_document.aws-ebs-csi-driver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.aws-ebs-csi-driver_default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.aws-ebs-csi-driver_kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | diff --git a/modules/aws/karpenter.tf b/modules/aws/karpenter.tf index 49f459e4a..db5a4716d 100644 --- a/modules/aws/karpenter.tf +++ b/modules/aws/karpenter.tf @@ -15,6 +15,9 @@ locals { irsa_namespace_service_accounts = ["karpenter:karpenter"] allowed_cidrs = ["0.0.0.0/0"] iam_role_arn = "" + repository_username = "" + repository_password = "" + }, var.karpenter ) @@ -34,16 +37,6 @@ locals { } -data "aws_ecrpublic_authorization_token" "token" { - provider = aws.ecr_public -} - -provider "aws" { - region = "us-east-1" - alias = "ecr_public" -} - - data "aws_iam_policy_document" "karpenter_additional" { count = local.karpenter["enabled"] ? 1 : 0 @@ -111,8 +104,8 @@ resource "kubernetes_namespace" "karpenter" { resource "helm_release" "karpenter" { count = local.karpenter["enabled"] ? 1 : 0 repository = local.karpenter["repository"] - repository_username = data.aws_ecrpublic_authorization_token.token.user_name - repository_password = data.aws_ecrpublic_authorization_token.token.password + repository_username = local.karpenter["repository_username"] + repository_password = local.karpenter["repository_password"] name = local.karpenter["name"] chart = local.karpenter["chart"] version = local.karpenter["chart_version"]