Merge branch 'main' into release

particuleio · May 11, 2024 · 2568e84 · 2568e84
2 parents 019dafa + b80f278
commit 2568e84
Show file tree

Hide file tree

Showing 22 changed files with 53 additions and 86 deletions.
diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml
@@ -14,7 +14,7 @@ jobs:
     steps:
       # Please look up the latest version from
       # https://github.com/amannn/action-semantic-pull-request/releases
-      - uses: amannn/action-semantic-pull-request@v5.4.0
+      - uses: amannn/action-semantic-pull-request@v5.5.2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
@@ -22,7 +22,7 @@ jobs:
 
       - name: Get root directories
         id: dirs
-        uses: clowdhaus/terraform-composite-actions/directories@v1.8.3
+        uses: clowdhaus/terraform-composite-actions/directories@v1.9.0
 
   preCommitMinVersions:
     name: Min TF pre-commit
@@ -37,22 +37,22 @@ jobs:
 
       - name: Terraform min/max versions
         id: minMax
-        uses: clowdhaus/terraform-min-max@v1.2.7
+        uses: clowdhaus/terraform-min-max@v1.3.1
         with:
           directory: ${{ matrix.directory }}
 
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
         # Run only validate pre-commit check on min version supported
         if: ${{ matrix.directory !=  '.' }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
         with:
           terraform-version: ${{ steps.minMax.outputs.minVersion }}
           args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
 
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
         # Run only validate pre-commit check on min version supported
         if: ${{ matrix.directory ==  '.' }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
         with:
           terraform-version: ${{ steps.minMax.outputs.minVersion }}
           args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)'
@@ -70,10 +70,10 @@ jobs:
 
       - name: Terraform min/max versions
         id: minMax
-        uses: clowdhaus/terraform-min-max@v1.2.7
+        uses: clowdhaus/terraform-min-max@v1.3.1
 
       - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
-        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3
+        uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
         with:
           terraform-version: ${{ steps.minMax.outputs.maxVersion }}
           terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
diff --git a/README.md b/README.md
@@ -81,7 +81,7 @@ here](https://github.com/particuleio/terraform-kubernetes-addons/blob/master/.gi
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.2 |
 | <a name="requirement_flux"></a> [flux](#requirement\_flux) | ~> 1.0 |
 | <a name="requirement_github"></a> [github](#requirement\_github) | ~> 6.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.0 |

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
@@ -6,40 +6,40 @@ dependencies:
     version: 0.13.2
     repository: https://charts.admiralty.io
   - name: secrets-store-csi-driver
-    version: 1.4.1
+    version: 1.4.3
     repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
   - name: aws-ebs-csi-driver
-    version: 2.28.1
+    version: 2.30.0
     repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
   - name: aws-efs-csi-driver
-    version: 2.5.6
+    version: 3.0.3
     repository: https://kubernetes-sigs.github.io/aws-efs-csi-driver
   - name: aws-for-fluent-bit
     version: 0.1.32
     repository: https://aws.github.io/eks-charts
   - name: aws-load-balancer-controller
-    version: 1.7.1
+    version: 1.7.2
     repository: https://aws.github.io/eks-charts
   - name: aws-node-termination-handler
     version: 0.21.0
     repository: https://aws.github.io/eks-charts
   - name: cert-manager
-    version: v1.14.3
+    version: v1.14.5
     repository: https://charts.jetstack.io
   - name: cert-manager-csi-driver
-    version: v0.7.1
+    version: v0.8.0
     repository: https://charts.jetstack.io
   - name: cluster-autoscaler
-    version: 9.35.0
+    version: 9.37.0
     repository: https://kubernetes.github.io/autoscaler
   - name: external-dns
-    version: 1.14.3
+    version: 1.14.4
     repository: https://kubernetes-sigs.github.io/external-dns/
   - name: flux
     version: 1.13.3
     repository: https://charts.fluxcd.io
   - name: ingress-nginx
-    version: 4.10.0
+    version: 4.10.1
     repository: https://kubernetes.github.io/ingress-nginx
   - name: k8gb
     version: v0.12.2
@@ -48,16 +48,16 @@ dependencies:
     version: 1.7.2
     repository: https://charts.helm.sh/stable
   - name: karpenter
-    version: 0.35.0
+    version: 0.36.1
     repository: oci://public.ecr.aws/karpenter
   - name: keda
-    version: 2.13.2
+    version: 2.14.2
     repository: https://kedacore.github.io/charts
   - name: kong
     version: 2.38.0
     repository: https://charts.konghq.com
   - name: kube-prometheus-stack
-    version: 56.21.2
+    version: 58.5.0
     repository: https://prometheus-community.github.io/helm-charts
   - name: linkerd2-cni
     version: 30.12.2
@@ -72,49 +72,49 @@ dependencies:
     version: 30.12.11
     repository: https://helm.linkerd.io/stable
   - name: loki
-    version: 5.43.5
+    version: 6.5.2
     repository: https://grafana.github.io/helm-charts
   - name: promtail
     version: 6.15.5
     repository: https://grafana.github.io/helm-charts
   - name: metrics-server
-    version: 3.12.0
+    version: 3.12.1
     repository: https://kubernetes-sigs.github.io/metrics-server/
   - name: node-problem-detector
-    version: 2.3.12
+    version: 2.3.13
     repository: https://charts.deliveryhero.io/
   - name: prometheus-adapter
-    version: 4.9.0
+    version: 4.10.0
     repository: https://prometheus-community.github.io/helm-charts
   - name: prometheus-cloudwatch-exporter
     version: 0.25.3
     repository: https://prometheus-community.github.io/helm-charts
   - name: prometheus-blackbox-exporter
-    version: 8.12.0
+    version: 8.16.0
     repository: https://prometheus-community.github.io/helm-charts
   - name: scaleway-webhook
     version: v0.0.1
     repository: https://particuleio.github.io/charts
   - name: sealed-secrets
-    version: 2.15.0
+    version: 2.15.3
     repository: https://bitnami-labs.github.io/sealed-secrets
   - name: thanos
-    version: 12.23.2
+    version: 15.4.4
     repository: https://charts.bitnami.com/bitnami
   - name: tigera-operator
-    version: v3.27.2
+    version: v3.28.0
     repository: https://docs.projectcalico.org/charts
   - name: traefik
-    version: 26.1.0
+    version: 28.0.0
     repository: https://helm.traefik.io/traefik
   - name: memcached
-    version: 6.14.0
+    version: 7.0.5
     repository: https://charts.bitnami.com/bitnami
   - name: velero
-    version: 4.4.1
+    version: 6.0.0
     repository: https://vmware-tanzu.github.io/helm-charts
   - name: victoria-metrics-k8s-stack
-    version: 0.19.4
+    version: 0.22.0
     repository: https://victoriametrics.github.io/helm-charts/
   - name: yet-another-cloudwatch-exporter
     version: 0.14.0

diff --git a/modules/aws/README.md b/modules/aws/README.md
@@ -20,7 +20,7 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.2 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.27 |
 | <a name="requirement_flux"></a> [flux](#requirement\_flux) | ~> 1.0 |
 | <a name="requirement_github"></a> [github](#requirement\_github) | ~> 6.0 |

diff --git a/modules/aws/ingress-nginx.tf b/modules/aws/ingress-nginx.tf
@@ -60,8 +60,8 @@ controller:
   kind: "DaemonSet"
   service:
     annotations:
+      service.beta.kubernetes.io/aws-load-balancer-attributes: load_balancing.cross_zone.enabled=true
       service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
-      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
       service.beta.kubernetes.io/aws-load-balancer-type: nlb
     externalTrafficPolicy: "Local"
   publishService:
@@ -85,8 +85,8 @@ controller:
   kind: "DaemonSet"
   service:
     annotations:
+      service.beta.kubernetes.io/aws-load-balancer-attributes: load_balancing.cross_zone.enabled=true
       service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
-      service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
       service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
       service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
   publishService:

diff --git a/modules/aws/kube-prometheus.tf b/modules/aws/kube-prometheus.tf
@@ -363,18 +363,6 @@ data "aws_iam_policy_document" "kube-prometheus-stack_grafana" {
 
     resources = ["*"]
   }
-  statement {
-    effect = "Allow"
-
-    actions = [
-      "ec2:DescribeTags",
-      "ec2:DescribeInstances",
-      "ec2:DescribeRegions"
-    ]
-
-    resources = ["*"]
-
-  }
 }
 
 data "aws_iam_policy_document" "kube-prometheus-stack_thanos" {

diff --git a/modules/aws/loki-stack.tf b/modules/aws/loki-stack.tf
@@ -28,13 +28,6 @@ locals {
   values_loki-stack = <<-VALUES
     test:
       enabled: false
-    monitoring:
-      lokiCanary:
-        enabled: false
-      selfMonitoring:
-        enabled: false
-        grafanaAgent:
-          installOperator: false
     serviceMonitor:
       enabled: ${local.kube-prometheus-stack["enabled"] || local.victoria-metrics-k8s-stack["enabled"]}
     priorityClassName: ${local.priority-class["create"] ? kubernetes_priority_class.kubernetes_addons[0].metadata[0].name : ""}

diff --git a/modules/aws/velero.tf b/modules/aws/velero.tf
@@ -51,13 +51,13 @@ credentials:
   useSecret: false
 initContainers:
    - name: velero-plugin-for-aws
-     image: velero/velero-plugin-for-aws:v1.7.1
+     image: velero/velero-plugin-for-aws:v1.9.2
      imagePullPolicy: IfNotPresent
      volumeMounts:
        - mountPath: /target
          name: plugins
    - name: velero-plugin-for-csi
-     image: velero/velero-plugin-for-csi:v0.5.1
+     image: velero/velero-plugin-for-csi:v0.7.1
      imagePullPolicy: IfNotPresent
      volumeMounts:
        - mountPath: /target

diff --git a/modules/aws/versions.tf b/modules/aws/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3"
+  required_version = ">= 1.3.2"
   required_providers {
     aws        = ">= 5.27"
     helm       = "~> 2.0"

diff --git a/modules/azure/README.md b/modules/azure/README.md
@@ -7,7 +7,7 @@ Provides various Kubernetes addons that are often used on Kubernetes with Azure
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.2 |
 | <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 3.0 |
 | <a name="requirement_flux"></a> [flux](#requirement\_flux) | ~> 1.0 |
 | <a name="requirement_github"></a> [github](#requirement\_github) | ~> 6.0 |

diff --git a/modules/azure/version.tf b/modules/azure/version.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3"
+  required_version = ">= 1.3.2"
   required_providers {
     azurerm    = "~> 3.0"
     helm       = "~> 2.0"

diff --git a/modules/google/README.md b/modules/google/README.md
@@ -48,8 +48,8 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_cert_manager_workload_identity"></a> [cert\_manager\_workload\_identity](#module\_cert\_manager\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 30.1.0 |
-| <a name="module_external_dns_workload_identity"></a> [external\_dns\_workload\_identity](#module\_external\_dns\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 30.1.0 |
+| <a name="module_cert_manager_workload_identity"></a> [cert\_manager\_workload\_identity](#module\_cert\_manager\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 30.3.0 |
+| <a name="module_external_dns_workload_identity"></a> [external\_dns\_workload\_identity](#module\_external\_dns\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 30.3.0 |
 | <a name="module_iam_assumable_sa_kube-prometheus-stack_grafana"></a> [iam\_assumable\_sa\_kube-prometheus-stack\_grafana](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_grafana) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 30.0 |
 | <a name="module_iam_assumable_sa_kube-prometheus-stack_thanos"></a> [iam\_assumable\_sa\_kube-prometheus-stack\_thanos](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_thanos) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 30.0 |
 | <a name="module_iam_assumable_sa_loki-stack"></a> [iam\_assumable\_sa\_loki-stack](#module\_iam\_assumable\_sa\_loki-stack) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 30.0 |
@@ -58,13 +58,13 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP
 | <a name="module_iam_assumable_sa_thanos-sg"></a> [iam\_assumable\_sa\_thanos-sg](#module\_iam\_assumable\_sa\_thanos-sg) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 30.0 |
 | <a name="module_iam_assumable_sa_thanos-storegateway"></a> [iam\_assumable\_sa\_thanos-storegateway](#module\_iam\_assumable\_sa\_thanos-storegateway) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 30.0 |
 | <a name="module_kube-prometheus-stack_grafana-iam-member"></a> [kube-prometheus-stack\_grafana-iam-member](#module\_kube-prometheus-stack\_grafana-iam-member) | terraform-google-modules/iam/google//modules/member_iam | ~> 7.6 |
-| <a name="module_kube-prometheus-stack_kube-prometheus-stack_bucket"></a> [kube-prometheus-stack\_kube-prometheus-stack\_bucket](#module\_kube-prometheus-stack\_kube-prometheus-stack\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 5.0 |
+| <a name="module_kube-prometheus-stack_kube-prometheus-stack_bucket"></a> [kube-prometheus-stack\_kube-prometheus-stack\_bucket](#module\_kube-prometheus-stack\_kube-prometheus-stack\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 6.0 |
 | <a name="module_kube-prometheus-stack_thanos_kms_bucket"></a> [kube-prometheus-stack\_thanos\_kms\_bucket](#module\_kube-prometheus-stack\_thanos\_kms\_bucket) | terraform-google-modules/kms/google | ~> 2.2 |
-| <a name="module_loki-stack_bucket"></a> [loki-stack\_bucket](#module\_loki-stack\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 5.0 |
+| <a name="module_loki-stack_bucket"></a> [loki-stack\_bucket](#module\_loki-stack\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 6.0 |
 | <a name="module_loki-stack_bucket_iam"></a> [loki-stack\_bucket\_iam](#module\_loki-stack\_bucket\_iam) | terraform-google-modules/iam/google//modules/storage_buckets_iam | ~> 7.6 |
 | <a name="module_loki-stack_kms_bucket"></a> [loki-stack\_kms\_bucket](#module\_loki-stack\_kms\_bucket) | terraform-google-modules/kms/google | ~> 2.2 |
 | <a name="module_thanos-storegateway_bucket_iam"></a> [thanos-storegateway\_bucket\_iam](#module\_thanos-storegateway\_bucket\_iam) | terraform-google-modules/iam/google//modules/storage_buckets_iam | ~> 7.6 |
-| <a name="module_thanos_bucket"></a> [thanos\_bucket](#module\_thanos\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 5.0 |
+| <a name="module_thanos_bucket"></a> [thanos\_bucket](#module\_thanos\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 6.0 |
 | <a name="module_thanos_kms_bucket"></a> [thanos\_kms\_bucket](#module\_thanos\_kms\_bucket) | terraform-google-modules/kms/google | ~> 2.2 |
 
 ## Resources

diff --git a/modules/google/cert-manager.tf b/modules/google/cert-manager.tf
@@ -57,7 +57,7 @@ VALUES
 module "cert_manager_workload_identity" {
   count               = local.cert-manager.create_iam_resources && local.cert-manager.enabled ? 1 : 0
   source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
-  version             = "~> 30.1.0"
+  version             = "~> 30.3.0"
   name                = local.cert-manager.service_account_name
   namespace           = local.cert-manager.namespace
   project_id          = local.cert-manager.project_id

diff --git a/modules/google/external-dns.tf b/modules/google/external-dns.tf
@@ -55,7 +55,7 @@ locals {
 # to be allowed to use the workload identity on GKE.
 module "external_dns_workload_identity" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
-  version = "~> 30.1.0"
+  version = "~> 30.3.0"
 
   for_each = { for k, v in local.external-dns : k => v if v.enabled && v.create_iam_resources }
 

diff --git a/modules/google/kube-prometheus.tf b/modules/google/kube-prometheus.tf
@@ -333,7 +333,7 @@ module "kube-prometheus-stack_kube-prometheus-stack_bucket" {
   count = local.kube-prometheus-stack["enabled"] && local.kube-prometheus-stack["thanos_create_bucket"] ? 1 : 0
 
   source     = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
-  version    = "~> 5.0"
+  version    = "~> 6.0"
   project_id = var.project_id
   location   = local.kube-prometheus-stack["thanos_bucket_location"]
 

diff --git a/modules/google/loki-stack.tf b/modules/google/loki-stack.tf
@@ -30,13 +30,6 @@ locals {
   values_loki-stack = <<-VALUES
     test:
       enabled: false
-    monitoring:
-      lokiCanary:
-        enabled: false
-      selfMonitoring:
-        enabled: false
-        grafanaAgent:
-          installOperator: false
     serviceMonitor:
       enabled: ${local.kube-prometheus-stack["enabled"] || local.victoria-metrics-k8s-stack["enabled"]}
     priorityClassName: ${local.priority-class["create"] ? kubernetes_priority_class.kubernetes_addons[0].metadata[0].name : ""}
@@ -187,7 +180,7 @@ module "loki-stack_bucket" {
   count = local.loki-stack["enabled"] && local.loki-stack["create_bucket"] ? 1 : 0
 
   source     = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
-  version    = "~> 5.0"
+  version    = "~> 6.0"
   project_id = var.project_id
   location   = local.loki-stack["bucket_location"]
 

diff --git a/modules/google/thanos.tf b/modules/google/thanos.tf
@@ -252,7 +252,7 @@ module "thanos_bucket" {
   count = local.thanos["enabled"] && local.thanos["create_bucket"] ? 1 : 0
 
   source     = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
-  version    = "~> 5.0"
+  version    = "~> 6.0"
   project_id = var.project_id
   location   = local.thanos["bucket_location"]
 

diff --git a/modules/scaleway/README.md b/modules/scaleway/README.md
@@ -19,7 +19,7 @@ User guides, feature documentation and examples are available [here](https://git
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.2 |
 | <a name="requirement_flux"></a> [flux](#requirement\_flux) | ~> 1.0 |
 | <a name="requirement_github"></a> [github](#requirement\_github) | ~> 6.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.0 |