diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml
index 68515446c..47fb0ab1c 100644
--- a/.github/workflows/pr-title.yml
+++ b/.github/workflows/pr-title.yml
@@ -14,7 +14,7 @@ jobs:
steps:
# Please look up the latest version from
# https://github.com/amannn/action-semantic-pull-request/releases
- - uses: amannn/action-semantic-pull-request@v5.4.0
+ - uses: amannn/action-semantic-pull-request@v5.5.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
index b2fa6192f..f5951f7e4 100644
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -22,7 +22,7 @@ jobs:
- name: Get root directories
id: dirs
- uses: clowdhaus/terraform-composite-actions/directories@v1.8.3
+ uses: clowdhaus/terraform-composite-actions/directories@v1.9.0
preCommitMinVersions:
name: Min TF pre-commit
@@ -37,14 +37,14 @@ jobs:
- name: Terraform min/max versions
id: minMax
- uses: clowdhaus/terraform-min-max@v1.2.7
+ uses: clowdhaus/terraform-min-max@v1.3.1
with:
directory: ${{ matrix.directory }}
- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
# Run only validate pre-commit check on min version supported
if: ${{ matrix.directory != '.' }}
- uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3
+ uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
with:
terraform-version: ${{ steps.minMax.outputs.minVersion }}
args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
@@ -52,7 +52,7 @@ jobs:
- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
# Run only validate pre-commit check on min version supported
if: ${{ matrix.directory == '.' }}
- uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3
+ uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
with:
terraform-version: ${{ steps.minMax.outputs.minVersion }}
args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)'
@@ -70,10 +70,10 @@ jobs:
- name: Terraform min/max versions
id: minMax
- uses: clowdhaus/terraform-min-max@v1.2.7
+ uses: clowdhaus/terraform-min-max@v1.3.1
- name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
- uses: clowdhaus/terraform-composite-actions/pre-commit@v1.8.3
+ uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
with:
terraform-version: ${{ steps.minMax.outputs.maxVersion }}
terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
diff --git a/README.md b/README.md
index dba278a08..6f1806401 100644
--- a/README.md
+++ b/README.md
@@ -81,7 +81,7 @@ here](https://github.com/particuleio/terraform-kubernetes-addons/blob/master/.gi
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
+| [terraform](#requirement\_terraform) | >= 1.3.2 |
| [flux](#requirement\_flux) | ~> 1.0 |
| [github](#requirement\_github) | ~> 6.0 |
| [helm](#requirement\_helm) | ~> 2.0 |
diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 55b7e7b46..e3262c5be 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -6,40 +6,40 @@ dependencies:
version: 0.13.2
repository: https://charts.admiralty.io
- name: secrets-store-csi-driver
- version: 1.4.1
+ version: 1.4.3
repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
- name: aws-ebs-csi-driver
- version: 2.28.1
+ version: 2.30.0
repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
- name: aws-efs-csi-driver
- version: 2.5.6
+ version: 3.0.3
repository: https://kubernetes-sigs.github.io/aws-efs-csi-driver
- name: aws-for-fluent-bit
version: 0.1.32
repository: https://aws.github.io/eks-charts
- name: aws-load-balancer-controller
- version: 1.7.1
+ version: 1.7.2
repository: https://aws.github.io/eks-charts
- name: aws-node-termination-handler
version: 0.21.0
repository: https://aws.github.io/eks-charts
- name: cert-manager
- version: v1.14.3
+ version: v1.14.5
repository: https://charts.jetstack.io
- name: cert-manager-csi-driver
- version: v0.7.1
+ version: v0.8.0
repository: https://charts.jetstack.io
- name: cluster-autoscaler
- version: 9.35.0
+ version: 9.37.0
repository: https://kubernetes.github.io/autoscaler
- name: external-dns
- version: 1.14.3
+ version: 1.14.4
repository: https://kubernetes-sigs.github.io/external-dns/
- name: flux
version: 1.13.3
repository: https://charts.fluxcd.io
- name: ingress-nginx
- version: 4.10.0
+ version: 4.10.1
repository: https://kubernetes.github.io/ingress-nginx
- name: k8gb
version: v0.12.2
@@ -48,16 +48,16 @@ dependencies:
version: 1.7.2
repository: https://charts.helm.sh/stable
- name: karpenter
- version: 0.35.0
+ version: 0.36.1
repository: oci://public.ecr.aws/karpenter
- name: keda
- version: 2.13.2
+ version: 2.14.2
repository: https://kedacore.github.io/charts
- name: kong
version: 2.38.0
repository: https://charts.konghq.com
- name: kube-prometheus-stack
- version: 56.21.2
+ version: 58.5.0
repository: https://prometheus-community.github.io/helm-charts
- name: linkerd2-cni
version: 30.12.2
@@ -72,49 +72,49 @@ dependencies:
version: 30.12.11
repository: https://helm.linkerd.io/stable
- name: loki
- version: 5.43.5
+ version: 6.5.2
repository: https://grafana.github.io/helm-charts
- name: promtail
version: 6.15.5
repository: https://grafana.github.io/helm-charts
- name: metrics-server
- version: 3.12.0
+ version: 3.12.1
repository: https://kubernetes-sigs.github.io/metrics-server/
- name: node-problem-detector
- version: 2.3.12
+ version: 2.3.13
repository: https://charts.deliveryhero.io/
- name: prometheus-adapter
- version: 4.9.0
+ version: 4.10.0
repository: https://prometheus-community.github.io/helm-charts
- name: prometheus-cloudwatch-exporter
version: 0.25.3
repository: https://prometheus-community.github.io/helm-charts
- name: prometheus-blackbox-exporter
- version: 8.12.0
+ version: 8.16.0
repository: https://prometheus-community.github.io/helm-charts
- name: scaleway-webhook
version: v0.0.1
repository: https://particuleio.github.io/charts
- name: sealed-secrets
- version: 2.15.0
+ version: 2.15.3
repository: https://bitnami-labs.github.io/sealed-secrets
- name: thanos
- version: 12.23.2
+ version: 15.4.4
repository: https://charts.bitnami.com/bitnami
- name: tigera-operator
- version: v3.27.2
+ version: v3.28.0
repository: https://docs.projectcalico.org/charts
- name: traefik
- version: 26.1.0
+ version: 28.0.0
repository: https://helm.traefik.io/traefik
- name: memcached
- version: 6.14.0
+ version: 7.0.5
repository: https://charts.bitnami.com/bitnami
- name: velero
- version: 4.4.1
+ version: 6.0.0
repository: https://vmware-tanzu.github.io/helm-charts
- name: victoria-metrics-k8s-stack
- version: 0.19.4
+ version: 0.22.0
repository: https://victoriametrics.github.io/helm-charts/
- name: yet-another-cloudwatch-exporter
version: 0.14.0
diff --git a/modules/aws/README.md b/modules/aws/README.md
index d95911f65..4eac086e2 100644
--- a/modules/aws/README.md
+++ b/modules/aws/README.md
@@ -20,7 +20,7 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
+| [terraform](#requirement\_terraform) | >= 1.3.2 |
| [aws](#requirement\_aws) | >= 5.27 |
| [flux](#requirement\_flux) | ~> 1.0 |
| [github](#requirement\_github) | ~> 6.0 |
diff --git a/modules/aws/ingress-nginx.tf b/modules/aws/ingress-nginx.tf
index dce4ae89f..cdca8e82f 100644
--- a/modules/aws/ingress-nginx.tf
+++ b/modules/aws/ingress-nginx.tf
@@ -60,8 +60,8 @@ controller:
kind: "DaemonSet"
service:
annotations:
+ service.beta.kubernetes.io/aws-load-balancer-attributes: load_balancing.cross_zone.enabled=true
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
- service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
service.beta.kubernetes.io/aws-load-balancer-type: nlb
externalTrafficPolicy: "Local"
publishService:
@@ -85,8 +85,8 @@ controller:
kind: "DaemonSet"
service:
annotations:
+ service.beta.kubernetes.io/aws-load-balancer-attributes: load_balancing.cross_zone.enabled=true
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
- service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: 'true'
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
publishService:
diff --git a/modules/aws/kube-prometheus.tf b/modules/aws/kube-prometheus.tf
index 99cf9715d..ac1ba6d95 100644
--- a/modules/aws/kube-prometheus.tf
+++ b/modules/aws/kube-prometheus.tf
@@ -363,18 +363,6 @@ data "aws_iam_policy_document" "kube-prometheus-stack_grafana" {
resources = ["*"]
}
- statement {
- effect = "Allow"
-
- actions = [
- "ec2:DescribeTags",
- "ec2:DescribeInstances",
- "ec2:DescribeRegions"
- ]
-
- resources = ["*"]
-
- }
}
data "aws_iam_policy_document" "kube-prometheus-stack_thanos" {
diff --git a/modules/aws/loki-stack.tf b/modules/aws/loki-stack.tf
index 2b3d108f4..b91f318e8 100644
--- a/modules/aws/loki-stack.tf
+++ b/modules/aws/loki-stack.tf
@@ -28,13 +28,6 @@ locals {
values_loki-stack = <<-VALUES
test:
enabled: false
- monitoring:
- lokiCanary:
- enabled: false
- selfMonitoring:
- enabled: false
- grafanaAgent:
- installOperator: false
serviceMonitor:
enabled: ${local.kube-prometheus-stack["enabled"] || local.victoria-metrics-k8s-stack["enabled"]}
priorityClassName: ${local.priority-class["create"] ? kubernetes_priority_class.kubernetes_addons[0].metadata[0].name : ""}
diff --git a/modules/aws/velero.tf b/modules/aws/velero.tf
index 23b646436..bd8163839 100644
--- a/modules/aws/velero.tf
+++ b/modules/aws/velero.tf
@@ -51,13 +51,13 @@ credentials:
useSecret: false
initContainers:
- name: velero-plugin-for-aws
- image: velero/velero-plugin-for-aws:v1.7.1
+ image: velero/velero-plugin-for-aws:v1.9.2
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /target
name: plugins
- name: velero-plugin-for-csi
- image: velero/velero-plugin-for-csi:v0.5.1
+ image: velero/velero-plugin-for-csi:v0.7.1
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /target
diff --git a/modules/aws/versions.tf b/modules/aws/versions.tf
index 7d7959c7c..2688eab0c 100644
--- a/modules/aws/versions.tf
+++ b/modules/aws/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.3.2"
required_providers {
aws = ">= 5.27"
helm = "~> 2.0"
diff --git a/modules/azure/README.md b/modules/azure/README.md
index 15e7435e8..cb57180d0 100644
--- a/modules/azure/README.md
+++ b/modules/azure/README.md
@@ -7,7 +7,7 @@ Provides various Kubernetes addons that are often used on Kubernetes with Azure
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
+| [terraform](#requirement\_terraform) | >= 1.3.2 |
| [azurerm](#requirement\_azurerm) | ~> 3.0 |
| [flux](#requirement\_flux) | ~> 1.0 |
| [github](#requirement\_github) | ~> 6.0 |
diff --git a/modules/azure/version.tf b/modules/azure/version.tf
index 97239cc54..80a2f2c27 100644
--- a/modules/azure/version.tf
+++ b/modules/azure/version.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.3.2"
required_providers {
azurerm = "~> 3.0"
helm = "~> 2.0"
diff --git a/modules/google/README.md b/modules/google/README.md
index b3b891f90..d2339ab3c 100644
--- a/modules/google/README.md
+++ b/modules/google/README.md
@@ -48,8 +48,8 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP
| Name | Source | Version |
|------|--------|---------|
-| [cert\_manager\_workload\_identity](#module\_cert\_manager\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 30.1.0 |
-| [external\_dns\_workload\_identity](#module\_external\_dns\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 30.1.0 |
+| [cert\_manager\_workload\_identity](#module\_cert\_manager\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 30.3.0 |
+| [external\_dns\_workload\_identity](#module\_external\_dns\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 30.3.0 |
| [iam\_assumable\_sa\_kube-prometheus-stack\_grafana](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_grafana) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 30.0 |
| [iam\_assumable\_sa\_kube-prometheus-stack\_thanos](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_thanos) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 30.0 |
| [iam\_assumable\_sa\_loki-stack](#module\_iam\_assumable\_sa\_loki-stack) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 30.0 |
@@ -58,13 +58,13 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP
| [iam\_assumable\_sa\_thanos-sg](#module\_iam\_assumable\_sa\_thanos-sg) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 30.0 |
| [iam\_assumable\_sa\_thanos-storegateway](#module\_iam\_assumable\_sa\_thanos-storegateway) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 30.0 |
| [kube-prometheus-stack\_grafana-iam-member](#module\_kube-prometheus-stack\_grafana-iam-member) | terraform-google-modules/iam/google//modules/member_iam | ~> 7.6 |
-| [kube-prometheus-stack\_kube-prometheus-stack\_bucket](#module\_kube-prometheus-stack\_kube-prometheus-stack\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 5.0 |
+| [kube-prometheus-stack\_kube-prometheus-stack\_bucket](#module\_kube-prometheus-stack\_kube-prometheus-stack\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 6.0 |
| [kube-prometheus-stack\_thanos\_kms\_bucket](#module\_kube-prometheus-stack\_thanos\_kms\_bucket) | terraform-google-modules/kms/google | ~> 2.2 |
-| [loki-stack\_bucket](#module\_loki-stack\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 5.0 |
+| [loki-stack\_bucket](#module\_loki-stack\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 6.0 |
| [loki-stack\_bucket\_iam](#module\_loki-stack\_bucket\_iam) | terraform-google-modules/iam/google//modules/storage_buckets_iam | ~> 7.6 |
| [loki-stack\_kms\_bucket](#module\_loki-stack\_kms\_bucket) | terraform-google-modules/kms/google | ~> 2.2 |
| [thanos-storegateway\_bucket\_iam](#module\_thanos-storegateway\_bucket\_iam) | terraform-google-modules/iam/google//modules/storage_buckets_iam | ~> 7.6 |
-| [thanos\_bucket](#module\_thanos\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 5.0 |
+| [thanos\_bucket](#module\_thanos\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 6.0 |
| [thanos\_kms\_bucket](#module\_thanos\_kms\_bucket) | terraform-google-modules/kms/google | ~> 2.2 |
## Resources
diff --git a/modules/google/cert-manager.tf b/modules/google/cert-manager.tf
index 51db59895..07daf452d 100644
--- a/modules/google/cert-manager.tf
+++ b/modules/google/cert-manager.tf
@@ -57,7 +57,7 @@ VALUES
module "cert_manager_workload_identity" {
count = local.cert-manager.create_iam_resources && local.cert-manager.enabled ? 1 : 0
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 30.1.0"
+ version = "~> 30.3.0"
name = local.cert-manager.service_account_name
namespace = local.cert-manager.namespace
project_id = local.cert-manager.project_id
diff --git a/modules/google/external-dns.tf b/modules/google/external-dns.tf
index 52663f5e3..735179f8d 100644
--- a/modules/google/external-dns.tf
+++ b/modules/google/external-dns.tf
@@ -55,7 +55,7 @@ locals {
# to be allowed to use the workload identity on GKE.
module "external_dns_workload_identity" {
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 30.1.0"
+ version = "~> 30.3.0"
for_each = { for k, v in local.external-dns : k => v if v.enabled && v.create_iam_resources }
diff --git a/modules/google/kube-prometheus.tf b/modules/google/kube-prometheus.tf
index cadb9fc89..64b71437d 100644
--- a/modules/google/kube-prometheus.tf
+++ b/modules/google/kube-prometheus.tf
@@ -333,7 +333,7 @@ module "kube-prometheus-stack_kube-prometheus-stack_bucket" {
count = local.kube-prometheus-stack["enabled"] && local.kube-prometheus-stack["thanos_create_bucket"] ? 1 : 0
source = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
- version = "~> 5.0"
+ version = "~> 6.0"
project_id = var.project_id
location = local.kube-prometheus-stack["thanos_bucket_location"]
diff --git a/modules/google/loki-stack.tf b/modules/google/loki-stack.tf
index 96b2c4e2c..c50e6428c 100644
--- a/modules/google/loki-stack.tf
+++ b/modules/google/loki-stack.tf
@@ -30,13 +30,6 @@ locals {
values_loki-stack = <<-VALUES
test:
enabled: false
- monitoring:
- lokiCanary:
- enabled: false
- selfMonitoring:
- enabled: false
- grafanaAgent:
- installOperator: false
serviceMonitor:
enabled: ${local.kube-prometheus-stack["enabled"] || local.victoria-metrics-k8s-stack["enabled"]}
priorityClassName: ${local.priority-class["create"] ? kubernetes_priority_class.kubernetes_addons[0].metadata[0].name : ""}
@@ -187,7 +180,7 @@ module "loki-stack_bucket" {
count = local.loki-stack["enabled"] && local.loki-stack["create_bucket"] ? 1 : 0
source = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
- version = "~> 5.0"
+ version = "~> 6.0"
project_id = var.project_id
location = local.loki-stack["bucket_location"]
diff --git a/modules/google/thanos.tf b/modules/google/thanos.tf
index 39203f3e8..757b7e786 100644
--- a/modules/google/thanos.tf
+++ b/modules/google/thanos.tf
@@ -252,7 +252,7 @@ module "thanos_bucket" {
count = local.thanos["enabled"] && local.thanos["create_bucket"] ? 1 : 0
source = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
- version = "~> 5.0"
+ version = "~> 6.0"
project_id = var.project_id
location = local.thanos["bucket_location"]
diff --git a/modules/scaleway/README.md b/modules/scaleway/README.md
index ca995a7fd..d5b8d66dc 100644
--- a/modules/scaleway/README.md
+++ b/modules/scaleway/README.md
@@ -19,7 +19,7 @@ User guides, feature documentation and examples are available [here](https://git
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
+| [terraform](#requirement\_terraform) | >= 1.3.2 |
| [flux](#requirement\_flux) | ~> 1.0 |
| [github](#requirement\_github) | ~> 6.0 |
| [helm](#requirement\_helm) | ~> 2.0 |
diff --git a/modules/scaleway/loki-stack.tf b/modules/scaleway/loki-stack.tf
index 7ce34e826..ea926b58c 100644
--- a/modules/scaleway/loki-stack.tf
+++ b/modules/scaleway/loki-stack.tf
@@ -24,13 +24,6 @@ locals {
values_loki-stack = <<-VALUES
global
dnsService: coredns
- monitoring:
- lokiCanary:
- enabled: false
- selfMonitoring:
- enabled: false
- grafanaAgent:
- installOperator: false
serviceMonitor:
enabled: ${local.kube-prometheus-stack["enabled"] || local.victoria-metrics-k8s-stack["enabled"]}
priorityClassName: ${local.priority-class["create"] ? kubernetes_priority_class.kubernetes_addons[0].metadata[0].name : ""}
diff --git a/modules/scaleway/versions.tf b/modules/scaleway/versions.tf
index bc633a3b5..0101f82c6 100644
--- a/modules/scaleway/versions.tf
+++ b/modules/scaleway/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.3.2"
required_providers {
helm = "~> 2.0"
kubernetes = "~> 2.0, != 2.12"
diff --git a/versions.tf b/versions.tf
index a36d802a7..3410a7331 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.3"
+ required_version = ">= 1.3.2"
required_providers {
helm = "~> 2.0"
kubernetes = "~> 2.0, != 2.12"