diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
index f5951f7e4..7b2d85a91 100644
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -22,7 +22,7 @@ jobs:
- name: Get root directories
id: dirs
- uses: clowdhaus/terraform-composite-actions/directories@v1.9.0
+ uses: clowdhaus/terraform-composite-actions/directories@v1.11.0
preCommitMinVersions:
name: Min TF pre-commit
@@ -44,7 +44,7 @@ jobs:
- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
# Run only validate pre-commit check on min version supported
if: ${{ matrix.directory != '.' }}
- uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
+ uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.0
with:
terraform-version: ${{ steps.minMax.outputs.minVersion }}
args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
@@ -52,7 +52,7 @@ jobs:
- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
# Run only validate pre-commit check on min version supported
if: ${{ matrix.directory == '.' }}
- uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
+ uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.0
with:
terraform-version: ${{ steps.minMax.outputs.minVersion }}
args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)'
@@ -73,7 +73,7 @@ jobs:
uses: clowdhaus/terraform-min-max@v1.3.1
- name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
- uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
+ uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.0
with:
terraform-version: ${{ steps.minMax.outputs.maxVersion }}
terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index dfc0f397a..6fb8bc17b 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.92.2
+ rev: v1.96.1
hooks:
- id: terraform_fmt
- id: terraform_validate
@@ -14,6 +14,6 @@ repos:
- id: check-merge-conflict
- id: end-of-file-fixer
- repo: https://github.com/renovatebot/pre-commit-hooks
- rev: 38.52.3
+ rev: 38.88.0
hooks:
- id: renovate-config-validator
diff --git a/README.md b/README.md
index 19c4e6048..77cea3d4b 100644
--- a/README.md
+++ b/README.md
@@ -76,7 +76,7 @@ section.
Full contributing [guidelines are covered
here](https://github.com/particuleio/terraform-kubernetes-addons/blob/master/.github/CONTRIBUTING.md).
-
+
## Requirements
| Name | Version |
@@ -313,6 +313,7 @@ No modules.
| [thanos-tls-querier](#input\_thanos-tls-querier) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
| [tigera-operator](#input\_tigera-operator) | Customize tigera-operator chart, see `tigera-operator.tf` for supported values | `any` | `{}` | no |
| [traefik](#input\_traefik) | Customize traefik chart, see `traefik.tf` for supported values | `any` | `{}` | no |
+| [velero](#input\_velero) | Customize velero chart, see `velero.tf` for supported values | `any` | `{}` | no |
| [victoria-metrics-k8s-stack](#input\_victoria-metrics-k8s-stack) | Customize Victoria Metrics chart, see `victoria-metrics-k8s-stack.tf` for supported values | `any` | `{}` | no |
## Outputs
@@ -323,4 +324,4 @@ No modules.
| [loki-stack-ca](#output\_loki-stack-ca) | n/a |
| [promtail-cert](#output\_promtail-cert) | n/a |
| [promtail-key](#output\_promtail-key) | n/a |
-
+
diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index 0931d7767..39f4bdec9 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -9,7 +9,7 @@ dependencies:
version: 1.4.5
repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
- name: aws-ebs-csi-driver
- version: 2.34.0
+ version: 2.35.1
repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
- name: aws-efs-csi-driver
version: 3.0.8
@@ -18,7 +18,7 @@ dependencies:
version: 0.1.34
repository: https://aws.github.io/eks-charts
- name: aws-load-balancer-controller
- version: 1.8.2
+ version: 1.8.3
repository: https://aws.github.io/eks-charts
- name: aws-node-termination-handler
version: 0.21.0
@@ -33,7 +33,7 @@ dependencies:
version: 9.37.0
repository: https://kubernetes.github.io/autoscaler
- name: external-dns
- version: 1.14.5
+ version: 1.15.0
repository: https://kubernetes-sigs.github.io/external-dns/
- name: flux
version: 1.13.3
@@ -42,22 +42,22 @@ dependencies:
version: 4.11.2
repository: https://kubernetes.github.io/ingress-nginx
- name: k8gb
- version: v0.13.0
+ version: v0.14.0
repository: https://www.k8gb.io
- name: karma
version: 1.7.2
repository: https://charts.helm.sh/stable
- name: karpenter
- version: 1.0.1
+ version: 1.0.2
repository: oci://public.ecr.aws/karpenter
- name: keda
version: 2.15.1
repository: https://kedacore.github.io/charts
- name: kong
- version: 2.41.0
+ version: 2.41.1
repository: https://charts.konghq.com
- name: kube-prometheus-stack
- version: 62.3.1
+ version: 62.7.0
repository: https://prometheus-community.github.io/helm-charts
- name: linkerd2-cni
version: 30.12.2
@@ -72,10 +72,10 @@ dependencies:
version: 30.12.11
repository: https://helm.linkerd.io/stable
- name: loki
- version: 6.10.2
+ version: 6.12.0
repository: https://grafana.github.io/helm-charts
- name: promtail
- version: 6.16.5
+ version: 6.16.6
repository: https://grafana.github.io/helm-charts
- name: metrics-server
version: 3.12.1
@@ -99,22 +99,22 @@ dependencies:
version: 2.16.1
repository: https://bitnami-labs.github.io/sealed-secrets
- name: thanos
- version: 15.7.23
+ version: 15.7.25
repository: https://charts.bitnami.com/bitnami
- name: tigera-operator
- version: v3.28.1
+ version: v3.28.2
repository: https://docs.projectcalico.org/charts
- name: traefik
- version: 30.1.0
+ version: 31.1.0
repository: https://helm.traefik.io/traefik
- name: memcached
- version: 7.4.12
+ version: 7.4.16
repository: https://charts.bitnami.com/bitnami
- name: velero
- version: 7.1.5
+ version: 7.2.1
repository: https://vmware-tanzu.github.io/helm-charts
- name: victoria-metrics-k8s-stack
- version: 0.25.8
+ version: 0.25.17
repository: https://victoriametrics.github.io/helm-charts/
- name: yet-another-cloudwatch-exporter
version: 0.14.0
diff --git a/modules/aws/README.md b/modules/aws/README.md
index 33d53b076..b1e2b2e55 100644
--- a/modules/aws/README.md
+++ b/modules/aws/README.md
@@ -15,7 +15,7 @@ User guides, feature documentation and examples are available [here](https://git
This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/).
-
+
## Requirements
| Name | Version |
@@ -423,4 +423,4 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
| [promtail-cert](#output\_promtail-cert) | n/a |
| [promtail-key](#output\_promtail-key) | n/a |
| [thanos\_ca](#output\_thanos\_ca) | n/a |
-
+
diff --git a/modules/aws/variables-aws.tf b/modules/aws/variables-aws.tf
index f342dd765..5365cd601 100644
--- a/modules/aws/variables-aws.tf
+++ b/modules/aws/variables-aws.tf
@@ -82,12 +82,6 @@ variable "tags" {
default = {}
}
-variable "velero" {
- description = "Customize velero chart, see `velero.tf` for supported values"
- type = any
- default = {}
-}
-
variable "yet-another-cloudwatch-exporter" {
description = "Customize yet-another-cloudwatch-exporter chart, see `yet-another-cloudwatch-exporter.tf` for supported values"
type = any
diff --git a/modules/azure/README.md b/modules/azure/README.md
index 03ea67d9f..3169a341d 100644
--- a/modules/azure/README.md
+++ b/modules/azure/README.md
@@ -2,7 +2,7 @@
Provides various Kubernetes addons that are often used on Kubernetes with Azure
-
+
## Requirements
| Name | Version |
@@ -223,6 +223,7 @@ No modules.
| [thanos-tls-querier](#input\_thanos-tls-querier) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
| [tigera-operator](#input\_tigera-operator) | Customize tigera-operator chart, see `tigera-operator.tf` for supported values | `any` | `{}` | no |
| [traefik](#input\_traefik) | Customize traefik chart, see `traefik.tf` for supported values | `any` | `{}` | no |
+| [velero](#input\_velero) | Customize velero chart, see `velero.tf` for supported values | `any` | `{}` | no |
| [victoria-metrics-k8s-stack](#input\_victoria-metrics-k8s-stack) | Customize Victoria Metrics chart, see `victoria-metrics-k8s-stack.tf` for supported values | `any` | `{}` | no |
## Outputs
@@ -233,4 +234,4 @@ No modules.
| [loki-stack-ca](#output\_loki-stack-ca) | n/a |
| [promtail-cert](#output\_promtail-cert) | n/a |
| [promtail-key](#output\_promtail-key) | n/a |
-
+
diff --git a/modules/google/README.md b/modules/google/README.md
index 56d291552..f01b4e00e 100644
--- a/modules/google/README.md
+++ b/modules/google/README.md
@@ -11,7 +11,7 @@ Provides various addons that are often used on Kubernetes with Google and GKE.
Provides various Kubernetes addons that are often used on Kubernetes with GCP
-
+
## Requirements
| Name | Version |
@@ -48,24 +48,24 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP
| Name | Source | Version |
|------|--------|---------|
-| [cert\_manager\_workload\_identity](#module\_cert\_manager\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 32.0.0 |
-| [external\_dns\_workload\_identity](#module\_external\_dns\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 32.0.0 |
-| [iam\_assumable\_sa\_kube-prometheus-stack\_grafana](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_grafana) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 32.0 |
-| [iam\_assumable\_sa\_kube-prometheus-stack\_thanos](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_thanos) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 32.0 |
-| [iam\_assumable\_sa\_loki-stack](#module\_iam\_assumable\_sa\_loki-stack) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 32.0 |
-| [iam\_assumable\_sa\_thanos](#module\_iam\_assumable\_sa\_thanos) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 32.0 |
-| [iam\_assumable\_sa\_thanos-compactor](#module\_iam\_assumable\_sa\_thanos-compactor) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 32.0 |
-| [iam\_assumable\_sa\_thanos-sg](#module\_iam\_assumable\_sa\_thanos-sg) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 32.0 |
-| [iam\_assumable\_sa\_thanos-storegateway](#module\_iam\_assumable\_sa\_thanos-storegateway) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 32.0 |
-| [kube-prometheus-stack\_grafana-iam-member](#module\_kube-prometheus-stack\_grafana-iam-member) | terraform-google-modules/iam/google//modules/member_iam | ~> 7.6 |
+| [cert\_manager\_workload\_identity](#module\_cert\_manager\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0.0 |
+| [external\_dns\_workload\_identity](#module\_external\_dns\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0.0 |
+| [iam\_assumable\_sa\_kube-prometheus-stack\_grafana](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_grafana) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
+| [iam\_assumable\_sa\_kube-prometheus-stack\_thanos](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_thanos) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
+| [iam\_assumable\_sa\_loki-stack](#module\_iam\_assumable\_sa\_loki-stack) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
+| [iam\_assumable\_sa\_thanos](#module\_iam\_assumable\_sa\_thanos) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
+| [iam\_assumable\_sa\_thanos-compactor](#module\_iam\_assumable\_sa\_thanos-compactor) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
+| [iam\_assumable\_sa\_thanos-sg](#module\_iam\_assumable\_sa\_thanos-sg) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
+| [iam\_assumable\_sa\_thanos-storegateway](#module\_iam\_assumable\_sa\_thanos-storegateway) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 33.0 |
+| [kube-prometheus-stack\_grafana-iam-member](#module\_kube-prometheus-stack\_grafana-iam-member) | terraform-google-modules/iam/google//modules/member_iam | ~> 8.0 |
| [kube-prometheus-stack\_kube-prometheus-stack\_bucket](#module\_kube-prometheus-stack\_kube-prometheus-stack\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 6.0 |
-| [kube-prometheus-stack\_thanos\_kms\_bucket](#module\_kube-prometheus-stack\_thanos\_kms\_bucket) | terraform-google-modules/kms/google | ~> 2.2 |
+| [kube-prometheus-stack\_thanos\_kms\_bucket](#module\_kube-prometheus-stack\_thanos\_kms\_bucket) | terraform-google-modules/kms/google | ~> 3.0 |
| [loki-stack\_bucket](#module\_loki-stack\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 6.0 |
-| [loki-stack\_bucket\_iam](#module\_loki-stack\_bucket\_iam) | terraform-google-modules/iam/google//modules/storage_buckets_iam | ~> 7.6 |
-| [loki-stack\_kms\_bucket](#module\_loki-stack\_kms\_bucket) | terraform-google-modules/kms/google | ~> 2.2 |
-| [thanos-storegateway\_bucket\_iam](#module\_thanos-storegateway\_bucket\_iam) | terraform-google-modules/iam/google//modules/storage_buckets_iam | ~> 7.6 |
+| [loki-stack\_bucket\_iam](#module\_loki-stack\_bucket\_iam) | terraform-google-modules/iam/google//modules/storage_buckets_iam | ~> 8.0 |
+| [loki-stack\_kms\_bucket](#module\_loki-stack\_kms\_bucket) | terraform-google-modules/kms/google | ~> 3.0 |
+| [thanos-storegateway\_bucket\_iam](#module\_thanos-storegateway\_bucket\_iam) | terraform-google-modules/iam/google//modules/storage_buckets_iam | ~> 8.0 |
| [thanos\_bucket](#module\_thanos\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 6.0 |
-| [thanos\_kms\_bucket](#module\_thanos\_kms\_bucket) | terraform-google-modules/kms/google | ~> 2.2 |
+| [thanos\_kms\_bucket](#module\_thanos\_kms\_bucket) | terraform-google-modules/kms/google | ~> 3.0 |
## Resources
@@ -291,4 +291,4 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP
| [promtail-cert](#output\_promtail-cert) | n/a |
| [promtail-key](#output\_promtail-key) | n/a |
| [thanos\_ca](#output\_thanos\_ca) | n/a |
-
+
diff --git a/modules/google/cert-manager.tf b/modules/google/cert-manager.tf
index bbae8e4f7..cc84d6065 100644
--- a/modules/google/cert-manager.tf
+++ b/modules/google/cert-manager.tf
@@ -57,7 +57,7 @@ VALUES
module "cert_manager_workload_identity" {
count = local.cert-manager.create_iam_resources && local.cert-manager.enabled ? 1 : 0
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 32.0.0"
+ version = "~> 33.0.0"
name = local.cert-manager.service_account_name
namespace = local.cert-manager.namespace
project_id = local.cert-manager.project_id
diff --git a/modules/google/external-dns.tf b/modules/google/external-dns.tf
index bef83b4b9..59b040799 100644
--- a/modules/google/external-dns.tf
+++ b/modules/google/external-dns.tf
@@ -55,7 +55,7 @@ locals {
# to be allowed to use the workload identity on GKE.
module "external_dns_workload_identity" {
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 32.0.0"
+ version = "~> 33.0.0"
for_each = { for k, v in local.external-dns : k => v if v.enabled && v.create_iam_resources }
diff --git a/modules/google/kube-prometheus.tf b/modules/google/kube-prometheus.tf
index 37fa6331d..d5a07f0cc 100644
--- a/modules/google/kube-prometheus.tf
+++ b/modules/google/kube-prometheus.tf
@@ -255,7 +255,7 @@ VALUES
module "iam_assumable_sa_kube-prometheus-stack_grafana" {
count = local.kube-prometheus-stack["enabled"] ? 1 : 0
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 32.0"
+ version = "~> 33.0"
namespace = local.kube-prometheus-stack["namespace"]
project_id = var.project_id
name = local.kube-prometheus-stack["grafana_service_account_name"]
@@ -265,7 +265,7 @@ module "iam_assumable_sa_kube-prometheus-stack_grafana" {
module "iam_assumable_sa_kube-prometheus-stack_thanos" {
count = local.kube-prometheus-stack["enabled"] && local.kube-prometheus-stack["thanos_sidecar_enabled"] ? 1 : 0
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 32.0"
+ version = "~> 33.0"
namespace = local.kube-prometheus-stack["namespace"]
project_id = var.project_id
name = "${local.kube-prometheus-stack["name_prefix"]}-thanos"
@@ -301,7 +301,7 @@ resource "google_storage_bucket_iam_member" "kube_prometheus_stack_thanos_bucket
module "kube-prometheus-stack_grafana-iam-member" {
count = local.kube-prometheus-stack["enabled"] ? 1 : 0
source = "terraform-google-modules/iam/google//modules/member_iam"
- version = "~> 7.6"
+ version = "~> 8.0"
service_account_address = module.iam_assumable_sa_kube-prometheus-stack_grafana[0].gcp_service_account_email
project_id = var.project_id
@@ -315,7 +315,7 @@ module "kube-prometheus-stack_grafana-iam-member" {
module "kube-prometheus-stack_thanos_kms_bucket" {
count = local.kube-prometheus-stack["enabled"] && local.kube-prometheus-stack["thanos_create_bucket"] ? 1 : 0
source = "terraform-google-modules/kms/google"
- version = "~> 2.2"
+ version = "~> 3.0"
project_id = var.project_id
location = local.kube-prometheus-stack["thanos_kms_bucket_location"]
diff --git a/modules/google/loki-stack.tf b/modules/google/loki-stack.tf
index f4cd37033..e730b0001 100644
--- a/modules/google/loki-stack.tf
+++ b/modules/google/loki-stack.tf
@@ -66,7 +66,7 @@ locals {
module "iam_assumable_sa_loki-stack" {
count = local.loki-stack["enabled"] ? 1 : 0
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 32.0"
+ version = "~> 33.0"
namespace = local.loki-stack["namespace"]
project_id = var.project_id
name = local.loki-stack["name"]
@@ -75,7 +75,7 @@ module "iam_assumable_sa_loki-stack" {
module "loki-stack_bucket_iam" {
count = local.loki-stack["enabled"] ? 1 : 0
source = "terraform-google-modules/iam/google//modules/storage_buckets_iam"
- version = "~> 7.6"
+ version = "~> 8.0"
mode = "additive"
storage_buckets = [local.loki-stack["bucket"]]
@@ -162,7 +162,7 @@ resource "helm_release" "loki-stack" {
module "loki-stack_kms_bucket" {
count = local.loki-stack["enabled"] && local.loki-stack["create_bucket"] ? 1 : 0
source = "terraform-google-modules/kms/google"
- version = "~> 2.2"
+ version = "~> 3.0"
project_id = var.project_id
location = local.loki-stack["kms_bucket_location"]
diff --git a/modules/google/thanos-storegateway.tf b/modules/google/thanos-storegateway.tf
index ffe6a18e9..0d735574d 100644
--- a/modules/google/thanos-storegateway.tf
+++ b/modules/google/thanos-storegateway.tf
@@ -58,7 +58,7 @@ locals {
module "iam_assumable_sa_thanos-storegateway" {
for_each = local.thanos-storegateway
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 32.0"
+ version = "~> 33.0"
namespace = each.value["namespace"]
project_id = data.google_project.current.id
name = "${each.value["name_prefix"]}-${each.key}"
@@ -68,7 +68,7 @@ module "iam_assumable_sa_thanos-storegateway" {
module "thanos-storegateway_bucket_iam" {
for_each = local.thanos-storegateway
source = "terraform-google-modules/iam/google//modules/storage_buckets_iam"
- version = "~> 7.6"
+ version = "~> 8.0"
mode = "additive"
storage_buckets = [each.value["bucket"]]
diff --git a/modules/google/thanos.tf b/modules/google/thanos.tf
index 55a1d62f7..e77f50fa6 100644
--- a/modules/google/thanos.tf
+++ b/modules/google/thanos.tf
@@ -224,7 +224,7 @@ locals {
module "iam_assumable_sa_thanos" {
count = local.thanos["enabled"] ? 1 : 0
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 32.0"
+ version = "~> 33.0"
namespace = local.thanos["namespace"]
project_id = var.project_id
name = local.thanos["name"]
@@ -233,7 +233,7 @@ module "iam_assumable_sa_thanos" {
module "iam_assumable_sa_thanos-compactor" {
count = local.thanos["enabled"] ? 1 : 0
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 32.0"
+ version = "~> 33.0"
namespace = local.thanos["namespace"]
project_id = var.project_id
name = "${local.thanos["name"]}-compactor"
@@ -242,7 +242,7 @@ module "iam_assumable_sa_thanos-compactor" {
module "iam_assumable_sa_thanos-sg" {
count = local.thanos["enabled"] ? 1 : 0
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 32.0"
+ version = "~> 33.0"
namespace = local.thanos["namespace"]
project_id = var.project_id
name = "${local.thanos["name"]}-sg"
@@ -267,7 +267,7 @@ module "thanos_bucket" {
module "thanos_kms_bucket" {
count = local.thanos["enabled"] && local.thanos["create_bucket"] ? 1 : 0
source = "terraform-google-modules/kms/google"
- version = "~> 2.2"
+ version = "~> 3.0"
project_id = var.project_id
location = local.thanos["kms_bucket_location"]
diff --git a/modules/google/variables-google.tf b/modules/google/variables-google.tf
index 64b40e86f..86f627292 100644
--- a/modules/google/variables-google.tf
+++ b/modules/google/variables-google.tf
@@ -33,9 +33,3 @@ variable "tags" {
type = map(any)
default = {}
}
-
-variable "velero" {
- description = "Customize velero chart, see `velero.tf` for supported values"
- type = any
- default = {}
-}
diff --git a/modules/scaleway/README.md b/modules/scaleway/README.md
index c20eb6b48..6577aded7 100644
--- a/modules/scaleway/README.md
+++ b/modules/scaleway/README.md
@@ -14,7 +14,7 @@ User guides, feature documentation and examples are available [here](https://git
## Terraform docs
-
+
## Requirements
| Name | Version |
@@ -82,6 +82,7 @@ No modules.
| [helm_release.thanos-storegateway](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.thanos-tls-querier](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.traefik](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.velero](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [helm_release.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [kubectl_manifest.cert-manager_cluster_issuers](https://registry.terraform.io/providers/alekc/kubectl/latest/docs/resources/manifest) | resource |
| [kubectl_manifest.csi-external-snapshotter](https://registry.terraform.io/providers/alekc/kubectl/latest/docs/resources/manifest) | resource |
@@ -111,6 +112,7 @@ No modules.
| [kubernetes_namespace.sealed-secrets](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.thanos](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.traefik](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.velero](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_namespace.victoria-metrics-k8s-stack](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
| [kubernetes_network_policy.admiralty_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.admiralty_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -168,6 +170,9 @@ No modules.
| [kubernetes_network_policy.traefik_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.traefik_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.traefik_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.velero_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.velero_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.velero_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_ingress](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
| [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
@@ -186,6 +191,11 @@ No modules.
| [scaleway_object_bucket.kube-prometheus-stack_thanos_bucket](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/object_bucket) | resource |
| [scaleway_object_bucket.loki_bucket](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/object_bucket) | resource |
| [scaleway_object_bucket.thanos_bucket](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/object_bucket) | resource |
+| [scaleway_object_bucket.velero_bucket](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/object_bucket) | resource |
+| [scaleway_object_bucket_acl.kube-prometheus-stack_bucket_acl](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/object_bucket_acl) | resource |
+| [scaleway_object_bucket_acl.loki_bucket_acl](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/object_bucket_acl) | resource |
+| [scaleway_object_bucket_acl.thanos_bucket_acl](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/object_bucket_acl) | resource |
+| [scaleway_object_bucket_acl.velero_bucket_acl](https://registry.terraform.io/providers/scaleway/scaleway/latest/docs/resources/object_bucket_acl) | resource |
| [time_sleep.cert-manager_sleep](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
| [tls_cert_request.promtail-csr](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request) | resource |
| [tls_cert_request.thanos-tls-querier-cert-csr](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request) | resource |
@@ -250,12 +260,14 @@ No modules.
| [scaleway](#input\_scaleway) | Scaleway provider customization | `any` | `{}` | no |
| [sealed-secrets](#input\_sealed-secrets) | Customize sealed-secrets chart, see `sealed-secrets.tf` for supported values | `any` | `{}` | no |
| [secrets-store-csi-driver](#input\_secrets-store-csi-driver) | Customize secrets-store-csi-driver chart, see `secrets-store-csi-driver.tf` for supported values | `any` | `{}` | no |
+| [tags](#input\_tags) | Map of tags for Scaleway resources | `map(any)` | `{}` | no |
| [thanos](#input\_thanos) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
| [thanos-memcached](#input\_thanos-memcached) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
| [thanos-storegateway](#input\_thanos-storegateway) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
| [thanos-tls-querier](#input\_thanos-tls-querier) | Customize thanos chart, see `thanos.tf` for supported values | `any` | `{}` | no |
| [tigera-operator](#input\_tigera-operator) | Customize tigera-operator chart, see `tigera-operator.tf` for supported values | `any` | `{}` | no |
| [traefik](#input\_traefik) | Customize traefik chart, see `traefik.tf` for supported values | `any` | `{}` | no |
+| [velero](#input\_velero) | Customize velero chart, see `velero.tf` for supported values | `any` | `{}` | no |
| [victoria-metrics-k8s-stack](#input\_victoria-metrics-k8s-stack) | Customize Victoria Metrics chart, see `victoria-metrics-k8s-stack.tf` for supported values | `any` | `{}` | no |
## Outputs
@@ -267,4 +279,4 @@ No modules.
| [promtail-cert](#output\_promtail-cert) | n/a |
| [promtail-key](#output\_promtail-key) | n/a |
| [thanos\_ca](#output\_thanos\_ca) | n/a |
-
+
diff --git a/modules/scaleway/kube-prometheus.tf b/modules/scaleway/kube-prometheus.tf
index 11abc563f..cabfa7ec9 100644
--- a/modules/scaleway/kube-prometheus.tf
+++ b/modules/scaleway/kube-prometheus.tf
@@ -288,7 +288,12 @@ resource "kubernetes_namespace" "kube-prometheus-stack" {
resource "scaleway_object_bucket" "kube-prometheus-stack_thanos_bucket" {
count = local.kube-prometheus-stack["enabled"] && local.kube-prometheus-stack["thanos_sidecar_enabled"] && local.kube-prometheus-stack["thanos_create_bucket"] ? 1 : 0
name = local.kube-prometheus-stack["thanos_bucket"]
- acl = "private"
+}
+
+resource "scaleway_object_bucket_acl" "kube-prometheus-stack_bucket_acl" {
+ count = local.kube-prometheus-stack["enabled"] && local.kube-prometheus-stack["thanos_sidecar_enabled"] && local.kube-prometheus-stack["thanos_create_bucket"] ? 1 : 0
+ bucket = scaleway_object_bucket.kube-prometheus-stack_thanos_bucket.0.id
+ acl = "private"
}
resource "random_string" "grafana_password" {
diff --git a/modules/scaleway/locals-scaleway.tf b/modules/scaleway/locals-scaleway.tf
index de7550a82..543cfacf9 100644
--- a/modules/scaleway/locals-scaleway.tf
+++ b/modules/scaleway/locals-scaleway.tf
@@ -12,4 +12,7 @@ locals {
var.scaleway
)
+ tags = var.tags
+
+
}
diff --git a/modules/scaleway/loki-stack.tf b/modules/scaleway/loki-stack.tf
index ef333f528..4d508acaf 100644
--- a/modules/scaleway/loki-stack.tf
+++ b/modules/scaleway/loki-stack.tf
@@ -233,7 +233,12 @@ resource "kubernetes_secret" "loki-stack-ca" {
resource "scaleway_object_bucket" "loki_bucket" {
count = local.loki-stack["enabled"] && local.loki-stack["create_bucket"] ? 1 : 0
name = local.loki-stack["bucket"]
- acl = "private"
+}
+
+resource "scaleway_object_bucket_acl" "loki_bucket_acl" {
+ count = local.loki-stack["enabled"] && local.loki-stack["create_bucket"] ? 1 : 0
+ bucket = scaleway_object_bucket.loki_bucket.0.id
+ acl = "private"
}
resource "tls_private_key" "promtail-key" {
diff --git a/modules/scaleway/thanos.tf b/modules/scaleway/thanos.tf
index 9df662700..3f5ac6b76 100644
--- a/modules/scaleway/thanos.tf
+++ b/modules/scaleway/thanos.tf
@@ -211,7 +211,12 @@ locals {
resource "scaleway_object_bucket" "thanos_bucket" {
count = local.thanos["enabled"] && local.thanos["create_bucket"] ? 1 : 0
name = local.thanos["bucket"]
- acl = "private"
+}
+
+resource "scaleway_object_bucket_acl" "thanos_bucket_acl" {
+ count = local.thanos["enabled"] && local.thanos["create_bucket"] ? 1 : 0
+ bucket = scaleway_object_bucket.thanos_bucket.0.id
+ acl = "private"
}
resource "kubernetes_namespace" "thanos" {
diff --git a/modules/scaleway/variables-scaleway.tf b/modules/scaleway/variables-scaleway.tf
index f455b463d..414ed9f48 100644
--- a/modules/scaleway/variables-scaleway.tf
+++ b/modules/scaleway/variables-scaleway.tf
@@ -15,3 +15,9 @@ variable "cert-manager_scaleway_webhook_dns" {
type = any
default = {}
}
+
+variable "tags" {
+ description = "Map of tags for Scaleway resources"
+ type = map(any)
+ default = {}
+}
diff --git a/modules/scaleway/velero.tf b/modules/scaleway/velero.tf
new file mode 100644
index 000000000..908ab95ed
--- /dev/null
+++ b/modules/scaleway/velero.tf
@@ -0,0 +1,193 @@
+locals {
+ velero = merge(
+ local.helm_defaults,
+ {
+ name = local.helm_dependencies[index(local.helm_dependencies.*.name, "velero")].name
+ chart = local.helm_dependencies[index(local.helm_dependencies.*.name, "velero")].name
+ repository = local.helm_dependencies[index(local.helm_dependencies.*.name, "velero")].repository
+ chart_version = local.helm_dependencies[index(local.helm_dependencies.*.name, "velero")].version
+ namespace = "velero"
+ service_account_name = "velero"
+ enabled = false
+ create_bucket = true
+ bucket = "${var.cluster-name}-velero"
+ bucket_force_destroy = false
+ default_network_policy = true
+ name_prefix = "${var.cluster-name}-velero"
+ secret_name = "velero-scaleway-credentials"
+ },
+ var.velero
+ )
+
+ values_velero = <