Merge branch 'main' into release

particuleio · Mar 6, 2024 · 019dafa · 019dafa
2 parents 1e99ec9 + a606790
commit 019dafa
Show file tree

Hide file tree

Showing 23 changed files with 86 additions and 83 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
 - repo: https://github.com/antonbabenko/pre-commit-terraform
-  rev: v1.86.0
+  rev: v1.88.0
   hooks:
     - id: terraform_fmt
     - id: terraform_validate
@@ -14,6 +14,6 @@ repos:
     - id: check-merge-conflict
     - id: end-of-file-fixer
 - repo: https://github.com/renovatebot/pre-commit-hooks
-  rev: 37.154.0
+  rev: 37.213.0
   hooks:
     - id: renovate-config-validator
diff --git a/README.md b/README.md
@@ -81,9 +81,9 @@ here](https://github.com/particuleio/terraform-kubernetes-addons/blob/master/.gi
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
 | <a name="requirement_flux"></a> [flux](#requirement\_flux) | ~> 1.0 |
-| <a name="requirement_github"></a> [github](#requirement\_github) | ~> 5.0 |
+| <a name="requirement_github"></a> [github](#requirement\_github) | ~> 6.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.0 |
 | <a name="requirement_http"></a> [http](#requirement\_http) | >= 3 |
 | <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | ~> 2.0 |
@@ -95,7 +95,7 @@ here](https://github.com/particuleio/terraform-kubernetes-addons/blob/master/.gi
 | Name | Version |
 |------|---------|
 | <a name="provider_flux"></a> [flux](#provider\_flux) | ~> 1.0 |
-| <a name="provider_github"></a> [github](#provider\_github) | ~> 5.0 |
+| <a name="provider_github"></a> [github](#provider\_github) | ~> 6.0 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 2.0 |
 | <a name="provider_http"></a> [http](#provider\_http) | >= 3 |
 | <a name="provider_kubectl"></a> [kubectl](#provider\_kubectl) | ~> 2.0 |

diff --git a/flux2.tf b/flux2.tf
@@ -10,7 +10,7 @@ locals {
       create_ns                = true
       namespace                = "flux-system"
       path                     = "gitops/clusters/${var.cluster-name}"
-      version                  = "v2.1.2"
+      version                  = "v2.2.3"
       create_github_repository = false
       repository               = "gitops"
       repository_visibility    = "public"

diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
@@ -9,28 +9,28 @@ dependencies:
     version: 1.4.1
     repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
   - name: aws-ebs-csi-driver
-    version: 2.27.0
+    version: 2.28.1
     repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
   - name: aws-efs-csi-driver
-    version: 2.5.4
+    version: 2.5.6
     repository: https://kubernetes-sigs.github.io/aws-efs-csi-driver
   - name: aws-for-fluent-bit
     version: 0.1.32
     repository: https://aws.github.io/eks-charts
   - name: aws-load-balancer-controller
-    version: 1.6.2
+    version: 1.7.1
     repository: https://aws.github.io/eks-charts
   - name: aws-node-termination-handler
     version: 0.21.0
     repository: https://aws.github.io/eks-charts
   - name: cert-manager
-    version: v1.13.3
+    version: v1.14.3
     repository: https://charts.jetstack.io
   - name: cert-manager-csi-driver
-    version: v0.6.0
+    version: v0.7.1
     repository: https://charts.jetstack.io
   - name: cluster-autoscaler
-    version: 9.34.1
+    version: 9.35.0
     repository: https://kubernetes.github.io/autoscaler
   - name: external-dns
     version: 1.14.3
@@ -39,7 +39,7 @@ dependencies:
     version: 1.13.3
     repository: https://charts.fluxcd.io
   - name: ingress-nginx
-    version: 4.9.1
+    version: 4.10.0
     repository: https://kubernetes.github.io/ingress-nginx
   - name: k8gb
     version: v0.12.2
@@ -48,37 +48,37 @@ dependencies:
     version: 1.7.2
     repository: https://charts.helm.sh/stable
   - name: karpenter
-    version: v0.33.1
+    version: 0.35.0
     repository: oci://public.ecr.aws/karpenter
   - name: keda
-    version: 2.13.1
+    version: 2.13.2
     repository: https://kedacore.github.io/charts
   - name: kong
-    version: 2.34.0
+    version: 2.38.0
     repository: https://charts.konghq.com
   - name: kube-prometheus-stack
-    version: 56.2.1
+    version: 56.21.2
     repository: https://prometheus-community.github.io/helm-charts
   - name: linkerd2-cni
     version: 30.12.2
     repository: https://helm.linkerd.io/stable
   - name: linkerd-control-plane
-    version: 1.16.10
+    version: 1.16.11
     repository: https://helm.linkerd.io/stable
   - name: linkerd-crds
     version: 1.8.0
     repository: https://helm.linkerd.io/stable
   - name: linkerd-viz
-    version: 30.12.10
+    version: 30.12.11
     repository: https://helm.linkerd.io/stable
   - name: loki
-    version: 5.42.0
+    version: 5.43.5
     repository: https://grafana.github.io/helm-charts
   - name: promtail
-    version: 6.15.4
+    version: 6.15.5
     repository: https://grafana.github.io/helm-charts
   - name: metrics-server
-    version: 3.11.0
+    version: 3.12.0
     repository: https://kubernetes-sigs.github.io/metrics-server/
   - name: node-problem-detector
     version: 2.3.12
@@ -90,31 +90,31 @@ dependencies:
     version: 0.25.3
     repository: https://prometheus-community.github.io/helm-charts
   - name: prometheus-blackbox-exporter
-    version: 8.10.0
+    version: 8.12.0
     repository: https://prometheus-community.github.io/helm-charts
   - name: scaleway-webhook
     version: v0.0.1
     repository: https://particuleio.github.io/charts
   - name: sealed-secrets
-    version: 2.14.2
+    version: 2.15.0
     repository: https://bitnami-labs.github.io/sealed-secrets
   - name: thanos
-    version: 12.22.1
+    version: 12.23.2
     repository: https://charts.bitnami.com/bitnami
   - name: tigera-operator
-    version: v3.27.0
+    version: v3.27.2
     repository: https://docs.projectcalico.org/charts
   - name: traefik
-    version: 26.0.0
+    version: 26.1.0
     repository: https://helm.traefik.io/traefik
   - name: memcached
-    version: 6.9.0
+    version: 6.14.0
     repository: https://charts.bitnami.com/bitnami
   - name: velero
     version: 4.4.1
     repository: https://vmware-tanzu.github.io/helm-charts
   - name: victoria-metrics-k8s-stack
-    version: 0.18.11
+    version: 0.19.4
     repository: https://victoriametrics.github.io/helm-charts/
   - name: yet-another-cloudwatch-exporter
     version: 0.14.0

diff --git a/modules/aws/README.md b/modules/aws/README.md
@@ -20,10 +20,10 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.27 |
 | <a name="requirement_flux"></a> [flux](#requirement\_flux) | ~> 1.0 |
-| <a name="requirement_github"></a> [github](#requirement\_github) | ~> 5.0 |
+| <a name="requirement_github"></a> [github](#requirement\_github) | ~> 6.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.0 |
 | <a name="requirement_http"></a> [http](#requirement\_http) | >= 3 |
 | <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | ~> 2.0 |
@@ -36,7 +36,7 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.27 |
 | <a name="provider_flux"></a> [flux](#provider\_flux) | ~> 1.0 |
-| <a name="provider_github"></a> [github](#provider\_github) | ~> 5.0 |
+| <a name="provider_github"></a> [github](#provider\_github) | ~> 6.0 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 2.0 |
 | <a name="provider_http"></a> [http](#provider\_http) | >= 3 |
 | <a name="provider_kubectl"></a> [kubectl](#provider\_kubectl) | ~> 2.0 |
@@ -65,7 +65,7 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | <a name="module_iam_assumable_role_thanos-storegateway"></a> [iam\_assumable\_role\_thanos-storegateway](#module\_iam\_assumable\_role\_thanos-storegateway) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | ~> 5.0 |
 | <a name="module_iam_assumable_role_velero"></a> [iam\_assumable\_role\_velero](#module\_iam\_assumable\_role\_velero) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | ~> 5.0 |
 | <a name="module_iam_assumable_role_yet-another-cloudwatch-exporter"></a> [iam\_assumable\_role\_yet-another-cloudwatch-exporter](#module\_iam\_assumable\_role\_yet-another-cloudwatch-exporter) | terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc | ~> 5.0 |
-| <a name="module_karpenter"></a> [karpenter](#module\_karpenter) | terraform-aws-modules/eks/aws//modules/karpenter | ~> 19.0 |
+| <a name="module_karpenter"></a> [karpenter](#module\_karpenter) | terraform-aws-modules/eks/aws//modules/karpenter | ~> 20.0 |
 | <a name="module_kube-prometheus-stack_thanos_bucket"></a> [kube-prometheus-stack\_thanos\_bucket](#module\_kube-prometheus-stack\_thanos\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 4.0 |
 | <a name="module_loki_bucket"></a> [loki\_bucket](#module\_loki\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 4.0 |
 | <a name="module_s3_logging_bucket"></a> [s3\_logging\_bucket](#module\_s3\_logging\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 4.0 |

diff --git a/modules/aws/cluster-autoscaler.tf b/modules/aws/cluster-autoscaler.tf
@@ -75,9 +75,13 @@ data "aws_iam_policy_document" "cluster-autoscaler" {
       "autoscaling:DescribeAutoScalingGroups",
       "autoscaling:DescribeAutoScalingInstances",
       "autoscaling:DescribeLaunchConfigurations",
+      "autoscaling:DescribeScalingActivities",
       "autoscaling:DescribeTags",
       "ec2:DescribeInstanceTypes",
       "ec2:DescribeLaunchTemplateVersions",
+      "ec2:DescribeImages",
+      "ec2:GetInstanceTypesFromInstanceRequirements",
+      "eks:DescribeNodegroup"
     ]
 
     resources = ["*"]
@@ -90,7 +94,6 @@ data "aws_iam_policy_document" "cluster-autoscaler" {
     actions = [
       "autoscaling:SetDesiredCapacity",
       "autoscaling:TerminateInstanceInAutoScalingGroup",
-      "autoscaling:UpdateAutoScalingGroup",
     ]
 
     resources = ["*"]

diff --git a/modules/aws/karpenter.tf b/modules/aws/karpenter.tf
@@ -14,7 +14,7 @@ locals {
       irsa_oidc_provider_arn          = var.eks["oidc_provider_arn"]
       irsa_namespace_service_accounts = ["karpenter:karpenter"]
       allowed_cidrs                   = ["0.0.0.0/0"]
-      iam_role_arn                    = ""
+      iam_role_name                   = ""
       repository_username             = ""
       repository_password             = ""
 
@@ -68,23 +68,23 @@ resource "aws_iam_policy" "karpenter_additional" {
 
 module "karpenter" {
   source  = "terraform-aws-modules/eks/aws//modules/karpenter"
-  version = "~> 19.0"
+  version = "~> 20.0"
 
   create = local.karpenter["enabled"]
 
   cluster_name = var.cluster-name
 
-  policies = {
+  node_iam_role_additional_policies = {
     AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
     KarpeneterAdditional         = local.karpenter["enabled"] ? aws_iam_policy.karpenter_additional[0].arn : ""
   }
 
-  irsa_use_name_prefix            = false
+  iam_role_use_name_prefix        = false
   irsa_oidc_provider_arn          = local.karpenter["irsa_oidc_provider_arn"]
   irsa_namespace_service_accounts = local.karpenter["irsa_namespace_service_accounts"]
 
   create_iam_role = false
-  iam_role_arn    = local.karpenter["iam_role_arn"]
+  iam_role_name   = local.karpenter["iam_role_name"]
 
   tags = local.tags
 }
@@ -137,7 +137,7 @@ resource "helm_release" "karpenter" {
 
   set {
     name  = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"
-    value = module.karpenter.irsa_arn
+    value = module.karpenter.iam_role_arn
   }
 
   set {

diff --git a/modules/aws/kube-prometheus.tf b/modules/aws/kube-prometheus.tf
@@ -19,7 +19,7 @@ locals {
       thanos_bucket                     = "thanos-store-${var.cluster-name}"
       thanos_bucket_force_destroy       = false
       thanos_store_config               = null
-      thanos_version                    = "v0.33.0"
+      thanos_version                    = "v0.34.1"
       enabled                           = false
       allowed_cidrs                     = ["0.0.0.0/0"]
       default_network_policy            = true

diff --git a/modules/aws/versions.tf b/modules/aws/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.3"
   required_providers {
     aws        = ">= 5.27"
     helm       = "~> 2.0"
@@ -14,7 +14,7 @@ terraform {
     }
     github = {
       source  = "integrations/github"
-      version = "~> 5.0"
+      version = "~> 6.0"
     }
     tls = {
       source  = "hashicorp/tls"

diff --git a/modules/azure/README.md b/modules/azure/README.md
@@ -7,10 +7,10 @@ Provides various Kubernetes addons that are often used on Kubernetes with Azure
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
 | <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 3.0 |
 | <a name="requirement_flux"></a> [flux](#requirement\_flux) | ~> 1.0 |
-| <a name="requirement_github"></a> [github](#requirement\_github) | ~> 5.0 |
+| <a name="requirement_github"></a> [github](#requirement\_github) | ~> 6.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | ~> 2.0 |
 | <a name="requirement_http"></a> [http](#requirement\_http) | >= 3 |
 | <a name="requirement_kubectl"></a> [kubectl](#requirement\_kubectl) | ~> 2.0 |
@@ -22,7 +22,7 @@ Provides various Kubernetes addons that are often used on Kubernetes with Azure
 | Name | Version |
 |------|---------|
 | <a name="provider_flux"></a> [flux](#provider\_flux) | ~> 1.0 |
-| <a name="provider_github"></a> [github](#provider\_github) | ~> 5.0 |
+| <a name="provider_github"></a> [github](#provider\_github) | ~> 6.0 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | ~> 2.0 |
 | <a name="provider_http"></a> [http](#provider\_http) | >= 3 |
 | <a name="provider_kubectl"></a> [kubectl](#provider\_kubectl) | ~> 2.0 |

diff --git a/modules/azure/version.tf b/modules/azure/version.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.0"
+  required_version = ">= 1.3"
   required_providers {
     azurerm    = "~> 3.0"
     helm       = "~> 2.0"
@@ -14,7 +14,7 @@ terraform {
     }
     github = {
       source  = "integrations/github"
-      version = "~> 5.0"
+      version = "~> 6.0"
     }
     tls = {
       source  = "hashicorp/tls"