diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml
index d910f489a..0de0b2705 100644
--- a/.github/workflows/renovate.yaml
+++ b/.github/workflows/renovate.yaml
@@ -15,4 +15,4 @@ jobs:
uses: actions/checkout@v4
- name: Validate Renovate Config
- uses: suzuki-shunsuke/github-action-renovate-config-validator@v1.0.1
+ uses: suzuki-shunsuke/github-action-renovate-config-validator@v1.1.0
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 3f72040f6..dfc0f397a 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.92.1
+ rev: v1.92.2
hooks:
- id: terraform_fmt
- id: terraform_validate
@@ -14,6 +14,6 @@ repos:
- id: check-merge-conflict
- id: end-of-file-fixer
- repo: https://github.com/renovatebot/pre-commit-hooks
- rev: 38.18.12
+ rev: 38.52.3
hooks:
- id: renovate-config-validator
diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
index fc3c32b02..60b538994 100644
--- a/helm-dependencies.yaml
+++ b/helm-dependencies.yaml
@@ -6,28 +6,28 @@ dependencies:
version: 0.13.2
repository: https://charts.admiralty.io
- name: secrets-store-csi-driver
- version: 1.4.4
+ version: 1.4.5
repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
- name: aws-ebs-csi-driver
- version: 2.33.0
+ version: 2.34.0
repository: https://kubernetes-sigs.github.io/aws-ebs-csi-driver
- name: aws-efs-csi-driver
- version: 3.0.7
+ version: 3.0.8
repository: https://kubernetes-sigs.github.io/aws-efs-csi-driver
- name: aws-for-fluent-bit
version: 0.1.34
repository: https://aws.github.io/eks-charts
- name: aws-load-balancer-controller
- version: 1.8.1
+ version: 1.8.2
repository: https://aws.github.io/eks-charts
- name: aws-node-termination-handler
version: 0.21.0
repository: https://aws.github.io/eks-charts
- name: cert-manager
- version: v1.15.2
+ version: v1.15.3
repository: https://charts.jetstack.io
- name: cert-manager-csi-driver
- version: v0.10.0
+ version: v0.10.1
repository: https://charts.jetstack.io
- name: cluster-autoscaler
version: 9.37.0
@@ -39,7 +39,7 @@ dependencies:
version: 1.13.3
repository: https://charts.fluxcd.io
- name: ingress-nginx
- version: 4.11.1
+ version: 4.11.2
repository: https://kubernetes.github.io/ingress-nginx
- name: k8gb
version: v0.13.0
@@ -48,16 +48,16 @@ dependencies:
version: 1.7.2
repository: https://charts.helm.sh/stable
- name: karpenter
- version: 0.37.0
+ version: 1.0.1
repository: oci://public.ecr.aws/karpenter
- name: keda
- version: 2.15.0
+ version: 2.15.1
repository: https://kedacore.github.io/charts
- name: kong
- version: 2.39.3
+ version: 2.41.0
repository: https://charts.konghq.com
- name: kube-prometheus-stack
- version: 61.7.0
+ version: 62.3.1
repository: https://prometheus-community.github.io/helm-charts
- name: linkerd2-cni
version: 30.12.2
@@ -72,10 +72,10 @@ dependencies:
version: 30.12.11
repository: https://helm.linkerd.io/stable
- name: loki
- version: 6.7.3
+ version: 6.10.2
repository: https://grafana.github.io/helm-charts
- name: promtail
- version: 6.16.4
+ version: 6.16.5
repository: https://grafana.github.io/helm-charts
- name: metrics-server
version: 3.12.1
@@ -84,7 +84,7 @@ dependencies:
version: 2.3.13
repository: https://charts.deliveryhero.io/
- name: prometheus-adapter
- version: 4.10.0
+ version: 4.11.0
repository: https://prometheus-community.github.io/helm-charts
- name: prometheus-cloudwatch-exporter
version: 0.25.3
@@ -99,26 +99,26 @@ dependencies:
version: 2.16.1
repository: https://bitnami-labs.github.io/sealed-secrets
- name: thanos
- version: 15.7.17
+ version: 15.7.23
repository: https://charts.bitnami.com/bitnami
- name: tigera-operator
version: v3.28.1
repository: https://docs.projectcalico.org/charts
- name: traefik
- version: 30.0.2
+ version: 30.1.0
repository: https://helm.traefik.io/traefik
- name: memcached
- version: 7.4.11
+ version: 7.4.12
repository: https://charts.bitnami.com/bitnami
- name: velero
- version: 7.1.4
+ version: 7.1.5
repository: https://vmware-tanzu.github.io/helm-charts
- name: victoria-metrics-k8s-stack
- version: 0.24.5
+ version: 0.25.7
repository: https://victoriametrics.github.io/helm-charts/
- name: yet-another-cloudwatch-exporter
version: 0.14.0
repository: https://nerdswords.github.io/yet-another-cloudwatch-exporter
- name: reloader
- version: 1.0.119
+ version: 1.1.0
repository: https://stakater.github.io/stakater-charts
diff --git a/modules/azure/README.md b/modules/azure/README.md
index 8f7435c7d..03ea67d9f 100644
--- a/modules/azure/README.md
+++ b/modules/azure/README.md
@@ -8,7 +8,7 @@ Provides various Kubernetes addons that are often used on Kubernetes with Azure
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3.2 |
-| [azurerm](#requirement\_azurerm) | ~> 3.0 |
+| [azurerm](#requirement\_azurerm) | ~> 4.0 |
| [flux](#requirement\_flux) | ~> 1.0 |
| [github](#requirement\_github) | ~> 6.0 |
| [helm](#requirement\_helm) | ~> 2.0 |
diff --git a/modules/azure/version.tf b/modules/azure/version.tf
index 80a2f2c27..bdce1dc9f 100644
--- a/modules/azure/version.tf
+++ b/modules/azure/version.tf
@@ -1,7 +1,7 @@
terraform {
required_version = ">= 1.3.2"
required_providers {
- azurerm = "~> 3.0"
+ azurerm = "~> 4.0"
helm = "~> 2.0"
kubernetes = "~> 2.0, != 2.12"
kubectl = {
diff --git a/modules/google/README.md b/modules/google/README.md
index 51b9d8f72..56d291552 100644
--- a/modules/google/README.md
+++ b/modules/google/README.md
@@ -48,15 +48,15 @@ Provides various Kubernetes addons that are often used on Kubernetes with GCP
| Name | Source | Version |
|------|--------|---------|
-| [cert\_manager\_workload\_identity](#module\_cert\_manager\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 31.1.0 |
-| [external\_dns\_workload\_identity](#module\_external\_dns\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 31.1.0 |
-| [iam\_assumable\_sa\_kube-prometheus-stack\_grafana](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_grafana) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 31.0 |
-| [iam\_assumable\_sa\_kube-prometheus-stack\_thanos](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_thanos) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 31.0 |
-| [iam\_assumable\_sa\_loki-stack](#module\_iam\_assumable\_sa\_loki-stack) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 31.0 |
-| [iam\_assumable\_sa\_thanos](#module\_iam\_assumable\_sa\_thanos) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 31.0 |
-| [iam\_assumable\_sa\_thanos-compactor](#module\_iam\_assumable\_sa\_thanos-compactor) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 31.0 |
-| [iam\_assumable\_sa\_thanos-sg](#module\_iam\_assumable\_sa\_thanos-sg) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 31.0 |
-| [iam\_assumable\_sa\_thanos-storegateway](#module\_iam\_assumable\_sa\_thanos-storegateway) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 31.0 |
+| [cert\_manager\_workload\_identity](#module\_cert\_manager\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 32.0.0 |
+| [external\_dns\_workload\_identity](#module\_external\_dns\_workload\_identity) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 32.0.0 |
+| [iam\_assumable\_sa\_kube-prometheus-stack\_grafana](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_grafana) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 32.0 |
+| [iam\_assumable\_sa\_kube-prometheus-stack\_thanos](#module\_iam\_assumable\_sa\_kube-prometheus-stack\_thanos) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 32.0 |
+| [iam\_assumable\_sa\_loki-stack](#module\_iam\_assumable\_sa\_loki-stack) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 32.0 |
+| [iam\_assumable\_sa\_thanos](#module\_iam\_assumable\_sa\_thanos) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 32.0 |
+| [iam\_assumable\_sa\_thanos-compactor](#module\_iam\_assumable\_sa\_thanos-compactor) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 32.0 |
+| [iam\_assumable\_sa\_thanos-sg](#module\_iam\_assumable\_sa\_thanos-sg) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 32.0 |
+| [iam\_assumable\_sa\_thanos-storegateway](#module\_iam\_assumable\_sa\_thanos-storegateway) | terraform-google-modules/kubernetes-engine/google//modules/workload-identity | ~> 32.0 |
| [kube-prometheus-stack\_grafana-iam-member](#module\_kube-prometheus-stack\_grafana-iam-member) | terraform-google-modules/iam/google//modules/member_iam | ~> 7.6 |
| [kube-prometheus-stack\_kube-prometheus-stack\_bucket](#module\_kube-prometheus-stack\_kube-prometheus-stack\_bucket) | terraform-google-modules/cloud-storage/google//modules/simple_bucket | ~> 6.0 |
| [kube-prometheus-stack\_thanos\_kms\_bucket](#module\_kube-prometheus-stack\_thanos\_kms\_bucket) | terraform-google-modules/kms/google | ~> 2.2 |
diff --git a/modules/google/cert-manager.tf b/modules/google/cert-manager.tf
index 18c2d7754..bbae8e4f7 100644
--- a/modules/google/cert-manager.tf
+++ b/modules/google/cert-manager.tf
@@ -57,7 +57,7 @@ VALUES
module "cert_manager_workload_identity" {
count = local.cert-manager.create_iam_resources && local.cert-manager.enabled ? 1 : 0
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 31.1.0"
+ version = "~> 32.0.0"
name = local.cert-manager.service_account_name
namespace = local.cert-manager.namespace
project_id = local.cert-manager.project_id
diff --git a/modules/google/external-dns.tf b/modules/google/external-dns.tf
index abb89db55..bef83b4b9 100644
--- a/modules/google/external-dns.tf
+++ b/modules/google/external-dns.tf
@@ -55,7 +55,7 @@ locals {
# to be allowed to use the workload identity on GKE.
module "external_dns_workload_identity" {
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 31.1.0"
+ version = "~> 32.0.0"
for_each = { for k, v in local.external-dns : k => v if v.enabled && v.create_iam_resources }
diff --git a/modules/google/kube-prometheus.tf b/modules/google/kube-prometheus.tf
index 810c3e937..61f8890ed 100644
--- a/modules/google/kube-prometheus.tf
+++ b/modules/google/kube-prometheus.tf
@@ -255,7 +255,7 @@ VALUES
module "iam_assumable_sa_kube-prometheus-stack_grafana" {
count = local.kube-prometheus-stack["enabled"] ? 1 : 0
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 31.0"
+ version = "~> 32.0"
namespace = local.kube-prometheus-stack["namespace"]
project_id = var.project_id
name = local.kube-prometheus-stack["grafana_service_account_name"]
@@ -265,7 +265,7 @@ module "iam_assumable_sa_kube-prometheus-stack_grafana" {
module "iam_assumable_sa_kube-prometheus-stack_thanos" {
count = local.kube-prometheus-stack["enabled"] && local.kube-prometheus-stack["thanos_sidecar_enabled"] ? 1 : 0
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 31.0"
+ version = "~> 32.0"
namespace = local.kube-prometheus-stack["namespace"]
project_id = var.project_id
name = "${local.kube-prometheus-stack["name_prefix"]}-thanos"
diff --git a/modules/google/loki-stack.tf b/modules/google/loki-stack.tf
index bd67f753d..f4cd37033 100644
--- a/modules/google/loki-stack.tf
+++ b/modules/google/loki-stack.tf
@@ -66,7 +66,7 @@ locals {
module "iam_assumable_sa_loki-stack" {
count = local.loki-stack["enabled"] ? 1 : 0
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 31.0"
+ version = "~> 32.0"
namespace = local.loki-stack["namespace"]
project_id = var.project_id
name = local.loki-stack["name"]
diff --git a/modules/google/thanos-storegateway.tf b/modules/google/thanos-storegateway.tf
index 77f7f011d..ffe6a18e9 100644
--- a/modules/google/thanos-storegateway.tf
+++ b/modules/google/thanos-storegateway.tf
@@ -58,7 +58,7 @@ locals {
module "iam_assumable_sa_thanos-storegateway" {
for_each = local.thanos-storegateway
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 31.0"
+ version = "~> 32.0"
namespace = each.value["namespace"]
project_id = data.google_project.current.id
name = "${each.value["name_prefix"]}-${each.key}"
diff --git a/modules/google/thanos.tf b/modules/google/thanos.tf
index 8004685d5..55a1d62f7 100644
--- a/modules/google/thanos.tf
+++ b/modules/google/thanos.tf
@@ -224,7 +224,7 @@ locals {
module "iam_assumable_sa_thanos" {
count = local.thanos["enabled"] ? 1 : 0
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 31.0"
+ version = "~> 32.0"
namespace = local.thanos["namespace"]
project_id = var.project_id
name = local.thanos["name"]
@@ -233,7 +233,7 @@ module "iam_assumable_sa_thanos" {
module "iam_assumable_sa_thanos-compactor" {
count = local.thanos["enabled"] ? 1 : 0
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 31.0"
+ version = "~> 32.0"
namespace = local.thanos["namespace"]
project_id = var.project_id
name = "${local.thanos["name"]}-compactor"
@@ -242,7 +242,7 @@ module "iam_assumable_sa_thanos-compactor" {
module "iam_assumable_sa_thanos-sg" {
count = local.thanos["enabled"] ? 1 : 0
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 31.0"
+ version = "~> 32.0"
namespace = local.thanos["namespace"]
project_id = var.project_id
name = "${local.thanos["name"]}-sg"